private static void LoginWithUsernamePassword(AuthenticationHeaderValue credentials, SecurityTokenHandlerCollection handlers, HttpApplication context)
{
try
{
var cred = EncodingFactory.ReadFileText(Convert.FromBase64String(credentials.Parameter));
var separator = cred.IndexOf(':');
var name = cred.Substring(0, separator);
var password = cred.Substring(separator + 1);
var manager = new TokenManager(GetServiceName(context), name, password);
SecurityToken token = null;
var xmlSecurityToken = manager.GetToken(HttpContext.Current.Request.Url.ToString()) as GenericXmlSecurityToken;
if (xmlSecurityToken != null)
{
token = handlers.ReadToken(new XmlTextReader(new StringReader(xmlSecurityToken.TokenXml.OuterXml)));
}
var securityToken = handlers.ValidateToken(token);
var principal = new ClaimsPrincipal(securityToken);
var identity = principal.Identity as ClaimsIdentity;
if (identity != null)
{
identity.BootstrapContext = new BootstrapContext(xmlSecurityToken.TokenXml.OuterXml);
}
Thread.CurrentPrincipal = principal;
context.Context.User = principal;
var sessionToken = new SessionSecurityToken(principal);
FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionToken);
}
catch (Exception)
{
context.Response.AppendHeader("X-InvalidCredentials", "basic");
throw;
}
}
public bool ValidateUser(string userId, string password, out SessionSecurityToken sessionToken)
{
// authenticate with WS-Trust endpoint
var factory = new WSTrustChannelFactory(
new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential),
new EndpointAddress("https://localhost/ActiveSTS/SecurityTokenService.svc"));
factory.Credentials.SupportInteractive = false;
factory.Credentials.UserName.UserName = userId;
factory.Credentials.UserName.Password = password;
var rst = new RequestSecurityToken
{
RequestType = RequestTypes.Issue,
AppliesTo = new EndpointAddress("https://localhost/stsclient/"),
KeyType = KeyTypes.Bearer,
TokenType = Microsoft.IdentityModel.Tokens.SecurityTokenTypes.Saml11TokenProfile11,
};
var channel = factory.CreateChannel();
var genericToken = channel.Issue(rst) as System.IdentityModel.Tokens.GenericXmlSecurityToken;
// parse token
var handlers = FederatedAuthentication.ServiceConfiguration.SecurityTokenHandlers;
var token = handlers.ReadToken(new XmlTextReader(new StringReader(genericToken.TokenXml.OuterXml)));
var identity = handlers.ValidateToken(token).First();
// create session token
sessionToken = new SessionSecurityToken(ClaimsPrincipal.CreateFromIdentity(identity));
return true;
}
public static void SignInOrOutSessionAuthenticationModule(this CommandResult commandResult)
{
if (commandResult == null)
{
throw new ArgumentNullException(nameof(commandResult));
}
// Ignore this if we're not running inside IIS, e.g. in unit tests.
if (commandResult.Principal != null && HttpContext.Current != null)
{
var sessionToken = new SessionSecurityToken(
commandResult.Principal,
null,
DateTime.UtcNow,
commandResult.SessionNotOnOrAfter ??
