internal bool Logoff(string userName, string password, SecurityToken sessionToken) { using (WSTrustChannelFactory factory = GetTrustChannelFactory()) { //// Set up credentials if (factory.Credentials == null) { throw new Exception("Credentails are null"); } factory.Credentials.UserName.UserName = userName; factory.Credentials.UserName.Password = password; factory.Credentials.SupportInteractive = false; // Create a "request for token" SOAP message. // We want the security server to Issue us with a token RequestSecurityToken rst = new RequestSecurityToken(RequestTypes.Cancel); // the token we want to cancel rst.CancelTarget = new SecurityTokenElement(sessionToken); // Create the communicaiton channel IWSTrustChannelContract channel = factory.CreateChannel(); // Cancel token // ReSharper disable once UnusedVariable RequestSecurityTokenResponse response = channel.Cancel(rst); return(response.RequestedTokenCancelled); } }
public SecurityToken Login(string userName, string password, string schoolId, string tenantId, string applicationServerUrl, string securityServerUrl) { SecurityToken identityToken; using (WSTrustChannelFactory factory = GetTrustChannelFactory(securityServerUrl)) { if (factory.Credentials == null) { throw new Exception("Credentails are null"); } factory.Credentials.UserName.UserName = userName; factory.Credentials.UserName.Password = password; factory.Credentials.SupportInteractive = false; var rst = new RequestSecurityToken( RequestTypes.Issue, KeyTypes.Bearer) { AppliesTo = new EndpointReference(applicationServerUrl) }; IWSTrustChannelContract channel = factory.CreateChannel(); RequestSecurityTokenResponse response; identityToken = channel.Issue(rst, out response); } using (WSTrustChannelFactory factory = GetTrustChannelFactory(securityServerUrl)) { if (factory.Credentials == null) { throw new Exception("Credentails are null"); } factory.Credentials.UserName.UserName = userName; factory.Credentials.UserName.Password = password; factory.Credentials.SupportInteractive = false; factory.Credentials.UseIdentityConfiguration = true; factory.CreateChannelWithIssuedToken(identityToken); var channel = factory.CreateChannel(); var rst = new RequestSecurityToken( RequestTypes.Issue, KeyTypes.Bearer) { AdditionalContext = new AdditionalContext() }; rst.AdditionalContext.Items.Add(new ContextItem(new Uri(SimsLoginContextSchoolClaimUrl), schoolId)); rst.AdditionalContext.Items.Add(new ContextItem(new Uri(SimsLoginContextTenantClaimUrl), tenantId)); rst.AppliesTo = new EndpointReference(applicationServerUrl); rst.ActAs = new SecurityTokenElement(identityToken); RequestSecurityTokenResponse response; return(channel.Issue(rst, out response)); } }
public static void tokenTest() { string relyingPartyId = "https://shadfs.sanfordhealth.org/adfs/ls/ldpinitiatedsignon.aspx"; WSTrustChannelFactory factory = null; try { // use a UserName Trust Binding for username authentication factory = new WSTrustChannelFactory( new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress("https://secure.genomenext.net/app/services/trust/13/usernamemixed")); /////I'll change this endpoint this later//////// factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.UserName.UserName = "******"; factory.Credentials.UserName.Password = "******"; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointReference(relyingPartyId), KeyType = KeyTypes.Bearer }; IWSTrustChannelContract channel = factory.CreateChannel(); GenericXmlSecurityToken genericToken = channel.Issue(rst) as GenericXmlSecurityToken; //MessageSecurityException -> PW falsch var _handler = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection(); var tokenString = genericToken.ToTokenXmlString(); var samlToken2 = _handler.ReadToken(new XmlTextReader(new StringReader(tokenString))); ValidateSamlToken(samlToken2); X509Certificate2 certificate = null; X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadOnly); certificate = store.Certificates.Find(X509FindType.FindByThumbprint, "thumb", false)[0]; // var jwt = ConvertSamlToJwt(samlToken2, "https://party.mycomp.com", certificate); } finally { if (factory != null) { try { factory.Close(); } catch (CommunicationObjectFaultedException) { factory.Abort(); } } }
private SecurityToken GetSecurityToken(IWSTrustChannelContract channel, RequestSecurityToken rst) { try { RequestSecurityTokenResponse rstr = null; var token = channel.Issue(rst, out rstr); return(token); } catch (Exception ex) { Logging.Exception(ex); Logging.DebugMessage(string.Format("Request: user={0}, stsAddress={1} thumbprint={2}", UserName, ServiceSettings.StsAddress, ThumbprintResolver.ResolveThumbprint(ServiceSettings.Thumbprint, ServiceSettings.IssuerAddress))); throw; } }
