internal override async Task PreTokenRequest() { await base.PreTokenRequest().ConfigureAwait(false); if (this.PerformUserRealmDiscovery()) { UserRealmDiscoveryResponse userRealmResponse = await UserRealmDiscoveryResponse.CreateByDiscoveryAsync(this.Authenticator.UserRealmUri, this.userCredential.UserName, this.CallState).ConfigureAwait(false); PlatformPlugin.Logger.Information(this.CallState, string.Format("User with hash '{0}' detected as '{1}'", PlatformPlugin.CryptographyHelper.CreateSha256Hash(this.userCredential.UserName), userRealmResponse.AccountType)); if (string.Compare(userRealmResponse.AccountType, "federated", StringComparison.OrdinalIgnoreCase) == 0) { if (string.IsNullOrWhiteSpace(userRealmResponse.FederationMetadataUrl)) { throw new MsalException(MsalError.MissingFederationMetadataUrl); } WsTrustAddress wsTrustAddress = await MexParser.FetchWsTrustAddressFromMexAsync(userRealmResponse.FederationMetadataUrl, this.userCredential.UserAuthType, this.CallState).ConfigureAwait(false); PlatformPlugin.Logger.Information(this.CallState, string.Format("WS-Trust endpoint '{0}' fetched from MEX at '{1}'", wsTrustAddress.Uri, userRealmResponse.FederationMetadataUrl)); WsTrustResponse wsTrustResponse = await WsTrustRequest.SendRequestAsync(wsTrustAddress, this.userCredential, this.CallState).ConfigureAwait(false); PlatformPlugin.Logger.Information(this.CallState, string.Format("Token of type '{0}' acquired from WS-Trust endpoint", wsTrustResponse.TokenType)); // We assume that if the response token type is not SAML 1.1, it is SAML 2 this.userAssertion = new UserAssertion(wsTrustResponse.Token, (wsTrustResponse.TokenType == WsTrustResponse.Saml1Assertion) ? OAuthGrantType.Saml11Bearer : OAuthGrantType.Saml20Bearer, this.userCredential.UserName); } else { throw new MsalException(MsalError.UnsupportedUserType); } } }
public async Task CloudAudienceUrnNullTest() { AuthenticationContext context = new AuthenticationContext(TestConstants.DefaultAuthorityCommonTenant); await context.Authenticator.UpdateFromTemplateAsync(null); UserRealmDiscoveryResponse userRealmResponse = await UserRealmDiscoveryResponse.CreateByDiscoveryAsync(context.Authenticator.UserRealmUri, TestConstants.DefaultDisplayableId, null); WsTrustAddress address = new WsTrustAddress() { Uri = new Uri("https://some/address/usernamemixed"), Version = WsTrustVersion.WsTrust13 }; HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler() { Method = HttpMethod.Post, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent(File.ReadAllText("WsTrustResponse.xml")) } }); WsTrustResponse wsTrustResponse = await WsTrustRequest.SendRequestAsync(address, new UserCredential(TestConstants.DefaultDisplayableId), null, null); VerifyCloudInstanceUrnResponse(userRealmResponse.CloudAudienceUrn, "urn:federation:MicrosoftOnline"); }
/// <summary> /// Makes a WSTrust call to the STS to obtain a <see cref="SecurityToken"/> first checking if the token is available in the cache. /// </summary> /// <returns>A <see cref="GenericXmlSecurityToken"/>.</returns> protected override SecurityToken GetTokenCore(TimeSpan timeout) { _communicationObject.ThrowIfClosedOrNotOpen(); WsTrustRequest request = CreateWsTrustRequest(); WsTrustResponse trustResponse = GetCachedResponse(request); if (trustResponse is null) { using (var memeoryStream = new MemoryStream()) { var writer = XmlDictionaryWriter.CreateTextWriter(memeoryStream, Encoding.UTF8); var serializer = new WsTrustSerializer(); serializer.WriteRequest(writer, _requestSerializationContext.TrustVersion, request); writer.Flush(); var reader = XmlDictionaryReader.CreateTextReader(memeoryStream.ToArray(), XmlDictionaryReaderQuotas.Max); IRequestChannel channel = ChannelFactory.CreateChannel(); try { channel.Open(); Message reply = channel.Request(Message.CreateMessage(MessageVersion.Soap12WSAddressing10, _requestSerializationContext.TrustActions.IssueRequest, reader)); SecurityUtils.ThrowIfNegotiationFault(reply, channel.RemoteAddress); trustResponse = serializer.ReadResponse(reply.GetReaderAtBodyContents()); CacheSecurityTokenResponse(request, trustResponse); } finally { channel.Close(); } } } return(WSTrustUtilities.CreateGenericXmlSecurityToken(request, trustResponse, _requestSerializationContext, _securityAlgorithmSuite)); }
public async Task WsTrustRequestGenericCloudUrnTest() { WsTrustAddress address = new WsTrustAddress() { Uri = new Uri("https://some/address/usernamemixed"), Version = WsTrustVersion.WsTrust13 }; HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler() { Method = HttpMethod.Post, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent(File.ReadAllText("WsTrustResponse.xml")) } }); HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler() { Method = HttpMethod.Post, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent(File.ReadAllText("WsTrustResponse.xml")) } }); WsTrustResponse wstResponse = await WsTrustRequest.SendRequestAsync(address, new UserPasswordCredential(TestConstants.DefaultDisplayableId, TestConstants.DefaultPassword), null, TestConstants.CloudAudienceUrn); Assert.IsNotNull(wstResponse.Token); wstResponse = await WsTrustRequest.SendRequestAsync(address, new UserCredential(TestConstants.DefaultDisplayableId), null, TestConstants.CloudAudienceUrn); Assert.IsNotNull(wstResponse.Token); }
public async Task WsTrustRequestFailureTestAsync() { string uri = "https://some/address/usernamemixed"; var endpoint = new WsTrustEndpoint(new Uri(uri), WsTrustVersion.WsTrust13); using (var harness = CreateTestHarness()) { harness.HttpManager.AddMockHandlerContentNotFound(HttpMethod.Post, url: uri); var requestContext = new RequestContext(harness.ServiceBundle, Guid.NewGuid()); try { var message = endpoint.BuildTokenRequestMessageWindowsIntegratedAuth("urn:federation:SomeAudience"); WsTrustResponse wstResponse = await harness.ServiceBundle.WsTrustWebRequestManager.GetWsTrustResponseAsync(endpoint, message, requestContext).ConfigureAwait(false); Assert.Fail("We expect an exception to be thrown here"); } catch (MsalException ex) { Assert.AreEqual(MsalError.FederatedServiceReturnedError, ex.ErrorCode); } } }
/// <summary> /// Makes a WSTrust call to the STS to obtain a <see cref="SecurityToken"/> first checking if the token is available in the cache. /// </summary> /// <returns>A <see cref="GenericXmlSecurityToken"/>.</returns> protected override SecurityToken GetTokenCore(TimeSpan timeout) { WsTrustRequest request = CreateWsTrustRequest(); WsTrustResponse trustResponse = GetCachedResponse(request); if (trustResponse is null) { using (var memeoryStream = new MemoryStream()) { var writer = XmlDictionaryWriter.CreateTextWriter(memeoryStream, Encoding.UTF8); var serializer = new WsTrustSerializer(); serializer.WriteRequest(writer, _requestSerializationContext.TrustVersion, request); writer.Flush(); var reader = XmlDictionaryReader.CreateTextReader(memeoryStream.ToArray(), XmlDictionaryReaderQuotas.Max); IRequestChannel channel = ChannelFactory.CreateChannel(); Message reply = channel.Request(Message.CreateMessage(MessageVersion.Soap12WSAddressing10, _requestSerializationContext.TrustActions.IssueRequest, reader)); SecurityUtils.ThrowIfNegotiationFault(reply, channel.RemoteAddress); trustResponse = serializer.ReadResponse(reply.GetReaderAtBodyContents()); CacheSecurityTokenResponse(request, trustResponse); } } // Create GenericXmlSecurityToken // Assumes that token is first and