/// <summary> /// Reads the 'wresult' and returns the embeded security token. /// </summary> /// <returns>the 'SecurityToken'.</returns> public virtual string GetToken() { if (Wresult == null) { IdentityModelEventSource.Logger.WriteWarning(string.Format(CultureInfo.InvariantCulture, LogMessages.IDX10000, "wresult")); return(null); } using (StringReader sr = new StringReader(Wresult)) { XmlReader xmlReader = XmlReader.Create(sr); xmlReader.MoveToContent(); WSTrustResponseSerializer serializer = new WSTrust13ResponseSerializer(); if (serializer.CanRead(xmlReader)) { RequestSecurityTokenResponse response = serializer.ReadXml(xmlReader, new WSTrustSerializationContext()); return(response.RequestedSecurityToken.SecurityTokenXml.OuterXml); } serializer = new WSTrustFeb2005ResponseSerializer(); if (serializer.CanRead(xmlReader)) { RequestSecurityTokenResponse response = serializer.ReadXml(xmlReader, new WSTrustSerializationContext()); return(response.RequestedSecurityToken.SecurityTokenXml.OuterXml); } } return(null); }
/// <summary> /// Reads the 'wresult' and returns the embeded security token. /// </summary> /// <returns>the 'SecurityToken'.</returns> public virtual string GetToken() { if (Wresult == null) { return(null); } using (StringReader sr = new StringReader(Wresult)) { XmlReader xmlReader = XmlReader.Create(sr); xmlReader.MoveToContent(); WSTrustResponseSerializer serializer = new WSTrust13ResponseSerializer(); if (serializer.CanRead(xmlReader)) { RequestSecurityTokenResponse response = serializer.ReadXml(xmlReader, new WSTrustSerializationContext()); return(response.RequestedSecurityToken.SecurityTokenXml.OuterXml); } serializer = new WSTrustFeb2005ResponseSerializer(); if (serializer.CanRead(xmlReader)) { RequestSecurityTokenResponse response = serializer.ReadXml(xmlReader, new WSTrustSerializationContext()); return(response.RequestedSecurityToken.SecurityTokenXml.OuterXml); } } return(null); }
private string SerializeResponse(RequestSecurityTokenResponse response) { var serializer = new WSTrust13ResponseSerializer(); var context = new WSTrustSerializationContext(FederatedAuthentication.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlerCollectionManager); var sb = new StringBuilder(128); using (var writer = XmlWriter.Create(new StringWriter(sb))) { serializer.WriteXml(response, writer, context); return(sb.ToString()); } }
private string SerializeResponse(RequestSecurityTokenResponse response) { var serializer = new WSTrust13ResponseSerializer(); WSTrustSerializationContext context = new WSTrustSerializationContext(); StringBuilder sb = new StringBuilder(128); using (var writer = new XmlTextWriter(new StringWriter(sb))) { serializer.WriteXml(response, writer, context); return(sb.ToString()); } }
public string Serialize(RequestSecurityTokenResponse securityTokenResponse) { XmlWriterSettings xmlWriterSettings = new XmlWriterSettings(); xmlWriterSettings.OmitXmlDeclaration = true; using (MemoryStream memoryStream = new MemoryStream()) using (XmlWriter xmlWriter = XmlWriter.Create(memoryStream, xmlWriterSettings)) { WSTrust13ResponseSerializer serializer = new WSTrust13ResponseSerializer(); WSTrustSerializationContext context = new WSTrustSerializationContext(); serializer.WriteXml(securityTokenResponse, xmlWriter, context); xmlWriter.Flush(); var encoding = new System.Text.UTF8Encoding(false); return(encoding.GetString(memoryStream.ToArray())); } }