/// <summary> /// Creates a security token for the service layer. /// </summary> /// <returns></returns> private static SecurityToken CreateSecurityToken(TimeSpan?lifeTime, string user, string password) { var factory = new WSTrustChannelFactory( new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(WsTrustAddress)) { TrustVersion = TrustVersion.WSTrust13 }; if (factory.Credentials == null) { throw new Exception(ErrBadFactory); } // the identity authorized to 'act as' the current principal factory.Credentials.UserName.UserName = user; factory.Credentials.UserName.Password = password; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, KeyType = KeyTypes.Bearer, AppliesTo = new EndpointReference(ServiceHostAddress), //ActAs = new SecurityTokenElement(bootstrap) //may want to look at using actas in the future. }; if (lifeTime != null) { Log.Debug("Token lifetime config value found. Setting service token lifetime to {0}", lifeTime); rst.Lifetime = new Lifetime(null, DateTime.Now.Add(lifeTime.Value)); } try { Log.Debug("Creating channel to sts to request ActAs Token. Address:{0}", WsTrustAddress); IWSTrustChannelContract channel = factory.CreateChannel(); Log.Debug("Asking STS to issue ActAs Token. Address:{0}", WsTrustAddress); //ask the STS to issue a token for the service SecurityToken delegationToken = channel.Issue(rst); return(delegationToken); } catch (Exception ex) { string msg = "Cannot create service security token."; Log.Error("{0} Ex:{1}", msg, ex.GetBaseException().Message); throw new Exception(msg); } }
public void Setup() { _mixedUserNameClient = WSTrustClientFactory.CreateMixedUserNameClient( Constants.Credentials.ValidUserName, Constants.Credentials.ValidPassword, baseAddressUserName); _mixedCertificateClient = WSTrustClientFactory.CreateMixedCertificateClient( Constants.Certificates.ValidClientCertificateName, baseAddressCertificate); _rst = new RequestSecurityToken { AppliesTo = new EndpointAddress(rp), RequestType = RequestTypes.Issue, KeyType = KeyTypes.Symmetric }; }
public void Setup() { _mixedUserNameClient = WSTrustClientFactory.CreateMixedUserNameClient( Constants.Credentials.ValidUserName, Constants.Credentials.ValidPassword, baseAddressUserName); _mixedCertificateClient = WSTrustClientFactory.CreateMixedCertificateClient( Constants.Certificates.ValidClientCertificateName, baseAddressCertificate); _rst = new RequestSecurityToken { AppliesTo = new EndpointReference(rp), RequestType = RequestTypes.Issue, KeyType = KeyTypes.Symmetric }; }
/// <summary> /// Issues security token /// </summary> /// <param name="channel"> /// The channel. /// </param> /// <param name="serviceAddress"> /// The service address. /// </param> /// <param name="actAsToken"> /// The act as token. /// </param> /// <param name="onBehalfOf"> /// the on behalf of token /// </param> /// <returns> /// the security token /// </returns> public virtual SecurityToken IssueToken(IWSTrustChannelContract channel, string serviceAddress, SecurityToken actAsToken = null, SecurityToken onBehalfOf = null) { var rst = new RequestSecurityToken(RequestTypes.Issue) { AppliesTo = new EndpointAddress(serviceAddress) }; if (actAsToken != null) { rst.ActAs = new SecurityTokenElement(actAsToken); } if (onBehalfOf != null) { rst.OnBehalfOf = new SecurityTokenElement(onBehalfOf); } RequestSecurityTokenResponse rstr; return channel.Issue(rst, out rstr); }
/// <summary> /// Requests a security token from the ADFS server /// </summary> /// <param name="username">The username</param> /// <param name="password">The password</param> /// <param name="endpoint">The ADFS endpoint</param> /// <returns></returns> public GenericXmlSecurityToken RequestToken(string username, SecureString password, string endpoint) { WSTrustChannelFactory factory = new WSTrustChannelFactory( new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(adfsUserNameMixedEndpoint)); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.UserName.UserName = username; factory.Credentials.UserName.Password = new System.Net.NetworkCredential(string.Empty, password).Password; RequestSecurityToken token = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointReference(endpoint), KeyType = KeyTypes.Bearer }; IWSTrustChannelContract channel = factory.CreateChannel(); return(channel.Issue(token) as GenericXmlSecurityToken); }
