public void Process(AssertionRequest request) { var handlers = FederatedAuthentication.ServiceConfiguration.SecurityTokenHandlers; var config = new SimpleWrapIssuerConfiguration(); var values = new Dictionary<String, String>(); // Read received token SecurityToken token = null; using (XmlReader reader = XmlReader.Create(new StringReader(request.Assertion))) { token = handlers.ReadToken(reader); } ClaimsIdentityCollection claims = handlers.ValidateToken(token); // Copy claims foreach (var claim in claims[0].Claims) values[claim.ClaimType] = claim.Value; // TODO values[WrapConstants.SimpleWebTokenParameters.Audience] = "http://wrap.resource"; // Create SWT with the same claims SimpleWebToken swt = new SimpleWebToken(values, token.ValidTo, config.SigningCredentials); StringBuilder sb = new StringBuilder(); using (XmlWriter writer = XmlWriter.Create(sb, new XmlWriterSettings() { OmitXmlDeclaration = true })) { FederatedAuthentication.ServiceConfiguration.SecurityTokenHandlers.WriteToken(writer, swt); } // Create response var response = new AccessTokenResponse(); response.SetParameter(WrapConstants.Parameters.AccessToken, sb.ToString()); response.SetParameter( WrapConstants.Parameters.AccessTokenExpiresIn, Convert.ToUInt64((swt.ValidTo - DateTime.UtcNow).TotalSeconds).ToString()); Response.WriteResponse(response); }
/// <summary> /// Reads a AccessTokenRequest message from a collection of names and values. Instances /// of this type of collection are used extensively by ASP.NET (Request.Form, for example) /// but, for those cases, it's better to use the appropriate extension method /// (Request.ReadAccessTokenRequest instead of Request.Form.ReadAccessRequest). /// </summary> /// <param name="names">The collection to initialize the request message.</param> /// <returns>An instance of a type derived from AccessTokenRequest. The specific type /// depends on the parameters provided in the request.</returns> public static AccessTokenRequest ReadAccessTokenRequest(this NameValueCollection names) { if (null == names) throw new ArgumentNullException("names"); // Try to find what profile is being used. AccessTokenRequest message = null; if (false == String.IsNullOrEmpty(names[WrapConstants.Parameters.Assertion])) message = new AssertionRequest(); else if (false == String.IsNullOrEmpty(names[WrapConstants.Parameters.Name])) message = new ClientAccountRequest(); else if (false == String.IsNullOrEmpty(names[WrapConstants.Parameters.UserName])) message = new UserNameRequest(); else if (false == String.IsNullOrEmpty(names[WrapConstants.Parameters.ClientSecret])) message = new WebAppRequest(); else if (false == String.IsNullOrEmpty(names[WrapConstants.Parameters.VerificationCode])) message = new RichAppRequest(); if (null == message) throw new WrapMessageException("Message not recognized."); // Only WRAP related parameters are added to the message. The specification // allows implementation defined additional parameters, but those can be // read directly from the original collection. foreach (String key in names.Keys) { String value = names[key]; if (false == key.StartsWith("wrap_", StringComparison.OrdinalIgnoreCase) || String.IsNullOrEmpty(value)) continue; message.SetParameter(key, value); } // Check that the required parameters are set, according to // the profile message.Validate(); return message; }