public ActionResult Index() { // The PKCertificateAuthentication class requires an implementation of INonceStore. We'll use the // FileSystemNonceStore class. var nonceStore = Util.GetNonceStore(); // Instantiate the PKCertificateAuthentication class passing our EntityFrameworkNonceStore. var certAuth = new PKCertificateAuthentication(nonceStore); // Call the Start() method, which is the first of the two server-side steps. This yields the nonce, // a 16-byte-array which we'll send to the view. var nonce = certAuth.Start(); // Notice that this previous will be executed even if an error has occured and it was redirected to // this action. var model = new AuthenticationModel() { Nonce = nonce, DigestAlgorithm = PKCertificateAuthentication.DigestAlgorithm.Oid }; // If this action is called because occurred an error. This error's message will be shown. var vr = TempData["ValidationResults"] as ValidationResults; if (vr != null && !vr.IsValid) { ModelState.AddModelError("", vr.ToString()); } return(View(model)); }
private void startNewAuth() { var nonceStore = Util.GetNonceStore(); var certAuth = new PKCertificateAuthentication(nonceStore); var nonce = certAuth.Start(); NonceField.Value = Convert.ToBase64String(nonce); DigestAlgorithmField.Value = PKCertificateAuthentication.DigestAlgorithm.Oid; }
public IHttpActionResult Get() { // The PKCertificateAuthentication class requires an implementation of INonceStore. // We'll use the FileSystemNonceStore class. var nonceStore = Util.GetNonceStore(); // Instantiate the PKCertificateAuthentication class passing our EntityFrameworkNonceStore var certAuth = new PKCertificateAuthentication(nonceStore); // Call the Start() method, which is the first of the two server-side steps. This yields the nonce, // a 16-byte-array which we'll send to the view. var nonce = certAuth.Start(); return(Ok(nonce)); }
protected void SubmitButton_Click(object sender, EventArgs e) { var nonceStore = Util.GetNonceStore(); var certAuth = new PKCertificateAuthentication(nonceStore); PKCertificate certificate; var vr = certAuth.Complete(Convert.FromBase64String(NonceField.Value), Convert.FromBase64String(CertificateField.Value), Convert.FromBase64String(SignatureField.Value), Util.GetTrustArbitrator(), out certificate); if (!vr.IsValid) { vr.Errors.ForEach(ve => ModelState.AddModelError("", ve.ToString())); startNewAuth(); return; } this.AuthenticatedCertificate = certificate; this.ValidationResults = vr; Server.Transfer("AuthenticationSuccess.aspx"); }
public ActionResult Index(AuthenticationModel model) { // As before, we instantiate a FileSystemNonceStore class and use that to // instantiate a PKCertificateAuthentication var nonceStore = Util.GetNonceStore(); var certAuth = new PKCertificateAuthentication(nonceStore); // Call the Complete() method, which is the last of the two server-side steps. It receives: // - The nonce which was signed using the user's certificate // - The user's certificate encoding // - The nonce signature // - A TrustArbitrator to be used to determine trust in the certificate (for more information see http://pki.lacunasoftware.com/Help/html/e7724d78-9835-4f06-b58c-939b721f6e7b.htm) // The call yields: // - A ValidationResults which denotes whether the authentication was successful or not // - The user's decoded certificate PKCertificate certificate; var vr = certAuth.Complete(model.Nonce, model.Certificate, model.Signature, Util.GetTrustArbitrator(), out certificate); // NOTE: By changing the TrustArbitrator above, you can accept only certificates from a certain PKI, // for instance, ICP-Brasil (TrustArbitrators.PkiBrazil). For more information, see // http://pki.lacunasoftware.com/Help/html/e7724d78-9835-4f06-b58c-939b721f6e7b.htm // // The value above (TrustArbitrators.Windows) specifies that the root certification authorities in the // Windows certificate store are to be used as trust arbitrators. // Check the authentication result if (!vr.IsValid) { // The authentication failed, redirect and inform in index view. TempData["ValidationResults"] = vr; return(RedirectToAction("Index")); } // We redirect to AuthenticationInfo action, that renders the certificate infomations // in its viwe return(View("AuthenticationInfo", new AuthenticationInfoModel() { UserCert = PKCertificate.Decode(model.Certificate) })); }
public ActionResult Index(AuthenticationModel model) { // As before, we instantiate a FileSystemNonceStore class and use that to instantiate a // PKCertificateAuthentication. var nonceStore = Util.GetNonceStore(); var certAuth = new PKCertificateAuthentication(nonceStore); // Call the Complete() method, which is the last of the two server-side steps. It receives: // - The nonce which was signed using the user's certificate. // - The user's certificate encoding. // - The nonce signature. // - A TrustArbitrator to be used to determine trust in the certificate. // The call yields: // - A ValidationResults which denotes whether the authentication was successful or not. // - The user's decoded certificate. PKCertificate certificate; var vr = certAuth.Complete(model.Nonce, model.Certificate, model.Signature, Util.GetTrustArbitrator(), out certificate); // Check the authentication result if (!vr.IsValid) { // The authentication failed, redirect and inform in index view. TempData["ValidationResults"] = vr; return(RedirectToAction("Index")); } // At this point, you have assurance that the certificate is valid according to the // TrustArbitrator you selected when starting the authentication and that the user is indeed the // certificate's subject. Now, you'd typically query your database for a user that matches one of // the certificate's fields, such as userCert.EmailAddress or userCert.PkiBrazil.CPF (the actual // field to be used as key depends on your application's business logic) and set the user ID on // the auth cookie. For demonstration purposes, we'll set the email address directly on the // cookie as if it were the user ID. return(View("Success", new AuthenticationInfoModel() { UserCert = PKCertificate.Decode(model.Certificate) })); }
public IHttpActionResult Post(AuthenticationPostRequest request) { // As before, we instantiate a FileSystemNonceStore class and use that to // instantiate a PKCertificateAuthentication var nonceStore = Util.GetNonceStore(); var certAuth = new PKCertificateAuthentication(nonceStore); // Call the Complete() method, which is the last of the two server-side steps. It receives: // - The nonce which was signed using the user's certificate // - The user's certificate encoding // - The nonce signature // - A TrustArbitrator to be used to determine trust in the certificate (for more information see http://pki.lacunasoftware.com/Help/html/e7724d78-9835-4f06-b58c-939b721f6e7b.htm) // The call yields: // - A ValidationResults which denotes whether the authentication was successful or not // - The user's decoded certificate PKCertificate certificate; var vr = certAuth.Complete(request.Nonce, request.Certificate, request.Signature, Util.GetTrustArbitrator(), out certificate); // NOTE: By changing the TrustArbitrator above, you can accept only certificates from a certain PKI, // for instance, ICP-Brasil (TrustArbitrators.PkiBrazil). For more information, see // http://pki.lacunasoftware.com/Help/html/e7724d78-9835-4f06-b58c-939b721f6e7b.htm // // The value above (TrustArbitrators.Windows) specifies that the root certification authorities in the // Windows certificate store are to be used as trust arbitrators. // Check the authentication result if (!vr.IsValid) { return(new ResponseMessageResult(Request.CreateResponse(HttpStatusCode.BadRequest, new ValidationErrorModel(vr)))); } var response = new AuthenticationPostResponse() { Certificate = new CertificateModel(certificate) }; return(Ok(response)); }