Ejemplo n.º 1
0
        private static bool ValidateCertificate(X509Certificate2 cert, HttpContext context = null)
        {
            try
            {
                StoreName     storeName = StoreName.My;
                StoreLocation location  = StoreLocation.LocalMachine;

                if (X509Util.Validate(storeName, location, X509RevocationMode.Online, X509RevocationFlag.EntireChain,
                                      cert, cert.Thumbprint))
                {
                    List <Claim>    claimset  = X509Util.GetClaimSet(cert);
                    Claim           nameClaim = claimset.Find(obj => obj.Type == ClaimTypes.Name);
                    ClaimsIdentity  ci        = new ClaimsIdentity(claimset);
                    ClaimsPrincipal prin      = new ClaimsPrincipal(ci);

                    if (context == null)
                    {
                        Thread.CurrentPrincipal = prin;
                    }
                    else
                    {
                        context.User.AddIdentity(ci);
                    }

                    return(true);
                }

                return(false);
            }
            catch (Exception ex)
            {
                Trace.TraceError("X509 validation exception '{0}'", ex.Message);
                return(false);
            }
        }
Ejemplo n.º 2
0
        protected override Task <AuthenticateResult> HandleAuthenticateAsync()
        {
            X509Certificate2 certificate = HttpHelper.HttpContext.Connection.ClientCertificate;

            if (certificate == null)
            {
                return(Task.FromResult(AuthenticateResult.Fail("No client certificate to authenticate.")));
            }

            if (string.IsNullOrEmpty(Options.StoreName) || string.IsNullOrEmpty(Options.Location) ||
                string.IsNullOrEmpty(Options.Thumbprint))
            {
                return(Task.FromResult(AuthenticateResult.Fail("No certificate in chain to check.")));
            }

            try
            {
                StoreName     storeName = (StoreName)Enum.Parse(typeof(StoreName), Options.StoreName);
                StoreLocation location  = (StoreLocation)Enum.Parse(typeof(StoreLocation), Options.Location);
                if (X509Util.Validate(storeName, location, X509RevocationMode.Online, X509RevocationFlag.EntireChain,
                                      certificate, Options.Thumbprint))
                {
                    List <Claim>    claimset  = X509Util.GetClaimSet(certificate);
                    Claim           nameClaim = claimset.Find(obj => obj.Type == ClaimTypes.Name);
                    GenericIdentity identity  = new GenericIdentity(nameClaim.Value);
                    identity.AddClaims(claimset);
                    Thread.CurrentPrincipal = new GenericPrincipal(identity, null);

                    var ticket = new AuthenticationTicket((ClaimsPrincipal)Thread.CurrentPrincipal, Options.Scheme);
                    return(Task.FromResult(AuthenticateResult.Success(ticket)));
                }

                return(Task.FromResult(AuthenticateResult.Fail("Not authenticated.")));
            }
            catch (Exception ex)
            {
                Trace.TraceError(ex.Message);
                return(Task.FromResult(AuthenticateResult.Fail("Not authenticated.")));
            }
        }