Esempi in C# (CSharp) per Thinktecture.IdentityModel.WSTrust UserNameWSTrustBinding

Esempio n. 1

File: WSTrustResourceOwnerCredentialValidation.cs Progetto: Excelsior-Charles/Thinktecture.AuthorizationServer

        public ClaimsPrincipal Validate(string userName, string password)
        {
            var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential);
            var credentials = new ClientCredentials();
            credentials.UserName.UserName = userName;
            credentials.UserName.Password = password;

            GenericXmlSecurityToken genericToken;
            genericToken = WSTrustClient.Issue(
                new EndpointAddress(_address),
                new EndpointAddress(_realm),
                binding,
                credentials) as GenericXmlSecurityToken;

            var config = new SecurityTokenHandlerConfiguration();
            config.AudienceRestriction.AllowedAudienceUris.Add(new Uri(_realm));

            config.CertificateValidationMode = X509CertificateValidationMode.None;
            config.CertificateValidator = X509CertificateValidator.None;

            var registry = new ConfigurationBasedIssuerNameRegistry();
            registry.AddTrustedIssuer(_issuerThumbprint, _address);
            config.IssuerNameRegistry = registry;

            var handler = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection(config);

            ClaimsPrincipal principal;
            var token = genericToken.ToSecurityToken();
            principal = new ClaimsPrincipal(handler.ValidateToken(token));

            Tracing.Information("Successfully requested token for user via WS-Trust");
            return FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager.Authenticate("ResourceOwnerPasswordValidation", principal);
        }

Esempio n. 2

File: WSTrustTokenGenerator.cs Progetto: FCSAmerica/TokenGenerator

        //https://leastprivilege.com/2010/10/28/wif-adfs-2-and-wcfpart-6-chaining-multiple-token-services/
        //https://msdn.microsoft.com/en-us/library/ee517297.aspx

        public SecurityToken GetToken(string idpEndpoint, string rstsRealm, string userName, string password)
        {
           
           var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential);

            var factory = new System.ServiceModel.Security.WSTrustChannelFactory(binding, new EndpointAddress(new Uri(idpEndpoint)));
            
            factory.TrustVersion = TrustVersion.WSTrust13;
            factory.Credentials.SupportInteractive = false;
            factory.Credentials.UserName.UserName = userName;
            factory.Credentials.UserName.Password = password;

            
            var rst = new System.IdentityModel.Protocols.WSTrust.RequestSecurityToken
            {
                RequestType = RequestTypes.Issue,
                AppliesTo = new System.IdentityModel.Protocols.WSTrust.EndpointReference(rstsRealm),
                KeyType = KeyTypes.Bearer,
                TokenType = "urn:oasis:names:tc:SAML:2.0:assertion"
            };

            var channel = factory.CreateChannel();
            var securityToken = channel.Issue(rst);
            return securityToken;
        }

Esempio n. 3

File: HomeController.cs Progetto: AnnejanBarelds/AuthDemos

        private SecurityToken GetActAsToken()
        {
            // Retrieve the token that was saved during initial user login
            BootstrapContext bootstrapContext = ClaimsPrincipal.Current.Identities.First().BootstrapContext as BootstrapContext;

            // Use the Thinktecture-implementation of the UserNameWSBinding to setup the channel factory to ADFS
            var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential);
            var factory = new WSTrustChannelFactory(binding, new EndpointAddress("https://[ADFS]/adfs/services/trust/13/usernamemixed"));

            // For demo purposes, we're authenticating to ADFS using a user name and password representing the web application
            // If the web server is domain-joined, you can use Windows Authentication instead
            factory.Credentials.UserName.UserName = "******";
            factory.Credentials.UserName.Password = "******";

            factory.TrustVersion = TrustVersion.WSTrust13;

            // Setup the request details to ask for a token for the backend service, acting as the logged in user
            var request = new RequestSecurityToken();
            request.RequestType = Thinktecture.IdentityModel.Constants.WSTrust13Constants.RequestTypes.Issue;
            request.AppliesTo = new EndpointReference("https://[BackendService]/Service.svc");
            request.ActAs = new SecurityTokenElement(bootstrapContext.SecurityToken);

            // Create the channel
            var channel = factory.CreateChannel();
            RequestSecurityTokenResponse response = null;
            SecurityToken delegatedToken = channel.Issue(request, out response);

            // Return the acquired token
            return delegatedToken;
        }

Esempio n. 4

File: Program.cs Progetto: mscherpenisse/Thinktecture.IdentityModel.45

        private static SecurityToken RequestToken()
        {
            var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential);
            
            var credentials = new ClientCredentials();
            credentials.UserName.UserName = "******";
            credentials.UserName.Password = "******";

            return WSTrustClient.Issue(
                new EndpointAddress(_idsrvEndpoint),
                new EndpointAddress(_realm),
                binding,
                credentials);
        }