public static FederationConfiguration Create(string relyingPartyUrl, string stsUrl, string domain, string certificateThumbprint, string authCookieName, bool requireSsl)
{
var federationConfiguration = new FederationConfiguration();
federationConfiguration.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(relyingPartyUrl));
var issuingAuthority = new IssuingAuthority(stsUrl);
issuingAuthority.Thumbprints.Add(certificateThumbprint);
issuingAuthority.Issuers.Add(stsUrl);
var issuingAuthorities = new List<IssuingAuthority> { issuingAuthority };
var validatingIssuerNameRegistry = new ValidatingIssuerNameRegistry { IssuingAuthorities = issuingAuthorities };
federationConfiguration.IdentityConfiguration.IssuerNameRegistry = validatingIssuerNameRegistry;
federationConfiguration.IdentityConfiguration.CertificateValidationMode = X509CertificateValidationMode.None;
var chunkedCookieHandler = new ChunkedCookieHandler
{
RequireSsl = requireSsl,
Name = authCookieName,
Domain = domain,
PersistentSessionLifetime = new TimeSpan(0, 0, 30, 0)
};
federationConfiguration.CookieHandler = chunkedCookieHandler;
var issuerOfToken = stsUrl;
federationConfiguration.WsFederationConfiguration.Issuer = issuerOfToken;
federationConfiguration.WsFederationConfiguration.Realm = relyingPartyUrl;
federationConfiguration.WsFederationConfiguration.RequireHttps = requireSsl;
return federationConfiguration;
}
private static void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
{
//from appsettings...
const string allowedAudience = "http://audience1/user/get";
const string rpRealm = "http://audience1/";
const string domain = "";
const bool requireSsl = false;
const string issuer = "http://sts/token/create;
const string certThumbprint = " mythumbprint ";
const string authCookieName = " StsAuth ";
var federationConfiguration = new FederationConfiguration();
federationConfiguration.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(allowedAudience));
var issuingAuthority = new IssuingAuthority(internalSts);
issuingAuthority.Thumbprints.Add(certThumbprint);
issuingAuthority.Issuers.Add(internalSts);
var issuingAuthorities = new List<IssuingAuthority> {issuingAuthority};
var validatingIssuerNameRegistry = new ValidatingIssuerNameRegistry {IssuingAuthorities = issuingAuthorities};
federationConfiguration.IdentityConfiguration.IssuerNameRegistry = validatingIssuerNameRegistry;
federationConfiguration.IdentityConfiguration.CertificateValidationMode = X509CertificateValidationMode.None;
var chunkedCookieHandler = new ChunkedCookieHandler {RequireSsl = false, Name = authCookieName, Domain = domain, PersistentSessionLifetime = new TimeSpan(0, 0, 30, 0)};
federationConfiguration.CookieHandler = chunkedCookieHandler;
federationConfiguration.WsFederationConfiguration.Issuer = issuer;
federationConfiguration.WsFederationConfiguration.Realm = rpRealm;
federationConfiguration.WsFederationConfiguration.RequireHttps = requireSsl;
e.FederationConfiguration = federationConfiguration;
}
public static FederationConfiguration LoadConfigurationSection()
{
var allowedAudience = MortysMixedAuthenticationConfiguration.Settings.ClientApplicationUri;
var rpRealm = MortysMixedAuthenticationConfiguration.Settings.ClientApplicationUri;
var domain = "";
var requireSsl = true;
var issuer = MortysMixedAuthenticationConfiguration.Settings.SecurityTokenIssuerUri;
var certThumbprint = MortysMixedAuthenticationConfiguration.Settings.TokenSigningSertificateThumbprint;
var issuingAuthorityUri = MortysMixedAuthenticationConfiguration.Settings.TokenIssuingAuthorityUri;
var authCookieName = "FocusFederatedAuth";
var federationConfiguration = new FederationConfiguration();
federationConfiguration.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(allowedAudience));
var issuingAuthority = new IssuingAuthority(issuingAuthorityUri);
issuingAuthority.Thumbprints.Add(certThumbprint);
issuingAuthority.Issuers.Add(issuingAuthorityUri);
var validatingIssuerNameRegistry = new ValidatingIssuerNameRegistry
{
IssuingAuthorities = new List <IssuingAuthority> {
issuingAuthority
}
};
federationConfiguration.IdentityConfiguration.IssuerNameRegistry = validatingIssuerNameRegistry;
federationConfiguration.IdentityConfiguration.CertificateValidationMode = X509CertificateValidationMode.None;
var chunkedCookieHandler = new ChunkedCookieHandler {
RequireSsl = false, Name = authCookieName, Domain = domain, PersistentSessionLifetime = new TimeSpan(0, 0, 30, 0)
};
federationConfiguration.CookieHandler = chunkedCookieHandler;
federationConfiguration.WsFederationConfiguration.Issuer = issuer;
federationConfiguration.WsFederationConfiguration.Realm = rpRealm;
federationConfiguration.WsFederationConfiguration.RequireHttps = requireSsl;
federationConfiguration.WsFederationConfiguration.PassiveRedirectEnabled = true;
return(federationConfiguration);
}
public static FederationConfiguration Create(string relyingPartyUrl, string stsUrl, string domain, string certificateThumbprint, string authCookieName, bool requireSsl)
{
var federationConfiguration = new FederationConfiguration();
federationConfiguration.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(relyingPartyUrl));
var issuingAuthority = new IssuingAuthority(stsUrl);
issuingAuthority.Thumbprints.Add(certificateThumbprint);
issuingAuthority.Issuers.Add(stsUrl);
var issuingAuthorities = new List <IssuingAuthority> {
issuingAuthority
};
var validatingIssuerNameRegistry = new ValidatingIssuerNameRegistry {
IssuingAuthorities = issuingAuthorities
};
federationConfiguration.IdentityConfiguration.IssuerNameRegistry = validatingIssuerNameRegistry;
federationConfiguration.IdentityConfiguration.CertificateValidationMode = X509CertificateValidationMode.None;
var chunkedCookieHandler = new ChunkedCookieHandler
{
RequireSsl = requireSsl,
Name = authCookieName,
Domain = domain,
PersistentSessionLifetime = new TimeSpan(0, 0, 30, 0)
};
federationConfiguration.CookieHandler = chunkedCookieHandler;
var issuerOfToken = stsUrl;
federationConfiguration.WsFederationConfiguration.Issuer = issuerOfToken;
federationConfiguration.WsFederationConfiguration.Realm = relyingPartyUrl;
federationConfiguration.WsFederationConfiguration.RequireHttps = requireSsl;
return(federationConfiguration);
}
private static void InitializeHandler(bool enforceSSL)
{
if (_handler == null)
lock (locker)
{
if (_handler == null)
{
_handler = new ChunkedCookieHandler();
_handler.RequireSsl = enforceSSL;
}
}
}
private void ReadProcessCookie(SessionAuthenticationModule sam)
{
ChunkedCookieHandler cookieHandler = new ChunkedCookieHandler();
Byte[] cookie = cookieHandler.Read(Context);
if (null == cookie)
{
present = false;
return;
}
SessionSecurityToken token = sam.ReadSessionTokenFromCookie(cookie);
context.InnerText = token.Context;
isPersistent.InnerText = token.IsPersistent.ToString();
isSessionMode.InnerText = token.IsSessionMode.ToString();
id.InnerText = token.Id;
validFrom.InnerText = token.ValidFrom.ToString();
validTo.InnerText = token.ValidTo.ToString();
}
