static void Main(string[] args)
{
const string RPRealm = "http://ContosoContacts/";
const string RPName = "ContosoContacts";
const string RuleGroupName = "Default rule group for ContosoContacts";
const string googleIdpName = "Google";
const string yahooIdpName = "Yahoo!";
ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient();
svc.DeleteRelyingPartyByRealmIfExists(RPRealm);
svc.DeleteRuleGroupByNameIfExists(RuleGroupName);
svc.DeleteIdentityProviderIfExists(googleIdpName);
svc.DeleteIdentityProviderIfExists(yahooIdpName);
svc.SaveChangesBatch();
//
// Create Google and Yahoo! as identity providers. LiveID is already configured.
//
IdentityProvider live = svc.GetIdentityProviderByName("uri:WindowsLiveID");
IdentityProvider google = svc.CreateOpenIdIdentityProvider(googleIdpName, "https://www.google.com/accounts/o8/ud");
IdentityProvider yahoo = svc.CreateOpenIdIdentityProvider(yahooIdpName, "https://open.login.yahooapis.com/openid/op/auth");
IdentityProvider[] associatedProviders = new[] { live, google, yahoo };
//
// Create the relying party and its associated key.
//
RelyingParty relyingParty = svc.CreateRelyingParty(RPName, RPRealm, null, RelyingPartyTokenType.SWT, false);
svc.AssociateIdentityProvidersWithRelyingParties(associatedProviders, new[] { relyingParty });
RelyingPartyKey relyingPartyKey = svc.GenerateRelyingPartySymmetricKey(relyingParty, DateTime.UtcNow, DateTime.MaxValue, true);
Console.WriteLine("Generated symmetric key: {0}", Convert.ToBase64String(relyingPartyKey.Value));
RuleGroup ruleGroup = svc.CreateRuleGroup(RuleGroupName);
svc.AssignRuleGroupToRelyingParty(ruleGroup, relyingParty);
//
// Create simple rules to pass through all claims from each issuer.
//
foreach (IdentityProvider identityProvider in associatedProviders)
{
string ruleDescription = String.Format(CultureInfo.InvariantCulture, "Pass through all claims from '{0}'", identityProvider.Issuer.Name);
svc.CreateRule(identityProvider.Issuer, null, null, null, null, ruleGroup, ruleDescription);
}
svc.SaveChangesBatch();
Console.WriteLine("Sample configured successfully. Press <ENTER> to exit...");
Console.ReadLine();
}
public static RelyingParty AddRelyingParty(this ManagementService svc, Uri realm,
string relyingPartyName, DateTime startDate, DateTime endDate,
byte[] tokenSigningKey, int tokenLifetime)
{
Contract.Requires(svc != null);
Contract.Requires(realm != null);
Contract.Requires(realm.IsAbsoluteUri);
Contract.Requires(realm.AbsolutePath == "/");
Contract.Requires(!string.IsNullOrWhiteSpace(relyingPartyName));
Contract.Requires(startDate != default(DateTime));
Contract.Requires(endDate > startDate);
Contract.Requires(tokenSigningKey != null);
Contract.Requires(tokenLifetime >= 1);
var relyingParty = new RelyingParty()
{
Name = relyingPartyName,
AsymmetricTokenEncryptionRequired = false,
TokenType = "SWT",
TokenLifetime = tokenLifetime
};
svc.AddToRelyingParties(relyingParty);
var relyingPartyAddress = new RelyingPartyAddress()
{
Address = realm.AbsoluteUri,
EndpointType = "Realm"
};
svc.AddRelatedObject(relyingParty, "RelyingPartyAddresses", relyingPartyAddress);
var relyingPartyKey = new RelyingPartyKey()
{
StartDate = startDate,
EndDate = endDate,
Type = "Symmetric",
Usage = "Signing",
IsPrimary = true,
Value = tokenSigningKey
};
svc.AddRelatedObject(relyingParty, "RelyingPartyKeys", relyingPartyKey);
svc.SaveChanges(SaveChangesOptions.Batch);
return(relyingParty);
}
