public async Task <IActionResult> Edit(int id, [Bind("Name,Id")] IssuingAuthority issuingAuthority)
        {
            if (id != issuingAuthority.Id)
            {
                return(NotFound());
            }

            if (ModelState.IsValid)
            {
                try
                {
                    _context.Update(issuingAuthority);
                    await _context.SaveChangesAsync();
                }
                catch (DbUpdateConcurrencyException)
                {
                    if (!IssuingAuthorityExists(issuingAuthority.Id))
                    {
                        return(NotFound());
                    }
                    else
                    {
                        throw;
                    }
                }
                return(RedirectToAction(nameof(Index)));
            }
            return(View(issuingAuthority));
        }
        /// <summary>
        /// RefreshKeys
        /// </summary>
        /// <param name="metadataLocation"></param>
        public static void RefreshKeys(string metadataLocation)
        {
            IssuingAuthority issuingAuthority = ValidatingIssuerNameRegistry.GetIssuingAuthority(metadataLocation);

            bool newKeys = false;

            foreach (string thumbprint in issuingAuthority.Thumbprints)
            {
                if (!ContainsKey(thumbprint))
                {
                    newKeys = true;
                    break;
                }
            }

            if (newKeys)
            {
                using (MyCompanyContext context = new MyCompanyContext())
                {
                    context.IssuingAuthorityKeys.RemoveRange(context.IssuingAuthorityKeys);
                    foreach (string thumbprint in issuingAuthority.Thumbprints)
                    {
                        context.IssuingAuthorityKeys.Add(new IssuingAuthorityKey {
                            Id = thumbprint
                        });
                    }
                    context.SaveChanges();
                }
            }
        }
        public static void RefreshKeys(string metadataAddress)
        {
            IssuingAuthority ia =
                ValidatingIssuerNameRegistry.GetIssuingAuthority(metadataAddress);

            bool newKeys = false;

            foreach (string thumbp in ia.Thumbprints)
            {
                if (!ContainsKey(thumbp))
                {
                    newKeys = true;
                    break;
                }
            }

            if (newKeys)
            {
                XElement keysRoot =
                    (XElement)(from tt in doc.Descendants("keys") select tt).First();
                keysRoot.RemoveNodes();
                foreach (string thumbp in ia.Thumbprints)
                {
                    XElement node = new XElement("key", new XAttribute("id", thumbp));
                    keysRoot.Add(node);
                }
                doc.Save(filePath);
            }
        }
        public static FederationConfiguration Create(string relyingPartyUrl, string stsUrl, string domain, string certificateThumbprint, string authCookieName, bool requireSsl)
        {
            var federationConfiguration = new FederationConfiguration();
            federationConfiguration.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(relyingPartyUrl));

            var issuingAuthority = new IssuingAuthority(stsUrl);
            issuingAuthority.Thumbprints.Add(certificateThumbprint);
            issuingAuthority.Issuers.Add(stsUrl);
            var issuingAuthorities = new List<IssuingAuthority> { issuingAuthority };

            var validatingIssuerNameRegistry = new ValidatingIssuerNameRegistry { IssuingAuthorities = issuingAuthorities };
            federationConfiguration.IdentityConfiguration.IssuerNameRegistry = validatingIssuerNameRegistry;
            federationConfiguration.IdentityConfiguration.CertificateValidationMode = X509CertificateValidationMode.None;

            var chunkedCookieHandler = new ChunkedCookieHandler
                                       {
                                           RequireSsl = requireSsl,
                                           Name = authCookieName,
                                           Domain = domain,
                                           PersistentSessionLifetime = new TimeSpan(0, 0, 30, 0)
                                       };
            federationConfiguration.CookieHandler = chunkedCookieHandler;
            var issuerOfToken = stsUrl;
            federationConfiguration.WsFederationConfiguration.Issuer = issuerOfToken;
            federationConfiguration.WsFederationConfiguration.Realm = relyingPartyUrl;
            federationConfiguration.WsFederationConfiguration.RequireHttps = requireSsl;

            return federationConfiguration;
        }
        public static void RefreshKeys(string metadataLocation)
        {
            IssuingAuthority issuingAuthority = ValidatingIssuerNameRegistry.GetIssuingAuthority(metadataLocation);

            bool newKeys       = false;
            bool refreshTenant = false;

