Example #1
0
        protected override async Task <AuthenticationTicket> AuthenticateCoreAsync()
        {
            ClientCertificateValidationResult validationResult = await Task <ClientCertificateValidationResult> .Run(() => ValidateCertificate(Request.Environment));

            if (validationResult.CertificateValid)
            {
                AuthenticationProperties authProperties = new AuthenticationProperties();
                authProperties.IssuedUtc    = DateTime.UtcNow;
                authProperties.ExpiresUtc   = DateTime.UtcNow.AddDays(1);
                authProperties.AllowRefresh = true;
                authProperties.IsPersistent = true;
                IList <System.Security.Claims.Claim> claimCollection = new List <System.Security.Claims.Claim>
                {
                    new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Name, "Andras")
                    , new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Country, "Sweden")
                    , new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Gender, "M")
                    , new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Surname, "Nemes")
                    , new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Email, "*****@*****.**")
                    , new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Role, "IT")
                    , new System.Security.Claims.Claim("HasValidClientCertificate", "true")
                };
                ClaimsIdentity       claimsIdentity = new ClaimsIdentity(claimCollection, "X.509");
                AuthenticationTicket ticket         = new AuthenticationTicket(claimsIdentity, authProperties);
                return(ticket);
            }
            return(await Task.FromResult <AuthenticationTicket>(null));
        }
Example #2
0
        private ClientCertificateValidationResult ValidateCertificate(IDictionary <string, object> owinEnvironment)
        {
            if (owinEnvironment.ContainsKey(_owinClientCertKey))
            {
                X509Certificate2 clientCert = Context.Get <X509Certificate2>(_owinClientCertKey);
                return(_clientCertificateValidator.Validate(clientCert));
            }

            ClientCertificateValidationResult invalid = new ClientCertificateValidationResult(false);

            invalid.AddValidationException("There's no client certificate attached to the request.");
            return(invalid);
        }
Example #3
0
        public ClientCertificateValidationResult Validate(X509Certificate2 certificate)
        {
            bool          isValid    = false;
            List <string> exceptions = new List <string>();

            try
            {
                X509Chain       chain       = new X509Chain();
                X509ChainPolicy chainPolicy = new X509ChainPolicy()
                {
                    RevocationMode = X509RevocationMode.NoCheck,
                    RevocationFlag = X509RevocationFlag.EntireChain
                };
                chain.ChainPolicy = chainPolicy;
                if (!chain.Build(certificate))
                {
                    foreach (X509ChainElement chainElement in chain.ChainElements)
                    {
                        foreach (X509ChainStatus chainStatus in chainElement.ChainElementStatus)
                        {
                            exceptions.Add(chainStatus.StatusInformation);
                        }
                    }
                }
                else
                {
                    isValid = true;
                }
            }
            catch (Exception ex)
            {
                exceptions.Add(ex.Message);
            }
            ClientCertificateValidationResult res = new ClientCertificateValidationResult(isValid);

            res.AddValidationExceptions(exceptions);
            return(res);
        }