protected override void OnWriteBodyContents(XmlDictionaryWriter writer)
{
writer.WriteStartElement("RequestSecurityTokenResponse", "http://schemas.xmlsoap.org/ws/2005/02/trust");
if (base.TokenType != null && base.TokenType.Length > 0)
{
writer.WriteStartElement("TokenType", "http://schemas.xmlsoap.org/ws/2005/02/trust");
writer.WriteString(base.TokenType);
writer.WriteEndElement();
}
WSSecurityTokenSerializer wssecurityTokenSerializer = new WSSecurityTokenSerializer();
if (this.RequestedSecurityToken != null)
{
writer.WriteStartElement("RequestedSecurityToken", "http://schemas.xmlsoap.org/ws/2005/02/trust");
wssecurityTokenSerializer.WriteToken(writer, this.RequestedSecurityToken);
writer.WriteEndElement();
}
if (this.RequestedAttachedReference != null)
{
writer.WriteStartElement("RequestedAttachedReference", "http://schemas.xmlsoap.org/ws/2005/02/trust");
wssecurityTokenSerializer.WriteKeyIdentifierClause(writer, this.RequestedAttachedReference);
writer.WriteEndElement();
}
if (this.RequestedUnattachedReference != null)
{
writer.WriteStartElement("RequestedUnattachedReference", "http://schemas.xmlsoap.org/ws/2005/02/trust");
wssecurityTokenSerializer.WriteKeyIdentifierClause(writer, this.RequestedUnattachedReference);
writer.WriteEndElement();
}
if (base.AppliesTo != null)
{
writer.WriteStartElement("AppliesTo", "http://schemas.xmlsoap.org/ws/2004/09/policy");
base.AppliesTo.WriteTo(AddressingVersion.WSAddressing10, writer);
writer.WriteEndElement();
}
if (this.RequestedProofToken != null)
{
writer.WriteStartElement("RequestedProofToken", "http://schemas.xmlsoap.org/ws/2005/02/trust");
wssecurityTokenSerializer.WriteToken(writer, this.RequestedProofToken);
writer.WriteEndElement();
}
if (this.IssuerEntropy != null && this.ComputeKey)
{
writer.WriteStartElement("RequestedProofToken", "http://schemas.xmlsoap.org/ws/2005/02/trust");
writer.WriteStartElement("ComputedKey", "http://schemas.xmlsoap.org/ws/2005/02/trust");
writer.WriteValue("http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1");
writer.WriteEndElement();
writer.WriteEndElement();
if (this.IssuerEntropy != null)
{
writer.WriteStartElement("Entropy", "http://schemas.xmlsoap.org/ws/2005/02/trust");
wssecurityTokenSerializer.WriteToken(writer, this.IssuerEntropy);
writer.WriteEndElement();
}
}
writer.WriteEndElement();
}
/// <summary>
/// Creates the security token
/// </summary>
/// <param name="timeout">Maximum amount of time the method is supposed to take. Ignored in this implementation.</param>
/// <returns>A SecurityToken corresponding the SAML assertion and proof key specified at construction time</returns>
protected override SecurityToken GetTokenCore(TimeSpan timeout)
{
// Create a SamlSecurityToken from the provided assertion
SamlSecurityToken samlToken = new SamlSecurityToken(assertion);
// Create a SecurityTokenSerializer that will be used to serialize the SamlSecurityToken
WSSecurityTokenSerializer ser = new WSSecurityTokenSerializer();
// Create a memory stream to write the serialized token into
// Use an initial size of 64Kb
MemoryStream s = new MemoryStream(UInt16.MaxValue);
// Create an XmlWriter over the stream
XmlWriter xw = XmlWriter.Create(s);
// Write the SamlSecurityToken into the stream
ser.WriteToken(xw, samlToken);
// Seek back to the beginning of the stream
s.Seek(0, SeekOrigin.Begin);
// Load the serialized token into a DOM
XmlDocument dom = new XmlDocument();
dom.Load(s);
// Create a KeyIdentifierClause for the SamlSecurityToken
