private void ValidateUserCredentials(UserNameSecurityToken token)
 {
     if (!token.UserName.Equals(token.Password))
     {
         throw new FaultException("Incorrect username or password");
     }
 }
        public IClaimsPrincipal ValidateWebToken(string token)
        {
            var decoded = DecodeBasicAuthenticationHeader(token);
            var securityToken = new UserNameSecurityToken(decoded.Item1, decoded.Item2);

            return ClaimsPrincipal.CreateFromIdentities(ValidateToken(securityToken));
        }
 public UserNameSecurityTokenProvider(string userName, string password)
 {
     if (userName == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("userName");
     }
     this.userNameToken = new UserNameSecurityToken(userName, password);
 }
 private IList<ClaimsIdentity> ExtractClaims(UserNameSecurityToken token)
 {
     ClaimsIdentity outgoingIndentity = new ClaimsIdentity("UserAuthenticate");
     outgoingIndentity.Label = "UserAuthenticate";
     outgoingIndentity.AddClaim(new Claim(ClaimTypes.Name, token.UserName));
     outgoingIndentity.AddClaim(new Claim(ClaimTypes.Email, "*****@*****.**"));
     var identities = new List<ClaimsIdentity> { outgoingIndentity };
     return identities;
 }
Ejemplo n.º 5
0
		public void DefaultValues ()
		{
			UniqueId id = new UniqueId ();
			UserNameSecurityToken t = new UserNameSecurityToken ("mono", "poly", id.ToString ());
			Assert.AreEqual (id.ToString (), t.Id, "#1");
			Assert.AreEqual ("mono", t.UserName, "#2");
			Assert.AreEqual ("poly", t.Password,"#3");
			Assert.IsTrue (DateTime.Today.ToUniversalTime () <= t.ValidFrom && DateTime.Now.ToUniversalTime () >= t.ValidFrom, "#4");
			Assert.AreEqual (DateTime.MaxValue.AddDays (-1), t.ValidTo, "#5");
			Assert.AreEqual (0, t.SecurityKeys.Count, "#6");
		}
        public IClaimsPrincipal ValidateToken(string token)
        {
            if (string.IsNullOrWhiteSpace(token))
            {
                throw new ArgumentNullException("token");
            }

            var decoded = DecodeBasicAuthenticationHeader(token);
            var securityToken = new UserNameSecurityToken(decoded.Item1, decoded.Item2);

            return ClaimsPrincipal.CreateFromIdentities(ValidateToken(securityToken));
        }
Ejemplo n.º 7
0
		public void TryResolveToken ()
		{
			SecurityTokenResolver r = GetResolver (true, new SecurityToken [0]);
			SecurityToken token;
			Assert.IsFalse (r.TryResolveToken (new LocalIdKeyIdentifierClause ("foo"), out token));

			UserNameSecurityToken userName =
				new UserNameSecurityToken ("mono", "", "urn:foo");
			LocalIdKeyIdentifierClause kic =
				new LocalIdKeyIdentifierClause ("urn:foo");

			r = GetResolver (true, new SecurityToken [] {userName});
			Assert.IsTrue (r.TryResolveToken (kic, out token));

			r = GetResolver (false, new SecurityToken [] {userName});
			Assert.IsFalse (r.TryResolveToken (kic, out token));
		}
		public void CreateKeyIdentifierClause ()
		{
			MyUserNameSecurityTokenParameters p =
				new MyUserNameSecurityTokenParameters ();
			UserNameSecurityToken token =
				new UserNameSecurityToken ("mono", "pass");
			SecurityKeyIdentifierClause c = p.CreateKeyClause (token, SecurityTokenReferenceStyle.Internal);
			Assert.IsTrue (c is LocalIdKeyIdentifierClause, "#1");

			try {
				p.CreateKeyClause (token, SecurityTokenReferenceStyle.External);
				Assert.Fail ("External identifier clause cannot be created.");
			} catch (NotSupportedException) {
			}
		}
            public override IAsyncResult BeginReadTokenCore(XmlDictionaryReader reader, SecurityTokenResolver tokenResolver, AsyncCallback callback, object state)
            {
                string id;
                string userName;
                string password;

                ParseToken(reader, out id, out userName, out password);

