private async Task <string> GetPartnerTicketFromAdfsAsync(string adfsUrl, string username, string password)
{
string body = string.Format(
CultureInfo.InvariantCulture,
/*
* "<?xml version=\"1.0\" encoding=\"UTF-8\"?><s:Envelope xmlns:s=\"http://www.w3.org/2003/05/soap-envelope\" xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\" xmlns:wsa=\"http://www.w3.org/2005/08/addressing\" xmlns:wssc=\"http://schemas.xmlsoap.org/ws/2005/02/sc\" xmlns:wst=\"http://schemas.xmlsoap.org/ws/2005/02/trust\"><s:Header><wsa:Action s:mustUnderstand=\"1\">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</wsa:Action><wsa:To s:mustUnderstand=\"1\">{0}</wsa:To><wsa:MessageID>{1}</wsa:MessageID><ps:AuthInfo xmlns:ps=\"http://schemas.microsoft.com/Passport/SoapServices/PPCRL\" Id=\"PPAuthInfo\"><ps:HostingApp>Managed IDCRL</ps:HostingApp><ps:BinaryVersion>6</ps:BinaryVersion><ps:UIVersion>1</ps:UIVersion><ps:Cookies></ps:Cookies><ps:RequestParams>AQAAAAIAAABsYwQAAAAxMDMz</ps:RequestParams></ps:AuthInfo><wsse:Security><wsse:UsernameToken wsu:Id=\"user\"><wsse:Username>{2}</wsse:Username><wsse:Password>{3}</wsse:Password></wsse:UsernameToken><wsu:Timestamp Id=\"Timestamp\"><wsu:Created>{4}</wsu:Created><wsu:Expires>{5}</wsu:Expires></wsu:Timestamp></wsse:Security></s:Header><s:Body><wst:RequestSecurityToken Id=\"RST0\"><wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType><wsp:AppliesTo><wsa:EndpointReference><wsa:Address>{6}</wsa:Address></wsa:EndpointReference></wsp:AppliesTo><wst:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</wst:KeyType></wst:RequestSecurityToken></s:Body></s:Envelope>",
*/
IdcrlMessageConstants.AdfsAuthMessage,
IdcrlUtility.XmlValueEncode(adfsUrl),
Guid.NewGuid().ToString(),
IdcrlUtility.XmlValueEncode(username),
IdcrlUtility.XmlValueEncode(password),
DateTime.UtcNow.ToString("o", CultureInfo.InvariantCulture),
DateTime.UtcNow.AddMinutes(10.0).ToString("o", CultureInfo.InvariantCulture),
this.FederationTokenIssuer);
XDocument xDocument = await this.DoPostAsync(adfsUrl, IdcrlMessageConstants.SoapContentType, body, this.HandleWebException);
Exception soapException = this.GetSoapException(xDocument);
if (soapException != null)
{
this._Logger?.LogError("SOAP error from {0}. Exception={1}", adfsUrl, soapException);
throw soapException;
}
XElement elementAtPath = IdcrlUtility.GetElementAtPath(xDocument.Root, "{http://www.w3.org/2003/05/soap-envelope}Body", "{http://schemas.xmlsoap.org/ws/2005/02/trust}RequestSecurityTokenResponse", "{http://schemas.xmlsoap.org/ws/2005/02/trust}RequestedSecurityToken", "{urn:oasis:names:tc:SAML:1.0:assertion}Assertion");
if (elementAtPath == null)
{
this._Logger?.LogError("Cannot get security assertion for user {0} from {1}", username, adfsUrl);
throw CreateIdcrlException(-2147186451);
}
return(elementAtPath.ToString(SaveOptions.DisableFormatting | SaveOptions.OmitDuplicateNamespaces));
}
private string BuildWsSecurityUsingUsernamePassword(string username, string password)
{
DateTime utcNow = DateTime.UtcNow;
return(string.Format(
CultureInfo.InvariantCulture,
"<wsse:UsernameToken wsu:Id=\"user\"><wsse:Username>{0}</wsse:Username><wsse:Password>{1}</wsse:Password></wsse:UsernameToken><wsu:Timestamp Id=\"Timestamp\"><wsu:Created>{2}</wsu:Created><wsu:Expires>{3}</wsu:Expires></wsu:Timestamp>\r\n",
IdcrlUtility.XmlValueEncode(username),
IdcrlUtility.XmlValueEncode(password),
utcNow.ToString("o", CultureInfo.InvariantCulture),
utcNow.AddDays(1.0).ToString("o", CultureInfo.InvariantCulture)));
}
private async Task <string> GetServiceTokenAsync(string securityXml, string serviceTarget, string servicePolicy)
{
string serviceTokenUrl = this.ServiceTokenUrl;
string text = string.Empty;
if (!string.IsNullOrEmpty(servicePolicy))
{
text = string.Format(CultureInfo.InvariantCulture, "<wsp:PolicyReference URI=\"{0}\"></wsp:PolicyReference>", new object[1] {
servicePolicy
});
}
string body = string.Format(
CultureInfo.InvariantCulture,
/*
* "<?xml version=\"1.0\" encoding=\"UTF-8\"?><S:Envelope xmlns:S=\"http://www.w3.org/2003/05/soap-envelope\" xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\" xmlns:wsa=\"http://www.w3.org/2005/08/addressing\" xmlns:wst=\"http://schemas.xmlsoap.org/ws/2005/02/trust\"><S:Header><wsa:Action S:mustUnderstand=\"1\">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</wsa:Action><wsa:To S:mustUnderstand=\"1\">{0}</wsa:To><ps:AuthInfo xmlns:ps=\"http://schemas.microsoft.com/LiveID/SoapServices/v1\" Id=\"PPAuthInfo\"><ps:BinaryVersion>5</ps:BinaryVersion><ps:HostingApp>Managed IDCRL</ps:HostingApp></ps:AuthInfo><wsse:Security>{1}</wsse:Security></S:Header><S:Body><wst:RequestSecurityToken xmlns:wst=\"http://schemas.xmlsoap.org/ws/2005/02/trust\" Id=\"RST0\"><wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType><wsp:AppliesTo><wsa:EndpointReference><wsa:Address>{2}</wsa:Address></wsa:EndpointReference></wsp:AppliesTo>{3}</wst:RequestSecurityToken></S:Body></S:Envelope>\r\n",
*/
IdcrlMessageConstants.AuthMessage,
IdcrlUtility.XmlValueEncode(serviceTokenUrl),
securityXml,
IdcrlUtility.XmlValueEncode(serviceTarget),
text);
XDocument xDocument = await this.DoPostAsync(serviceTokenUrl, IdcrlMessageConstants.SoapContentType, body, this.HandleWebException);
Exception soapException = GetSoapException(xDocument);
if (soapException != null)
{
this._Logger?.LogError("Soap error from {0}. Exception={1}", serviceTokenUrl, soapException);
throw soapException;
}
XElement elementAtPath = IdcrlUtility.GetElementAtPath(xDocument.Root, "{http://www.w3.org/2003/05/soap-envelope}Body", "{http://schemas.xmlsoap.org/ws/2005/02/trust}RequestSecurityTokenResponse", "{http://schemas.xmlsoap.org/ws/2005/02/trust}RequestedSecurityToken", "{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}BinarySecurityToken");
if (elementAtPath == null)
{
this._Logger?.LogError("Cannot get binary security token for from {0}", serviceTokenUrl);
throw IdcrlAuth.CreateIdcrlException(-2147186656);
}
return(elementAtPath.Value);
}