SamlAssertionKeyIdentifierClause samlKeyIdentifierClause = samlToken.CreateKeyIdentifierClause <SamlAssertionKeyIdentifierClause>();
// Return a GenericXmlToken from the XML for the SamlSecurityToken, the proof token, the valid from
// and valid until times from the assertion and the key identifier clause created above
return(new GenericXmlSecurityToken(dom.DocumentElement, proofToken, assertion.Conditions.NotBefore, assertion.Conditions.NotOnOrAfter, samlKeyIdentifierClause, samlKeyIdentifierClause, null));
}
protected override SecurityToken GetTokenCore(TimeSpan timeout)
{
SecurityToken securityToken;
SamlAssertion samlAssertion;
if (base.TokenRequirement.KeyType == SecurityKeyType.SymmetricKey)
{
securityToken = SamlSecurityTokenProvider.CreateSymmetricProofToken(base.TokenRequirement.KeySize);
samlAssertion = this.CreateSamlAssertionWithSymmetricKey((BinarySecretSecurityToken)securityToken);
}
else
{
if (base.TokenRequirement.KeyType != SecurityKeyType.AsymmetricKey)
{
throw new ArgumentOutOfRangeException("KeyType");
}
securityToken = SamlSecurityTokenProvider.CreateAsymmetricProofToken();
samlAssertion = this.CreateSamlAssertionWithAsymmetricKey(securityToken);
}
SamlSecurityToken samlSecurityToken = new SamlSecurityToken(samlAssertion);
XmlDocument xmlDocument = new XmlDocument();
using (XmlWriter xmlWriter = xmlDocument.CreateNavigator().AppendChild())
{
WSSecurityTokenSerializer wSSecurityTokenSerializer = new WSSecurityTokenSerializer();
wSSecurityTokenSerializer.WriteToken(xmlWriter, samlSecurityToken);
}
SamlAssertionKeyIdentifierClause samlAssertionKeyIdentifierClause = samlSecurityToken.CreateKeyIdentifierClause <SamlAssertionKeyIdentifierClause>();
return(new GenericXmlSecurityToken(xmlDocument.DocumentElement, securityToken, samlAssertion.Conditions.NotBefore, samlAssertion.Conditions.NotOnOrAfter, samlAssertionKeyIdentifierClause, samlAssertionKeyIdentifierClause, null));
}
private XmlElement ToXmlElement(SecurityToken token)
{
using (XmlDocumentWriterHelper documentWriterHelper = new XmlDocumentWriterHelper())
{
_tokenSerializer.WriteToken(documentWriterHelper.CreateDocumentWriter(), token);
XmlDocument xmlDocument = documentWriterHelper.ReadDocument();
return(xmlDocument.DocumentElement);
}
}
protected override SecurityToken GetTokenCore(TimeSpan timeout)
{
SamlSecurityToken samlSecurityToken = new SamlSecurityToken(this.assertion);
WSSecurityTokenSerializer wssecurityTokenSerializer = new WSSecurityTokenSerializer();
MemoryStream memoryStream = new MemoryStream(65535);
XmlWriter writer = XmlWriter.Create(memoryStream);
wssecurityTokenSerializer.WriteToken(writer, samlSecurityToken);
memoryStream.Seek(0L, SeekOrigin.Begin);
XmlDocument xmlDocument = new XmlDocument();
xmlDocument.Load(memoryStream);
SamlAssertionKeyIdentifierClause samlAssertionKeyIdentifierClause = samlSecurityToken.CreateKeyIdentifierClause <SamlAssertionKeyIdentifierClause>();
return(new GenericXmlSecurityToken(xmlDocument.DocumentElement, this.proofToken, this.assertion.Conditions.NotBefore, this.assertion.Conditions.NotOnOrAfter, samlAssertionKeyIdentifierClause, samlAssertionKeyIdentifierClause, null));
}
public static string SerializeSamlToken(SamlSecurityToken token)
{
var samlBuilder = new StringBuilder();
using (var writer = XmlWriter.Create(samlBuilder))
{
try
{
var keyInfoSerializer = new WSSecurityTokenSerializer();
keyInfoSerializer.WriteToken(writer, token);
