/// <summary>
/// Helper function to check if SAML Token was issued by HomeRealmSTS
/// </summary>
/// <returns>True on success. False on failure.</returns>
private static bool IssuedByHomeRealmSTS(ClaimSet myClaimSet)
{
// Extract the issuer ClaimSet
ClaimSet issuerClaimSet = myClaimSet.Issuer;
// If the Issuer is null, return false.
if (issuerClaimSet == null)
{
return(false);
}
// Find all the Thumbprint claims in the issuer ClaimSet
IEnumerable <Claim> issuerClaims = issuerClaimSet.FindClaims(ClaimTypes.Thumbprint, null);
// If there are no Thumbprint claims, return false;
if (issuerClaims == null)
{
return(false);
}
// Get the enumerator for the set of Thumbprint claims...
IEnumerator <Claim> issuerClaimsEnum = issuerClaims.GetEnumerator();
// ...and set issuerClaim to the first such Claim
Claim issuerClaim = null;
if (issuerClaimsEnum.MoveNext())
{
issuerClaim = issuerClaimsEnum.Current;
}
// If there was no Thumbprint claim, return false;
if (issuerClaim == null)
{
return(false);
}
// If, despite the above checks, the returned claim is not a Thumbprint claim, return false
if (issuerClaim.ClaimType != ClaimTypes.Thumbprint)
{
return(false);
}
// If the returned claim doesn't contain a Resource, return false
if (issuerClaim.Resource == null)
{
return(false);
}
// Extract the thmubprint data from the claim
byte[] issuerThumbprint = (byte[])issuerClaim.Resource;
// Extract the thumbprint for the HomeRealmSTS.com certificate
byte[] certThumbprint = FederationUtilities.GetCertificateThumbprint(ServiceConstants.CertStoreName,
ServiceConstants.CertStoreLocation,
ServiceConstants.IssuerDistinguishedName);
// If the lengths of the two thumbprints are different, return false
if (issuerThumbprint.Length != certThumbprint.Length)
{
return(false);
}
// Check the individual bytes of the two thumbprints for equality...
for (int i = 0; i < issuerThumbprint.Length; i++)
{
//... if any byte in the thumbprint from the claim does NOT match the corresponding
// byte from the thumbprint in the BookStoreSTS.com certificate, return false
if (issuerThumbprint[i] != certThumbprint[i])
{
return(false);
}
}
// If we get through all the above checks, return true (ClaimSet was issued by HomeRealmSTS.com)
return(true);
}
/// <summary>
/// Sets up the BookStoreSTS by loading relevant Application Settings
/// </summary>
public BookStoreSTS()
: base(ServiceConstants.SecurityTokenServiceName,
FederationUtilities.GetX509TokenFromCert(ServiceConstants.CertStoreName, ServiceConstants.CertStoreLocation, ServiceConstants.CertDistinguishedName),
FederationUtilities.GetX509TokenFromCert(ServiceConstants.CertStoreName, ServiceConstants.CertStoreLocation, ServiceConstants.TargetDistinguishedName))
{
}
public HomeRealmSTS() :
base(ServiceConstants.StsName,
FederationUtilities.GetX509TokenFromCert(ServiceConstants.CertStoreName, ServiceConstants.CertStoreLocation, ServiceConstants.CertDistinguishedName),
FederationUtilities.GetX509TokenFromCert(ServiceConstants.CertStoreName, ServiceConstants.CertStoreLocation, ServiceConstants.TargetDistinguishedName))
{
}