static void DisplayRelyingPartyKey(RelyingPartyKey relyingPartyKey)
{
// Display the values of returned Relying Party
if (relyingPartyKey != null)
{
Console.WriteLine("\tRelying Party Key (Id = {0})\n", relyingPartyKey.Id);
Console.WriteLine("\t\tId = {0}\n", relyingPartyKey.Id);
Console.WriteLine("\t\tDisplayName = {0}\n", relyingPartyKey.DisplayName);
Console.WriteLine("\t\tPassword = {0}\n", relyingPartyKey.Password == null ? "" : Encoding.UTF8.GetString(relyingPartyKey.Password));
Console.WriteLine("\t\tType = {0}\n", relyingPartyKey.Type);
Console.WriteLine("\t\tUsage = {0}\n", relyingPartyKey.Usage);
Console.WriteLine("\t\tStartDate = {0}\n", relyingPartyKey.StartDate);
Console.WriteLine("\t\tEndDate = {0}\n", relyingPartyKey.EndDate);
Console.WriteLine("\t\tValue = {0}\n", Convert.ToBase64String(relyingPartyKey.Value));
}
}
private static void AddEncryptionKeyToRelyingParty(ManagementService client, string relyingPartyName, byte[] encryptionCert, DateTime defaultStartDate, DateTime defaultEndDate, RelyingParty relyingParty)
{
var relyingPartyKey = new RelyingPartyKey
{
DisplayName = "Encryption Certificate for " + relyingPartyName,
Type = KeyType.X509Certificate.ToString(),
Usage = KeyUsage.Encrypting.ToString(),
Value = encryptionCert,
RelyingParty = relyingParty,
StartDate = defaultStartDate,
EndDate = defaultEndDate
};
client.AddRelatedObject(relyingParty, "RelyingPartyKeys", relyingPartyKey);
client.SaveChanges();
}
private static void AddSigningKeyToRelyingParty(ManagementService client, string relyingPartyName, byte[] symmetricKey, DateTime defaultStartDate, DateTime defaultEndDate, RelyingParty relyingParty)
{
var relyingPartyKey = new RelyingPartyKey
{
DisplayName = "Signing Key for " + relyingPartyName,
Type = KeyType.Symmetric.ToString(),
Usage = KeyUsage.Signing.ToString(),
Value = symmetricKey,
RelyingParty = relyingParty,
StartDate = defaultStartDate,
EndDate = defaultEndDate,
IsPrimary = true
};
client.AddRelatedObject(relyingParty, "RelyingPartyKeys", relyingPartyKey);
client.SaveChanges();
}
private static void AddSigningKeyToRelyingParty(ManagementService client, string relyingPartyName, byte[] signingCert, string signingCertPassword, DateTime defaultStartDate, DateTime defaultEndDate, RelyingParty relyingParty)
{
var relyingPartyKey = new RelyingPartyKey
{
DisplayName = "Signing Certificate for " + relyingPartyName,
Type = KeyType.X509Certificate.ToString(),
Usage = KeyUsage.Signing.ToString(),
Value = signingCert,
Password = string.IsNullOrEmpty(signingCertPassword) ? null : new UTF8Encoding().GetBytes(signingCertPassword),
RelyingParty = relyingParty,
StartDate = defaultStartDate,
EndDate = defaultEndDate,
IsPrimary = true
};
client.AddRelatedObject(relyingParty, "RelyingPartyKeys", relyingPartyKey);
client.SaveChanges();
}
private void RemoveRelatedKeys(RelyingParty rpToRemove, ManagementService client, Action <LogInfo> logAction)
{
var pendingChanges = false;
foreach (var key in rpToRemove.RelyingPartyKeys)
{
RelyingPartyKey keyLocal = key;
var keyToRemove = client.RelyingPartyKeys.Where(
k => k.DisplayName.Equals(keyLocal.DisplayName)).Single();
this.LogMessage(logAction, string.Format("Removing Key '{0}'", keyLocal.DisplayName));
client.DeleteObject(keyToRemove);
pendingChanges = true;
}
if (pendingChanges)
{
client.SaveChanges(SaveChangesOptions.Batch);
this.LogSavingChangesMessage(logAction);
}
}
/// <summary>
/// Insert relying party encrypting keys.