                SecurityToken token = new UserNameSecurityToken(userName, password, id);
                return new CompletedAsyncResult<SecurityToken>(token, callback, state);
            }
        /// <summary>
        /// Impersonates the windows user identifed by the security token.
        /// </summary>
        private void LogonUser(OperationContext context, UserNameSecurityToken securityToken)
        {
            IntPtr handle = IntPtr.Zero;

            const int LOGON32_PROVIDER_DEFAULT = 0;
            // const int LOGON32_LOGON_INTERACTIVE = 2;
            const int LOGON32_LOGON_NETWORK = 3;
            // const int LOGON32_LOGON_BATCH = 4;

            bool result = NativeMethods.LogonUser(
                securityToken.UserName, 
                String.Empty, 
                securityToken.Password,
                LOGON32_LOGON_NETWORK, 
                LOGON32_PROVIDER_DEFAULT,
                ref handle);

            if (!result)
            {
                throw ServiceResultException.Create(StatusCodes.BadUserAccessDenied, "Login failed for user: {0}", securityToken.UserName);
            }

            WindowsIdentity identity = new WindowsIdentity(handle);

            ImpersonationContext impersonationContext = new ImpersonationContext();
            impersonationContext.Handle = handle;
            impersonationContext.Context = identity.Impersonate();

            lock (this.m_lock)
            {
                m_contexts.Add(context.RequestId, impersonationContext);
            }
        }
        /// <summary>
        /// Validates the username and password.
        /// </summary>
        /// <param name="token">The token.</param>
        /// <returns>An identity collection representing the identity in the token</returns>
        public override ReadOnlyCollection<ClaimsIdentity> ValidateToken(SecurityToken token)
        {
            if (token == null)
            {
                throw new ArgumentNullException("token");
            }

            if (base.Configuration == null)
            {
                throw new InvalidOperationException("No Configuration set");
            }

            var unToken = token as UserNameSecurityToken;

            if (unToken == null)
            {
                throw new ArgumentException("SecurityToken is not a UserNameSecurityToken");
            }

            LMConnect.Key.User user = ValidateUserNameCredentialCore(unToken.UserName, unToken.Password);

            if (user == null)
            {
                return new List<ClaimsIdentity> { new ClaimsIdentity() }.AsReadOnly();
            }

            var claims = new List<Claim>
            {
                new Claim(ClaimTypes.Name, unToken.UserName),
                new Claim(ClaimTypes.Role, user.Role),
                new Claim(ClaimTypes.AuthenticationMethod, AuthenticationMethods.Password),
                new Claim(ClaimTypes.AuthenticationInstant, XmlConvert.ToString(DateTime.UtcNow, "yyyy-MM-ddTHH:mm:ss.fffZ"), ClaimValueTypes.DateTime)
            };

            var identity = new ClaimsIdentity(claims, "Basic");

            if (Configuration.SaveBootstrapContext)
            {
                if (this.RetainPassword)
                {
                    identity.BootstrapContext = new BootstrapContext(unToken, this);
                }
                else
                {
                    var bootstrapToken = new UserNameSecurityToken(unToken.UserName, null);
                    identity.BootstrapContext = new BootstrapContext(bootstrapToken, this);
                }
            }

            return new List<ClaimsIdentity> { identity }.AsReadOnly();
        }
Ejemplo n.º 12
0
		void WriteUserNameSecurityToken (XmlWriter w, UserNameSecurityToken token)
		{
			w.WriteStartElement ("o", "UsernameToken", Constants.WssNamespace);
			w.WriteAttributeString ("u", "Id", Constants.WsuNamespace, token.Id);
			w.WriteStartElement ("o", "Username", Constants.WssNamespace);
			w.WriteString (token.UserName);
			w.WriteEndElement ();
			w.WriteStartElement ("o", "Password", Constants.WssNamespace);
			w.WriteString (token.Password);
			w.WriteEndElement ();
			w.WriteEndElement ();
		}
Ejemplo n.º 13
0
        /// <summary>
        /// Verifies that the security token is a valid windows user.
        /// </summary>
        /// <param name="identityToken">The security token.</param>
        public static void VerifyPassword(UserNameSecurityToken identityToken)
        {
            if (identityToken == null)
            {
                throw ServiceResultException.Create(StatusCodes.BadIdentityTokenRejected, "Secuirty token is not a valid username token.");
            }

            // extract the username and domain from the security token.
            string username = identityToken.UserName;
            string domain = null;

            int index = username.IndexOf('\\');

            if (index != -1)
            {
                domain = username.Substring(0, index);
                username = username.Substring(index + 1);
            }

            IntPtr handle = IntPtr.Zero;

            int result = Win32.LogonUserW(
                username,
                domain,
                identityToken.Password, 
                Win32.LOGON32_LOGON_NETWORK,
                Win32.LOGON32_PROVIDER_DEFAULT,
                ref handle);

            if (result == 0)
            {
                throw ServiceResultException.Create(StatusCodes.BadIdentityTokenRejected, "Login failed for user: {0}", username);
            }