/// <summary> /// Returns Generic XML Security Token from ADFS to generated FedAuth /// </summary> /// <param name="kerberosMixed">ADFS Endpoint for Kerberos Mixed Authentication</param> /// <param name="relyingPartyIdentifier">Identifier of the ADFS relying party that we're hitting</param> /// <returns></returns> private GenericXmlSecurityToken RequestToken(Uri kerberosMixed, string relyingPartyIdentifier) { GenericXmlSecurityToken genericToken = null; using (var factory = new WSTrustChannelFactory(new KerberosWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(kerberosMixed))) { factory.TrustVersion = TrustVersion.WSTrust13; var requestSecurityToken = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointReference(relyingPartyIdentifier), KeyType = KeyTypes.Bearer }; IWSTrustChannelContract channel = factory.CreateChannel(); genericToken = channel.Issue(requestSecurityToken) as GenericXmlSecurityToken; factory.Close(); } return(genericToken); }
/// <summary> /// Issues security token /// </summary> /// <param name="channel"> /// The channel. /// </param> /// <param name="serviceAddress"> /// The service address. /// </param> /// <param name="actAsToken"> /// The act as token. /// </param> /// <param name="onBehalfOf"> /// the on behalf of token /// </param> /// <returns> /// the security token /// </returns> public virtual SecurityToken IssueToken(IWSTrustChannelContract channel, string serviceAddress, SecurityToken actAsToken = null, SecurityToken onBehalfOf = null) { var rst = new RequestSecurityToken(RequestTypes.Issue) { AppliesTo = new EndpointAddress(serviceAddress) }; if (actAsToken != null) { rst.ActAs = new SecurityTokenElement(actAsToken); } if (onBehalfOf != null) { rst.OnBehalfOf = new SecurityTokenElement(onBehalfOf); } RequestSecurityTokenResponse rstr; return(channel.Issue(rst, out rstr)); }
/// <summary> /// Returns Generic XML Security Token from ADFS to generated FedAuth /// </summary> /// <param name="serialNumber">Serial Number of Certificate from CurrentUSer > My Certificate</param> /// <param name="certificateMixed">ADFS Endpoint for Certificate Mixed Authentication</param> /// <param name="relyingPartyIdentifier">Identifier of the ADFS relying party that we're hitting</param> /// <returns></returns> private GenericXmlSecurityToken RequestToken(string serialNumber, Uri certificateMixed, string relyingPartyIdentifier) { GenericXmlSecurityToken genericToken = null; using (var factory = new WSTrustChannelFactory(new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(certificateMixed))) { factory.TrustVersion = TrustVersion.WSTrust13; // Hookup the user and password factory.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySerialNumber, serialNumber); var requestSecurityToken = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointReference(relyingPartyIdentifier), KeyType = KeyTypes.Bearer }; IWSTrustChannelContract channel = factory.CreateChannel(); genericToken = channel.Issue(requestSecurityToken) as GenericXmlSecurityToken; factory.Close(); } return(genericToken); }
private GenericXmlSecurityToken RequestToken(string userName, string passWord, Uri userNameMixed, string relyingPartyIdentifier) { GenericXmlSecurityToken genericToken = null; using (var factory = new WSTrustChannelFactory(new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(userNameMixed))) { factory.TrustVersion = TrustVersion.WSTrust13; // Hookup the user and password factory.Credentials.UserName.UserName = userName; factory.Credentials.UserName.Password = passWord; var requestSecurityToken = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointReference(relyingPartyIdentifier), KeyType = KeyTypes.Bearer }; IWSTrustChannelContract channel = factory.CreateChannel(); genericToken = channel.Issue(requestSecurityToken) as GenericXmlSecurityToken; factory.Close(); } return(genericToken); }
public bool Logoff(string userName, string password, SecurityToken sessionToken, string securityServerURL) { using (WSTrustChannelFactory factory = GetTrustChannelFactory(securityServerURL)) { if (factory.Credentials == null) { throw new Exception("Credentails are null"); } factory.Credentials.UserName.UserName = userName; factory.Credentials.UserName.Password = password; factory.Credentials.SupportInteractive = false; RequestSecurityToken rst = new RequestSecurityToken(RequestTypes.Cancel) { CancelTarget = new SecurityTokenElement(sessionToken) }; IWSTrustChannelContract channel = factory.CreateChannel(); RequestSecurityTokenResponse response = channel.Cancel(rst); return(response.RequestedTokenCancelled); } }