Saml2SecurityToken. using (var stream = new MemoryStream()) { RequestSecurityTokenResponse response = trustResponse.RequestSecurityTokenResponseCollection[0]; // Get attached and unattached references GenericXmlSecurityKeyIdentifierClause internalSecurityKeyIdentifierClause = null; if (response.AttachedReference != null) { internalSecurityKeyIdentifierClause = GetSecurityKeyIdentifierForTokenReference(response.AttachedReference); } GenericXmlSecurityKeyIdentifierClause externalSecurityKeyIdentifierClause = null; if (response.UnattachedReference != null) { externalSecurityKeyIdentifierClause = GetSecurityKeyIdentifierForTokenReference(response.UnattachedReference); } // Get proof token IdentityModel.Tokens.SecurityToken proofToken = GetProofToken(request, response); // Get lifetime DateTime created = response.Lifetime?.Created ?? DateTime.UtcNow; DateTime expires = response.Lifetime?.Expires ?? created.AddDays(1); return(new GenericXmlSecurityToken(response.RequestedSecurityToken.TokenElement, proofToken, created, expires, internalSecurityKeyIdentifierClause, externalSecurityKeyIdentifierClause, null)); } }
private void CacheSecurityTokenResponse(WsTrustRequest request, WsTrustResponse response) { if (WSTrustTokenParameters.CacheIssuedTokens) { // If cached responses are stored in a shared cache in the future, that cache should be written // to here, possibly including serializing the WsTrustResponse if the cache stores byte[] (as // IDistributedCache does). CachedResponse = response; } }
public void TestCreateFromResponse_WhenInputContainsWhitespace_ShouldPreserveWhitespace() { string sample = File.ReadAllText("WsTrustResponse.xml"); string characteristic = "\n <saml:Assertion"; StringAssert.Contains(sample, characteristic); WsTrustResponse resp = WsTrustResponse.CreateFromResponse( new MemoryStream(Encoding.UTF8.GetBytes(sample)), WsTrustVersion.WsTrust2005); StringAssert.Contains(resp.Token, characteristic); }
public void TestCreateFromResponseDocument_WhenInputContainsWhitespace_ShouldPreserveWhitespace() { string sample = File.ReadAllText("WsTrustResponse.xml"); string characteristic = "\n <saml:Assertion"; StringAssert.Contains(sample, characteristic); WsTrustResponse resp = WsTrustResponse.CreateFromResponseDocument( XDocument.Parse(sample, LoadOptions.PreserveWhitespace), WsTrustVersion.WsTrust2005); StringAssert.Contains(resp.Token, characteristic); }
public async Task WsTrustRequestTest() { var federatedSts = SetupStsService(StsType.AADFederatedWithADFS3); AuthenticationContext context = new AuthenticationContext(federatedSts.Authority, federatedSts.ValidateAuthority); await context.Authenticator.UpdateFromTemplateAsync(null); UserRealmDiscoveryResponse userRealmResponse = await UserRealmDiscoveryResponse.CreateByDiscoveryAsync(context.Authenticator.UserRealmUri, federatedSts.ValidUserName, null); XDocument mexDocument = await FecthMexAsync(userRealmResponse.FederationMetadataUrl); Verify.IsNotNull(mexDocument); WsTrustAddress wsTrustAddress = MexParser.ExtractWsTrustAddressFromMex(mexDocument, UserAuthType.UsernamePassword, null); Verify.IsNotNull(wsTrustAddress); WsTrustResponse wstResponse = await WsTrustRequest.SendRequestAsync(wsTrustAddress, new UserCredential(federatedSts.ValidUserName, federatedSts.ValidPassword), null); Verify.IsNotNull(wstResponse.Token); Verify.IsTrue(wstResponse.TokenType.Contains("SAML")); SecureString securePassword = new SecureString(); foreach (var ch in federatedSts.ValidPassword) { securePassword.AppendChar(ch); } wstResponse = await WsTrustRequest.SendRequestAsync(wsTrustAddress, new UserCredential(federatedSts.ValidUserName, securePassword), null); Verify.IsNotNull(wstResponse.Token); Verify.IsTrue(wstResponse.TokenType.Contains("SAML")); try { await WsTrustRequest.SendRequestAsync(new WsTrustAddress { Uri = new Uri(wsTrustAddress.Uri.AbsoluteUri + "x") }, new UserCredential(federatedSts.ValidUserName, federatedSts.ValidPassword), null); } catch (AdalException ex) { Verify.IsNotNull(ex.ErrorCode, AdalError.FederatedServiceReturnedError); Verify.IsNotNull(ex.InnerException); } try { await WsTrustRequest.SendRequestAsync(new WsTrustAddress { Uri = new Uri(wsTrustAddress.Uri.AbsoluteUri) }, new UserCredential(federatedSts.ValidUserName, "InvalidPassword"), null); } catch (AdalException ex) { Verify.IsNotNull(ex.ErrorCode, AdalError.FederatedServiceReturnedError); Verify.IsNotNull(ex.InnerException); } }
protected override async Task PreTokenRequestAsync() { await base.PreTokenRequestAsync().ConfigureAwait(false); if (this.PerformUserRealmDiscovery()) { UserRealmDiscoveryResponse userRealmResponse = await UserRealmDiscoveryResponse.CreateByDiscoveryAsync(this.Authenticator.UserRealmUri, this.userCredential.UserName, this.CallState).ConfigureAwait(false); CallState.Logger.InformationPii(CallState, string.Format(CultureInfo.CurrentCulture, " User with user name '{0}' detected as '{1}'", userCredential.UserName, userRealmResponse.AccountType)); if (string.Compare(userRealmResponse.AccountType, "federated", StringComparison.OrdinalIgnoreCase) == 0) { if (string.IsNullOrWhiteSpace(userRealmResponse.FederationMetadataUrl)) { throw new AdalException(AdalError.MissingFederationMetadataUrl); } WsTrustAddress wsTrustAddress = await MexParser.FetchWsTrustAddressFromMexAsync(userRealmResponse.FederationMetadataUrl, this.userCredential.UserAuthType, this.CallState).ConfigureAwait(false); CallState.Logger.InformationPii(CallState, string.Format(CultureInfo.CurrentCulture, " WS-Trust endpoint '{0}' fetched from MEX at '{1}'", wsTrustAddress.Uri, userRealmResponse.FederationMetadataUrl)); WsTrustResponse wsTrustResponse = await WsTrustRequest.SendRequestAsync(wsTrustAddress, this.userCredential, this.CallState, userRealmResponse.CloudAudienceUrn).ConfigureAwait(false); var msg = string.Format(CultureInfo.CurrentCulture, " Token of type '{0}' acquired from WS-Trust endpoint", wsTrustResponse.TokenType); CallState.Logger.Information(this.CallState, msg); CallState.Logger.InformationPii(this.CallState, msg); // We assume that if the response token type is not SAML 1.1, it is SAML 2 this.userAssertion = new UserAssertion(wsTrustResponse.Token, (wsTrustResponse.TokenType == WsTrustResponse.Saml1Assertion) ? OAuthGrantType.Saml11Bearer : OAuthGrantType.Saml20Bearer); } else if (string.Compare(userRealmResponse.AccountType, "managed", StringComparison.OrdinalIgnoreCase) == 0) { // handle password grant flow for the managed user if (this.userCredential.PasswordToCharArray() == null) { throw new AdalException(AdalError.PasswordRequiredForManagedUserError); } } else { throw new AdalException(AdalError.UnknownUserType); } } }
public async Task CloudAudienceUrnTest() { AuthenticationContext context = new AuthenticationContext(TestConstants.DefaultAuthorityCommonTenant); await context.Authenticator.UpdateFromTemplateAsync(null); HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetUserRealmEndpoint(TestConstants.DefaultAuthorityCommonTenant) + "/" + TestConstants.DefaultDisplayableId) { Method = HttpMethod.Get, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent("{\"ver\":\"1.0\",\"account_type\":\"Federated\",\"domain_name\":\"microsoft.com\"," + "\"federation_protocol\":\"WSTrust\",\"federation_metadata_url\":" + "\"https://msft.sts.microsoft.com/adfs/services/trust/mex\"," + "\"federation_active_auth_url\":\"https://msft.sts.microsoft.com/adfs/services/trust/2005/usernamemixed\"" + ",\"cloud_audience_urn\":\"urn:federation:Blackforest\"" + ",\"cloud_instance_name\":\"login.microsoftonline.com\"}") }, QueryParams = new Dictionary <string, string>() { { "api-version", "1.0" } } }); UserRealmDiscoveryResponse userRealmResponse = await UserRealmDiscoveryResponse.CreateByDiscoveryAsync(context.Authenticator.UserRealmUri, TestConstants.DefaultDisplayableId, CallState.Default); WsTrustAddress address = new WsTrustAddress() { Uri = new Uri("https://some/address/usernamemixed"), Version = WsTrustVersion.WsTrust13 }; HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler("https://some/address/usernamemixed") { Method = HttpMethod.Post, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent(File.ReadAllText("WsTrustResponse13.xml")) } }); WsTrustResponse wsTrustResponse = await WsTrustRequest.SendRequestAsync(address, new UserCredential(TestConstants.DefaultDisplayableId), null, userRealmResponse.CloudAudienceUrn); VerifyCloudInstanceUrnResponse("urn:federation:Blackforest", userRealmResponse.CloudAudienceUrn); // All mocks are consumed Assert.AreEqual(0, HttpMessageHandlerFactory.MockHandlersCount()); }
public async Task <WsTrustResponse> GetWsTrustResponseAsync( string cloudAudienceUrn, WsTrustEndpoint endpoint, CancellationToken cancellationToken) { string wsTrustRequestMessage; var authorizationType = _authenticationParameters.AuthorizationType; switch (authorizationType) { case AuthorizationType.WindowsIntegratedAuth: wsTrustRequestMessage = endpoint.BuildTokenRequestMessageWia(cloudAudienceUrn); break; case AuthorizationType.UsernamePassword: wsTrustRequestMessage = endpoint.BuildTokenRequestMessageUsernamePassword( cloudAudienceUrn, _authenticationParameters.UserName, _authenticationParameters.Password); break; default: throw new InvalidOperationException(); } string soapAction = endpoint.Version == WsTrustVersion.WsTrust2005 ? WsTrustMexDocument.Trust2005Spec : WsTrustMexDocument.Trust13Spec; var requestHeaders = new Dictionary <string, string> { ["SOAPAction"] = soapAction, ["ContentType"] = "application/soap+xml" }; HttpContent body = new StringContent(wsTrustRequestMessage, Encoding.UTF8, requestHeaders["ContentType"]); var response = await _httpManager.PostAsync(endpoint.Uri, requestHeaders, body, cancellationToken) .ConfigureAwait(false); return(WsTrustResponse.Create(response.StatusCode, response.ResponseData)); }
public async Task WsTrustRequestGenericCloudUrnTestAsync() { HttpMessageHandlerFactory.InitializeMockProvider(); string URI = "https://some/address/usernamemixed"; WsTrustAddress address = new WsTrustAddress() { Uri = new Uri(URI), Version = WsTrustVersion.WsTrust13 }; HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(URI) { Method = HttpMethod.Post, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent(File.ReadAllText("WsTrustResponse13.xml")) } }); HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(URI) { Method = HttpMethod.Post, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent(File.ReadAllText("WsTrustResponse13.xml")) } }); WsTrustResponse wstResponse = await WsTrustRequest.SendRequestAsync(address, new UserPasswordCredential(TestConstants.DefaultDisplayableId, TestConstants.DefaultPassword), null, TestConstants.CloudAudienceUrn).ConfigureAwait(false); Assert.IsNotNull(wstResponse.Token); wstResponse = await WsTrustRequest.SendRequestAsync(address, new UserCredential(TestConstants.DefaultDisplayableId), null, TestConstants.CloudAudienceUrn).ConfigureAwait(false); Assert.IsNotNull(wstResponse.Token); // All mocks are consumed Assert.AreEqual(0, HttpMessageHandlerFactory.MockHandlersCount()); }