            foreach (string thumbprint in issuingAuthority.Thumbprints)
            {
                if (!ContainsKey(thumbprint))
                {
                    newKeys       = true;
                    refreshTenant = true;
                    break;
                }
            }

            foreach (string issuer in issuingAuthority.Issuers)
            {
                if (!ContainsTenant(GetIssuerId(issuer)))
                {
                    refreshTenant = true;
                    break;
                }
            }

            if (newKeys || refreshTenant)
            {
                using (TenantDbContext context = new TenantDbContext())
                {
                    if (newKeys)
                    {
                        context.IssuingAuthorityKeys.RemoveRange(context.IssuingAuthorityKeys);
                        foreach (string thumbprint in issuingAuthority.Thumbprints)
                        {
                            context.IssuingAuthorityKeys.Add(new IssuingAuthorityKey {
                                Id = thumbprint
                            });
                        }
                    }

                    if (refreshTenant)
                    {
                        // Add the default tenant to the registry.
                        // Comment or remove the following code if you do not wish to have the default tenant use the application.
                        foreach (string issuer in issuingAuthority.Issuers)
                        {
                            string issuerId = GetIssuerId(issuer);
                            if (!ContainsTenant(issuerId))
                            {
                                context.Tenants.Add(new Tenant {
                                    Id = issuerId
                                });
                            }
                        }
                    }
                    context.SaveChanges();
                }
            }
        }
            private static void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
            {
                //from appsettings...
                const string allowedAudience = "http://audience1/user/get";
                const string rpRealm         = "http://audience1/";
                const string domain          = "";
                const bool   requireSsl      = false;
                const string issuer          = "http://sts/token/create;
        const string certThumbprint = " mythumbprint ";
        const string authCookieName = " StsAuth ";

        var federationConfiguration = new FederationConfiguration();
                                 federationConfiguration.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(allowedAudience));

        var issuingAuthority = new IssuingAuthority(internalSts);
        issuingAuthority.Thumbprints.Add(certThumbprint);
        issuingAuthority.Issuers.Add(internalSts);
        var issuingAuthorities = new List<IssuingAuthority> {issuingAuthority};

        var validatingIssuerNameRegistry = new ValidatingIssuerNameRegistry {IssuingAuthorities = issuingAuthorities};
        federationConfiguration.IdentityConfiguration.IssuerNameRegistry = validatingIssuerNameRegistry;
        federationConfiguration.IdentityConfiguration.CertificateValidationMode = X509CertificateValidationMode.None;

        var chunkedCookieHandler = new ChunkedCookieHandler {RequireSsl = false, Name = authCookieName, Domain = domain, PersistentSessionLifetime = new TimeSpan(0, 0, 30, 0)};
        federationConfiguration.CookieHandler = chunkedCookieHandler;
        federationConfiguration.WsFederationConfiguration.Issuer = issuer;
        federationConfiguration.WsFederationConfiguration.Realm = rpRealm;
        federationConfiguration.WsFederationConfiguration.RequireHttps = requireSsl;

        e.FederationConfiguration = federationConfiguration;
                  }
Esempio n. 7
0
        public static void RefreshKeys(string metadataLocation)
        {
            IssuingAuthority issuingAuthority = ValidatingIssuerNameRegistry.GetIssuingAuthority(metadataLocation);


            bool newKeys       = false;
            bool refreshTenant = false;

            foreach (string thumbprint in issuingAuthority.Thumbprints)
            {
                if (!ContainsKey(thumbprint))
                {
                    newKeys       = true;
                    refreshTenant = true;
                    break;
                }
            }

            foreach (string issuer in issuingAuthority.Issuers)
            {
                if (!ContainsTenant(GetIssuerId(issuer)))
                {
                    refreshTenant = true;
                    break;
                }
            }

            if (newKeys || refreshTenant)
            {
                using (TenantDbContext context = new TenantDbContext())
                {
                    if (newKeys)
                    {
                        context.IssuingAuthorityKeys.RemoveRange(context.IssuingAuthorityKeys);
                        foreach (string thumbprint in issuingAuthority.Thumbprints)
                        {
                            context.IssuingAuthorityKeys.Add(new IssuingAuthorityKey {
                                Id = thumbprint
                            });
                        }
                    }