Console.WriteLine("Saml Token Successfully Created");
}
catch (Exception)
{
Console.WriteLine("Failed to seralize token");
}
}
return(samlBuilder.ToString());
}
public static string SerializeToken(SecurityToken token, bool urlEncode = false)
{
StringBuilder sb = new StringBuilder();
if (token is GenericXmlSecurityToken)
{
WSSecurityTokenSerializer wss = new WSSecurityTokenSerializer(SecurityVersion.WSSecurity11);
XmlWriter writer = XmlWriter.Create(sb);
wss.WriteToken(writer, token);
}
else
{
SecurityTokenHandlerCollection handlers = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers;
handlers.WriteToken(new XmlTextWriter(new StringWriter(sb)), token);
}
string serialized = sb.ToString();
return(urlEncode ? HttpUtility.UrlEncode(serialized) : serialized);
}
// Methods of BodyWriter
protected override void OnWriteBodyContents(XmlDictionaryWriter writer)
{
writer.WriteStartElement(Constants.Trust.Elements.RequestSecurityTokenResponse, Constants.Trust.NamespaceUri);
if (this.TokenType != null && this.TokenType.Length > 0)
{
writer.WriteStartElement(Constants.Trust.Elements.TokenType, Constants.Trust.NamespaceUri);
writer.WriteString(this.TokenType);
writer.WriteEndElement(); // wst:TokenType
}
WSSecurityTokenSerializer ser = new WSSecurityTokenSerializer();
if (this.RequestedSecurityToken != null)
{
writer.WriteStartElement(Constants.Trust.Elements.RequestedSecurityToken, Constants.Trust.NamespaceUri);
ser.WriteToken(writer, this.RequestedSecurityToken);
writer.WriteEndElement(); // wst:RequestedSecurityToken
}
if (this.RequestedAttachedReference != null)
{
writer.WriteStartElement(Constants.Trust.Elements.RequestedAttachedReference, Constants.Trust.NamespaceUri);
ser.WriteKeyIdentifierClause(writer, this.RequestedAttachedReference);
writer.WriteEndElement(); // wst:RequestedAttachedReference
}
if (this.RequestedUnattachedReference != null)
{
writer.WriteStartElement(Constants.Trust.Elements.RequestedUnattachedReference, Constants.Trust.NamespaceUri);
ser.WriteKeyIdentifierClause(writer, this.RequestedUnattachedReference);
writer.WriteEndElement(); // wst:RequestedAttachedReference
}
if (this.AppliesTo != null)
{
writer.WriteStartElement(Constants.Policy.Elements.AppliesTo, Constants.Policy.NamespaceUri);
this.AppliesTo.WriteTo(AddressingVersion.WSAddressing10, writer);
writer.WriteEndElement(); // wsp:AppliesTo
}
if (this.RequestedProofToken != null)// Issuer entropy; write RPT only
{
writer.WriteStartElement(Constants.Trust.Elements.RequestedProofToken, Constants.Trust.NamespaceUri);
ser.WriteToken(writer, this.RequestedProofToken);
writer.WriteEndElement(); // wst:RequestedSecurityToken
}
if (this.IssuerEntropy != null && this.ComputeKey) // Combined entropy; write RPT and Entropy
{
writer.WriteStartElement(Constants.Trust.Elements.RequestedProofToken, Constants.Trust.NamespaceUri);
writer.WriteStartElement(Constants.Trust.Elements.ComputedKey, Constants.Trust.NamespaceUri);
writer.WriteValue(Constants.Trust.ComputedKeyAlgorithms.PSHA1);
writer.WriteEndElement(); // wst:ComputedKey
writer.WriteEndElement(); // wst:RequestedSecurityToken
if (this.IssuerEntropy != null)
{
writer.WriteStartElement(Constants.Trust.Elements.Entropy, Constants.Trust.NamespaceUri);
ser.WriteToken(writer, this.IssuerEntropy);
writer.WriteEndElement(); // wst:Entropy
}
}
writer.WriteEndElement(); // wst:RequestSecurityTokenResponse
}
// Methods of BodyWriter
/// <summary>
/// Writes out an XML representation of the instance.