/// <summary> /// Checks the authentication. /// </summary> /// <param name="claimsPrincipal">The claims principal.</param> public void CheckAuthentication( IClaimsPrincipal claimsPrincipal ) { var bootStrapToken = ( from ident in claimsPrincipal.Identities where ident.BootstrapToken != null && ident.BootstrapToken is SamlSecurityToken select ident.BootstrapToken ).FirstOrDefault (); var responseSerializer = new WSTrust13ResponseSerializer (); var requestSecurityTokenResponse = new RequestSecurityTokenResponse { AppliesTo = new EndpointAddress ( "https://localhost/Rem.Web" ), Context = "passive", Lifetime = new Lifetime ( bootStrapToken.ValidFrom, bootStrapToken.ValidTo ), RequestedSecurityToken = new RequestedSecurityToken ( bootStrapToken ), TokenType = Saml2SecurityTokenHandler.TokenProfile11ValueType, RequestType = WSTrust13Constants.RequestTypes.Issue, KeyType = WSTrust13Constants.KeyTypes.Bearer }; string content; using ( var swriter = new StringWriter () ) { using ( var xmlWriter = XmlWriter.Create ( swriter ) ) { responseSerializer.WriteXml ( requestSecurityTokenResponse, xmlWriter, new WSTrustSerializationContext () ); xmlWriter.Flush (); swriter.Flush (); var xmlString = swriter.ToString ().Replace ( "<?xml version=\"1.0\" encoding=\"utf-16\"?>", "" ); content = string.Format ( "wa=wsignin1.0&wresult={0}&wctx=rm%3D0%26id%3Dpassive%26ru%3D%252fRem.Web%252f", HttpContext.Current.Server.UrlEncode ( xmlString ) ); } } var currentHttpRequest = HttpContext.Current.Request; var cookieContainer = new CookieContainer (); //foreach (string cookieName in currentHttpRequest.Cookies) //{ // var httpcookie = currentHttpRequest.Cookies[cookieName]; // var cookie = new Cookie(cookieName, httpcookie.Value, httpcookie.Path, httpcookie.Domain ?? "localhost"); // cookieContainer.Add(cookie); //} var appSettingsConfiguration = new AppSettingsConfiguration (); var remWebApplicationAddress = appSettingsConfiguration.GetProperty ( "RemWebApplicationAddress" ); var request = ( HttpWebRequest )WebRequest.CreateDefault ( new Uri ( remWebApplicationAddress ) ); request.Method = currentHttpRequest.HttpMethod; request.CookieContainer = cookieContainer; request.ContentType = currentHttpRequest.ContentType; request.Accept = string.Empty; foreach ( var acceptType in currentHttpRequest.AcceptTypes ) { request.Accept += acceptType; if ( acceptType != currentHttpRequest.AcceptTypes.Last () ) { request.Accept += ", "; } } request.ContentLength = content.Length; request.Referer = currentHttpRequest.UrlReferrer.AbsoluteUri.Replace ( "Rem.Mvc", "Rem.Web" ); request.AllowAutoRedirect = false; using ( var streamWriter = new StreamWriter ( request.GetRequestStream () ) ) { streamWriter.Write ( content ); } try { var response = ( HttpWebResponse )request.GetResponse (); while ( response.StatusCode == HttpStatusCode.Found ) { response.Close (); var location = response.Headers["Location"]; if ( !location.StartsWith ( "http" ) ) { location = string.Format ( "{0}://{1}", request.RequestUri.Scheme, request.RequestUri.Host ) + location; } request = GetNewRequest ( location, cookieContainer ); response = ( HttpWebResponse )request.GetResponse (); } if ( response.StatusCode != HttpStatusCode.OK ) { throw new Exception ( "Failed authentication." ); } var cookieStringBuilder = new StringBuilder (); foreach ( Cookie cookie in cookieContainer.GetCookies ( new Uri ( "https://localhost" ) ) ) { if ( cookie.Name.StartsWith ( "FedAuth" ) ) { HttpContext.Current.Response.Cookies.Add ( new HttpCookie ( "Server" + cookie.Name, cookie.Value ) ); cookieStringBuilder.Append ( cookie.Value ); } if ( cookie.Name == "ASP.NET_SessionId" ) { HttpContext.Current.Response.Cookies.Add ( new HttpCookie ( cookie.Name, cookie.Value ) ); } } } catch ( Exception e ) { throw; } }