                    if (refreshTenant)
                    {
                        foreach (string issuer in issuingAuthority.Issuers)
                        {
                            string issuerId = GetIssuerId(issuer);
                            if (!ContainsTenant(issuerId))
                            {
                                context.Tenants.Add(new Tenant {
                                    Id = issuerId
                                });
                            }
                        }
                    }
                    context.SaveChanges();
                }
            }
        }
        public async Task <IActionResult> Create([Bind("Name,Id")] IssuingAuthority issuingAuthority)
        {
            if (ModelState.IsValid)
            {
                _context.Add(issuingAuthority);
                await _context.SaveChangesAsync();

                return(RedirectToAction(nameof(Index)));
            }
            return(View(issuingAuthority));
        }
        public static void RefreshKeys(string metadataLocation)
        {
            IssuingAuthority issuingAuthority = ValidatingIssuerNameRegistry.GetIssuingAuthority(metadataLocation);

            bool newKeys       = false;
            bool refreshTenant = false;

            foreach (string thumbprint in issuingAuthority.Thumbprints)
            {
                if (!ContainsKey(thumbprint))
                {
                    newKeys       = true;
                    refreshTenant = true;
                    break;
                }
            }

            foreach (string issuer in issuingAuthority.Issuers)
            {
                if (!ContainsTenant(GetIssuerId(issuer)))
                {
                    refreshTenant = true;
                    break;
                }
            }

            if (newKeys || refreshTenant)
            {
                if (newKeys)
                {
                    session.RemoveBatch <IssuingAuthorityKey>(session.GetQueryable <IssuingAuthorityKey>().Select(i => i.Id).ToList());
                    foreach (string thumbprint in issuingAuthority.Thumbprints)
                    {
                        session.Add(new IssuingAuthorityKey {
                            Id = thumbprint
                        });
                    }
                }

                if (refreshTenant)
                {
                    foreach (string issuer in issuingAuthority.Issuers)
                    {
                        string issuerId = GetIssuerId(issuer);
                        if (!ContainsTenant(issuerId))
                        {
                            session.Add(new Tenant {
                                Id = issuerId
                            });
                        }
                    }
                }
            }
        }
Esempio n. 10
0
        private static IssuingAuthority GetIssuingAuthority()
        {
            IssuingAuthority issuingAuthority = issuingAuthorityCache[IssuingAuthorityCacheKey] as IssuingAuthority;

            if (issuingAuthority == null)
            {
                issuingAuthority = ValidatingIssuerNameRegistry.GetIssuingAuthority(MetadataLocation);
                issuingAuthorityCache.Add(IssuingAuthorityCacheKey, issuingAuthority, DateTimeOffset.UtcNow.AddHours(1.0));
            }

            return(issuingAuthority);
        }
Esempio n. 11
0
        public static void RefreshKeys(string metadataLocation)
        {
            IssuingAuthority issuingAuthority = ValidatingIssuerNameRegistry.GetIssuingAuthority(metadataLocation);

            bool newKeys       = false;
            bool refreshTenant = false;

            foreach (string thumbprint in issuingAuthority.Thumbprints)
            {
                if (!ContainsKey(thumbprint))
                {
                    newKeys       = true;
                    refreshTenant = true;
                    break;
                }
            }

            foreach (string issuer in issuingAuthority.Issuers)
            {
                if (!ContainsTenant(GetIssuerId(issuer)))
                {
                    refreshTenant = true;
                    break;
                }
            }

            if (!newKeys && !refreshTenant)
            {
                return;
            }
            if (newKeys)
            {
                //IssuingAuthorityKeys.RemoveRange(context.IssuingAuthorityKeys);
                IssuingAuthorityKeys.Clear();
                foreach (var thumbprint in issuingAuthority.Thumbprints)
                {
                    IssuingAuthorityKeys.Add(new IssuingAuthorityKey {
                        Id = thumbprint
                    });
                }
            }

            foreach (
                string issuerId in
                issuingAuthority.Issuers.Select(GetIssuerId).Where(issuerId => !ContainsTenant(issuerId)))
            {
                Tenants.Add(new Tenant {
                    Id = issuerId
                });
            }
        }
Esempio n. 12
0
        public AuthController()
        {
            AzureAdAppUri          = "http://localhost:47828/";
            AzureAdAppClientId     = "515e8337-2a81-421a-bf76-cbc78ff89288";
            AzureAdAppClientSecret = "sYEVBHHMM4kQNv2NOT6x0c55sogupaknnr3gdX9cptg=";

