/// <summary> /// Initializes the object with a UA identity token /// </summary> private void Initialize(IssuedIdentityToken token, SecurityTokenSerializer serializer, SecurityTokenResolver resolver) { if (token == null) { throw new ArgumentNullException("token"); } string text = new UTF8Encoding().GetString(token.DecryptedTokenData); XmlDocument document = new XmlDocument(); document.InnerXml = text.Trim(); XmlNodeReader reader = new XmlNodeReader(document.DocumentElement); try { if (document.DocumentElement.NamespaceURI == "urn:oasis:names:tc:SAML:1.0:assertion") { SecurityToken samlToken = new SamlSerializer().ReadToken(reader, serializer, resolver); Initialize(samlToken); } else { SecurityToken securityToken = serializer.ReadToken(reader, resolver); Initialize(securityToken); } } finally { reader.Close(); } }
public static async Task <IUserIdentity> ValidateTokenAsync(Uri authorityUrl, string audiance, string jwt) { JwtSecurityToken token = new JwtSecurityToken(jwt); SecurityToken validatedToken = new JwtSecurityToken(); JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler(); TokenValidationParameters validationParameters = new TokenValidationParameters { ValidAudience = audiance }; ConfigurationManager <OpenIdConnectConfiguration> configManager = new ConfigurationManager <OpenIdConnectConfiguration>( authorityUrl.ToString() + "/.well-known/openid-configuration", new OpenIdConnectConfigurationRetriever()); OpenIdConnectConfiguration config = await configManager.GetConfigurationAsync(); validationParameters.ValidIssuer = new Uri(config.Issuer).ToString(); validationParameters.IssuerSigningKeys = (IEnumerable <SecurityKey>)config.JsonWebKeySet; tokenHandler.ValidateToken(jwt, validationParameters, out validatedToken); IssuedIdentityToken issuedToken = new IssuedIdentityToken(); issuedToken.IssuedTokenType = IssuedTokenType.JWT; issuedToken.DecryptedTokenData = new UTF8Encoding(false).GetBytes(((JwtSecurityToken)validatedToken).RawData); return(new UserIdentity(issuedToken)); }
/// <summary> /// Initializes the object with a UA identity token /// </summary> private void Initialize(UserIdentityToken token) { if (token == null) { throw new ArgumentNullException("token"); } m_policyId = token.PolicyId; UserNameIdentityToken usernameToken = token as UserNameIdentityToken; if (usernameToken != null) { Initialize(new UserNameSecurityToken(usernameToken.UserName, usernameToken.DecryptedPassword)); return; } X509IdentityToken x509Token = token as X509IdentityToken; if (x509Token != null) { X509Certificate2 certificate = CertificateFactory.Create(x509Token.CertificateData, true); Initialize(new X509SecurityToken(certificate)); return; } IssuedIdentityToken wssToken = token as IssuedIdentityToken; if (wssToken != null) { Initialize(wssToken, WSSecurityTokenSerializer.DefaultInstance, null); return; } AnonymousIdentityToken anonymousToken = token as AnonymousIdentityToken; if (anonymousToken != null) { m_tokenType = UserTokenType.Anonymous; m_issuedTokenType = null; m_displayName = "Anonymous"; m_token = null; return; } throw new ArgumentException("Unrecognized UA user identity token type.", "token"); }
/// <summary> /// Initializes the object with a UA identity token. /// </summary> /// <param name="token">The token.</param> public UserIdentity(IssuedIdentityToken issuedToken) { Initialize(issuedToken); }
/// <summary> /// Initializes the object with a UA identity token /// </summary> private void Initialize(UserIdentityToken token) { if (token == null) { throw new ArgumentNullException("token"); } m_token = token; UserNameIdentityToken usernameToken = token as UserNameIdentityToken; if (usernameToken != null) { m_tokenType = UserTokenType.UserName; m_issuedTokenType = null; m_displayName = usernameToken.UserName; return; } X509IdentityToken x509Token = token as X509IdentityToken; if (x509Token != null) { m_tokenType = UserTokenType.Certificate; m_issuedTokenType = null; if (x509Token.Certificate != null) { m_displayName = x509Token.Certificate.Subject; } else { X509Certificate2 cert = CertificateFactory.Create(x509Token.CertificateData, true); m_displayName = cert.Subject; } return; } IssuedIdentityToken issuedToken = token as IssuedIdentityToken; if (issuedToken != null) { if (issuedToken.IssuedTokenType == Ua.IssuedTokenType.JWT) { if (issuedToken.DecryptedTokenData == null || issuedToken.DecryptedTokenData.Length == 0) { throw new ArgumentException("JSON Web Token has no data associated with it.", "token"); } m_tokenType = UserTokenType.IssuedToken; m_issuedTokenType = new XmlQualifiedName("", Opc.Ua.Profiles.JwtUserToken); m_displayName = "JWT"; return; } else { throw new NotSupportedException("Only JWT Issued Tokens are supported!"); } } AnonymousIdentityToken anonymousToken = token as AnonymousIdentityToken; if (anonymousToken != null) { m_tokenType = UserTokenType.Anonymous; m_issuedTokenType = null; m_displayName = "Anonymous"; return; } throw new ArgumentException("Unrecognized UA user identity token type.", "token"); }
