/// <summary>
/// Get and validate claims for the system user from the SuperID web service
/// </summary>
/// <param name="userToken">System user token, not yet signed</param>
/// <param name="contextIdentifier">Context identifier of the customer</param>
/// <returns>Token with claims</returns>
private static SuperIdToken GetSystemUserToken(string userToken, string contextIdentifier)
{
var systemToken = new SystemToken(userToken);
// Get certificate
var certificatePath = CertificatePath;
// sign the system user token
var signedSystemToken = systemToken.Sign(privateKey: File.ReadAllText(certificatePath));
// Call the web service to exchange signed system user token with claims for the system user
var federationGateway = ConfigurationManager.AppSettings["SoFederationGateway"];
var returnedToken = systemToken.AuthenticateWithSignedSystemToken(federationGateway, signedSystemToken,
ConfigFile.Services.ApplicationToken, contextIdentifier, TokenType.Saml);
// Validate and return SuperId token for the system user
var tokenHandler = new SuperIdTokenHandler();
tokenHandler.IssuerTokenResolver =
new SuperOffice.SuperID.Client.Tokens.CertificateFileCertificateStoreTokenResolver(
System.Web.HttpContext.Current.Server.MapPath("~/App_Data")
);
tokenHandler.CertificateValidator = System.IdentityModel.Selectors.X509CertificateValidator.None;
return(tokenHandler.ValidateToken(returnedToken, TokenType.Saml));
}
private static SuperIdToken GetSystemUserToken(string systemTokenString, string contextIdentifier)
{
// Grab hold of the system user token
var systemToken = new SystemToken(systemTokenString);
// Get certificate
var certificatePath = ConfigManager.ApplicationKeyFile;
if (!Path.IsPathRooted(certificatePath))
{
certificatePath = Path.Combine(HostingEnvironment.MapPath(@"~"), certificatePath);
}
// sign the system user token
var signedSystemToken = systemToken.Sign(privateKey: File.ReadAllText(certificatePath));
// Call the web service to exchange signed system user token with claims for the system user
var federationGateway = ConfigManager.SoFederationGateway;
var returnedToken = systemToken.AuthenticateWithSignedSystemToken(federationGateway, signedSystemToken,
ConfigFile.Services.ApplicationToken, contextIdentifier, TokenType.Jwt);
// Validate SuperId token for the system user
var systemUserTokenHandler = new SuperIdTokenHandler();
var systemUserToken = systemUserTokenHandler.ValidateToken(returnedToken, TokenType.Jwt);
return(systemUserToken);
}
public static SuperIdToken GetSystemUserToken(string userToken, string contextIdentifier,
string privateKey, string federationGateway, string applicationToken, string certificateString)
{
var tokenType = SuperOffice.SuperID.Contracts.SystemUser.V1.TokenType.Jwt;
var systemToken = new SystemToken(userToken);
// Get certificate
// sign the system user ticket
var signedSystemToken = systemToken.Sign(privateKey);
// Call the web service to exchange signed system user ticket with claims for the system user
var returnedToken = systemToken.AuthenticateWithSignedSystemToken(federationGateway, signedSystemToken,
applicationToken, contextIdentifier, tokenType);
if (returnedToken != null)
{
// Validate and return SuperId ticket for the system user
var tokenHandler = new SuperIdTokenHandler();
var certificateResolverPath = AppDomain.CurrentDomain.BaseDirectory + "Certificates";
if (tokenType == SuperOffice.SuperID.Contracts.SystemUser.V1.TokenType.Saml)
{
tokenHandler.CertificateValidator = System.IdentityModel.Selectors.X509CertificateValidator.None;
tokenHandler.IssuerTokenResolver = new CertificateFileCertificateStoreTokenResolver(certificateResolverPath);
}
else
{
// byte[] bytes = System.Convert.FromBase64String(certificateString);
byte[] bytes = Encoding.ASCII.GetBytes(certificateString);
tokenHandler.JwtIssuerSigningCertificate =
new System.Security.Cryptography.X509Certificates.X509Certificate2(bytes);
}
tokenHandler.ValidateAudience = false;
SuperIdToken superToken = null;
try
{
superToken = tokenHandler.ValidateToken(returnedToken, tokenType);
}
catch (Exception e)
{
Console.WriteLine(e);
}
return(superToken);
}
return(null);
}
/// <summary>
/// Get and validate claims for the system user from the SuperID web service
/// </summary>
/// <param name="userToken">System user token, not yet signed</param>
/// <param name="contextIdentifier">Context identifier of the customer</param>
/// <returns>Token with claims</returns>
private static SuperIdToken GetSystemUserToken(string userToken, string contextIdentifier)
{
var tokenType = SuperOffice.SuperID.Contracts.SystemUser.V1.TokenType.Jwt;
var systemToken = new SystemToken(userToken);
// Get certificate
var certificatePath = ConfigurationManager.AppSettings["SystemTokenCertificatePath"];
// sign the system user token
var signedSystemToken = systemToken.Sign(File.ReadAllText(certificatePath));
// Call the web service to exchange signed system user token with claims for the system user
var federationGateway = ConfigurationManager.AppSettings["SoFederationGateway"];
var returnedToken = systemToken.AuthenticateWithSignedSystemToken(federationGateway, signedSystemToken,
ConfigFile.Services.ApplicationToken, contextIdentifier, tokenType);
if (returnedToken != null)
{
// Validate and return SuperId token for the system user
var tokenHandler = new SuperIdTokenHandler();
var certificateResolverPath = AppDomain.CurrentDomain.BaseDirectory + "Certificates";
if (tokenType == SuperID.Contracts.SystemUser.V1.TokenType.Saml)
{
tokenHandler.CertificateValidator = System.IdentityModel.Selectors.X509CertificateValidator.None;
tokenHandler.IssuerTokenResolver = new SuperOffice.SuperID.Client.Tokens.CertificateFileCertificateStoreTokenResolver(certificateResolverPath);
}
else
{
tokenHandler.JwtIssuerSigningCertificate =
new System.Security.Cryptography.X509Certificates.X509Certificate2(
certificateResolverPath + "\\SODSuperOfficeFederatedLogin.crt");
}
tokenHandler.ValidateAudience = false;
return(tokenHandler.ValidateToken(returnedToken, tokenType));
}
return(null);
}