            // Fix for ID4175 & WIF10201  http://www.cloudidentity.com/blog/2013/02/08/multitenant-sts-and-token-validation-4/
            AzureAdAuthroAuthority = new IssuingAuthority("WAAD");
            // Issuer = Azure Ad Tenant
            AzureAdAuthroAuthority.Issuers.Add("https://sts.windows.net/3351acfe-7e1b-4e9b-b587-f34bfa2e128a/");
            AzureAdAuthroAuthority.Thumbprints.Add("3464C5BDD2BE7F2B6112E2F08E9C0024E33D9FE0");

            // Thumbprint can be read via this code:
            // ia = ValidatingIssuerNameRegistry.GetIssuingAuthority("https://login.windows.net/TENANTID/FederationMetadata/2007-06/FederationMetadata.xml");
        }
Esempio n. 13
0
        public AuthController()
        {
            AzureAdAppUri = "http://localhost:47828/";
            AzureAdAppClientId = "515e8337-2a81-421a-bf76-cbc78ff89288";
            AzureAdAppClientSecret = "sYEVBHHMM4kQNv2NOT6x0c55sogupaknnr3gdX9cptg=";

            // Fix for ID4175 & WIF10201  http://www.cloudidentity.com/blog/2013/02/08/multitenant-sts-and-token-validation-4/
            AzureAdAuthroAuthority = new IssuingAuthority("WAAD");
            // Issuer = Azure Ad Tenant 
            AzureAdAuthroAuthority.Issuers.Add("https://sts.windows.net/3351acfe-7e1b-4e9b-b587-f34bfa2e128a/");
            AzureAdAuthroAuthority.Thumbprints.Add("3464C5BDD2BE7F2B6112E2F08E9C0024E33D9FE0");

            // Thumbprint can be read via this code:
            // ia = ValidatingIssuerNameRegistry.GetIssuingAuthority("https://login.windows.net/TENANTID/FederationMetadata/2007-06/FederationMetadata.xml");

        }
Esempio n. 14
0
        public static FederationConfiguration LoadConfigurationSection()
        {
            var allowedAudience     = MortysMixedAuthenticationConfiguration.Settings.ClientApplicationUri;
            var rpRealm             = MortysMixedAuthenticationConfiguration.Settings.ClientApplicationUri;
            var domain              = "";
            var requireSsl          = true;
            var issuer              = MortysMixedAuthenticationConfiguration.Settings.SecurityTokenIssuerUri;
            var certThumbprint      = MortysMixedAuthenticationConfiguration.Settings.TokenSigningSertificateThumbprint;
            var issuingAuthorityUri = MortysMixedAuthenticationConfiguration.Settings.TokenIssuingAuthorityUri;
            var authCookieName      = "FocusFederatedAuth";

            var federationConfiguration = new FederationConfiguration();

            federationConfiguration.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(allowedAudience));

            var issuingAuthority = new IssuingAuthority(issuingAuthorityUri);

            issuingAuthority.Thumbprints.Add(certThumbprint);
            issuingAuthority.Issuers.Add(issuingAuthorityUri);

            var validatingIssuerNameRegistry = new ValidatingIssuerNameRegistry
            {
                IssuingAuthorities = new List <IssuingAuthority> {
                    issuingAuthority
                }
            };

            federationConfiguration.IdentityConfiguration.IssuerNameRegistry        = validatingIssuerNameRegistry;
            federationConfiguration.IdentityConfiguration.CertificateValidationMode = X509CertificateValidationMode.None;

            var chunkedCookieHandler = new ChunkedCookieHandler {
                RequireSsl = false, Name = authCookieName, Domain = domain, PersistentSessionLifetime = new TimeSpan(0, 0, 30, 0)
            };

            federationConfiguration.CookieHandler = chunkedCookieHandler;

            federationConfiguration.WsFederationConfiguration.Issuer                 = issuer;
            federationConfiguration.WsFederationConfiguration.Realm                  = rpRealm;
            federationConfiguration.WsFederationConfiguration.RequireHttps           = requireSsl;
            federationConfiguration.WsFederationConfiguration.PassiveRedirectEnabled = true;