CalculateSessionNotOnOrAfter());
EnsureSessionAuthenticationModuleAvailable();
FederatedAuthentication.SessionAuthenticationModule
.AuthenticateSessionSecurityToken(sessionToken, true);
}
if (commandResult.TerminateLocalSession && HttpContext.Current != null)
{
EnsureSessionAuthenticationModuleAvailable();
FederatedAuthentication.SessionAuthenticationModule.DeleteSessionTokenCookie();
}
}
public static SessionSecurityToken GetSessionSecurityToken(
this WSFederationAuthenticationModule fam,
HttpContext context,
out string identityProvider,
out string userName,
out string email,
out string displayName,
string emailClaimType = DefaultEmailClaimType,
string displayNameClaimType = DefaultDisplayNameClaimType,
string identityProviderClaimType = DefaultIdentityProviderClaimType)
{
var principal = fam.GetClaimsPrincipal(context);
var sessionSecurityToken = new SessionSecurityToken(principal);
userName = principal.Identity.Name;
Func <string, string> find = claimType => !string.IsNullOrWhiteSpace(claimType)
? principal.Identities
.SelectMany(identity => identity.Claims)
.Where(claim => string.Equals(claim.ClaimType, claimType, StringComparison.OrdinalIgnoreCase))
.Select(claim => claim.Value)
.FirstOrDefault()
: null;
identityProvider = find(identityProviderClaimType);
email = find(emailClaimType);
displayName = find(displayNameClaimType);
return(sessionSecurityToken);
}
public void Login(User user)
{
var claims = new List <Claim>(new[]
{
new Claim(ClaimTypes.NameIdentifier, user.Username),
new Claim(ClaimTypes.Name, user.Name)
});
if (!string.IsNullOrWhiteSpace(user.Email))
{
claims.Add(new Claim(ClaimTypes.Email, user.Email));
}
claims.AddRange(user.Roles.Select(role => new Claim(ClaimTypes.Role, role.Name)));
var identity = new ClaimsIdentity(claims, "Forms");
var principal = new ClaimsPrincipal(identity);
var sessionToken = new SessionSecurityToken(principal);
var authenticationModule = FederatedAuthentication.SessionAuthenticationModule;
// Persist the authentication cookie.
authenticationModule.WriteSessionTokenToCookie(sessionToken);
// Set the current user for the current request
Thread.CurrentPrincipal = principal;
}
public ActionResult SignIn(string returnUrl)
{
// Build claims collection based on valid username
var claims = new List<Claim>
{
new Claim(ClaimTypes.Name, "Chuck Norris"),
new Claim(ClaimTypes.Email, "*****@*****.**"),
new Claim(ClaimTypes.AuthenticationMethod, AuthenticationMethods.Password),
AuthenticationInstantClaim.Now
};
// Create and authenticate principal
var claimsPrincipal = ClaimsPrincipal.CreateFromIdentity(new ClaimsIdentity(claims));
var principal = FederatedAuthentication.ServiceConfiguration.ClaimsAuthenticationManager.Authenticate(string.Empty, claimsPrincipal);
var transformedPrincipal = FederatedAuthentication.ServiceConfiguration.ClaimsAuthenticationManager.Authenticate(HttpContext.Request.Url.AbsoluteUri, principal);
// Create session token
var sessionToken = new SessionSecurityToken(transformedPrincipal, Configuration.PersistentSessionLength)
{
IsPersistent = false
};
FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionToken);
// Redirect
var result = !String.IsNullOrWhiteSpace(returnUrl) ?