            Win32.CloseHandle(handle);
        }
Ejemplo n.º 14
0
        /// <summary>
        /// Returns the windows principal associated with a user name security token.
        /// </summary>
        /// <param name="identityToken">The identity token.</param>
        /// <param name="interactive">Whether to logon interactively (slow).</param>
        /// <returns>The impersonation context (must be disposed to reverse impersonation).</returns>
        public static ImpersonationContext LogonUser(UserNameSecurityToken identityToken, bool interactive)
        {
            if (identityToken == null)
            {
                throw ServiceResultException.Create(StatusCodes.BadIdentityTokenRejected, "Secuirty token is not a valid username token.");
            }

            // extract the username and domain from the security token.
            string username = identityToken.UserName;
            string domain   = null;

            int index = username.IndexOf('\\');

            if (index != -1)
            {
                domain   = username.Substring(0, index);
                username = username.Substring(index+1);
            }

            // validate the credentials.
            IntPtr handle = IntPtr.Zero;

            int result = Win32.LogonUserW(
			    username,
                domain,
                identityToken.Password,
                (interactive) ? Win32.LOGON32_LOGON_INTERACTIVE : Win32.LOGON32_LOGON_NETWORK,
                Win32.LOGON32_PROVIDER_DEFAULT,
                ref handle);

            if (result == 0)
            {
                result = Marshal.GetLastWin32Error();

                throw ServiceResultException.Create(
                    StatusCodes.BadIdentityTokenRejected, 
                    "Could not logon as user '{0}'. Reason: {1}.",
                    identityToken.UserName,
                    result);
		    }
            
            try
            {
                WindowsIdentity identity = new WindowsIdentity(handle);

                ImpersonationContext context = new ImpersonationContext();
                
                context.Principal = new WindowsPrincipal(identity);
                context.Context = identity.Impersonate();
                context.Handle = handle;

                return context;
            }
            catch (Exception e)
            {
                Win32.CloseHandle(handle);
                throw e;
            }
        }        
        /// <summary>
        /// Validates a <see cref="UserNameSecurityToken"/>.
        /// </summary>
        /// <param name="token">The <see cref="UserNameSecurityToken"/> to validate.</param>
        /// <returns>A <see cref="ReadOnlyCollection{T}"/> of <see cref="ClaimsIdentity"/> representing the identities contained in the token.</returns>
        /// <exception cref="ArgumentNullException">The parameter 'token' is null.</exception>
        /// <exception cref="ArgumentException">The token is not assignable from<see cref="UserNameSecurityToken"/>.</exception>
        /// <exception cref="InvalidOperationException">Configuration <see cref="SecurityTokenHandlerConfiguration"/>is null.</exception>
        /// <exception cref="ArgumentException">If username is not if the form 'user\domain'.</exception>
        /// <exception cref="SecurityTokenValidationException">LogonUser using the given token failed.</exception>
        public override ReadOnlyCollection <ClaimsIdentity> ValidateToken(SecurityToken token)
        {
            if (token == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token");
            }

            UserNameSecurityToken usernameToken = token as UserNameSecurityToken;

            if (usernameToken == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("token", SR.GetString(SR.ID0018, typeof(UserNameSecurityToken)));
            }

            if (this.Configuration == null)
            {
                throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID4274));
            }

            try
            {
                string   userName = usernameToken.UserName;
                string   password = usernameToken.Password;
                string   domain   = null;
                string[] strings  = usernameToken.UserName.Split('\\');
                if (strings.Length != 1)
                {
                    if (strings.Length != 2 || string.IsNullOrEmpty(strings[0]))
                    {
                        // Only support one slash and domain cannot be empty (consistent with windowslogon).
                        throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("token", SR.GetString(SR.ID4062));
                    }

                    // This is the downlevel case - domain\userName
                    userName = strings[1];
                    domain   = strings[0];
                }

                const uint      LOGON32_PROVIDER_DEFAULT        = 0;
                const uint      LOGON32_LOGON_NETWORK_CLEARTEXT = 8;
                SafeCloseHandle tokenHandle = null;
                try
                {
                    if (!NativeMethods.LogonUser(userName, domain, password, LOGON32_LOGON_NETWORK_CLEARTEXT, LOGON32_PROVIDER_DEFAULT, out tokenHandle))
                    {
                        int error = Marshal.GetLastWin32Error();
                        throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenValidationException(SR.GetString(SR.ID4063, userName), new Win32Exception(error)));
                    }