            return(federationConfiguration);
        }
        public FederationPartyConfiguration(string federationPartyId, string metadataAddress)
        {
            if (String.IsNullOrWhiteSpace(federationPartyId))
            {
                throw new ArgumentNullException("federationParty");
            }

            if (String.IsNullOrWhiteSpace(metadataAddress))
            {
                throw new ArgumentNullException("metadataContext");
            }
            this.FederationPartyId        = federationPartyId;
            this.MetadataAddress          = metadataAddress;
            this.AutomaticRefreshInterval = FederationPartyConfiguration.DefaultAutomaticRefreshInterval;
            this.RefreshInterval          = FederationPartyConfiguration.DefaultRefreshInterval;
            this.OutboundBinding          = new Uri(Bindings.Http_Redirect);
            this.InboundBinding           = new Uri(Bindings.Http_Post);
            this.IssuingAuthority         = new IssuingAuthority(federationPartyId);
        }
Esempio n. 16
0
        /// <inheritdoc/>
        public string ToDelimitedString()
        {
            CultureInfo culture = CultureInfo.CurrentCulture;

            return(string.Format(
                       culture,
                       StringHelper.StringFormatSequence(0, 32, Configuration.FieldSeparator),
                       Id,
                       SetIdCer.HasValue ? SetIdCer.Value.ToString(culture) : null,
                       SerialNumber,
                       Version,
                       GrantingAuthority?.ToDelimitedString(),
                       IssuingAuthority?.ToDelimitedString(),
                       Signature?.ToDelimitedString(),
                       GrantingCountry,
                       GrantingStateProvince?.ToDelimitedString(),
                       GrantingCountyParish?.ToDelimitedString(),
                       CertificateType?.ToDelimitedString(),
                       CertificateDomain?.ToDelimitedString(),
                       SubjectId?.ToDelimitedString(),
                       SubjectName,
                       SubjectDirectoryAttributeExtension != null ? string.Join(Configuration.FieldRepeatSeparator, SubjectDirectoryAttributeExtension.Select(x => x.ToDelimitedString())) : null,
                       SubjectPublicKeyInfo?.ToDelimitedString(),
                       AuthorityKeyIdentifier?.ToDelimitedString(),
                       BasicConstraint,
                       CrlDistributionPoint != null ? string.Join(Configuration.FieldRepeatSeparator, CrlDistributionPoint.Select(x => x.ToDelimitedString())) : null,
                       JurisdictionCountry,
                       JurisdictionStateProvince?.ToDelimitedString(),
                       JurisdictionCountyParish?.ToDelimitedString(),
                       JurisdictionBreadth != null ? string.Join(Configuration.FieldRepeatSeparator, JurisdictionBreadth.Select(x => x.ToDelimitedString())) : null,
                       GrantingDate.HasValue ? GrantingDate.Value.ToString(Consts.DateTimeFormatPrecisionSecond, culture) : null,
                       IssuingDate.HasValue ? IssuingDate.Value.ToString(Consts.DateTimeFormatPrecisionSecond, culture) : null,
                       ActivationDate.HasValue ? ActivationDate.Value.ToString(Consts.DateTimeFormatPrecisionSecond, culture) : null,
                       InactivationDate.HasValue ? InactivationDate.Value.ToString(Consts.DateTimeFormatPrecisionSecond, culture) : null,
                       ExpirationDate.HasValue ? ExpirationDate.Value.ToString(Consts.DateTimeFormatPrecisionSecond, culture) : null,
                       RenewalDate.HasValue ? RenewalDate.Value.ToString(Consts.DateTimeFormatPrecisionSecond, culture) : null,
                       RevocationDate.HasValue ? RevocationDate.Value.ToString(Consts.DateTimeFormatPrecisionSecond, culture) : null,
                       RevocationReasonCode?.ToDelimitedString(),
                       CertificateStatusCode?.ToDelimitedString()
                       ).TrimEnd(Configuration.FieldSeparator.ToCharArray()));
        }
Esempio n. 17
0
        //Λύνει το πρόβλημα που περιγράφεται στο:
        //https://erikvanderstarre.wordpress.com/2014/12/14/using-the-jwtsecuritytokenhandler/
        /// <summary>
        /// Reads and validates a token encoded in JSON Compact serialized format.
        /// </summary>
        /// <param name="securityToken">A 'JSON Web Token' (JWT) that has been encoded as a JSON object. May be signed using 'JSON Web Signature' (JWS).</param>
        /// <returns>A <see cref="ReadOnlyCollection<ClaimsIdentity>"/> from the jwt.</returns>
        public override ReadOnlyCollection <ClaimsIdentity> ValidateToken(SecurityToken token)
        {
            JwtSecurityToken jwtToken = (JwtSecurityToken)token;