/// <summary> /// Checks the authentication. /// </summary> /// <param name="claimsPrincipal">The claims principal.</param> public void CheckAuthentication(IClaimsPrincipal claimsPrincipal) { var bootStrapToken = (from ident in claimsPrincipal.Identities where ident.BootstrapToken != null && ident.BootstrapToken is SamlSecurityToken select ident.BootstrapToken).FirstOrDefault(); var responseSerializer = new WSTrust13ResponseSerializer(); var requestSecurityTokenResponse = new RequestSecurityTokenResponse { AppliesTo = new EndpointAddress("https://localhost/Rem.Web"), Context = "passive", Lifetime = new Lifetime(bootStrapToken.ValidFrom, bootStrapToken.ValidTo), RequestedSecurityToken = new RequestedSecurityToken(bootStrapToken), TokenType = Saml2SecurityTokenHandler.TokenProfile11ValueType, RequestType = WSTrust13Constants.RequestTypes.Issue, KeyType = WSTrust13Constants.KeyTypes.Bearer }; string content; using (var swriter = new StringWriter()) { using (var xmlWriter = XmlWriter.Create(swriter)) { responseSerializer.WriteXml( requestSecurityTokenResponse, xmlWriter, new WSTrustSerializationContext()); xmlWriter.Flush(); swriter.Flush(); var xmlString = swriter.ToString().Replace("<?xml version=\"1.0\" encoding=\"utf-16\"?>", ""); content = string.Format( "wa=wsignin1.0&wresult={0}&wctx=rm%3D0%26id%3Dpassive%26ru%3D%252fRem.Web%252f", HttpContext.Current.Server.UrlEncode(xmlString)); } } var currentHttpRequest = HttpContext.Current.Request; var cookieContainer = new CookieContainer(); //foreach (string cookieName in currentHttpRequest.Cookies) //{ // var httpcookie = currentHttpRequest.Cookies[cookieName]; // var cookie = new Cookie(cookieName, httpcookie.Value, httpcookie.Path, httpcookie.Domain ?? "localhost"); // cookieContainer.Add(cookie); //} var appSettingsConfiguration = new AppSettingsConfiguration(); var remWebApplicationAddress = appSettingsConfiguration.GetProperty("RemWebApplicationAddress"); var request = ( HttpWebRequest )WebRequest.CreateDefault(new Uri(remWebApplicationAddress)); request.Method = currentHttpRequest.HttpMethod; request.CookieContainer = cookieContainer; request.ContentType = currentHttpRequest.ContentType; request.Accept = string.Empty; foreach (var acceptType in currentHttpRequest.AcceptTypes) { request.Accept += acceptType; if (acceptType != currentHttpRequest.AcceptTypes.Last()) { request.Accept += ", "; } } request.ContentLength = content.Length; request.Referer = currentHttpRequest.UrlReferrer.AbsoluteUri.Replace("Rem.Mvc", "Rem.Web"); request.AllowAutoRedirect = false; using (var streamWriter = new StreamWriter(request.GetRequestStream())) { streamWriter.Write(content); } try { var response = ( HttpWebResponse )request.GetResponse(); while (response.StatusCode == HttpStatusCode.Found) { response.Close(); var location = response.Headers["Location"]; if (!location.StartsWith("http")) { location = string.Format("{0}://{1}", request.RequestUri.Scheme, request.RequestUri.Host) + location; } request = GetNewRequest(location, cookieContainer); response = ( HttpWebResponse )request.GetResponse(); } if (response.StatusCode != HttpStatusCode.OK) { throw new Exception("Failed authentication."); } var cookieStringBuilder = new StringBuilder(); foreach (Cookie cookie in cookieContainer.GetCookies(new Uri("https://localhost"))) { if (cookie.Name.StartsWith("FedAuth")) { HttpContext.Current.Response.Cookies.Add(new HttpCookie("Server" + cookie.Name, cookie.Value)); cookieStringBuilder.Append(cookie.Value); } if (cookie.Name == "ASP.NET_SessionId") { HttpContext.Current.Response.Cookies.Add(new HttpCookie(cookie.Name, cookie.Value)); } } } catch (Exception e) { throw; } }
