Esempio n. 1
0
        /// <summary>
        /// Validate that a specified context token string is intended for this application based on the parameters
        /// specified in web.config. Parameters used from web.config used for validation include ClientId,
        /// HostedAppHostNameOverride, HostedAppHostName, ClientSecret, and Realm (if it is specified). If HostedAppHostNameOverride is present,
        /// it will be used for validation. Otherwise, if the <paramref name="appHostName"/> is not
        /// null, it is used for validation instead of the web.config's HostedAppHostName. If the token is invalid, an
        /// exception is thrown. If the token is valid, TokenHelper's static STS metadata url is updated based on the token contents
        /// and a JsonWebSecurityToken based on the context token is returned.
        /// </summary>
        /// <param name="contextTokenString">The context token to validate</param>
        /// <param name="appHostName">The URL authority, consisting of  Domain Name System (DNS) host name or IP address and the port number, to use for token audience validation.
        /// If null, HostedAppHostName web.config setting is used instead. HostedAppHostNameOverride web.config setting, if present, will be used
        /// for validation instead of <paramref name="appHostName"/> .</param>
        /// <returns>A JsonWebSecurityToken based on the context token.</returns>
        internal static SharePointContextToken ReadAndValidateContextToken(string contextTokenString, string appHostName = null)
        {
            JsonWebSecurityTokenHandler tokenHandler = CreateJsonWebSecurityTokenHandler();
            SecurityToken          securityToken     = tokenHandler.ReadToken(contextTokenString);
            JsonWebSecurityToken   jsonToken         = securityToken as JsonWebSecurityToken;
            SharePointContextToken token             = SharePointContextToken.Create(jsonToken);

            //Alteração para HighTrust: Comentada as linhas abaixo
            //string stsAuthority = (new Uri(token.SecurityTokenServiceUri)).Authority;
            //int firstDot = stsAuthority.IndexOf('.');

            //ProcessTokenStrings.GlobalEndPointPrefix = stsAuthority.Substring(0, firstDot);
            //ProcessTokenStrings.AcsHostUrl = stsAuthority.Substring(firstDot + 1);

            tokenHandler.ValidateToken(jsonToken);

            string[] acceptableAudiences;
            if (!string.IsNullOrEmpty(WebConfigAddInDataRescue.HostedAppHostNameOverride))
            {
                acceptableAudiences = WebConfigAddInDataRescue.HostedAppHostNameOverride.Split(';');
            }
            else if (appHostName == null)
            {
                acceptableAudiences = new[] { WebConfigAddInDataRescue.HostedAppHostName };
            }
            else
            {
                acceptableAudiences = new[] { appHostName };
            }

            bool   validationSuccessful = false;
            string realm = WebConfigAddInDataRescue.Realm ?? token.Realm;

            foreach (string audience in acceptableAudiences)
            {
                string principal = ProcessTokenStrings.GetFormattedPrincipal(WebConfigAddInDataRescue.ClientId, audience, realm);
                if (StringComparer.OrdinalIgnoreCase.Equals(token.Audience, principal))
                {
                    validationSuccessful = true;
                    break;
                }
            }

            if (!validationSuccessful)
            {
                throw new AudienceUriValidationFailedException(
                          String.Format(CultureInfo.CurrentCulture,
                                        "\"{0}\" is not the intended audience \"{1}\"", String.Join(";", acceptableAudiences), token.Audience));
            }

            return(token);
        }
Esempio n. 2
0
        /// <summary>
        /// Gets the SharePoint host url from QueryString of the specified HTTP request.
        /// </summary>
        /// <param name="httpRequest">The specified HTTP request.</param>
        /// <returns>The SharePoint host url. Returns <c>null</c> if the HTTP request doesn't contain the SharePoint host url.</returns>
        internal static Uri GetSPHostUrl(HttpRequestBase httpRequest)
        {
            if (httpRequest == null)
            {
                throw new ArgumentNullException("httpRequest");
            }
            string spHostUrlString = ProcessTokenStrings.EnsureTrailingSlash(httpRequest.QueryString[SharePointKeys.SPHostUrl.ToString()]);
            Uri    spHostUrl;

            if (Uri.TryCreate(spHostUrlString, UriKind.Absolute, out spHostUrl) &&
                (spHostUrl.Scheme == Uri.UriSchemeHttp || spHostUrl.Scheme == Uri.UriSchemeHttps))
            {
                return(spHostUrl);
            }
            return(null);
        }
Esempio n. 3
0
        private static JsonMetadataDocument GetMetadataDocument(string realm)
        {
            string acsMetadataEndpointUrlWithRealm = string.Format(CultureInfo.InvariantCulture, "{0}?realm={1}",
                                                                   ProcessTokenStrings.GetAcsMetadataEndpointUrl(),
                                                                   realm);

            byte[] acsMetadata = null;
            using (WebClient webClient = new WebClient())
            {
                acsMetadata = webClient.DownloadData(acsMetadataEndpointUrlWithRealm);
            }
            string jsonResponseString = Encoding.UTF8.GetString(acsMetadata);

            JavaScriptSerializer serializer = new JavaScriptSerializer();
            JsonMetadataDocument document   = serializer.Deserialize <JsonMetadataDocument>(jsonResponseString);

            if (null == document)
            {
                throw new Exception("No metadata document found at the global endpoint " + acsMetadataEndpointUrlWithRealm);
            }

            return(document);
        }