Example #1
0
        public void Process(AssertionRequest request)
        {
            var handlers = FederatedAuthentication.ServiceConfiguration.SecurityTokenHandlers;
            var config = new SimpleWrapIssuerConfiguration();
            var values = new Dictionary<String, String>();

            // Read received token
            SecurityToken token = null;
            using (XmlReader reader = XmlReader.Create(new StringReader(request.Assertion)))
            {
                token = handlers.ReadToken(reader);
            }
            ClaimsIdentityCollection claims = handlers.ValidateToken(token);

            // Copy claims
            foreach (var claim in claims[0].Claims)
                values[claim.ClaimType] = claim.Value;
            // TODO
            values[WrapConstants.SimpleWebTokenParameters.Audience] = "http://wrap.resource";

            // Create SWT with the same claims
            SimpleWebToken swt = new SimpleWebToken(values, token.ValidTo, config.SigningCredentials);
            StringBuilder sb = new StringBuilder();
            using (XmlWriter writer = XmlWriter.Create(sb, new XmlWriterSettings() { OmitXmlDeclaration = true }))
            {
                FederatedAuthentication.ServiceConfiguration.SecurityTokenHandlers.WriteToken(writer, swt);
            }

            // Create response
            var response = new AccessTokenResponse();
            response.SetParameter(WrapConstants.Parameters.AccessToken, sb.ToString());
            response.SetParameter(
                WrapConstants.Parameters.AccessTokenExpiresIn,
                Convert.ToUInt64((swt.ValidTo - DateTime.UtcNow).TotalSeconds).ToString());
            Response.WriteResponse(response);
        }
Example #2
0
        /// <summary>
        /// Reads a AccessTokenRequest message from a collection of names and values. Instances
        /// of this type of collection are used extensively by ASP.NET (Request.Form, for example)
        /// but, for those cases, it's better to use the appropriate extension method
        /// (Request.ReadAccessTokenRequest instead of Request.Form.ReadAccessRequest).
        /// </summary>
        /// <param name="names">The collection to initialize the request message.</param>
        /// <returns>An instance of a type derived from AccessTokenRequest. The specific type
        /// depends on the parameters provided in the request.</returns>
        public static AccessTokenRequest ReadAccessTokenRequest(this NameValueCollection names)
        {
            if (null == names)
                throw new ArgumentNullException("names");

            // Try to find what profile is being used.
            AccessTokenRequest message = null;
            if (false == String.IsNullOrEmpty(names[WrapConstants.Parameters.Assertion]))
                message = new AssertionRequest();
            else if (false == String.IsNullOrEmpty(names[WrapConstants.Parameters.Name]))
                message = new ClientAccountRequest();
            else if (false == String.IsNullOrEmpty(names[WrapConstants.Parameters.UserName]))
                message = new UserNameRequest();
            else if (false == String.IsNullOrEmpty(names[WrapConstants.Parameters.ClientSecret]))
                message = new WebAppRequest();
            else if (false == String.IsNullOrEmpty(names[WrapConstants.Parameters.VerificationCode]))
                message = new RichAppRequest();
            if (null == message)
                throw new WrapMessageException("Message not recognized.");

            // Only WRAP related parameters are added to the message. The specification
            // allows implementation defined additional parameters, but those can be
            // read directly from the original collection.
            foreach (String key in names.Keys)
            {
                String value = names[key];
                if (false == key.StartsWith("wrap_", StringComparison.OrdinalIgnoreCase) || String.IsNullOrEmpty(value))
                    continue;
                message.SetParameter(key, value);
            }

            // Check that the required parameters are set, according to
            // the profile
            message.Validate();

            return message;
        }