/// </summary>
/// <param name="writer">The writer to be used to write out the XML content</param>
protected override void OnWriteBodyContents(XmlDictionaryWriter writer)
{
// Write out the wst:RequestSecurityTokenResponse start tag
writer.WriteStartElement(Constants.Trust.Elements.RequestSecurityTokenResponse, Constants.Trust.NamespaceUri);
// If we have a non-null, non-empty tokenType...
if (this.TokenType != null && this.TokenType.Length > 0)
{
// Write out the wst:TokenType start tag
writer.WriteStartElement(Constants.Trust.Elements.TokenType, Constants.Trust.NamespaceUri);
// Write out the tokenType string
writer.WriteString(this.TokenType);
writer.WriteEndElement(); // wst:TokenType
}
// Create a serializer that knows how to write out security tokens
WSSecurityTokenSerializer ser = new WSSecurityTokenSerializer();
// If we have a requestedSecurityToken...
if (this.requestedSecurityToken != null)
{
// Write out the wst:RequestedSecurityToken start tag
writer.WriteStartElement(Constants.Trust.Elements.RequestedSecurityToken, Constants.Trust.NamespaceUri);
// Write out the requested token using the serializer
ser.WriteToken(writer, requestedSecurityToken);
writer.WriteEndElement(); // wst:RequestedSecurityToken
}
// If we have a requestedAttachedReference...
if (this.requestedAttachedReference != null)
{
// Write out the wst:RequestedAttachedReference start tag
writer.WriteStartElement(Constants.Trust.Elements.RequestedAttachedReference, Constants.Trust.NamespaceUri);
// Write out the reference using the serializer
ser.WriteKeyIdentifierClause(writer, this.requestedAttachedReference);
writer.WriteEndElement(); // wst:RequestedAttachedReference
}
// If we have a requestedUnattachedReference...
if (this.requestedUnattachedReference != null)
{
// Write out the wst:RequestedUnattachedReference start tag
writer.WriteStartElement(Constants.Trust.Elements.RequestedUnattachedReference, Constants.Trust.NamespaceUri);
// Write out the reference using the serializer
ser.WriteKeyIdentifierClause(writer, this.requestedUnattachedReference);
writer.WriteEndElement(); // wst:RequestedAttachedReference
}
// If we have a non-null appliesTo
if (this.AppliesTo != null)
{
// Write out the wsp:AppliesTo start tag
writer.WriteStartElement(Constants.Policy.Elements.AppliesTo, Constants.Policy.NamespaceUri);
// Write the appliesTo in WS-Addressing 1.0 format
this.AppliesTo.WriteTo(AddressingVersion.WSAddressing10, writer);
writer.WriteEndElement(); // wsp:AppliesTo
}
// If the requestedProofToken is non-null, then the STS is providing all the key material...
if (this.requestedProofToken != null)
{
// Write the wst:RequestedProofToken start tag
writer.WriteStartElement(Constants.Trust.Elements.RequestedProofToken, Constants.Trust.NamespaceUri);
// Write the proof token using the serializer
ser.WriteToken(writer, requestedProofToken);
writer.WriteEndElement(); // wst:RequestedSecurityToken
}
// If issuerEntropy is non-null and computeKey is true, then combined entropy is being used...