public async Task WsTrustRequestParseErrorTestAsync() { const string body = "Non-Parsable"; const string uri = "https://some/address/usernamemixed"; string expectedMessage = string.Format(CultureInfo.CurrentCulture, MsalErrorMessage.ParsingWsTrustResponseFailedErrorTemplate, uri, body); var endpoint = new WsTrustEndpoint(new Uri(uri), WsTrustVersion.WsTrust13); using (var harness = CreateTestHarness()) { harness.HttpManager.AddMockHandler( new MockHttpMessageHandler() { ExpectedUrl = uri, ExpectedMethod = HttpMethod.Post, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent(body) } }); var requestContext = new RequestContext(harness.ServiceBundle, Guid.NewGuid()); try { var message = endpoint.BuildTokenRequestMessageWindowsIntegratedAuth("urn:federation:SomeAudience"); WsTrustResponse wstResponse = await harness.ServiceBundle.WsTrustWebRequestManager.GetWsTrustResponseAsync(endpoint, message, requestContext).ConfigureAwait(false); Assert.Fail("We expect an exception to be thrown here"); } catch (MsalException ex) { Assert.AreEqual(MsalError.ParsingWsTrustResponseFailed, ex.ErrorCode); Assert.AreEqual(ex.Message, expectedMessage); } } }
/// <summary> /// Sends a <see cref="WsTrustRequest"/> to a STS to obtain a <see cref="WCFSecurityToken"/>. /// </summary> /// <param name="trustRequest">The <see cref="WsTrustRequest" /> sent to the STS.</param> /// <returns>A <see cref="WCFSecurityToken" /> issued by the STS.</returns> public async virtual Task <WCFSecurityToken> IssueAsync(WsTrustRequest trustRequest) { _ = trustRequest ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(trustRequest)); Message requestMessage = CreateRequest(trustRequest); Message response = await Task.Factory.FromAsync(RequestChannel.BeginRequest, RequestChannel.EndRequest, requestMessage, null, TaskCreationOptions.None).ConfigureAwait(false); if (response.IsFault) { MessageFault fault = MessageFault.CreateFault(response, FaultMaxBufferSize); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(FaultException.CreateFault(fault, response.Headers?.Action)); } WsTrustResponse trustResponse = TrustSerializer.ReadResponse(response.GetReaderAtBodyContents()); WCFSecurityToken token = WSTrustUtilities.CreateGenericXmlSecurityToken(trustRequest, trustResponse, GetSerializationContext(trustRequest), null); if (token == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.Format(SR.TokenProviderUnableToGetToken, string.IsNullOrEmpty(Address) ? ToString() : Address))); } return(token); }
private async Task <SecurityToken> GetTokenAsyncCore(TimeSpan timeout) { _communicationObject.ThrowIfClosedOrNotOpen(); WsTrustRequest request = CreateWsTrustRequest(); WsTrustResponse trustResponse = GetCachedResponse(request); if (trustResponse is null) { using (var memeoryStream = new MemoryStream()) { var writer = XmlDictionaryWriter.CreateTextWriter(memeoryStream, Encoding.UTF8); var serializer = new WsTrustSerializer(); serializer.WriteRequest(writer, _requestSerializationContext.TrustVersion, request); writer.Flush(); var reader = XmlDictionaryReader.CreateTextReader(memeoryStream.ToArray(), XmlDictionaryReaderQuotas.Max); IRequestChannel channel = ChannelFactory.CreateChannel(); await Task.Factory.FromAsync(channel.BeginOpen, channel.EndOpen, null, TaskCreationOptions.None); try { Message requestMessage = Message.CreateMessage(MessageVersion.Soap12WSAddressing10, _requestSerializationContext.TrustActions.IssueRequest, reader); Message reply = await Task.Factory.FromAsync(channel.BeginRequest, channel.EndRequest, requestMessage, null, TaskCreationOptions.None); SecurityUtils.ThrowIfNegotiationFault(reply, channel.RemoteAddress); trustResponse = serializer.ReadResponse(reply.GetReaderAtBodyContents()); CacheSecurityTokenResponse(request, trustResponse); } finally { await Task.Factory.FromAsync(channel.BeginClose, channel.EndClose, null, TaskCreationOptions.None); } } } return(CreateGenericXmlSecurityToken(request, trustResponse)); }
