/// <summary>
/// Call the STS to get an appropriate token for a request and build a response.
/// </summary>
/// <param name="requestMessage"></param>
/// <returns>The <see cref="SignInResponseMessage"/></returns>
private SignInResponseMessage ProcessSignInRequest(SignInRequestMessage requestMessage)
{
// Ensure that the requestMessage has the required wtrealm parameter
if (String.IsNullOrEmpty(requestMessage.Realm))
{
throw new InvalidOperationException("Missing realm");
}
SecurityTokenServiceConfiguration stsconfig = new SecurityTokenServiceConfiguration("PassiveFlowSTS");
// Create our STS backend
SecurityTokenService sts = new CustomSecurityTokenService(stsconfig);
// Create the WS-Federation serializer to process the request and create the response
WSFederationSerializer federationSerializer = new WSFederationSerializer();
// Create RST from the request
RequestSecurityToken request = federationSerializer.CreateRequest(requestMessage, new WSTrustSerializationContext());
// Get RSTR from our STS backend
RequestSecurityTokenResponse response = sts.Issue((ClaimsPrincipal)Thread.CurrentPrincipal, request);
// Create Response message from the RSTR
return(new SignInResponseMessage(new Uri(response.ReplyTo),
federationSerializer.GetResponseAsString(response, new WSTrustSerializationContext())));
}
/// <summary>
/// Processes a WS-Federation sign in request.
/// </summary>
/// <param name="request">The request.</param>
/// <param name="principal">The client principal.</param>
/// <param name="configuration">The token service configuration.</param>
/// <returns>A SignInResponseMessage</returns>
public static SignInResponseMessage ProcessSignInRequest(SignInRequestMessage request, IClaimsPrincipal principal, SecurityTokenServiceConfiguration configuration)
{
Contract.Requires(request != null);
Contract.Requires(principal != null);
Contract.Requires(configuration != null);
Contract.Ensures(Contract.Result <SignInResponseMessage>() != null);
// create token service and serializers
var sts = configuration.CreateSecurityTokenService();
var context = new WSTrustSerializationContext(
sts.SecurityTokenServiceConfiguration.SecurityTokenHandlerCollectionManager,
sts.SecurityTokenServiceConfiguration.ServiceTokenResolver,
sts.SecurityTokenServiceConfiguration.IssuerTokenResolver);
var federationSerializer = new WSFederationSerializer(
sts.SecurityTokenServiceConfiguration.WSTrust13RequestSerializer,
sts.SecurityTokenServiceConfiguration.WSTrust13ResponseSerializer);
// convert ws-fed message to RST and call issue pipeline
var rst = federationSerializer.CreateRequest(request, context);
var rstr = sts.Issue(principal, rst);
// check ReplyTo
Uri result = null;
if (!Uri.TryCreate(rstr.ReplyTo, UriKind.Absolute, out result))
{
throw new InvalidOperationException("Invalid ReplyTo");
}
var response = new SignInResponseMessage(result, rstr, federationSerializer, context);
// copy the incoming context data (as required by the WS-Federation spec)
if (!String.IsNullOrEmpty(request.Context))
{
response.Context = request.Context;
}
return(response);
}
/// <summary>
/// Processes a WS-Federation sign in request.
/// </summary>
/// <param name="request">The request.</param>
/// <param name="principal">The client principal.</param>
/// <param name="configuration">The token service configuration.</param>
/// <returns>A SignInResponseMessage</returns>
public static SignInResponseMessage ProcessSignInRequest(SignInRequestMessage request, IClaimsPrincipal principal, SecurityTokenServiceConfiguration configuration)
{
Contract.Requires(request != null);
Contract.Requires(principal != null);
Contract.Requires(configuration != null);
Contract.Ensures(Contract.Result<SignInResponseMessage>() != null);
// create token service and serializers
var sts = configuration.CreateSecurityTokenService();
var context = new WSTrustSerializationContext(
sts.SecurityTokenServiceConfiguration.SecurityTokenHandlerCollectionManager,
sts.SecurityTokenServiceConfiguration.ServiceTokenResolver,
sts.SecurityTokenServiceConfiguration.IssuerTokenResolver);
var federationSerializer = new WSFederationSerializer(
sts.SecurityTokenServiceConfiguration.WSTrust13RequestSerializer,
sts.SecurityTokenServiceConfiguration.WSTrust13ResponseSerializer);
// convert ws-fed message to RST and call issue pipeline
var rst = federationSerializer.CreateRequest(request, context);
var rstr = sts.Issue(principal, rst);
// check ReplyTo
Uri result = null;
if (!Uri.TryCreate(rstr.ReplyTo, UriKind.Absolute, out result))
{
throw new InvalidOperationException("Invalid ReplyTo");
}
var response = new SignInResponseMessage(result, rstr, federationSerializer, context);
// copy the incoming context data (as required by the WS-Federation spec)
if (!String.IsNullOrEmpty(request.Context))
{
response.Context = request.Context;
}
return response;
}