if (this.issuerEntropy != null && this.computeKey)
{
// Write the wst:RequestedProofToken start tag
writer.WriteStartElement(Constants.Trust.Elements.RequestedProofToken, Constants.Trust.NamespaceUri);
// Write the wst:ComputeKey start tag
writer.WriteStartElement(Constants.Trust.Elements.ComputedKey, Constants.Trust.NamespaceUri);
// Write the PSHA1 algorithm value
writer.WriteValue(Constants.Trust.ComputedKeyAlgorithms.PSHA1);
writer.WriteEndElement(); // wst:ComputedKey
writer.WriteEndElement(); // wst:RequestedSecurityToken
// Write the wst:Entropy start tag
writer.WriteStartElement(Constants.Trust.Elements.Entropy, Constants.Trust.NamespaceUri);
// Write the issuerEntropy out using the serializer
ser.WriteToken(writer, this.issuerEntropy);
writer.WriteEndElement(); // wst:Entropy
}
writer.WriteEndElement(); // wst:RequestSecurityTokenResponse
}
/// <summary>
/// Build the contents of the SAML token
/// </summary>
/// <param name="writer"><b>XmlDictionaryWriter</b> to write the contents of this token to</param>
protected override void OnWriteBodyContents(XmlDictionaryWriter writer)
{
// Subject
SamlSubject subject = new SamlSubject();
if (this.useKey != null)
{
// Add the key and the Holder-Of-Key confirmation method
subject.KeyIdentifier = this.useKey;
subject.ConfirmationMethods.Add(SamlConstants.HolderOfKey);
}
else
{
// This is a bearer token
subject.ConfirmationMethods.Add(SamlConstants.SenderVouches);
}
// Attributes, statements, conditions, and assertions
List <SamlStatement> statements = new List <SamlStatement>();
List <SamlAttribute> attributes = GetTokenAttributes();
statements.Add(new SamlAuthenticationStatement(subject, Constants.Saml.AuthenticationMethods.Unspecified, DateTime.Now, null, null, null));
statements.Add(new SamlAttributeStatement(subject, attributes));
SamlConditions conditions = new SamlConditions(DateTime.Now, (DateTime.Now + TimeSpan.FromHours(8.0)));
SamlAssertion assertion = new SamlAssertion("uuid-" + Guid.NewGuid(), Program.Issuer, DateTime.Now, conditions, null, statements);
// Build the signing token
SecurityToken signingToken = new X509SecurityToken(Program.SigningCertificate);
SecurityKeyIdentifier keyIdentifier = new SecurityKeyIdentifier(signingToken.CreateKeyIdentifierClause <X509RawDataKeyIdentifierClause>());
SigningCredentials signingCredentials = new SigningCredentials(signingToken.SecurityKeys[0], SecurityAlgorithms.RsaSha1Signature, SecurityAlgorithms.Sha1Digest, keyIdentifier);
assertion.SigningCredentials = signingCredentials;
// Build the SAML token
SamlSecurityToken token = new SamlSecurityToken(assertion);
SecurityKeyIdentifierClause attachedReference = token.CreateKeyIdentifierClause <SamlAssertionKeyIdentifierClause>();
SecurityKeyIdentifierClause unattachedReference = token.CreateKeyIdentifierClause <SamlAssertionKeyIdentifierClause>();
//
// Write the XML
//
//writer = XmlDictionaryWriter.CreateTextWriter(File.CreateText("output.xml").BaseStream);
// RSTR
writer.WriteStartElement(Constants.WSTrust.NamespaceUri.Prefix, Constants.WSTrust.Elements.RequestSecurityTokenResponse, Constants.WSTrust.NamespaceUri.Uri);
if (context != null)
{
writer.WriteAttributeString(Constants.WSTrust.Attributes.Context, context);
}
// TokenType
writer.WriteElementString(Constants.WSTrust.NamespaceUri.Prefix, Constants.WSTrust.Elements.TokenType, Constants.WSTrust.NamespaceUri.Uri, Constants.WSTrust.TokenTypes.Saml10Assertion);
// RequestedSecurityToken (the SAML token)
SecurityTokenSerializer tokenSerializer = new WSSecurityTokenSerializer();
writer.WriteStartElement(Constants.WSTrust.NamespaceUri.Prefix, Constants.WSTrust.Elements.RequestedSecurityToken, Constants.WSTrust.NamespaceUri.Uri);