            // Get the configuration from the configuration file (element "issuerNameRegistry").
            ValidatingIssuerNameRegistry issuerNameRegistry = (ValidatingIssuerNameRegistry)
                                                              Configuration.IssuerNameRegistry;
            IssuingAuthority issuingAuthority = issuerNameRegistry.IssuingAuthorities.First();

            // Set the validation parameters from the configuration.
            var validationParameters = new TokenValidationParameters
            {
                // Get the audiences that are expected.
                ValidAudiences = Configuration.AudienceRestriction.AllowedAudienceUris.Select(s => s.ToString()),

                // Get the issuer that are expected.
                ValidIssuers = issuingAuthority.Issuers,

                // Get the certificate to validate signing from the certificate store (if configured).
                IssuerSigningKey = getCertificate(issuingAuthority.Thumbprints.FirstOrDefault()),

                // Get the symmetric key token that is used to sign (if configured).
                // Did not get this one working though.
                //IssuerSigningToken = GetSymmetricKeyToken(issuingAuthority.SymmetricKeys.FirstOrDefault()),

                // Get how to validate the certificate.
                CertificateValidator = Configuration.CertificateValidator,

                // Get if the token should be preserved.
                SaveSigninToken = Configuration.SaveBootstrapContext
            };


            // Call the correct validation method.
            SecurityToken   validatedToken;
            ClaimsPrincipal validated = ValidateToken(jwtToken.RawData, validationParameters, out validatedToken);

            // Return the claim identities.
            return(new ReadOnlyCollection <ClaimsIdentity>(validated.Identities.ToList()));
        }
Esempio n. 18
0
        public static void InitializeIssuingAuthorityData(ICosmosDbService <IssuingAuthority> cosmosDbService)
        {
            IssuingAuthority issuingAuthority1 = new IssuingAuthority
            {
                Id             = "0x6Bd701A0D24b7c83cCe83989f6c8021e84bb60Ca",
                IssuingCountry = "Spain",
                Name           = "Spanish National Health Organization",
                PublicAddress  = "0x6Bd701A0D24b7c83cCe83989f6c8021e84bb60Ca"
            };

            IssuingAuthority issuingAuthority2 = new IssuingAuthority
            {
                Id             = "0x726a73323FE176221311185034ED1b87EE2d7dfd",
                IssuingCountry = "Norway",
                Name           = "Norwegian Institute of Public Health",
                PublicAddress  = "0x726a73323FE176221311185034ED1b87EE2d7dfd"
            };

            IssuingAuthority issuingAuthority3 = new IssuingAuthority
            {
                Id             = "0xf8E149A98eB1d0b30F3E4dB9474296aB5822Bb91",
                IssuingCountry = "England",
                Name           = "English Institute of Public Health",
                PublicAddress  = "0xf8E149A98eB1d0b30F3E4dB9474296aB5822Bb91"
            };

            IssuingAuthority issuingAuthority4 = new IssuingAuthority
            {
                Id             = "0x4D48A90c9ad0fDb1F67A37A86901FBecbC2848AC",
                IssuingCountry = "Croatia",
                Name           = "Croatian Natioanl Health Institution",
                PublicAddress  = "0x4D48A90c9ad0fDb1F67A37A86901FBecbC2848AC"
            };

            cosmosDbService.AddItemAsync(issuingAuthority1);
            cosmosDbService.AddItemAsync(issuingAuthority2);
            cosmosDbService.AddItemAsync(issuingAuthority3);
            cosmosDbService.AddItemAsync(issuingAuthority4);
        }
Esempio n. 19
0
        public static FederationConfiguration Create(string relyingPartyUrl, string stsUrl, string domain, string certificateThumbprint, string authCookieName, bool requireSsl)
        {
            var federationConfiguration = new FederationConfiguration();

            federationConfiguration.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(relyingPartyUrl));