private string SerializeResponse(RequestSecurityTokenResponse response) { var serializer = new WSTrust13ResponseSerializer(); var context = new WSTrustSerializationContext(FederatedAuthentication.ServiceConfiguration.SecurityTokenHandlerCollectionManager); var sb = new StringBuilder(128); using (var writer = XmlWriter.Create(new StringWriter(sb))) { serializer.WriteXml(response, writer, context); return sb.ToString(); } }
public static string GetAuthenticationCookie(string IdProviderUrl, string RP_Uri, string RP_Realm, string UserName, string Password, string Domain) { //----------------------------------------------------------------------------- // Pass the Windows auth credential to the endpoint of the Identity Provider (ADFS) //----------------------------------------------------------------------------- var binding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential); binding.Security.Message.EstablishSecurityContext = false; var endpoint = new EndpointAddress(IdProviderUrl + "/adfs/services/trust/13/windowsmixed"); RequestSecurityTokenResponse rstr; using (var factory = new Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannelFactory(binding, endpoint)) { factory.Credentials.Windows.ClientCredential = new NetworkCredential(UserName, Password, Domain); factory.TrustVersion = System.ServiceModel.Security.TrustVersion.WSTrust13; var rst = new RequestSecurityToken(); rst.AppliesTo = new EndpointAddress(RP_Realm); rst.KeyType = WSTrust13Constants.KeyTypes.Bearer; rst.RequestType = WSTrust13Constants.RequestTypes.Issue; var channel = (Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel)factory.CreateChannel(); channel.Issue(rst, out rstr); } //----------------------------------------------------------------------------- // Send the security token acquired from the Identity Provider (ADFS) // to Replying Party (SharePoint) // And acquire authorization cookie from SharePoint Server. //----------------------------------------------------------------------------- using (var output = new StringWriterUtf8(new StringBuilder())) { using (var xmlwr = XmlWriter.Create(output)) { WSTrust13ResponseSerializer rs = new WSTrust13ResponseSerializer(); rs.WriteXml(rstr, xmlwr, new WSTrustSerializationContext()); } var str = string.Format("wa=wsignin1.0&wctx={0}&wresult={1}", HttpUtility.UrlEncode(RP_Uri + "/_layouts/15/Authenticate.aspx?Source=%2F"), HttpUtility.UrlEncode(output.ToString())); var req = (HttpWebRequest)HttpWebRequest.Create(RP_Uri + "/_trust/"); req.Method = "POST"; req.ContentType = "application/x-www-form-urlencoded"; req.CookieContainer = new CookieContainer(); req.AllowAutoRedirect = false; using (var res = req.GetRequestStream()) { byte[] postData = Encoding.UTF8.GetBytes(str); res.Write(postData, 0, postData.Length); } using (var res = (HttpWebResponse)req.GetResponse()) { return(res.Cookies["FedAuth"].Value); } } }
public static CookieContainer GetCookies(Uri serviceUri, WebProxy webproxy = null, Uri loginUri = null, string stsHost = null) { FedAuthSupport.STSWrapper sTSWrapper = new FedAuthSupport.STSWrapper(serviceUri, stsHost); string text = null; HttpWebRequest httpWebRequest = FedAuthSupport.CreateBaseWebRequest("GET", serviceUri, webproxy, sTSWrapper); using (WebResponse response = httpWebRequest.GetResponse()) { string text2 = response.Headers["Location"]; if (text2 != null) { if (text2.Contains("wctx")) { Uri uri = new Uri(text2); NameValueCollection nameValueCollection = HttpUtility.ParseQueryString(uri.Query); text = nameValueCollection["wctx"]; } else { loginUri = new Uri(serviceUri, text2); } } } if (loginUri == null) { loginUri = serviceUri; } StringBuilder stringBuilder = new StringBuilder(); XmlTextWriter writer = new XmlTextWriter(new StringWriter(stringBuilder)); WSTrust13ResponseSerializer wSTrust13ResponseSerializer = new WSTrust13ResponseSerializer(); wSTrust13ResponseSerializer.WriteXml(sTSWrapper.TokenResponse, writer, new WSTrustSerializationContext()); string xml = stringBuilder.ToString(); HttpWebRequest httpWebRequest2 = FedAuthSupport.CreateBaseWebRequest("POST", loginUri, webproxy, sTSWrapper); XmlDocument xmlDocument = new XmlDocument(); xmlDocument.LoadXml(xml); XmlNamespaceManager xmlNamespaceManager = new XmlNamespaceManager(xmlDocument.NameTable); xmlNamespaceManager.AddNamespace("trust", "http://docs.oasis-open.org/ws-sx/ws-trust/200512"); XmlNode xmlNode = xmlDocument.SelectSingleNode("//trust:RequestSecurityTokenResponse", xmlNamespaceManager); if (xmlNode == null) { throw new InvalidDataException("No RequestSecurityTokenResponse found in ADFS query."); } string s; if (!string.IsNullOrWhiteSpace(text)) { s = string.Format("wa=wsignin1.0&wctx={0}&wresult={1}", HttpUtility.UrlEncode(text), HttpUtility.UrlEncode(xmlNode.OuterXml)); } else { s = string.Format("wa=wsignin1.0&wresult={1}", HttpUtility.UrlEncode(xmlNode.OuterXml)); } byte[] bytes = Encoding.ASCII.GetBytes(s); using (Stream requestStream = httpWebRequest2.GetRequestStream()) { requestStream.Write(bytes, 0, bytes.Length); } CookieContainer result; using (HttpWebResponse httpWebResponse = httpWebRequest2.GetResponse() as HttpWebResponse) { if (httpWebResponse != null) { if (httpWebResponse.Cookies != null && httpWebResponse.Cookies.Count > 0) { CookieContainer cookieContainer = new CookieContainer(); cookieContainer.Add(serviceUri, httpWebResponse.Cookies); result = cookieContainer; return(result); } if (httpWebResponse.Headers.AllKeys.Contains("Set-Cookie")) { CookieContainer cookieContainer = new CookieContainer(); string[] array = httpWebResponse.Headers["Set-Cookie"].Split(new char[] { ',' }); string[] array2 = array; for (int i = 0; i < array2.Length; i++) { string text3 = array2[i]; string[] array3 = text3.Split(new char[] { ';' }); int num = array3[0].IndexOf('='); if (num > 0) { Uri uri2 = serviceUri; string name = array3[0].Substring(0, num); string value = array3[0].Substring(num + 1); for (int j = 1; j < array3.Length; j++) { string[] array4 = array3[j].Split(new char[] { '=' }); if (array4[0].Trim().Equals("domain")) { uri2 = new Uri(uri2.Scheme + "://" + array4[1].Trim()); } } Cookie cookie = new Cookie(name, value); cookieContainer.Add(uri2, cookie); } } if (cookieContainer.Count > 0) { result = cookieContainer; return(result); } } } result = null; } return(result); }
// Move to utility class string RstrToString(RequestSecurityTokenResponse token) { WSTrust13ResponseSerializer ser = new WSTrust13ResponseSerializer(); WSTrustSerializationContext context = new WSTrustSerializationContext(); StringBuilder stringBuilder = new StringBuilder(); XmlWriter xr = XmlWriter.Create(new StringWriter(stringBuilder), new XmlWriterSettings { OmitXmlDeclaration = true }); ser.WriteXml(token, xr, context); xr.Flush(); return stringBuilder.ToString(); }
private string SerializeResponse(RequestSecurityTokenResponse response) { var serializer = new WSTrust13ResponseSerializer(); WSTrustSerializationContext context = new WSTrustSerializationContext(); StringBuilder sb = new StringBuilder(128); using (var writer = new XmlTextWriter(new StringWriter(sb))) { serializer.WriteXml(response, writer, context); return sb.ToString(); } }