                    WindowsIdentity windowsIdentity = new WindowsIdentity(tokenHandle.DangerousGetHandle(), AuthenticationTypes.Password, WindowsAccountType.Normal, true);

                    // PARTIAL TRUST: will fail when adding claims, AddClaim is SecurityCritical.
                    windowsIdentity.AddClaim(new Claim(ClaimTypes.AuthenticationInstant, XmlConvert.ToString(DateTime.UtcNow, DateTimeFormats.Generated), ClaimValueTypes.DateTime));
                    windowsIdentity.AddClaim(new Claim(ClaimTypes.AuthenticationMethod, AuthenticationMethods.Password));

                    if (this.Configuration.SaveBootstrapContext)
                    {
                        if (RetainPassword)
                        {
                            windowsIdentity.BootstrapContext = new BootstrapContext(usernameToken, this);
                        }
                        else
                        {
                            windowsIdentity.BootstrapContext = new BootstrapContext(new UserNameSecurityToken(usernameToken.UserName, null), this);
                        }
                    }

                    this.TraceTokenValidationSuccess(token);

                    List <ClaimsIdentity> identities = new List <ClaimsIdentity>(1);
                    identities.Add(windowsIdentity);
                    return(identities.AsReadOnly());
                }
                finally
                {
                    if (tokenHandle != null)
                    {
                        tokenHandle.Close();
                    }
                }
            }
            catch (Exception e)
            {
                if (Fx.IsFatal(e))
                {
                    throw;
                }

                this.TraceTokenValidationFailure(token, e.Message);
                throw e;
            }
        }
Ejemplo n.º 16
0
		public void UserNameToken () // it does not support any encryption operation.
		{
			byte [] bytes = new byte [32];
			SecurityToken wt = new UserNameSecurityToken ("eno", "enopass");
			SecurityKeyIdentifierClause kic =
				new X509ThumbprintKeyIdentifierClause (cert);
			new WrappedKeySecurityToken ("urn:gyabo",
				bytes, SecurityAlgorithms.RsaOaepKeyWrap, wt,
				new SecurityKeyIdentifier (kic));
		}
Ejemplo n.º 17
0
		public void WriteUserNameSecurityToken1 ()
		{
			StringWriter sw = new StringWriter ();
			UserNameSecurityToken t = new UserNameSecurityToken ("mono", "poly", "urn:username:1");
			using (XmlWriter w = XmlWriter.Create (sw, GetWriterSettings ())) {
				WSSecurityTokenSerializer.DefaultInstance.WriteToken (w, t);
			}
			// Hmm, no PasswordToken (and TokenType) ?
			Assert.AreEqual ("<o:UsernameToken u:Id=\"urn:username:1\" xmlns:u=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\" xmlns:o=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\"><o:Username>mono</o:Username><o:Password>poly</o:Password></o:UsernameToken>", sw.ToString ());
		}
Ejemplo n.º 18
0
		public void Ctor_SecurityToken_Works ()
		{
			var securityToken = new UserNameSecurityToken (user, password);
			var securityTokenHandler = new SimpleSecurityTokenHandler ();
			BootstrapContext bootstrapContext = new BootstrapContext (securityToken, securityTokenHandler);

			Assert.IsNotNull (bootstrapContext.SecurityToken, "#1");
			Assert.AreEqual (user, securityToken.UserName, "#2");
			Assert.AreEqual (password, securityToken.Password, "#3");
			Assert.AreEqual (securityTokenHandler, bootstrapContext.SecurityTokenHandler, "#4");

			Assert.IsNull (bootstrapContext.Token, "#5");
			Assert.IsNull (bootstrapContext.TokenBytes, "#6");
		}
Ejemplo n.º 19
0
		public void Serialize_SecurityTokenAndHandler_Works ()
		{
			var securityToken = new UserNameSecurityToken (user, password, "uuid-927c0b98-ba18-49d2-a653-306d60f85751-3");
			var securityTokenHandler = new SimpleSecurityTokenHandler ();
			BootstrapContext bootstrapContext = new BootstrapContext (securityToken, securityTokenHandler);