Redirect(returnUrl) :
Redirect(Configuration.DefaultApplicationUrl);
return result;
}
public ActionResult Index(string token)
{
try
{
var validationParameters = new TokenValidationParameters
{
IssuerSigningToken = new BinarySecretSecurityToken(
TextEncodings.Base64Url.Decode(ConfigurationManager.AppSettings["auth0:ClientSecret"])),
ValidIssuer = ConfigurationManager.AppSettings["auth0:Domain"],
ValidAudience = ConfigurationManager.AppSettings["auth0:ClientId"]
};
var handler = new JwtSecurityTokenHandler();
SecurityToken securityToken;
ClaimsPrincipal principal = handler.ValidateToken(token, validationParameters, out securityToken);
ClaimsIdentity identity = principal.Identity as ClaimsIdentity;
identity.AddClaim(new Claim("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider", "Auth0"));
identity.AddClaim(new Claim(ClaimTypes.Name, identity.FindFirst(ClaimTypes.Email).Value));
var sessionToken = new SessionSecurityToken(principal, TimeSpan.FromMinutes(15));
FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionToken);
return(RedirectToAction("Change"));
}
catch (Exception ex)
{
return(RedirectToAction("Unauthorized"));
}
}
private DbCommand CreateInsertCommand(DbConnection connection, SessionSecurityTokenCacheKey key,
SessionSecurityToken value, DateTime expiryTime)
{
DbCommand command = connection.CreateCommand();
DbParameter keyParameter = command.CreateParameter();
keyParameter.DbType = DbType.StringFixedLength;
keyParameter.ParameterName = "@pKey";
keyParameter.Value = GenerateCompositeCacheKey(key);
DbParameter valueParameter = command.CreateParameter();
valueParameter.DbType = DbType.StringFixedLength;
valueParameter.ParameterName = "@pValue";
valueParameter.Value = Serialize(expiryTime, value);
DbParameter addedParameter = command.CreateParameter();
addedParameter.DbType = DbType.DateTime;
addedParameter.ParameterName = "@pAdded";
addedParameter.Value = DateTime.Now;
command.CommandText = string.Format(
"INSERT INTO {0} ([Id], [SecurityTokenSerialized], [TimeStamp]) VALUES (@pKey, @pValue, @pAdded)",
CookieTableName);
command.Parameters.AddRange(new[] { keyParameter, valueParameter, addedParameter });
Log.DebugFormat("Created command: {0}", command.CommandText);
Log.DebugFormat("Parameters: Id:'{0}' Timestamp:'{1}' SecurityTokenSerialized:'{2}'", keyParameter.Value,
valueParameter.Value, addedParameter.Value);
return(command);
}
public override void AddOrUpdate(SessionSecurityTokenCacheKey key, SessionSecurityToken value, DateTime expiryTime)
{
string tokenId = null;
ApiHelperAsync helper = new ApiHelperAsync(_httpClient);
var claimsIdentity = Thread.CurrentPrincipal.Identity as ClaimsIdentity;
if (claimsIdentity != null && claimsIdentity.BootstrapContext != null)
{
var bootstrap = claimsIdentity.BootstrapContext as BootstrapContext;
if (bootstrap != null && bootstrap.SecurityToken != null)
{
tokenId = bootstrap.SecurityToken.Id;
}
}
if (tokenId == null || value == null)
{
return;
}
var res = helper.AddOrUpdate(new SessionCacheEntry()
{
EndpointId = key.EndpointId,
ContextId = GetContextIdString(key),
KeyGeneration = GetKeyGenerationString(key),
ExpiryTime = expiryTime,
SessionSecurityTokenValue = value,
UserName = Thread.CurrentPrincipal.Identity.Name,
SessionSecurityTokenID = tokenId
});
if (res)
{
_internalCache.AddOrUpdate(key, value, expiryTime);
}
}
public virtual bool Login(string userName, IEnumerable <Claim> claims)
{
Assert.ArgumentNotNullOrEmpty(userName, "userName");
SessionSecurityToken sessionToken;
if (!FederatedAuthentication.SessionAuthenticationModule.TryReadSessionTokenFromCookie(out sessionToken))
{
// if current user is not claims principal create one from user instance
var filteredClaims = claims.Where(c => (c.Type != ClaimTypes.Name || c.Type != ClaimTypes.NameIdentifier || c.Type != IdentityProvider));
var claimsList = filteredClaims.ToList();
claimsList.AddRange(new[]
{
new Claim(ClaimTypes.Name, Globalize(Context.Domain.Name, userName)),
new Claim(ClaimTypes.NameIdentifier, Globalize(Context.Domain.Name, userName))
});
claimsList.Add(new Claim(IdentityProvider, claims.FirstOrDefault(c => c.Type == IdentityProvider || c.Type == "idp")?.Value ?? "Unknown"));
var id = new ClaimsIdentity(claimsList, "Forms");
var claimsPrincipal = new ClaimsPrincipal(id);
var token = new SessionSecurityToken(claimsPrincipal);
var sam = FederatedAuthentication.SessionAuthenticationModule;
sam.WriteSessionTokenToCookie(token);
}
return(true);
}
public static void SignInOrOutSessionAuthenticationModule(this CommandResult commandResult)
{
if (commandResult == null)
{
throw new ArgumentNullException(nameof(commandResult));
}
// Ignore this if we're not running inside IIS, e.g. in unit tests.
