public ActionResult Callback()
{
string input;
using (var reader = new StreamReader(Request.InputStream))
{
input = reader.ReadToEnd();
}
string locationBase = string.Format("{0}/auth/broker/end",
Request.Url.GetComponents(UriComponents.SchemeAndServer,
UriFormat.Unescaped));
var inputInQueryStringUri = new Uri(locationBase + "?" + input);
NameValueCollection tokenValues = inputInQueryStringUri.ParseQueryString();
string tokenData = tokenValues["wresult"];
//Validate SWT token
var tokenSerializer = new WSTrustFeb2005ResponseSerializer();
RequestSecurityTokenResponse requestSecrityTokenResponse =
tokenSerializer.ReadXml(new XmlTextReader(new StringReader(tokenData)),
new WSTrustSerializationContext());
var simpleWebTokenHandler = new SimpleWebTokenHandler("https://" + _registrationService.ServiceNamespace + ".accesscontrol.windows.net/", _swtSigningKey);
var securityToken = simpleWebTokenHandler.ReadToken(requestSecrityTokenResponse.RequestedSecurityToken.SecurityTokenXml.InnerText) as SimpleWebToken;
simpleWebTokenHandler.ValidateToken(securityToken, _acsRealm);
//Create delegation in ACS
var authServerIdentifier = securityToken.Claims.FirstOrDefault(c => c.ClaimType == ClaimTypes.NameIdentifier);
var authServerIdentity = new AuthorizationServerIdentity
{
NameIdentifier = authServerIdentifier.Value,
IdentityProvider = authServerIdentifier.Issuer
};
//todo: Check if we can add some claims (role claims) to the scope
string code = _registrationService.GetAuthorizationCode(_clientId, authServerIdentity, "scope");
//todo: use OAuth parameter names in the return URL
//return the token
string location = string.Format("{0}?acsToken={1}", locationBase, code);
Response.StatusCode = (int)HttpStatusCode.Redirect;
Response.Headers.Add("Location", location);
Response.End();
return null;
}
/// <summary>
/// Reads the 'wresult' and returns the embeded security token.
/// </summary>
/// <returns>the 'SecurityToken'.</returns>
public virtual string GetToken()
{
if (Wresult == null)
{
return null;
}
using (StringReader sr = new StringReader(Wresult))
{
XmlReader xmlReader = XmlReader.Create(sr);
xmlReader.MoveToContent();
WSTrustResponseSerializer serializer = new WSTrust13ResponseSerializer();
if (serializer.CanRead(xmlReader))
{
RequestSecurityTokenResponse response = serializer.ReadXml(xmlReader, new WSTrustSerializationContext());
return response.RequestedSecurityToken.SecurityTokenXml.OuterXml;
}
serializer = new WSTrustFeb2005ResponseSerializer();
if (serializer.CanRead(xmlReader))
{
RequestSecurityTokenResponse response = serializer.ReadXml(xmlReader, new WSTrustSerializationContext());
return response.RequestedSecurityToken.SecurityTokenXml.OuterXml;
}
}
return null;
}