			BinaryFormatter binaryFormatter = new BinaryFormatter ();
			using (var s = new MemoryStream ()) {
				binaryFormatter.Serialize (s, bootstrapContext);
				s.Position = 0;
				BootstrapContext bootstrapContext2 = binaryFormatter.Deserialize (s) as BootstrapContext;
				Assert.IsNotNull (bootstrapContext2, "#1");
				// Deserialize does not restore the SecurityToken, but restores into the Token.
				Assert.IsNotNull (bootstrapContext2.Token, "#3");
				// We replace ' /' by '/' to accomodate the xml writer differences between mono and .net
				Assert.AreEqual (SerializedBootstrapContextSecurityTokenString.Replace (" /", "/"), bootstrapContext2.Token.Replace (" /", "/"), "#2");
				Assert.AreEqual (bootstrapContext.TokenBytes, bootstrapContext2.TokenBytes, "#3");
				Assert.IsNull (bootstrapContext2.SecurityToken, "#4");
				Assert.IsNull (bootstrapContext2.SecurityTokenHandler, "#5");
			}
		}
        /// <summary>
        /// Validates the username and password.
        /// </summary>
        /// <param name="token">The token.</param>
        /// <returns>An identity collection representing the identity in the token</returns>
        public override ReadOnlyCollection<ClaimsIdentity> ValidateToken(SecurityToken token)
        {
            if (token == null)
            {
                throw new ArgumentNullException("token");
            }

            if (base.Configuration == null)
            {
                throw new InvalidOperationException("No Configuration set");
            }

            UserNameSecurityToken unToken = token as UserNameSecurityToken;
            if (unToken == null)
            {
                throw new ArgumentException("SecurityToken is not a UserNameSecurityToken");
            }

            if (!ValidateUserNameCredentialCore(unToken.UserName, unToken.Password))
            {
                throw new SecurityTokenValidationException(unToken.UserName);
            }

            var claims = new List<Claim>
            {
                new Claim(ClaimTypes.Name, unToken.UserName),
                new Claim(ClaimTypes.AuthenticationMethod, AuthenticationMethods.Password),
                AuthenticationInstantClaim.Now
            };

            if (RetainPassword)
            {
                claims.Add(new Claim("password", unToken.Password));
            }

            var identity = new ClaimsIdentity(claims, "Basic");

            if (Configuration.SaveBootstrapContext)
            {
                if (this.RetainPassword)
                {
                    identity.BootstrapContext = new BootstrapContext(unToken, this);
                }
                else
                {
                    var bootstrapToken = new UserNameSecurityToken(unToken.UserName, null);
                    identity.BootstrapContext = new BootstrapContext(bootstrapToken, this);
                }
            }

            return new List<ClaimsIdentity> { identity }.AsReadOnly();
        }
Ejemplo n.º 21
0
        /// <summary>
        /// Writes the given UsernameSecurityToken to the XmlWriter.
        /// </summary>
        /// <param name="writer">XmlWriter to write the token to.</param>
        /// <param name="token">SecurityToken to be written.</param>
        /// <exception cref="InvalidOperationException">The given token is not a UsernameSecurityToken.</exception>
        /// <exception cref="ArgumentNullException">The parameter 'writer' or 'token' is null.</exception>
        public override void WriteToken(XmlWriter writer, SecurityToken token)
        {
            if (writer == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer");
            }

            if (token == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token");
            }

            UserNameSecurityToken usernameSecurityToken = token as UserNameSecurityToken;

            if (usernameSecurityToken == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("token", SR.GetString(SR.ID0018, typeof(UserNameSecurityToken)));
            }

            // <wsse:UsernameToken
            writer.WriteStartElement(
                WSSecurity10Constants.Elements.UsernameToken,
                WSSecurity10Constants.Namespace
                );
            if (!string.IsNullOrEmpty(token.Id))
            {
                // wsu:Id="..."
                writer.WriteAttributeString(
                    WSUtilityConstants.Attributes.IdAttribute,
                    WSUtilityConstants.NamespaceURI,
                    token.Id
                    );
            }
            // <wsse:Username>...</wsse:Username>
            writer.WriteElementString(
                WSSecurity10Constants.Elements.Username,
                WSSecurity10Constants.Namespace,
                usernameSecurityToken.UserName
                );

            // <wsse:Password>...</wsse:Password>
            if (usernameSecurityToken.Password != null)
            {
                writer.WriteStartElement(
                    WSSecurity10Constants.Elements.Password,
                    WSSecurity10Constants.Namespace
                    );

                writer.WriteAttributeString(
                    WSSecurity10Constants.Attributes.Type,
                    null,
                    WSSecurity10Constants.UPTokenPasswordTextValue
                    );

                writer.WriteString(usernameSecurityToken.Password);
                writer.WriteEndElement();
            }

            writer.WriteEndElement();

            writer.Flush();
        }