public static async Task <WsTrustResponse> SendRequestAsync(WsTrustAddress wsTrustAddress, UserCredential credential, CallState callState)
{
IHttpClient request = PlatformPlugin.HttpClientFactory.Create(wsTrustAddress.Uri.AbsoluteUri, callState);
request.ContentType = "application/soap+xml";
if (credential.UserAuthType == UserAuthType.IntegratedAuth)
{
SetKerberosOption(request);
}
StringBuilder messageBuilder = BuildMessage(DefaultAppliesTo, wsTrustAddress, credential);
string soapAction = XmlNamespace.Issue.ToString();
if (wsTrustAddress.Version == WsTrustVersion.WsTrust2005)
{
soapAction = XmlNamespace.Issue2005.ToString();
}
WsTrustResponse wstResponse;
try
{
request.BodyParameters = new StringRequestParameters(messageBuilder);
request.Headers["SOAPAction"] = soapAction;
IHttpWebResponse response = await request.GetResponseAsync();
wstResponse = WsTrustResponse.CreateFromResponse(response.ResponseStream, wsTrustAddress.Version);
}
catch (WebException ex)
{
string errorMessage;
try
{
XDocument responseDocument = WsTrustResponse.ReadDocumentFromResponse(ex.Response.GetResponseStream());
errorMessage = WsTrustResponse.ReadErrorResponse(responseDocument, callState);
}
catch (AdalException)
{
errorMessage = "See inner exception for detail.";
}
throw new AdalServiceException(
AdalError.FederatedServiceReturnedError,
string.Format(AdalErrorMessage.FederatedServiceReturnedErrorTemplate, wsTrustAddress.Uri, errorMessage),
null,
ex);
}
return(wstResponse);
}
protected override async Task PreTokenRequest()
{
await base.PreTokenRequest();
if (this.PerformUserRealmDiscovery())
{
UserRealmDiscoveryResponse userRealmResponse = await UserRealmDiscoveryResponse.CreateByDiscoveryAsync(this.Authenticator.UserRealmUri, this.userCredential.UserName, this.CallState);
PlatformPlugin.Logger.Information(this.CallState, string.Format(CultureInfo.CurrentCulture, " User with hash '{0}' detected as '{1}'", PlatformPlugin.CryptographyHelper.CreateSha256Hash(this.userCredential.UserName), userRealmResponse.AccountType));
if (string.Compare(userRealmResponse.AccountType, "federated", StringComparison.OrdinalIgnoreCase) == 0)
{
if (string.IsNullOrWhiteSpace(userRealmResponse.FederationMetadataUrl))
{
throw new AdalException(AdalError.MissingFederationMetadataUrl);
}
WsTrustAddress wsTrustAddress = await MexParser.FetchWsTrustAddressFromMexAsync(userRealmResponse.FederationMetadataUrl, this.userCredential.UserAuthType, this.CallState);
PlatformPlugin.Logger.Information(this.CallState, string.Format(CultureInfo.CurrentCulture, " WS-Trust endpoint '{0}' fetched from MEX at '{1}'", wsTrustAddress.Uri, userRealmResponse.FederationMetadataUrl));
WsTrustResponse wsTrustResponse = await WsTrustRequest.SendRequestAsync(wsTrustAddress, this.userCredential, this.CallState);
PlatformPlugin.Logger.Information(this.CallState, string.Format(CultureInfo.CurrentCulture, " Token of type '{0}' acquired from WS-Trust endpoint", wsTrustResponse.TokenType));
// We assume that if the response token type is not SAML 1.1, it is SAML 2
this.userAssertion = new UserAssertion(wsTrustResponse.Token, (wsTrustResponse.TokenType == WsTrustResponse.Saml1Assertion) ? OAuthGrantType.Saml11Bearer : OAuthGrantType.Saml20Bearer);
}
else if (string.Compare(userRealmResponse.AccountType, "managed", StringComparison.OrdinalIgnoreCase) == 0)
{
// handle password grant flow for the managed user
if (this.userCredential.PasswordToCharArray() == null)
{
throw new AdalException(AdalError.PasswordRequiredForManagedUserError);
}
}
else
{
throw new AdalException(AdalError.UnknownUserType);
}
}
}
internal static WsTrustResponse CreateFromResponseDocument(XDocument responseDocument, WsTrustVersion version)
{
Dictionary <string, string> tokenResponseDictionary = new Dictionary <string, string>();
try
{
XNamespace t = XmlNamespace.Trust;
if (version == WsTrustVersion.WsTrust2005)
{
t = XmlNamespace.Trust2005;
}
bool parseResponse = true;
if (version == WsTrustVersion.WsTrust13)
{
XElement requestSecurityTokenResponseCollection =
responseDocument.Descendants(t + "RequestSecurityTokenResponseCollection").FirstOrDefault();
if (requestSecurityTokenResponseCollection == null)
{
parseResponse = false;
}
}
if (parseResponse)
{
IEnumerable <XElement> tokenResponses =
responseDocument.Descendants(t + "RequestSecurityTokenResponse");
foreach (var tokenResponse in tokenResponses)
{
XElement tokenTypeElement = tokenResponse.Elements(t + "TokenType").FirstOrDefault();
if (tokenTypeElement == null)
{
continue;
}
XElement requestedSecurityToken =
tokenResponse.Elements(t + "RequestedSecurityToken").FirstOrDefault();
if (requestedSecurityToken == null)
{
continue;
}
// TODO #123622: We need to disable formatting due to a potential service bug. Remove the ToString argument when problem is fixed.
tokenResponseDictionary.Add(tokenTypeElement.Value,
requestedSecurityToken.FirstNode.ToString(SaveOptions.DisableFormatting));
}
}
}
catch (XmlException ex)
{
throw new AdalException(AdalError.ParsingWsTrustResponseFailed, ex);
}
if (tokenResponseDictionary.Count == 0)
{
throw new AdalException(AdalError.ParsingWsTrustResponseFailed);
}
string tokenType = tokenResponseDictionary.ContainsKey(Saml1Assertion) ? Saml1Assertion : tokenResponseDictionary.Keys.First();
WsTrustResponse wsTrustResponse = new WsTrustResponse
{
TokenType = tokenType,
Token = tokenResponseDictionary[tokenType]
};
return(wsTrustResponse);
}
