public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
IPrincipal principal = null;
if (HttpContext.Current != null)
{
principal = HttpContext.Current.User;
}
if (principal != null)
{
// set the identity (for PrimaryIdentity)
evaluationContext.Properties["Identities"] =
new List<IIdentity>() { principal.Identity };
evaluationContext.Properties["Principal"] = principal;
var nameClaim = Claim.CreateNameClaim(principal.Identity.Name);
ClaimSet set;
if (HttpContext.Current != null)
{
set = new DefaultClaimSet(
nameClaim,
new Claim(ClaimTypes.Authentication, HttpContext.Current.User.Identity, Rights.Identity));
}
else
{
set = new DefaultClaimSet(nameClaim);
}
evaluationContext.AddClaimSet(this, set);
}
return true;
}
internal static DefaultClaimSet CreateSystemClaimSet()
{
DefaultClaimSet s = new DefaultClaimSet();
s.Initialize(s, new Claim [] { Claim.System, new Claim(ClaimTypes.System, "System", Rights.PossessProperty) });
return(s);
}
protected override ReadOnlyCollection<IAuthorizationPolicy> ValidateTokenCore(SecurityToken token)
{
KerberosRequestorSecurityToken token2 = (KerberosRequestorSecurityToken) token;
List<IAuthorizationPolicy> list = new List<IAuthorizationPolicy>(1);
ClaimSet issuance = new DefaultClaimSet(ClaimSet.System, new Claim[] { new Claim(ClaimTypes.Spn, token2.ServicePrincipalName, Rights.PossessProperty) });
list.Add(new UnconditionalPolicy(System.ServiceModel.Security.SecurityUtils.CreateIdentity(token2.ServicePrincipalName, "Kerberos"), issuance));
return list.AsReadOnly();
}
protected override ReadOnlyCollection<IAuthorizationPolicy> ValidateTokenCore(SecurityToken token)
{
KerberosRequestorSecurityToken kerbToken = (KerberosRequestorSecurityToken) token;
List<IAuthorizationPolicy> policies = new List<IAuthorizationPolicy>(1);
ClaimSet claimSet = new DefaultClaimSet(ClaimSet.System, new Claim(ClaimTypes.Spn, kerbToken.ServicePrincipalName, Rights.PossessProperty));
policies.Add(new UnconditionalPolicy(SecurityUtils.CreateIdentity(kerbToken.ServicePrincipalName, SecurityUtils.AuthTypeKerberos), claimSet));
return policies.AsReadOnly();
}
public WspAuthorizationPolicy()
{
_id = Guid.NewGuid().ToString();
_issuerClaimSet = CreateIssuer();
_trustFabric = OpenTrustFabric();
}
protected override ReadOnlyCollection<IAuthorizationPolicy> ValidateTokenCore(SecurityToken token)
{
RsaSecurityToken token2 = (RsaSecurityToken) token;
List<Claim> claims = new List<Claim>(2) {
new Claim(ClaimTypes.Rsa, token2.Rsa, Rights.Identity),
Claim.CreateRsaClaim(token2.Rsa)
};
DefaultClaimSet issuance = new DefaultClaimSet(ClaimSet.Anonymous, claims);
return new List<IAuthorizationPolicy>(1) { new UnconditionalPolicy(issuance, token2.ValidTo) }.AsReadOnly();
}
protected override ReadOnlyCollection<IAuthorizationPolicy> ValidateUserNamePasswordCore(string userName, string password)
{
if (!ValidateUserNameFormat(userName))
throw new SecurityTokenValidationException("Incorrect UserName format");
ClaimSet claimSet = new DefaultClaimSet(ClaimSet.System, new Claim(ClaimTypes.Name, userName, Rights.PossessProperty));
List<IIdentity> identities = new List<IIdentity>(1);
identities.Add(new GenericIdentity(userName));
List<IAuthorizationPolicy> policies = new List<IAuthorizationPolicy>(1);
policies.Add(new UnconditionalPolicy(ClaimSet.System, claimSet, DateTime.MaxValue.ToUniversalTime(), identities));
return policies.AsReadOnly();
}
protected override ReadOnlyCollection<IAuthorizationPolicy> ValidateTokenCore(SecurityToken token)
{
RsaSecurityToken rsaToken = (RsaSecurityToken)token;
List<Claim> claims = new List<Claim>(2);
claims.Add(new Claim(ClaimTypes.Rsa, rsaToken.Rsa, Rights.Identity));
claims.Add(Claim.CreateRsaClaim(rsaToken.Rsa));
DefaultClaimSet claimSet = new DefaultClaimSet(ClaimSet.Anonymous, claims);
List<IAuthorizationPolicy> policies = new List<IAuthorizationPolicy>(1);
policies.Add(new UnconditionalPolicy(claimSet, rsaToken.ValidTo));
return policies.AsReadOnly();
}
/// <summary>
/// Makes calls to the specified endpoint name in app.config
/// </summary>
/// <param name="endpointName">The endpoint to use from app.config</param>
private static void CallEndpoint(string endpointName)
{
Console.WriteLine("\nCalling endpoint {0}\n", endpointName);
// Create a client with given client endpoint configuration
CalculatorClient client = new CalculatorClient(endpointName);
// Create new credentials class
SamlClientCredentials samlCC = new SamlClientCredentials();
// Set the client certificate. This is the cert that will be used to sign the SAML token in the symmetric proof key case
samlCC.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, "Alice");
// Set the service certificate. This is the cert that will be used to encrypt the proof key in the symmetric proof key case
samlCC.ServiceCertificate.SetDefaultCertificate(StoreLocation.CurrentUser, StoreName.TrustedPeople, X509FindType.FindBySubjectName, "localhost");
// Create some claims to put in the SAML assertion
IList<Claim> claims = new List<Claim>();
claims.Add(Claim.CreateNameClaim(samlCC.ClientCertificate.Certificate.Subject));
ClaimSet claimset = new DefaultClaimSet(claims);
samlCC.Claims = claimset;
// set new credentials
client.ChannelFactory.Endpoint.Behaviors.Remove(typeof(ClientCredentials));
client.ChannelFactory.Endpoint.Behaviors.Add(samlCC);
// Call the Add service operation.
