public WebTokenWebServiceHost(Type serviceType, WebSecurityTokenHandlerCollectionManager tokenManager, WebTokenWebServiceHostConfiguration configuration, params Uri[] baseAddresses)
            : base(serviceType, baseAddresses)
        {
            _configuration = configuration;
            _manager = tokenManager;

            Authorization.ServiceAuthorizationManager = new WebTokenServiceAuthorizationManager(tokenManager, configuration);
            Authorization.PrincipalPermissionMode = PrincipalPermissionMode.Custom;
            
            Description.Behaviors.Add(new OperationAccessServiceBehavior());
            Description.Behaviors.Add(new AdvertiseWcfInHttpPipelineBehavior());
        }
        private WebSecurityTokenHandlerCollectionManager SetupSecurityTokenHandler()
        {
            var manager = new WebSecurityTokenHandlerCollectionManager();

            #region Basic Authentication
            // basic authentication
            manager.AddBasicAuthenticationHandler((username, password) => username == password);
            
            // sample to use membership provider
            //manager.AddBasicAuthenticationHandler((username, password) => Membership.ValidateUser(username, password));
            #endregion
            
            #region SAML
            // SAML via ADFS
            var registry = new ConfigurationBasedIssuerNameRegistry();
            registry.AddTrustedIssuer("d1 c5 b1 25 97 d0 36 94 65 1c e2 64 fe 48 06 01 35 f7 bd db", "ADFS");

            var adfsConfig = new SecurityTokenHandlerConfiguration();
            adfsConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri("https://" + Constants.WebHost + "/webservicesecurity/rest/"));
            adfsConfig.IssuerNameRegistry = registry;
            adfsConfig.CertificateValidator = X509CertificateValidator.None;

            // token decryption (read from config)
            adfsConfig.ServiceTokenResolver = IdentityModelConfiguration.ServiceConfiguration.CreateAggregateTokenResolver();
            
            manager.AddSaml11SecurityTokenHandler("SAML", adfsConfig);
            //manager.AddSaml2SecurityTokenHandler("SAML", adfsConfig);
            
            #endregion

            #region ACS SWT
            manager.AddSimpleWebTokenHandler(
                "ACS",
                "https://" + Constants.ACS + "/",
                "https://" + Constants.WebHost + "/webservicesecurity/rest/",
                "ds9t7JPEsprLRxWvnFjGr+xOhWOy5H8ZHEr5z/rJbi8=");
            #endregion

            #region IdSrv SWT
            manager.AddSimpleWebTokenHandler(
                "IdSrv",
                "http://identity.thinktecture.com/trust",
                "https://" + Constants.WebHost + "/webservicesecurity/rest/",
                "yM7+ti12DiFWcg8t5EfdQbOIgdZCchkETYSXxmvTY0s=");
            #endregion

            #region Allow ASP.NET based authentication
            manager.AddDefaultHandler();
            #endregion

            return manager;
        }
 public WebTokenServiceAuthorizationManager(WebSecurityTokenHandlerCollectionManager manager, WebTokenWebServiceHostConfiguration configuration)
 {
     _manager = manager;
     _configuration = configuration;
 }
 public WebTokenWebServiceHostFactory(WebSecurityTokenHandlerCollectionManager manager, WebTokenWebServiceHostConfiguration configuration)
 {
     _configuration = configuration;
     _manager = manager;    
 }
 public WebTokenWebServiceHostFactory(WebSecurityTokenHandlerCollectionManager manager)
     : this(manager, new WebTokenWebServiceHostConfiguration())
 { }
 public WebTokenWebServiceHost(Type serviceType, WebSecurityTokenHandlerCollectionManager tokenManager, params Uri[] baseAddresses)
     : this(serviceType, tokenManager, new WebTokenWebServiceHostConfiguration(), baseAddresses)
 { }