tokenSerializer.WriteToken(writer, token);
writer.WriteEndElement();
// RequestedAttachedReference
writer.WriteStartElement(Constants.WSTrust.NamespaceUri.Prefix, Constants.WSTrust.Elements.RequestedAttachedReference, Constants.WSTrust.NamespaceUri.Uri);
tokenSerializer.WriteKeyIdentifierClause(writer, attachedReference);
writer.WriteEndElement();
// RequestedUnattachedReference
writer.WriteStartElement(Constants.WSTrust.NamespaceUri.Prefix, Constants.WSTrust.Elements.RequestedUnattachedReference, Constants.WSTrust.NamespaceUri.Uri);
tokenSerializer.WriteKeyIdentifierClause(writer, unattachedReference);
writer.WriteEndElement();
// RequestedDisplayToken (display token)
string displayTokenNS = "http://schemas.xmlsoap.org/ws/2005/05/identity";
writer.WriteStartElement("wsid", "RequestedDisplayToken", displayTokenNS);
writer.WriteStartElement("wsid", "DisplayToken", displayTokenNS);
foreach (SamlAttribute attribute in attributes)
{
writer.WriteStartElement("wsid", "DisplayClaim", displayTokenNS);
writer.WriteAttributeString("Uri", attribute.Namespace + "/" + attribute.Name);
writer.WriteStartElement("wsid", "DisplayTag", displayTokenNS);
writer.WriteValue(attribute.Name);
writer.WriteEndElement();
writer.WriteStartElement("wsid", "Description", displayTokenNS);
writer.WriteValue(attribute.Namespace + "/" + attribute.Name);
writer.WriteEndElement();
foreach (string attributeValue in attribute.AttributeValues)
{
writer.WriteStartElement("wsid", "DisplayValue", displayTokenNS);
writer.WriteValue(attributeValue);
writer.WriteEndElement();
}
writer.WriteEndElement();
}
writer.WriteEndElement();
writer.WriteEndElement();
// RSTR End
writer.WriteEndElement();
//writer.Close();
}
/// <summary cref="IUserIdentity.GetIdentityToken" />
public UserIdentityToken GetIdentityToken()
{
// check for anonymous.
if (m_token == null)
{
AnonymousIdentityToken token = new AnonymousIdentityToken();
token.PolicyId = m_policyId;
return(token);
}
// return a user name token.
UserNameSecurityToken usernameToken = m_token as UserNameSecurityToken;
if (usernameToken != null)
{
UserNameIdentityToken token = new UserNameIdentityToken();
token.PolicyId = m_policyId;
token.UserName = usernameToken.UserName;
token.DecryptedPassword = usernameToken.Password;
return(token);
}
// return an X509 token.
X509SecurityToken x509Token = m_token as X509SecurityToken;
if (x509Token != null)
{
X509IdentityToken token = new X509IdentityToken();
token.PolicyId = m_policyId;
token.CertificateData = x509Token.Certificate.GetRawCertData();
token.Certificate = x509Token.Certificate;
return(token);
}
// handle SAML token.
SamlSecurityToken samlToken = m_token as SamlSecurityToken;
if (samlToken != null)
{
MemoryStream ostrm = new MemoryStream();
XmlTextWriter writer = new XmlTextWriter(ostrm, new UTF8Encoding());
try
{
SamlSerializer serializer = new SamlSerializer();
serializer.WriteToken(samlToken, writer, WSSecurityTokenSerializer.DefaultInstance);
}
finally
{
writer.Close();
}
IssuedIdentityToken wssToken = new IssuedIdentityToken();
wssToken.PolicyId = m_policyId;
wssToken.DecryptedTokenData = ostrm.ToArray();
return(wssToken);
}
// return a WSS token by default.
if (m_token != null)
{
MemoryStream ostrm = new MemoryStream();
XmlWriter writer = new XmlTextWriter(ostrm, new UTF8Encoding());
try
{
WSSecurityTokenSerializer serializer = new WSSecurityTokenSerializer();
serializer.WriteToken(writer, m_token);
}
finally
{
writer.Close();
}
IssuedIdentityToken wssToken = new IssuedIdentityToken();
wssToken.PolicyId = m_policyId;
wssToken.DecryptedTokenData = ostrm.ToArray();
return(wssToken);
}
return(null);
}