            var issuingAuthority = new IssuingAuthority(stsUrl);

            issuingAuthority.Thumbprints.Add(certificateThumbprint);
            issuingAuthority.Issuers.Add(stsUrl);
            var issuingAuthorities = new List <IssuingAuthority> {
                issuingAuthority
            };

            var validatingIssuerNameRegistry = new ValidatingIssuerNameRegistry {
                IssuingAuthorities = issuingAuthorities
            };

            federationConfiguration.IdentityConfiguration.IssuerNameRegistry        = validatingIssuerNameRegistry;
            federationConfiguration.IdentityConfiguration.CertificateValidationMode = X509CertificateValidationMode.None;

            var chunkedCookieHandler = new ChunkedCookieHandler
            {
                RequireSsl = requireSsl,
                Name       = authCookieName,
                Domain     = domain,
                PersistentSessionLifetime = new TimeSpan(0, 0, 30, 0)
            };

            federationConfiguration.CookieHandler = chunkedCookieHandler;
            var issuerOfToken = stsUrl;

            federationConfiguration.WsFederationConfiguration.Issuer       = issuerOfToken;
            federationConfiguration.WsFederationConfiguration.Realm        = relyingPartyUrl;
            federationConfiguration.WsFederationConfiguration.RequireHttps = requireSsl;

            return(federationConfiguration);
        }
Esempio n. 20
0
        public static void RefreshKeys(string metadataLocation)
        {
            IssuingAuthority issuingAuthority = ValidatingIssuerNameRegistry.GetIssuingAuthority(metadataLocation);

            bool newKeys = false;

            foreach (string thumbprint in issuingAuthority.Thumbprints)
            {
                if (!ContainsKey(thumbprint))
                {
                    newKeys = true;
                    break;
                }
            }

            if (newKeys)
            {
                using (TenantDbContext context = new TenantDbContext())
                {
                    context.IssuingAuthorityKeys.RemoveRange(context.IssuingAuthorityKeys);
                    foreach (string thumbprint in issuingAuthority.Thumbprints)
                    {
                        context.IssuingAuthorityKeys.Add(new IssuingAuthorityKey {
                            Id = thumbprint
                        });
                    }

                    foreach (string issuer in issuingAuthority.Issuers)
                    {
                        context.Tenants.Add(new Tenant {
                            Id = issuer.TrimEnd('/').Split('/').Last()
                        });
                    }

                    context.SaveChanges();
                }
            }
        }
        public void InitiateFederatedAuthentication(AccessControlServiceSettings accessControlServiceSettings = null)
        {
            if (accessControlServiceSettings == null)
            {
                if (!databaseUpgradeDetectorFactory().UpdateNeeded())
                {
                    // Database needs an upgrade or is not reachable. We cannot configure Fed Auth at this time.
                    return;
                }

                if (!SettingsProvider.TryGetSettings(out accessControlServiceSettings))
                {
                    // Unable to load the settings from the databse. We cannot configure Fed Auth at this time.
                    return;
                }
            }

            string realm = accessControlServiceSettings.Realm;
            string acsNamespace = accessControlServiceSettings.Namespace;
            string thumbprint = accessControlServiceSettings.IssuerThumbprint;
            IEnumerable<Uri> audienceUris = accessControlServiceSettings
                .AudienceUris
                .Split(Constants.Chars.NewLine, Constants.Chars.Space)
                .Where(a => { Uri uri; return Uri.TryCreate(a, UriKind.Absolute, out uri); })
                .Select(a => new Uri(a));

            var defaultSettings = SettingsProvider.GetDefaultSettings<AccessControlServiceSettings>();
            if (!accessControlServiceSettings.Enabled ||
                    realm == defaultSettings.Realm || acsNamespace == defaultSettings.Namespace || thumbprint == defaultSettings.IssuerThumbprint)
            {
                return;
            }

            // system.identityModel -> identityConfiguration
            IdentityConfiguration identityConfiguration = FederatedAuthentication.FederationConfiguration.IdentityConfiguration;
            identityConfiguration.AudienceRestriction.AllowedAudienceUris.Clear();
            foreach (var audienceUri in audienceUris)
            {
                identityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(audienceUri);
            }

            var validatingIssuerNameRegistry = identityConfiguration.IssuerNameRegistry as ValidatingIssuerNameRegistry;
            if (validatingIssuerNameRegistry != null)
            {
                string acsAddress = string.Format("https://{0}.accesscontrol.windows.net/", acsNamespace);
                var authority = new IssuingAuthority(acsAddress);
                authority.Issuers.Add(acsAddress);
                authority.Thumbprints.Add(thumbprint);

                validatingIssuerNameRegistry.IssuingAuthorities = new[] { authority };
            }

