/// <summary>
/// Loads the settings for the IdentityConfiguration from the application or web configuration file.
/// </summary>
/// <remarks>
/// If there is no configuration file, or the named section does not exist, then no exception is thrown,
/// instead the class is loaded with a set of default values.
/// </remarks>
protected void LoadConfiguration(IdentityConfigurationElement element)
{
if (element != null)
{
//
// Load the claims authentication manager
//
if (element.ClaimsAuthenticationManager.IsConfigured)
{
_claimsAuthenticationManager = GetClaimsAuthenticationManager(element);
}
//
// Load the claims authorization manager.
//
if (element.ClaimsAuthorizationManager.IsConfigured)
{
_claimsAuthorizationManager = CustomTypeElement.Resolve <ClaimsAuthorizationManager>(element.ClaimsAuthorizationManager);
}
//
// Load the service level Security Token Handler configuration
//
_serviceHandlerConfiguration = LoadHandlerConfiguration(element);
}
//
// Reads handler configuration via LoadConfiguredHandlers. Do this last.
//
_securityTokenHandlerCollectionManager = LoadHandlers(element);
}
public SignInResponseMessage Generate(SignInRequestMessage request, WindowsPrincipal windowsPrincipal)
{
Logger.Info("Creating WS-Federation signin response");
// create subject
var outgoingSubject = SubjectGenerator.Create(windowsPrincipal, _options);
// create token for user
var token = CreateSecurityToken(outgoingSubject);
// return response
var rstr = new RequestSecurityTokenResponse
{
AppliesTo = new EndpointReference(_options.IdpRealm),
Context = request.Context,
ReplyTo = _options.IdpReplyUrl,
RequestedSecurityToken = new RequestedSecurityToken(token)
};
var serializer = new WSFederationSerializer(
new WSTrust13RequestSerializer(),
new WSTrust13ResponseSerializer());
var mgr = SecurityTokenHandlerCollectionManager.CreateEmptySecurityTokenHandlerCollectionManager();
mgr[SecurityTokenHandlerCollectionManager.Usage.Default] = CreateSupportedSecurityTokenHandler();
var responseMessage = new SignInResponseMessage(
new Uri(_options.IdpReplyUrl),
rstr,
serializer,
new WSTrustSerializationContext(mgr));
return(responseMessage);
}
public async Task <SignInResponseMessage> GenerateResponseAsync(SignInValidationResult validationResult)
{
Logger.Info("Creating WS-Federation signin response");
// create subject
var outgoingSubject = await CreateSubjectAsync(validationResult);
// create token for user
var token = CreateSecurityToken(validationResult, outgoingSubject);
// return response
var rstr = new RequestSecurityTokenResponse
{
AppliesTo = new EndpointReference(validationResult.RelyingParty.Realm),
Context = validationResult.SignInRequestMessage.Context,
ReplyTo = validationResult.ReplyUrl,
RequestedSecurityToken = new RequestedSecurityToken(token)
};
var serializer = new WSFederationSerializer(
new WSTrust13RequestSerializer(),
new WSTrust13ResponseSerializer());
var mgr = SecurityTokenHandlerCollectionManager.CreateEmptySecurityTokenHandlerCollectionManager();
mgr[SecurityTokenHandlerCollectionManager.Usage.Default] = CreateSupportedSecurityTokenHandler();
var responseMessage = new SignInResponseMessage(
new Uri(validationResult.ReplyUrl),
rstr,
serializer,
new WSTrustSerializationContext(mgr));
return(responseMessage);
}
private SignInResponseMessage CreateResponse(SignInValidationResult validationResult, SecurityToken token)
{
var rstr = new RequestSecurityTokenResponse
{
AppliesTo = new EndpointReference(validationResult.Client.ClientId),
Context = validationResult.SignInRequestMessage.Context,
ReplyTo = validationResult.ReplyUrl,
RequestedSecurityToken = new RequestedSecurityToken(token)
};
//var serializer = new WSFederationSerializer(
// new WSTrust13RequestSerializer(),
// new WSTrust13ResponseSerializer());
// the asp.net core MW does currently not support WS-Trust 1.3
var serializer = new WSFederationSerializer(
new WSTrustFeb2005RequestSerializer(),
new WSTrustFeb2005ResponseSerializer());
var mgr = SecurityTokenHandlerCollectionManager.CreateEmptySecurityTokenHandlerCollectionManager();
mgr[SecurityTokenHandlerCollectionManager.Usage.Default] = CreateSupportedSecurityTokenHandler();
var responseMessage = new SignInResponseMessage(
new Uri(validationResult.ReplyUrl),
rstr,
serializer,
new WSTrustSerializationContext(mgr));
return(responseMessage);
}
public async Task <SignInResponseMessage> GenerateAsync(SignInRequestMessage request, WindowsPrincipal windowsPrincipal)
{
Logger.Info("Creating WS-Federation signin response");
// create subject
var outgoingSubject = SubjectGenerator.Create(windowsPrincipal, _options);
// call custom claims tranformation logic
var context = new CustomClaimsProviderContext
{
WindowsPrincipal = windowsPrincipal,
OutgoingSubject = outgoingSubject
};
await _options.CustomClaimsProvider.TransformAsync(context);
// create token for user
var token = CreateSecurityToken(context.OutgoingSubject);
// return response
var rstr = new RequestSecurityTokenResponse
{