double value1 = 100.00D;
double value2 = 15.99D;
double result = client.Add(value1, value2);
Console.WriteLine("Add({0},{1}) = {2}", value1, value2, result);
// Call the Subtract service operation.
value1 = 145.00D;
value2 = 76.54D;
result = client.Subtract(value1, value2);
Console.WriteLine("Subtract({0},{1}) = {2}", value1, value2, result);
// Call the Multiply service operation.
value1 = 9.00D;
value2 = 81.25D;
result = client.Multiply(value1, value2);
Console.WriteLine("Multiply({0},{1}) = {2}", value1, value2, result);
// Call the Divide service operation.
value1 = 22.00D;
value2 = 7.00D;
result = client.Divide(value1, value2);
Console.WriteLine("Divide({0},{1}) = {2}", value1, value2, result);
client.Close();
}
protected override ReadOnlyCollection<IAuthorizationPolicy> ValidateTokenCore(SecurityToken token)
{
CreditCardToken creditCardToken = token as CreditCardToken;
if (creditCardToken.CardInfo.ExpirationDate < DateTime.UtcNow)
throw new SecurityTokenValidationException("The credit card has expired");
if (!IsCardNumberAndExpirationValid(creditCardToken.CardInfo))
throw new SecurityTokenValidationException("Unknown or invalid credit card");
// the credit card token has only 1 claim - the card number. The issuer for the claim is the
// credit card issuer
DefaultClaimSet cardIssuerClaimSet = new DefaultClaimSet(new Claim(ClaimTypes.Name, creditCardToken.CardInfo.CardIssuer, Rights.PossessProperty));
DefaultClaimSet cardClaimSet = new DefaultClaimSet(cardIssuerClaimSet, new Claim(Constants.CreditCardNumberClaim, creditCardToken.CardInfo.CardNumber, Rights.PossessProperty));
List<IAuthorizationPolicy> policies = new List<IAuthorizationPolicy>(1);
policies.Add(new CreditCardTokenAuthorizationPolicy(cardClaimSet));
return policies.AsReadOnly();
}
protected override ReadOnlyCollection<IAuthorizationPolicy> ValidateTokenCore( System.IdentityModel.Tokens.SecurityToken token )
{
var securityToken = token as SecurityToken;
if ( securityToken != null )
{
// Note that we cannot authenticate the token w/o a password, so it must be retrieved from somewhere
if ( securityToken.ValidateToken( _passwordProvider.RetrievePassword( "User1" ) ) != true )
throw new SecurityTokenValidationException( "Token validation failed" );
// Add claims about user here
var userClaimSet = new DefaultClaimSet( new Claim( ClaimTypes.Name, securityToken.Info.Username, Rights.PossessProperty ) );
var policies = new List<IAuthorizationPolicy>( 1 ) { new SecurityTokenAuthorizationPolicy( userClaimSet ) };
return policies.AsReadOnly();
}
return null;
}
ValidateTokenCore(SecurityToken token)
{
UserNameSecurityToken userNameToken = token as UserNameSecurityToken;
// Validate the information contained in the username token. For demonstration
// purposes, this code just checks that the user name matches the password.
if (userNameToken.UserName != userNameToken.Password)
{
throw new SecurityTokenValidationException("Invalid user name or password");
}
// Create just one Claim instance for the username token - the name of the user.
DefaultClaimSet userNameClaimSet = new DefaultClaimSet(
ClaimSet.System,
new Claim(ClaimTypes.Name, userNameToken.UserName, Rights.PossessProperty));
List<IAuthorizationPolicy> policies = new List<IAuthorizationPolicy>(1);
policies.Add(new MyAuthorizationPolicy(userNameClaimSet));
return policies.AsReadOnly();
}
public ClaimListFilter(DefaultClaimSet source, string claimType)
{
claim_type = claimType;
this.source = source;
}
