Example #1
0
        protected override async Task <AuthenticationTicket> AuthenticateCoreAsync()
        {
            ClientCertificateValidationResult validationResult = await Task.Run(() => ValidateCertificate(Request.Environment));

            if (validationResult.IsCertificateValid)
            {
                AuthenticationProperties authProperties = new AuthenticationProperties
                {
                    IssuedUtc    = DateTime.UtcNow,
                    ExpiresUtc   = DateTime.UtcNow.AddDays(1),
                    AllowRefresh = true,
                    IsPersistent = true
                };
                IList <Claim> claimCollection = new List <Claim>
                {
                    new Claim(ClaimTypes.Name, "Wojtek")
                    , new Claim(ClaimTypes.Country, "PL")
                    , new Claim(ClaimTypes.Gender, "M")
                    , new Claim(ClaimTypes.Surname, "Sabat")
                    , new Claim(ClaimTypes.Email, "*****@*****.**")
                    , new Claim(ClaimTypes.Role, "IT")
                    , new Claim("HasValidClientCertificate", "true")
                };
                ClaimsIdentity       claimsIdentity = new ClaimsIdentity(claimCollection, "X.509");
                AuthenticationTicket ticket         = new AuthenticationTicket(claimsIdentity, authProperties);
                return(ticket);
            }
            return(await Task.FromResult <AuthenticationTicket>(null));
        }
Example #2
0
        private ClientCertificateValidationResult ValidateCertificate(IDictionary <string, object> owinEnvironment)
        {
            if (owinEnvironment.ContainsKey(_owinClientCertKey))
            {
                X509Certificate2 clientCert = Context.Get <X509Certificate2>(_owinClientCertKey);
                return(_clientCertificateValidator.Validate(clientCert));
            }

            ClientCertificateValidationResult invalid = new ClientCertificateValidationResult(false);

            invalid.AddValidationException("There's no client certificate attached to the request.");
            return(invalid);
        }
Example #3
0
        public ClientCertificateValidationResult Validate(X509Certificate2 certificate)
        {
            var isValid    = false;
            var exceptions = new List <string>();

            try
            {
                var chain       = new X509Chain();
                var chainPolicy = new X509ChainPolicy
                {
                    RevocationMode = X509RevocationMode.NoCheck,
                    RevocationFlag = X509RevocationFlag.EntireChain
                };
                chain.ChainPolicy = chainPolicy;
                if (chain.Build(certificate))
                {
                    isValid = true;
                }
                else
                {
                    foreach (X509ChainElement chainElement in chain.ChainElements)
                    {
                        foreach (X509ChainStatus chainStatus in chainElement.ChainElementStatus)
                        {
                            exceptions.Add(chainStatus.StatusInformation);
                        }
                    }
                }
            }
            catch (Exception ex)
            {
                exceptions.Add(ex.Message);
            }
            var result = new ClientCertificateValidationResult(isValid);

            result.AddValidationExceptions(exceptions);
            return(result);
        }