if (commandResult.Principal != null && HttpContext.Current != null)
{
var sessionToken = new SessionSecurityToken(commandResult.Principal);
if (FederatedAuthentication.SessionAuthenticationModule == null)
{
throw new InvalidOperationException(
"FederatedAuthentication.SessionAuthenticationModule is null, make sure you have loaded the SessionAuthenticationModule in web.config. " +
"See https://github.com/KentorIT/authservices/blob/master/doc/Configuration.md#loading-modules");
}
FederatedAuthentication.SessionAuthenticationModule
.AuthenticateSessionSecurityToken(sessionToken, true);
}
if (commandResult.TerminateLocalSession && HttpContext.Current != null)
{
if (FederatedAuthentication.SessionAuthenticationModule == null)
{
throw new InvalidOperationException(
"FederatedAuthentication.SessionAuthenticationModule is null, make sure you have loaded the SessionAuthenticationModule in web.config. " +
"See https://github.com/KentorIT/authservices/blob/master/doc/Configuration.md#loading-modules");
}
FederatedAuthentication.SessionAuthenticationModule.DeleteSessionTokenCookie();
}
}
public void OnAuthentication(System.Web.Mvc.Filters.AuthenticationContext filterContext)
{
SessionSecurityToken sst = null;
try
{
if (FederatedAuthentication.SessionAuthenticationModule.TryReadSessionTokenFromCookie(out sst))
{
var ticketClaim = sst.ClaimsPrincipal.Claims.FirstOrDefault(c => c.Type == "token");
// validate that the cookie wasn't expired
if (ticketClaim != null && !IsExpired(ticketClaim.Value))
{
filterContext.Principal = sst.ClaimsPrincipal;
if (BaseController.CurrentUser == null)
{
var token = (sst.ClaimsPrincipal.Identity as ClaimsIdentity).FindFirst("token")?.Value;
BaseController.CurrentUser = AuthProviderHost.PrimaryAuthProvider.GetAccount(token, null);
}
}
else
{
// clear the cookie so we don't have to do this every time
SignOut();
}
}
}
catch
{
// unfortunately, "TryReadSession" throws. often.
}
}
public async Task <ActionResult> Callback()
{
var result = await OAuth2Client.Instance.ProcessCallbackAsync();
if (result.Error != null)
{
return(Content(result.Error + "<br>" + result.ErrorDetails));
}
var sam = FederatedAuthentication.SessionAuthenticationModule;
if (sam == null)
{
throw new Exception("SessionAuthenticationModule not registered.");
}
var cp = new ClaimsPrincipal(new ClaimsIdentity(result.Claims, "OAuth"));
var id = cp.Identities.First();
var authInstantClaim = new Claim(ClaimTypes.AuthenticationInstant, DateTime.UtcNow.ToString("s"));
id.AddClaim(authInstantClaim);
var idpClaim = new Claim(Constants.ClaimTypes.IdentityProvider, result.ProviderName);
id.AddClaim(idpClaim);
var token = new SessionSecurityToken(cp);
sam.WriteSessionTokenToCookie(token);
return(RedirectToAction("Index"));
}
public async Task <ActionResult> Callback()
{
var result = await OAuth2Client.Instance.ProcessCallbackAsync();
if (result.Error != null)
{
return(Content(result.Error + "<br>" + result.ErrorDetails));
}
var sam = FederatedAuthentication.SessionAuthenticationModule;
if (sam != null)
{
var cp = new ClaimsPrincipal(new ClaimsIdentity(result.Claims, "OAuth"));
var transformer = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager;