/// </summary>
/// <param name="svc">Management service instance.</param>
/// <param name="rpKeys">List of keys to insert.</param>
/// <param name="relyingParty">Relying Party associated with the keys.</param>
private static void InsertRelyingPartyEncryptingKeysFromMetadata(ManagementService svc, List <X509Certificate2> rpKeys, RelyingParty relyingParty)
{
foreach (X509Certificate2 certificate in rpKeys)
{
RelyingPartyKey keyFromMetadata = new RelyingPartyKey()
{
Usage = RelyingPartyKeyUsage.Encrypting.ToString(),
DisplayName = string.Format(CultureInfo.InvariantCulture, "{0} Encrypting Key", relyingParty.Name),
//
// As a security best practice, set the start and end dates on the data entry
// to be the same value as the dates on the certificate.
//
StartDate = certificate.NotBefore.ToUniversalTime(),
EndDate = certificate.NotAfter.ToUniversalTime(),
Type = RelyingPartyKeyType.X509Certificate.ToString(),
Value = certificate.GetRawCertData()
};
Console.WriteLine(String.Format("Adding new relying party key with subject: '{0}'.\n", GetSubjectFromCertificate(keyFromMetadata.Value)));
svc.AddRelatedObject(relyingParty, "RelyingPartyKeys", keyFromMetadata);
}
}
/// <summary>
/// Generate a symmetric RelyingPartyKey and associcate it with the given relying party.
/// </summary>
public static RelyingPartyKey GenerateRelyingPartySymmetricKey(this ManagementService svc, RelyingParty relyingParty, DateTime startDate, DateTime endDate, bool isPrimary)
{
//
// Symmetric keys used by ACS are 256-bits, which equals 32 bytes.
//
byte[] keyValue = new byte[32];
new RNGCryptoServiceProvider().GetBytes(keyValue);
RelyingPartyKey relyingPartyKey = new RelyingPartyKey()
{
DisplayName = String.Format(CultureInfo.InvariantCulture, "Default signing key for {0}", relyingParty.Name),
EndDate = endDate.ToUniversalTime(),
IsPrimary = isPrimary,
StartDate = startDate.ToUniversalTime(),
Type = RelyingPartyKeyType.Symmetric.ToString(),
Usage = RelyingPartyKeyUsage.Signing.ToString(),
Value = keyValue
};
svc.AddRelatedObject(relyingParty, "RelyingPartyKeys", relyingPartyKey);
return(relyingPartyKey);
}
/// <summary>
/// Create a RelyingPartyKey with the given value, type, and usage, and associate it with the given relying party.
/// </summary>
public static RelyingPartyKey CreateRelyingPartyKey(this ManagementService svc, RelyingParty relyingParty, byte[] keyValue, string password, RelyingPartyKeyType keyType, RelyingPartyKeyUsage keyUsage, bool isPrimary)
{
DateTime startDate, endDate;
if (keyType == RelyingPartyKeyType.X509Certificate)
{
//
// ACS requires that the key start and end dates be within the certificate's validity period.
//
X509Certificate2 cert = new X509Certificate2(keyValue, password);
startDate = cert.NotBefore.ToUniversalTime();
endDate = cert.NotAfter.ToUniversalTime();
}
else
{
startDate = DateTime.UtcNow;
endDate = DateTime.MaxValue;
}
RelyingPartyKey relyingPartyKey = new RelyingPartyKey()
{
DisplayName = String.Format(CultureInfo.InvariantCulture, "Default {0} key for {1}", keyType, relyingParty.Name),
EndDate = endDate,
IsPrimary = isPrimary,
Password = string.IsNullOrEmpty(password) ? null : Encoding.UTF8.GetBytes(password),
StartDate = startDate,
Type = keyType.ToString(),
Usage = keyUsage.ToString(),
Value = keyValue,
};
svc.AddRelatedObject(relyingParty, "RelyingPartyKeys", relyingPartyKey);
return(relyingPartyKey);
}
static void Main(string[] args)
{
const string ClientName = "OAuth2SampleX509Identity";
const string RPRealm = "https://oauth2RelyingParty/";
const string RPName = "OAuth2 RP";
const string RuleGroupName = "Default rule group for OAuth2 RP";
ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient();
svc.DeleteServiceIdentityIfExists(ClientName);
svc.DeleteRelyingPartyByRealmIfExists(RPRealm);
svc.DeleteRuleGroupByNameIfExists(RuleGroupName);
svc.SaveChangesBatch();
X509Certificate2 clientCertificate = new X509Certificate2(@"..\..\..\Certificates\ACS2ClientCertificate.cer");
svc.CreateServiceIdentity(ClientName, clientCertificate.RawData, ServiceIdentityKeyType.X509Certificate, ServiceIdentityKeyUsage.Signing);
RelyingParty relyingParty = svc.CreateRelyingParty(RPName, RPRealm, null, RelyingPartyTokenType.SWT, false);
RelyingPartyKey relyingPartyKey = svc.GenerateRelyingPartySymmetricKey(relyingParty, DateTime.UtcNow, DateTime.MaxValue, true);
Console.WriteLine("Generated symmetric key: {0}", Convert.ToBase64String(relyingPartyKey.Value));
Issuer localAuthority = svc.GetIssuerByName("LOCAL AUTHORITY");
RuleGroup ruleGroup = svc.CreateRuleGroup(RuleGroupName);
svc.AssignRuleGroupToRelyingParty(ruleGroup, relyingParty);
svc.CreateRule(localAuthority, null, null, null, null, ruleGroup, "Pass through claims issued by ACS");
svc.SaveChangesBatch();
Console.WriteLine("Sample configured successfully. Press <ENTER> to exit...");
Console.ReadLine();
}
/// <summary>
/// Configures the ACS service namespace with the proper objects for this sample.
/// </summary>
/// <remarks>
/// Existing objects that are needed for this sample will be deleted and recreated.
/// </remarks>
static void Main(string[] args)
{
const string rpName = "ASPNET Simple Service";
const string rpRealm = "http://localhost:8000/Service/";
const string serviceIdentityName = "acssample";
const string serviceIdentityPassword = "******";
const string ruleGroupName = "Default rule group for ASPNET Simple Service";
ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient();
svc.DeleteRelyingPartyByRealmIfExists(rpRealm);
svc.DeleteServiceIdentityIfExists(serviceIdentityName);
svc.DeleteRuleGroupByNameIfExists(ruleGroupName);
svc.SaveChangesBatch();
RelyingParty relyingParty = svc.CreateRelyingParty(rpName, rpRealm, rpRealm, RelyingPartyTokenType.SWT, false);
RelyingPartyKey relyingPartyKey = svc.GenerateRelyingPartySymmetricKey(relyingParty, DateTime.UtcNow, DateTime.UtcNow.AddYears(1), true);
Console.WriteLine("Generated symmetric key value: {0}", Convert.ToBase64String(relyingPartyKey.Value));
svc.CreateServiceIdentity(serviceIdentityName, Encoding.UTF8.GetBytes(serviceIdentityPassword), ServiceIdentityKeyType.Password, ServiceIdentityKeyUsage.Password);
RuleGroup ruleGroup = svc.CreateRuleGroup(ruleGroupName);
svc.AssignRuleGroupToRelyingParty(ruleGroup, relyingParty);
//
// Add a rule to issue the "action=reverse" claim.
//
svc.CreateRule(svc.GetIssuerByName("LOCAL AUTHORITY"), null, null, "action", "reverse", ruleGroup, "Issue action=reverse claim.");
svc.SaveChangesBatch();
Console.WriteLine("Sample successfully configured. Press ENTER to continue ...");
Console.ReadLine();
}
public static RelyingPartyKey CreateRelyingPartyKey(long ID, long relyingPartyId, bool isPrimary, bool systemReserved, global::System.DateTime startDate, global::System.DateTime endDate)
{
RelyingPartyKey relyingPartyKey = new RelyingPartyKey();
relyingPartyKey.Id = ID;
relyingPartyKey.RelyingPartyId = relyingPartyId;
relyingPartyKey.IsPrimary = isPrimary;
relyingPartyKey.SystemReserved = systemReserved;
relyingPartyKey.StartDate = startDate;
relyingPartyKey.EndDate = endDate;
return relyingPartyKey;
}
public void AddToRelyingPartyKeys(RelyingPartyKey relyingPartyKey)
{
base.AddObject("RelyingPartyKeys", relyingPartyKey);
}
