protected override async Task <AuthenticationTicket> AuthenticateCoreAsync() { ClientCertificateValidationResult validationResult = await Task.Run(() => ValidateCertificate(Request.Environment)); if (validationResult.IsCertificateValid) { AuthenticationProperties authProperties = new AuthenticationProperties { IssuedUtc = DateTime.UtcNow, ExpiresUtc = DateTime.UtcNow.AddDays(1), AllowRefresh = true, IsPersistent = true }; IList <Claim> claimCollection = new List <Claim> { new Claim(ClaimTypes.Name, "Wojtek") , new Claim(ClaimTypes.Country, "PL") , new Claim(ClaimTypes.Gender, "M") , new Claim(ClaimTypes.Surname, "Sabat") , new Claim(ClaimTypes.Email, "*****@*****.**") , new Claim(ClaimTypes.Role, "IT") , new Claim("HasValidClientCertificate", "true") }; ClaimsIdentity claimsIdentity = new ClaimsIdentity(claimCollection, "X.509"); AuthenticationTicket ticket = new AuthenticationTicket(claimsIdentity, authProperties); return(ticket); } return(await Task.FromResult <AuthenticationTicket>(null)); }
private ClientCertificateValidationResult ValidateCertificate(IDictionary <string, object> owinEnvironment) { if (owinEnvironment.ContainsKey(_owinClientCertKey)) { X509Certificate2 clientCert = Context.Get <X509Certificate2>(_owinClientCertKey); return(_clientCertificateValidator.Validate(clientCert)); } ClientCertificateValidationResult invalid = new ClientCertificateValidationResult(false); invalid.AddValidationException("There's no client certificate attached to the request."); return(invalid); }
public ClientCertificateValidationResult Validate(X509Certificate2 certificate) { var isValid = false; var exceptions = new List <string>(); try { var chain = new X509Chain(); var chainPolicy = new X509ChainPolicy { RevocationMode = X509RevocationMode.NoCheck, RevocationFlag = X509RevocationFlag.EntireChain }; chain.ChainPolicy = chainPolicy; if (chain.Build(certificate)) { isValid = true; } else { foreach (X509ChainElement chainElement in chain.ChainElements) { foreach (X509ChainStatus chainStatus in chainElement.ChainElementStatus) { exceptions.Add(chainStatus.StatusInformation); } } } } catch (Exception ex) { exceptions.Add(ex.Message); } var result = new ClientCertificateValidationResult(isValid); result.AddValidationExceptions(exceptions); return(result); }