AppliesTo = new EndpointReference(_options.IdpRealm),
Context = request.Context,
ReplyTo = _options.IdpReplyUrl,
RequestedSecurityToken = new RequestedSecurityToken(token)
};
var serializer = new WSFederationSerializer(
new WSTrust13RequestSerializer(),
new WSTrust13ResponseSerializer());
var mgr = SecurityTokenHandlerCollectionManager.CreateEmptySecurityTokenHandlerCollectionManager();
mgr[SecurityTokenHandlerCollectionManager.Usage.Default] = CreateSupportedSecurityTokenHandler();
var responseMessage = new SignInResponseMessage(
new Uri(_options.IdpReplyUrl),
rstr,
serializer,
new WSTrustSerializationContext(mgr));
return(responseMessage);
}
protected ClientCredentials(ClientCredentials other)
{
if (other == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("other");
}
if (other.userName != null)
{
this.userName = new UserNamePasswordClientCredential(other.userName);
}
if (other.clientCertificate != null)
{
this.clientCertificate = new X509CertificateInitiatorClientCredential(other.clientCertificate);
}
if (other.serviceCertificate != null)
{
this.serviceCertificate = new X509CertificateRecipientClientCredential(other.serviceCertificate);
}
if (other.windows != null)
{
this.windows = new WindowsClientCredential(other.windows);
}
if (other.httpDigest != null)
{
this.httpDigest = new HttpDigestClientCredential(other.httpDigest);
}
if (other.issuedToken != null)
{
this.issuedToken = new IssuedTokenClientCredential(other.issuedToken);
}
if (other.peer != null)
{
this.peer = new PeerCredential(other.peer);
}
this.getInfoCardTokenCallback = other.getInfoCardTokenCallback;
this.supportInteractive = other.supportInteractive;
this.securityTokenHandlerCollectionManager = other.securityTokenHandlerCollectionManager;
this.useIdentityConfiguration = other.useIdentityConfiguration;
this.isReadOnly = other.isReadOnly;
}
/// <summary>
/// Initializes an instance of <see cref="WSTrustSerializationContext"/>
/// </summary>
/// <param name="securityTokenHandlerCollectionManager">
/// The <see cref="SecurityTokenHandlerCollectionManager" /> containing the set of <see cref="SecurityTokenHandler" />
/// objects used for serializing and validating tokens found in WS-Trust messages.
/// </param>
/// <param name="securityTokenResolver">
/// The <see cref="SecurityTokenResolver"/> used to resolve security token references found in most
/// elements of WS-Trust messages.
/// </param>
/// <param name="useKeyTokenResolver">
/// The <see cref="SecurityTokenResolver"/> used to resolve security token references found in the
/// UseKey element of RST messages as well as the RenewTarget element found in RST messages.
/// </param>
public WSTrustSerializationContext(SecurityTokenHandlerCollectionManager securityTokenHandlerCollectionManager, SecurityTokenResolver securityTokenResolver, SecurityTokenResolver useKeyTokenResolver)
{
if (securityTokenHandlerCollectionManager == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("securityTokenHandlerCollectionManager");
}
if (securityTokenResolver == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("securityTokenResolver");
}
if (useKeyTokenResolver == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("useKeyTokenResolver");
}
this.securityTokenHandlerCollectionManager = securityTokenHandlerCollectionManager;
this.securityTokenResolver = securityTokenResolver;
this.useKeyTokenResolver = useKeyTokenResolver;
}
private SecurityTokenSerializer WrapTokenHandlersAsSecurityTokenSerializer(SecurityTokenVersion version)
{
TrustVersion trustVersion = TrustVersion.WSTrust13;
SecureConversationVersion scVersion = SecureConversationVersion.WSSecureConversation13;
SecurityVersion securityVersion = SecurityVersion.WSSecurity11;
foreach (string securitySpecification in version.GetSecuritySpecifications())
{
if (StringComparer.Ordinal.Equals(securitySpecification, WSTrustFeb2005Constants.NamespaceURI))
{
trustVersion = TrustVersion.WSTrustFeb2005;
}
else if (StringComparer.Ordinal.Equals(securitySpecification, WSTrust13Constants.NamespaceURI))
{
trustVersion = TrustVersion.WSTrust13;
}
else if (StringComparer.Ordinal.Equals(securitySpecification, System.IdentityModel.WSSecureConversationFeb2005Constants.Namespace))
{
scVersion = SecureConversationVersion.WSSecureConversationFeb2005;
}
else if (StringComparer.Ordinal.Equals(securitySpecification, System.IdentityModel.WSSecureConversation13Constants.Namespace))
{
scVersion = SecureConversationVersion.WSSecureConversation13;
}
}
securityVersion = FederatedSecurityTokenManager.GetSecurityVersion(version);
//
//
SecurityTokenHandlerCollectionManager sthcm = this.parent.SecurityTokenHandlerCollectionManager;
WsSecurityTokenSerializerAdapter adapter = new WsSecurityTokenSerializerAdapter(sthcm[SecurityTokenHandlerCollectionManager.Usage.Default], securityVersion, trustVersion, scVersion, false, null, null, null);
return(adapter);
}
/// <summary>
/// Loads the <see cref="SecurityTokenHandlerCollectionManager"/> defined for a given service.