if (transformer != null)
{
cp = transformer.Authenticate(String.Empty, cp);
}
var token = new SessionSecurityToken(cp);
sam.WriteSessionTokenToCookie(token);
}
return(Redirect(result.ReturnUrl));
}
internal static string Serialize(this SessionSecurityToken sessionSecurityToken, Newtonsoft.Json.JsonSerializerSettings settings)
{
if (sessionSecurityToken == null)
{
return(null);
}
return(JsonConvert.SerializeObject(sessionSecurityToken, settings).ToString());
}
public override void UpdateTokenInStore(SessionSecurityTokenCacheKey key, SessionSecurityToken value, DateTime expiryTime)
{
if (m_Lookup.ContainsKey(key))
{
m_Lookup.Remove(key);
}
m_Lookup.Add(key, new Tuple <DateTime, SessionSecurityToken>(expiryTime, value));
}
byte[] TokenToBytes(SessionSecurityToken token)
{
if (token == null) return null;
var bytes = serializer.Serialize(token);
var str = MachineKey.Encode(bytes, MachineKeyProtection.All);
return System.Text.Encoding.UTF8.GetBytes(str);
}
/// <summary>
/// Save user state to cookie
/// </summary>
/// <param name="user">User to save to cookie</param>
/// <returns></returns>
private static ClaimsPrincipal SaveToCookie(ClaimsIdentity user)
{
var claimsPrincipal = new ClaimsPrincipal(user);
var sessionSecurityToken = new SessionSecurityToken(claimsPrincipal, TimeSpan.FromDays(365));
FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionSecurityToken);
return(claimsPrincipal);
}
void WriteSessionToken(XmlWriter writer, SessionSecurityToken sessionToken)
{
SessionSecurityTokenHandler ssth = GetOrCreateSessionSecurityTokenHandler();
XmlDictionaryWriter dictionaryWriter = XmlDictionaryWriter.CreateDictionaryWriter(writer);
ssth.WriteToken(dictionaryWriter, sessionToken);
}
private void CreateSession(ClaimsPrincipal transformedPrincipal)
{
if (transformedPrincipal != null)
{
var sessionSecurityToken = new SessionSecurityToken(transformedPrincipal, TimeSpan.FromHours(24));
FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionSecurityToken);
}
}
private void EstablishSession(ClaimsPrincipal principal)
{
if (FederatedAuthentication.SessionAuthenticationModule != null)
{
var sessionToken = new SessionSecurityToken(principal);
FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionToken);
}
}
//public override bool TryAddEntry(object key, SecurityToken value)
public override void AddOrUpdate(SessionSecurityTokenCacheKey key, SessionSecurityToken value, DateTime expiryTime)
{
Log.DebugFormat("Key: {0} Value: {1} Expiry: {2}", key, value.Id, expiryTime);
Log.DebugFormat("Adding or updating in memory cache");
m_MemoryCache.AddOrUpdate(key, value, expiryTime);
Log.DebugFormat("Adding or updating in persistent store");
m_SessionSecurityTokenStore.UpdateTokenInStore(key, value, expiryTime);
}
private void EstablishSession(ClaimsPrincipal principal)
{
var sessionToken = new SessionSecurityToken(principal, TimeSpan.FromHours(8));
// cache on server
//sessionToken.IsReferenceMode = true;
FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionToken);
}
public void OnAuthentication(System.Web.Mvc.Filters.AuthenticationContext filterContext)
{
SessionSecurityToken sst = null;