private SecurityToken CreateGenericXmlSecurityToken(WsTrustRequest request, WsTrustResponse trustResponse) { // Create GenericXmlSecurityToken // Assumes that token is first and Saml2SecurityToken. RequestSecurityTokenResponse response = trustResponse.RequestSecurityTokenResponseCollection[0]; // Get attached and unattached references GenericXmlSecurityKeyIdentifierClause internalSecurityKeyIdentifierClause = null; if (response.AttachedReference != null) { internalSecurityKeyIdentifierClause = GetSecurityKeyIdentifierForTokenReference(response.AttachedReference); } GenericXmlSecurityKeyIdentifierClause externalSecurityKeyIdentifierClause = null; if (response.UnattachedReference != null) { externalSecurityKeyIdentifierClause = GetSecurityKeyIdentifierForTokenReference(response.UnattachedReference); } // Get proof token IdentityModel.Tokens.SecurityToken proofToken = GetProofToken(request, response); // Get lifetime DateTime created = response.Lifetime?.Created ?? DateTime.UtcNow; DateTime expires = response.Lifetime?.Expires ?? created.AddDays(1); return(new GenericXmlSecurityToken(response.RequestedSecurityToken.TokenElement, proofToken, created, expires, internalSecurityKeyIdentifierClause, externalSecurityKeyIdentifierClause, null)); }
/// <summary> /// Gets all <see cref="SecurityToken"/>s that are in the <paramref name="response"/>. /// </summary> /// <param name="response">An <see cref="WsTrustResponse"/> instance.</param> /// <returns>An <see cref="IEnumerable{T}"/> of <see cref="SecurityToken"/>.</returns> public static IEnumerable <SecurityToken> GetRequestedSecurityTokens(this WsTrustResponse response) => response?.RequestSecurityTokenResponseCollection?.Select(r => r.RequestedSecurityToken?.SecurityToken) ?? Enumerable.Empty <SecurityToken>();
/// <summary> /// Gets all security token <see cref="XmlElement"/>s that are in the <paramref name="response"/>. /// </summary> /// <param name="response">An <see cref="WsTrustResponse"/> instance.</param> /// <returns>An <see cref="IEnumerable{T}"/> of <see cref="XmlElement"/>.</returns> public static IEnumerable <XmlElement> GetRequestedSecurityTokenElements(this WsTrustResponse response) => response?.RequestSecurityTokenResponseCollection?.Select(r => r.RequestedSecurityToken?.TokenElement) ?? Enumerable.Empty <XmlElement>();
/// <summary> /// Gets a single security token <see cref="XmlElement"/> that is in the <paramref name="response"/>. /// <para>If more than one security token is contained withing the <paramref name="response"/>, an exception will be thrown.</para> /// </summary> /// <param name="response">An <see cref="WsTrustResponse"/> instance.</param> /// <returns>A <see cref="XmlElement"/> instance.</returns> public static XmlElement GetRequestedSecurityTokenElement(this WsTrustResponse response) => response.GetRequestedSecurityTokenElements().Single();
/// <summary> /// Gets a single <see cref="SecurityToken"/> that is in the <paramref name="response"/>. /// <para>If more than one <see cref="SecurityToken"/> is contained withing the <paramref name="response"/>, an exception will be thrown.</para> /// </summary> /// <param name="response">An <see cref="WsTrustResponse"/> instance.</param> /// <returns>A <see cref="SecurityToken"/> instance.</returns> public static SecurityToken GetRequestedSecurityToken(this WsTrustResponse response) => response.GetRequestedSecurityTokens().Single();
public void TestConstructor_OK_NullResponse() { var response = WsTrustResponse.Create(HttpStatusCode.OK, null); Assert.Fail(); }