/// </summary>
/// <param name="serviceElement">The <see cref="IdentityConfigurationElement"/> used to configure this instance.</param>
/// <returns></returns>
protected SecurityTokenHandlerCollectionManager LoadHandlers(IdentityConfigurationElement serviceElement)
{
//
// We start with a token handler collection manager that contains a single collection that includes the default
// handlers for the system.
//
SecurityTokenHandlerCollectionManager manager = SecurityTokenHandlerCollectionManager.CreateEmptySecurityTokenHandlerCollectionManager();
if (serviceElement != null)
{
//
// Load any token handler collections that appear as part of this service element
//
if (serviceElement.SecurityTokenHandlerSets.Count > 0)
{
foreach (SecurityTokenHandlerElementCollection handlerElementCollection in serviceElement.SecurityTokenHandlerSets)
{
try
{
SecurityTokenHandlerConfiguration handlerConfiguration;
SecurityTokenHandlerCollection handlerCollection;
if (string.IsNullOrEmpty(handlerElementCollection.Name) ||
StringComparer.Ordinal.Equals(handlerElementCollection.Name, ConfigurationStrings.DefaultConfigurationElementName))
{
//
// For the default collection, merge the IdentityConfiguration with the underlying config, if it exists.
//
if (handlerElementCollection.SecurityTokenHandlerConfiguration.IsConfigured)
{
//
// Configuration from a nested configuration object. We start with Service level configuration for
// handlers and then override the collection specific configuration. The result is a new configuration
// object that can only be modified by accessing the collection or handlers configuration properties.
//
_serviceHandlerConfiguration = LoadHandlerConfiguration(serviceElement);
handlerConfiguration = LoadHandlerConfiguration(_serviceHandlerConfiguration, handlerElementCollection.SecurityTokenHandlerConfiguration);
}
else
{
//
// No nested configuration object. We use the values from the ServiceElement for this case.
//
handlerConfiguration = LoadHandlerConfiguration(serviceElement);
}
_serviceHandlerConfiguration = handlerConfiguration;
}
else
{
//
// This is a non-default collection. There should be no settings inherited from IdentityConfiguration.
//
if (handlerElementCollection.SecurityTokenHandlerConfiguration.IsConfigured)
{
handlerConfiguration = LoadHandlerConfiguration(null, handlerElementCollection.SecurityTokenHandlerConfiguration);
}
else
{
//
// If there is no underlying config, set everything as default.
//
handlerConfiguration = new SecurityTokenHandlerConfiguration();
}
}
handlerCollection = new SecurityTokenHandlerCollection(handlerConfiguration);
manager[handlerElementCollection.Name] = handlerCollection;
foreach (CustomTypeElement handlerElement in handlerElementCollection)
{
handlerCollection.Add(CustomTypeElement.Resolve <SecurityTokenHandler>(handlerElement));
}
}
catch (ArgumentException inner)
{
throw DiagnosticUtility.ThrowHelperConfigurationError(serviceElement, handlerElementCollection.Name, inner);
}
}
}
//
// Ensure that the default usage collection always exists
//
if (!manager.ContainsKey(SecurityTokenHandlerCollectionManager.Usage.Default))
{
manager[SecurityTokenHandlerCollectionManager.Usage.Default] = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection(_serviceHandlerConfiguration);
}
}
else
{
//
// Ensure that the default usage collection always exists
//
_serviceHandlerConfiguration = new SecurityTokenHandlerConfiguration();
_serviceHandlerConfiguration.MaxClockSkew = _serviceMaxClockSkew;
if (!manager.ContainsKey(SecurityTokenHandlerCollectionManager.Usage.Default))
{
manager[SecurityTokenHandlerCollectionManager.Usage.Default] = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection(_serviceHandlerConfiguration);
}
}
return(manager);
}
/// <summary>
/// Initializes an instance of <see cref="WSTrustSerializationContext"/>
/// </summary>
/// <param name="securityTokenHandlerCollectionManager">The security token handler collection manager.</param>
public WSTrustSerializationContext(SecurityTokenHandlerCollectionManager securityTokenHandlerCollectionManager)
: this(securityTokenHandlerCollectionManager, EmptySecurityTokenResolver.Instance, EmptySecurityTokenResolver.Instance)
{
}
/// <summary>
/// Initializes an instance <see cref="WSTrustSerializationContext"/>
/// </summary>
public WSTrustSerializationContext()
: this(SecurityTokenHandlerCollectionManager.CreateDefaultSecurityTokenHandlerCollectionManager())
{
}