if (FederatedAuthentication.SessionAuthenticationModule.TryReadSessionTokenFromCookie(out sst))
{
filterContext.Principal = sst.ClaimsPrincipal;
}
}
private bool HandleResponseMessage()
{
try
{
var responseMessage = FederationAuthenticationModule.GetSignInResponseMessage(new HttpRequestWrapper(this.Context.Request));
if (responseMessage != null)
{
string xmlTokenFromMessage = this.FederationAuthenticationModule.GetXmlTokenFromMessage(responseMessage, null);
FederationConfiguration serviceConfiguration = this.FederationAuthenticationModule.FederationConfiguration;
//ServiceConfiguration serviceConfiguration = CUFSSecurityTokenServiceConfiguration.Current;
FederationPassiveTokenReceiver tokenReceiver = new FederationPassiveTokenReceiver(serviceConfiguration);
SecurityToken securityToken = tokenReceiver.ReadToken(xmlTokenFromMessage);
SecurityTokenReceivedEventArgs securityTokenReceivedEventArgs = new SecurityTokenReceivedEventArgs(securityToken);
this.OnSecurityTokenReceived(securityTokenReceivedEventArgs);
if (!securityTokenReceivedEventArgs.Cancel)
{
ClaimsPrincipal claimsPrincipal = tokenReceiver.AuthenticateToken(securityTokenReceivedEventArgs.SecurityToken, true, HttpContext.Current.Request.RawUrl);
if (claimsPrincipal != null)
{
SecurityTokenValidatedEventArgs securityTokenValidatedEventArgs = new SecurityTokenValidatedEventArgs(claimsPrincipal);
this.OnSecurityTokenValidated(securityTokenValidatedEventArgs);
if (!securityTokenValidatedEventArgs.Cancel)
{
SessionAuthenticationModule current = FederatedAuthentication.SessionAuthenticationModule;
DateTime validFrom;
DateTime validTo;
tokenReceiver.ComputeSessionTokenLifeTime(securityTokenReceivedEventArgs.SecurityToken, out validFrom, out validTo);
SessionSecurityToken sessionToken = current.CreateSessionSecurityToken(securityTokenValidatedEventArgs.ClaimsPrincipal, this.GetSessionTokenContext(), validFrom, validTo, false);
SessionSecurityTokenCreatedEventArgs sessionSecurityTokenCreatedEventArgs = new SessionSecurityTokenCreatedEventArgs(sessionToken);
sessionSecurityTokenCreatedEventArgs.WriteSessionCookie = true;
this.OnSessionSecurityTokenCreated(sessionSecurityTokenCreatedEventArgs);
this.FederationAuthenticationModule.SetPrincipalAndWriteSessionToken(sessionSecurityTokenCreatedEventArgs.SessionToken, sessionSecurityTokenCreatedEventArgs.WriteSessionCookie);
this.OnSignedIn(EventArgs.Empty);
return(true);
}
}
}
}
return(false);
}
catch (Exception ex)
{
this.ErrorText = ex.Message;
return(false);
}
}
private void CreateSession(ClaimsPrincipal transformedPrincipal)
{
SessionSecurityToken sessionSecurityToken = new SessionSecurityToken(transformedPrincipal, TimeSpan.FromHours(8));
sessionSecurityToken.IsPersistent = false;
sessionSecurityToken.IsReferenceMode = true;
FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionSecurityToken);
FederatedAuthentication.SessionAuthenticationModule.SessionSecurityTokenReceived += SessionAuthenticationModule_SessionSecurityTokenReceived;
}
private static void SessionTokenDemo()
{
var sessionToken = new SessionSecurityToken(_windowsPrincipal, TimeSpan.FromHours(8));
// This would occur in ASP.NET ...
//FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionToken);
System.Console.WriteLine("Session Token ID: " + sessionToken.Id);
}
private static void SerializeClaimsToCookie(ClaimsPrincipal transformedClaimsPrincipal)
{
var sessionSecurityToken = new SessionSecurityToken(
transformedClaimsPrincipal,
TimeSpan.FromMinutes(30));
var sessionAuthenticationModule = GetSessionAuthenticationModule();
sessionAuthenticationModule.WriteSessionTokenToCookie(sessionSecurityToken);
}
private static void ApplyPrincipal(CommandResult commandResult)
{
if (commandResult.Principal != null)
{
var sessionToken = new SessionSecurityToken(commandResult.Principal);
FederatedAuthentication.SessionAuthenticationModule
.AuthenticateSessionSecurityToken(sessionToken, true);
}
}
public void SetSessionToken(string userName, string authenticationMethod, bool isPersistent, int ttl, IEnumerable <Claim> additionalClaims = null)
{
var principal = CreatePrincipal(userName, authenticationMethod, additionalClaims);
var sessionToken = new SessionSecurityToken(principal, TimeSpan.FromHours(ttl))
{
IsPersistent = isPersistent
};
FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionToken);
}
public void ApplyPrincipal()
{
// Ignore this if we're not running inside IIS, e.g. in unit tests.
if (Principal != null && HttpContext.Current != null)
{
var sessionToken = new SessionSecurityToken(Principal);
FederatedAuthentication.SessionAuthenticationModule
.AuthenticateSessionSecurityToken(sessionToken, true);
}
}
//create Session Security token and Write it to session cookie
private static void CreateSessionSecurityToken(ClaimsPrincipal appPrincipalToStoreInSession)
{
var tokenTiomout = ConfigurationManager.AppSettings["TokenTimeout"] ??
HttpContext.Current.Session.Timeout.ToString();
var sessionSecurityToken = new SessionSecurityToken(appPrincipalToStoreInSession, TimeSpan.FromMinutes(Convert.ToInt16(tokenTiomout)))
{
IsReferenceMode = true
};
FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionSecurityToken);
}
public void SetSessionToken(string userName, string authenticationMethod, bool isPersistent, int ttl, string resourceName)
{
var principal = CreatePrincipal(userName, authenticationMethod);
var transformedPrincipal = FederatedAuthentication.ServiceConfiguration.ClaimsAuthenticationManager.Authenticate(resourceName, principal);
var sessionToken = new SessionSecurityToken(transformedPrincipal, TimeSpan.FromHours(ttl))
{
IsPersistent = isPersistent
};
FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionToken);
}
public void SetSessionPrincipal(SessionSecurityToken token)
{
SessionAuthenticationModule authModule = new SessionAuthenticationModule();
authModule.SetPrincipalAndWriteSessionToken(token, true);
}
public void ProcessResponse()
{
if (string.IsNullOrEmpty(this.federationContext.IssuerName))
{
throw new InvalidOperationException("The context cookie was not found. Try to re-login");
}
var issuer = this.configuration.RetrieveIssuer(new Uri(this.federationContext.IssuerName));
var handler = this.protocolDiscovery.RetrieveProtocolHandler(issuer);
if (handler == null)
throw new InvalidOperationException();
IClaimsIdentity identity = handler.ProcessSignInResponse(
this.federationContext.Realm,
this.federationContext.OriginalUrl,
this.HttpContext);
IClaimsIdentity outputIdentity = UpdateIssuer(identity, this.multiProtocolServiceProperties.Identifier.ToString(), issuer.Identifier.ToString());
outputIdentity.Claims.Add(new Claim(ClaimTypes.AuthenticationMethod, issuer.Identifier.ToString(), ClaimValueTypes.String, this.multiProtocolServiceProperties.Identifier.ToString()));
outputIdentity.Claims.Add(new Claim(ClaimTypes.AuthenticationInstant, DateTime.Now.ToString("o"), ClaimValueTypes.Datetime, this.multiProtocolServiceProperties.Identifier.ToString()));
var sessionToken = new SessionSecurityToken(new ClaimsPrincipal(new IClaimsIdentity[] { outputIdentity }));
FederatedAuthentication.WSFederationAuthenticationModule.SetPrincipalAndWriteSessionToken(sessionToken, true);
Response.Redirect(this.federationContext.OriginalUrl, false);
HttpContext.ApplicationInstance.CompleteRequest();
}