private SecurityToken GetSecurityToken(IWSTrustChannelContract channel, RequestSecurityToken rst) { try { RequestSecurityTokenResponse rstr = null; var token = channel.Issue(rst, out rstr); return token; } catch (Exception ex) { Logging.Exception(ex); Logging.DebugMessage(string.Format("Request: user={0}, stsAddress={1} thumbprint={2}", UserName, ServiceSettings.StsAddress, ThumbprintResolver.ResolveThumbprint(ServiceSettings.Thumbprint, ServiceSettings.IssuerAddress))); throw; } }
/// <summary> /// Login to the application. /// /// The login process takes two steps - /// First; establish the identity of the user using standard credentials. /// Second; use this identity to login to SIMS for the purpose of carrying out data querying. /// </summary> internal SecurityToken Login(string userName, string password, string schoolId, string tenantId) { // Temporaryily store the Identity Token issued by the identity server so that we can use it to prove our identity to the application login server. // Note that; although iSIMS provides both Identity and Application logins on the same service endpoint (iSIMSSTS) the Identity Service might have // a different endpoint where iSIMS has been integrated with an external identity management system such as ADFS, Shibboleth etc // ReSharper disable once RedundantAssignment SecurityToken identityToken = null; // Step 1 : Pass credentials to the identity server to get a token bearing our verified identity. using (WSTrustChannelFactory factory = GetTrustChannelFactory()) { // Set up credentials if (factory.Credentials == null) { throw new Exception("Credentails are null"); } factory.Credentials.UserName.UserName = userName; factory.Credentials.UserName.Password = password; factory.Credentials.SupportInteractive = false; // Create a "request for token" SOAP message. RequestSecurityToken rst = new RequestSecurityToken( // We want the security server to Issue us with a token RequestTypes.Issue, // We want the token type to be a Bearer token (i.e. not symmetric key or other mutually guaranteed certificate based mechanism) KeyTypes.Bearer); // We want a token that will permit us to communicate with the application server rst.AppliesTo = new EndpointReference(_applicationServerAddress); // Create the communicaiton channel IWSTrustChannelContract channel = factory.CreateChannel(); // Request an identity token RequestSecurityTokenResponse response; identityToken = channel.Issue(rst, out response); } // Step 2 : Use the identity token to get a further token which can be used to access resources within the system. This token is obtained from the same // location in this example, but the Application Identity Server (here) and the Identity Verification Server (above) might be different URLs in Single Sign-on // implementations. using (WSTrustChannelFactory factory = GetTrustChannelFactory()) { // Provide the credentials again. if (factory.Credentials == null) { throw new Exception("Credentails are null"); } factory.Credentials.UserName.UserName = userName; factory.Credentials.UserName.Password = password; factory.Credentials.SupportInteractive = false; // Because our communication now will be secured using our Identity Token we need to use some WIF extension methods to make sure the identity token // is sent as a Cookie on the SOAP call that WCF will be generating. factory.Credentials.UseIdentityConfiguration = true; factory.CreateChannelWithIssuedToken(identityToken); // Create the communication channel IWSTrustChannelContract channel = factory.CreateChannel(); // create token request RequestSecurityToken rst = new RequestSecurityToken( // We want the security server to Issue us with a token RequestTypes.Issue, // We want the token type to be a Bearer token (i.e. not symmetric key or other mutually guaranteed certificate based mechanism) KeyTypes.Bearer); // Add the school ID that we claim to have access to. rst.AdditionalContext = new AdditionalContext(); rst.AdditionalContext.Items.Add(new ContextItem(new Uri(SimsLoginContextSchoolClaimUrl), schoolId)); rst.AdditionalContext.Items.Add(new ContextItem(new Uri(SimsLoginContextTenantClaimUrl), tenantId)); // This is the endpoint for which the token will be valid. rst.AppliesTo = new EndpointReference(_applicationServerAddress); // Becuase we have already established our identity, we want this call to "Act As" us. This enables the receving web service to be passed our // identity in the thread principal. rst.ActAs = new SecurityTokenElement(identityToken); // Request an application session token. RequestSecurityTokenResponse response; return(channel.Issue(rst, out response)); } }