static void Main(string[] args) {
string idpAddress = "https://idp.contoso.com/SecurityTokenService/Issue.svc/mixed/username";
string fedAddress = "https://sts.contoso.com/adfs/services/trust/13/IssuedTokenMixedSymmetricBasic256";
string svcAddress = "https://internalcrm.contoso.com";
var idpBinding = new UserNameWSTrustBinding() {
SecurityMode = SecurityMode.TransportWithMessageCredential
};
var fedBinding = new IssuedTokenWSTrustBinding(idpBinding, new EndpointAddress(idpAddress)) {
SecurityMode = SecurityMode.TransportWithMessageCredential,
//KeyType = SecurityKeyType.SymmetricKey
};
var channelFactory = new WSTrustChannelFactory(fedBinding, fedAddress);
channelFactory.Credentials.UserName.UserName = "******";
channelFactory.Credentials.UserName.Password = "******";
var request = new RequestSecurityToken {
RequestType = RequestTypes.Issue,
AppliesTo = new EndpointReference(svcAddress),
//TokenType = Microsoft.IdentityModel.Tokens.SecurityTokenTypes.Saml2TokenProfile11,
//TokenType = SecurityTokenTypes.Saml,
};
var token = channelFactory.CreateChannel().Issue(request);
//return token;
}
private static SecurityToken GetRSTSToken(SecurityToken token, string tokenType)
{
var binding = new IssuedTokenWSTrustBinding();
binding.SecurityMode = SecurityMode.TransportWithMessageCredential;
var issuredTokenEP = ConfigurationManager.AppSettings["issuedtokenEP"].ToString();
if (issuredTokenEP.ToLower().EndsWith("issuedtokenmixedasymmetricbasic256sha256") ||
issuredTokenEP.ToLower().EndsWith("issuedtokenmixedsymmetricbasic256sha256"))
{
binding.AlgorithmSuite = SecurityAlgorithmSuite.Basic256Sha256;
}
var factory = new WSTrustChannelFactory(binding, issuredTokenEP);
factory.TrustVersion = TrustVersion.WSTrust13;
factory.Credentials.SupportInteractive = false;
factory.Credentials.UseIdentityConfiguration = true;
var rst = new RequestSecurityToken
{
RequestType = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue",
AppliesTo = new EndpointReference(ConfigurationManager.AppSettings["issuedtokenAppliesTo"].ToString()),
KeyType = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer",
TokenType = tokenType,
};
var channel = factory.CreateChannelWithIssuedToken(token);
return(channel.Issue(rst));
}
private SecurityToken RequestFederationToken(GenericXmlSecurityToken xmlToken, string appliesTo)
{
var adfsEndpoint = _configuration.AdfsIntegration.FederationEndpoint;
var rst = new RequestSecurityToken
{
RequestType = RequestTypes.Issue,
AppliesTo = new EndpointReference(appliesTo),
KeyType = KeyTypes.Bearer
};
var binding = new IssuedTokenWSTrustBinding();
binding.SecurityMode = SecurityMode.TransportWithMessageCredential;
var factory = new WSTrustChannelFactory(
binding,
new EndpointAddress(adfsEndpoint));
factory.TrustVersion = TrustVersion.WSTrust13;
factory.Credentials.SupportInteractive = false;
var channel = factory.CreateChannelWithIssuedToken(xmlToken);
return(channel.Issue(rst));
}
public static SecurityToken GetToken(SecurityToken dobstsToken, string endpointUri, string spRealm)
{
// WSTrust call over SSL with credentails sent in the message.
var binding = new IssuedTokenWSTrustBinding();
binding.SecurityMode = SecurityMode.TransportWithMessageCredential;
var factory = new WSTrustChannelFactory(
binding,
endpointUri);
factory.TrustVersion = TrustVersion.WSTrust13;
factory.Credentials.SupportInteractive = false;
// Request Bearer Token so no keys or encryption required.
var rst = new RequestSecurityToken
{
RequestType = RequestTypes.Issue,
AppliesTo = new EndpointAddress(spRealm),
KeyType = KeyTypes.Bearer
};
// Make the request with the DobstsToken.
factory.ConfigureChannelFactory();
var channel = factory.CreateChannelWithIssuedToken(dobstsToken);
return channel.Issue(rst) as GenericXmlSecurityToken;
}
private static SecurityToken RequestServiceToken(SecurityToken identityToken)
{
"Requesting service token".ConsoleYellow();
var binding = new IssuedTokenWSTrustBinding();
binding.SecurityMode = SecurityMode.TransportWithMessageCredential;
var factory = new WSTrustChannelFactory(
binding,
_acsEndpoint);
factory.TrustVersion = TrustVersion.WSTrust13;
factory.Credentials.SupportInteractive = false;
var rst = new RequestSecurityToken
{
RequestType = RequestTypes.Issue,
AppliesTo = new EndpointAddress("https://" + Constants.WebHost + "/webservicesecurity/"),
KeyType = KeyTypes.Symmetric
};
factory.ConfigureChannelFactory();
var channel = factory.CreateChannelWithIssuedToken(identityToken);
var token = channel.Issue(rst);
return token;
}