/// <summary cref="IUserIdentity.GetIdentityToken" /> public UserIdentityToken GetIdentityToken() { // check for anonymous. if (m_token == null) { AnonymousIdentityToken token = new AnonymousIdentityToken(); token.PolicyId = m_policyId; return(token); } // return a user name token. UserNameSecurityToken usernameToken = m_token as UserNameSecurityToken; if (usernameToken != null) { UserNameIdentityToken token = new UserNameIdentityToken(); token.PolicyId = m_policyId; token.UserName = usernameToken.UserName; token.DecryptedPassword = usernameToken.Password; return(token); } // return an X509 token. X509SecurityToken x509Token = m_token as X509SecurityToken; if (x509Token != null) { X509IdentityToken token = new X509IdentityToken(); token.PolicyId = m_policyId; token.CertificateData = x509Token.Certificate.GetRawCertData(); token.Certificate = x509Token.Certificate; return(token); } // handle SAML token. SamlSecurityToken samlToken = m_token as SamlSecurityToken; if (samlToken != null) { MemoryStream ostrm = new MemoryStream(); XmlTextWriter writer = new XmlTextWriter(ostrm, new UTF8Encoding()); try { SamlSerializer serializer = new SamlSerializer(); serializer.WriteToken(samlToken, writer, WSSecurityTokenSerializer.DefaultInstance); } finally { writer.Close(); } IssuedIdentityToken wssToken = new IssuedIdentityToken(); wssToken.PolicyId = m_policyId; wssToken.DecryptedTokenData = ostrm.ToArray(); return(wssToken); } // return a WSS token by default. if (m_token != null) { MemoryStream ostrm = new MemoryStream(); XmlWriter writer = new XmlTextWriter(ostrm, new UTF8Encoding()); try { WSSecurityTokenSerializer serializer = new WSSecurityTokenSerializer(); serializer.WriteToken(writer, m_token); } finally { writer.Close(); } IssuedIdentityToken wssToken = new IssuedIdentityToken(); wssToken.PolicyId = m_policyId; wssToken.DecryptedTokenData = ostrm.ToArray(); return(wssToken); } return(null); }
/// <summary> /// Initializes the object with a UA identity token. /// </summary> /// <param name="token">The token.</param> /// <param name="serializer">The token serializer.</param> /// <param name="resolver">The token resolver.</param> public UserIdentity(IssuedIdentityToken token, SecurityTokenSerializer serializer, SecurityTokenResolver resolver) { Initialize(token, serializer, resolver); }
/// <summary> /// Initializes the object with a UA identity token /// </summary> private void Initialize(IssuedIdentityToken token, SecurityTokenSerializer serializer, SecurityTokenResolver resolver) { if (token == null) throw new ArgumentNullException("token"); string text = new UTF8Encoding().GetString(token.DecryptedTokenData); XmlDocument document = new XmlDocument(); document.InnerXml = text.Trim(); XmlNodeReader reader = new XmlNodeReader(document.DocumentElement); try { if (document.DocumentElement.NamespaceURI == "urn:oasis:names:tc:SAML:1.0:assertion") { SecurityToken samlToken = new SamlSerializer().ReadToken(reader, serializer, resolver); Initialize(samlToken); } else { SecurityToken securityToken = serializer.ReadToken(reader, resolver); Initialize(securityToken); } } finally { reader.Close(); } }
/// <summary cref="IUserIdentity.GetIdentityToken" /> public UserIdentityToken GetIdentityToken() { // check for anonymous. if (m_token == null) { AnonymousIdentityToken token = new AnonymousIdentityToken(); token.PolicyId = m_policyId; return token; } // return a user name token. UserNameSecurityToken usernameToken = m_token as UserNameSecurityToken; if (usernameToken != null) { UserNameIdentityToken token = new UserNameIdentityToken(); token.PolicyId = m_policyId; token.UserName = usernameToken.UserName; token.DecryptedPassword = usernameToken.Password; return token; } // return an X509 token. X509SecurityToken x509Token = m_token as X509SecurityToken; if (x509Token != null) { X509IdentityToken token = new X509IdentityToken(); token.PolicyId = m_policyId; token.CertificateData = x509Token.Certificate.GetRawCertData(); token.Certificate = x509Token.Certificate; return token; } // handle SAML token. SamlSecurityToken samlToken = m_token as SamlSecurityToken; if (samlToken != null) { MemoryStream ostrm = new MemoryStream(); XmlTextWriter writer = new XmlTextWriter(ostrm, new UTF8Encoding()); try { SamlSerializer serializer = new SamlSerializer(); serializer.WriteToken(samlToken, writer, WSSecurityTokenSerializer.DefaultInstance); } finally { writer.Close(); } IssuedIdentityToken wssToken = new IssuedIdentityToken(); wssToken.PolicyId = m_policyId; wssToken.DecryptedTokenData = ostrm.ToArray(); return wssToken; } // return a WSS token by default. if (m_token != null) { MemoryStream ostrm = new MemoryStream(); XmlWriter writer = new XmlTextWriter(ostrm, new UTF8Encoding()); try { WSSecurityTokenSerializer serializer = new WSSecurityTokenSerializer(); serializer.WriteToken(writer, m_token); } finally { writer.Close(); } IssuedIdentityToken wssToken = new IssuedIdentityToken(); wssToken.PolicyId = m_policyId; wssToken.DecryptedTokenData = ostrm.ToArray(); return wssToken; } return null; }