            // system.identityModel.services -> federationConfiguration -> wsFederation
            string issuer = string.Format("https://{0}.accesscontrol.windows.net/v2/wsfederation", acsNamespace);
            FederatedAuthentication.FederationConfiguration.WsFederationConfiguration.Issuer = issuer;
            FederatedAuthentication.FederationConfiguration.WsFederationConfiguration.Realm = realm;
        }
Esempio n. 22
0
 private static bool ContainsIssuerId(IssuingAuthority issuingAuthority, string issuerId)
 {
     return(issuingAuthority.Issuers.Any(i => string.Equals(GetIssuerId(i), issuerId, StringComparison.OrdinalIgnoreCase)));
 }
Esempio n. 23
0
 private static bool ContainsThumbprint(IssuingAuthority issuingAuthority, string thumbprint)
 {
     return(issuingAuthority.Thumbprints.Contains(thumbprint));
 }
Esempio n. 24
0
 public IssuingAuthority AddIssuingAuthority(IssuingAuthority issuingAuthority)
 {
     return(cosmosDbService.AddItemAsync(issuingAuthority));
 }
Esempio n. 25
0
        public void InitiateFederatedAuthentication(AccessControlServiceSettings accessControlServiceSettings = null)
        {
            if (accessControlServiceSettings == null)
            {
                if (!databaseUpgradeDetectorFactory().UpdateNeeded())
                {
                    // Database needs an upgrade or is not reachable. We cannot configure Fed Auth at this time.
                    return;
                }

                if (!SettingsProvider.TryGetSettings(out accessControlServiceSettings))
                {
                    // Unable to load the settings from the databse. We cannot configure Fed Auth at this time.
                    return;
                }
            }

            string            realm        = accessControlServiceSettings.Realm;
            string            acsNamespace = accessControlServiceSettings.Namespace;
            string            thumbprint   = accessControlServiceSettings.IssuerThumbprint;
            IEnumerable <Uri> audienceUris = accessControlServiceSettings
                                             .AudienceUris
                                             .Split(Constants.Chars.NewLine, Constants.Chars.Space)
                                             .Where(a => { Uri uri; return(Uri.TryCreate(a, UriKind.Absolute, out uri)); })
                                             .Select(a => new Uri(a));

            var defaultSettings = SettingsProvider.GetDefaultSettings <AccessControlServiceSettings>();

            if (!accessControlServiceSettings.Enabled ||
                realm == defaultSettings.Realm || acsNamespace == defaultSettings.Namespace || thumbprint == defaultSettings.IssuerThumbprint)
            {
                return;
            }

            // system.identityModel -> identityConfiguration
            IdentityConfiguration identityConfiguration = FederatedAuthentication.FederationConfiguration.IdentityConfiguration;

            identityConfiguration.AudienceRestriction.AllowedAudienceUris.Clear();
            foreach (var audienceUri in audienceUris)
            {
                identityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(audienceUri);
            }

            var validatingIssuerNameRegistry = identityConfiguration.IssuerNameRegistry as ValidatingIssuerNameRegistry;

            if (validatingIssuerNameRegistry != null)
            {
                string acsAddress = string.Format("https://{0}.accesscontrol.windows.net/", acsNamespace);
                var    authority  = new IssuingAuthority(acsAddress);
                authority.Issuers.Add(acsAddress);
                authority.Thumbprints.Add(thumbprint);

                validatingIssuerNameRegistry.IssuingAuthorities = new[] { authority };
            }

            // system.identityModel.services -> federationConfiguration -> wsFederation
            string issuer = string.Format("https://{0}.accesscontrol.windows.net/v2/wsfederation", acsNamespace);

            FederatedAuthentication.FederationConfiguration.WsFederationConfiguration.Issuer = issuer;
            FederatedAuthentication.FederationConfiguration.WsFederationConfiguration.Realm  = realm;
        }