public void Process(AssertionRequest request)
{
var handlers = FederatedAuthentication.ServiceConfiguration.SecurityTokenHandlers;
var config = new SimpleWrapIssuerConfiguration();
var values = new Dictionary<String, String>();
// Read received token
SecurityToken token = null;
using (XmlReader reader = XmlReader.Create(new StringReader(request.Assertion)))
{
token = handlers.ReadToken(reader);
}
ClaimsIdentityCollection claims = handlers.ValidateToken(token);
// Copy claims
foreach (var claim in claims[0].Claims)
values[claim.ClaimType] = claim.Value;
// TODO
values[WrapConstants.SimpleWebTokenParameters.Audience] = "http://wrap.resource";
// Create SWT with the same claims
SimpleWebToken swt = new SimpleWebToken(values, token.ValidTo, config.SigningCredentials);
StringBuilder sb = new StringBuilder();
using (XmlWriter writer = XmlWriter.Create(sb, new XmlWriterSettings() { OmitXmlDeclaration = true }))
{
FederatedAuthentication.ServiceConfiguration.SecurityTokenHandlers.WriteToken(writer, swt);
}
// Create response
var response = new AccessTokenResponse();
response.SetParameter(WrapConstants.Parameters.AccessToken, sb.ToString());
response.SetParameter(
WrapConstants.Parameters.AccessTokenExpiresIn,
Convert.ToUInt64((swt.ValidTo - DateTime.UtcNow).TotalSeconds).ToString());
Response.WriteResponse(response);
}
private Boolean IsIssuerTrusted(SimpleWebToken token)
{
// TODO
return true;
}
private Boolean IsAudienceTrusted(SimpleWebToken token)
{
if (null == token)
throw new ArgumentNullException("token");
// Must have an Audience parameter in the token ...
String audience;
if (false == token.Values.TryGetValue(WrapConstants.SimpleWebTokenParameters.Audience, out audience))
return false;
Uri audienceUri;
if (false == Uri.TryCreate(audience, UriKind.RelativeOrAbsolute, out audienceUri))
return false;
// ... that exists in the audience uri's list in configuration
return FederatedAuthentication.ServiceConfiguration.AudienceRestriction.AllowedAudienceUris.Contains(audienceUri);
}