public void Process(AssertionRequest request)
{
var handlers = FederatedAuthentication.ServiceConfiguration.SecurityTokenHandlers;
var config = new SimpleWrapIssuerConfiguration();
var values = new Dictionary<String, String>();
// Read received token
SecurityToken token = null;
using (XmlReader reader = XmlReader.Create(new StringReader(request.Assertion)))
{
token = handlers.ReadToken(reader);
}
ClaimsIdentityCollection claims = handlers.ValidateToken(token);
// Copy claims
foreach (var claim in claims[0].Claims)
values[claim.ClaimType] = claim.Value;
// TODO
values[WrapConstants.SimpleWebTokenParameters.Audience] = "http://wrap.resource";
// Create SWT with the same claims
SimpleWebToken swt = new SimpleWebToken(values, token.ValidTo, config.SigningCredentials);
StringBuilder sb = new StringBuilder();
using (XmlWriter writer = XmlWriter.Create(sb, new XmlWriterSettings() { OmitXmlDeclaration = true }))
{
FederatedAuthentication.ServiceConfiguration.SecurityTokenHandlers.WriteToken(writer, swt);
}
// Create response
var response = new AccessTokenResponse();
response.SetParameter(WrapConstants.Parameters.AccessToken, sb.ToString());
response.SetParameter(
WrapConstants.Parameters.AccessTokenExpiresIn,
Convert.ToUInt64((swt.ValidTo - DateTime.UtcNow).TotalSeconds).ToString());
Response.WriteResponse(response);
}
/// <summary>
/// Reads a AccessTokenRequest message from a collection of names and values. Instances
/// of this type of collection are used extensively by ASP.NET (Request.Form, for example)
/// but, for those cases, it's better to use the appropriate extension method
/// (Request.ReadAccessTokenRequest instead of Request.Form.ReadAccessRequest).
/// </summary>
/// <param name="names">The collection to initialize the request message.</param>
/// <returns>An instance of a type derived from AccessTokenRequest. The specific type
/// depends on the parameters provided in the request.</returns>
public static AccessTokenRequest ReadAccessTokenRequest(this NameValueCollection names)
{
if (null == names)
throw new ArgumentNullException("names");
// Try to find what profile is being used.
AccessTokenRequest message = null;
if (false == String.IsNullOrEmpty(names[WrapConstants.Parameters.Assertion]))
message = new AssertionRequest();
else if (false == String.IsNullOrEmpty(names[WrapConstants.Parameters.Name]))
message = new ClientAccountRequest();
else if (false == String.IsNullOrEmpty(names[WrapConstants.Parameters.UserName]))
message = new UserNameRequest();
else if (false == String.IsNullOrEmpty(names[WrapConstants.Parameters.ClientSecret]))
message = new WebAppRequest();
else if (false == String.IsNullOrEmpty(names[WrapConstants.Parameters.VerificationCode]))
message = new RichAppRequest();
if (null == message)
throw new WrapMessageException("Message not recognized.");
// Only WRAP related parameters are added to the message. The specification
// allows implementation defined additional parameters, but those can be
// read directly from the original collection.
foreach (String key in names.Keys)
{
String value = names[key];
if (false == key.StartsWith("wrap_", StringComparison.OrdinalIgnoreCase) || String.IsNullOrEmpty(value))
continue;
message.SetParameter(key, value);
}
// Check that the required parameters are set, according to
// the profile
message.Validate();
return message;
}
