/// <summary>
///
/// </summary>
/// <param name="requestMessage"></param>
/// <param name="config"></param>
/// <param name="withRefreshToken"></param>
/// <returns></returns>
public static AccessTokenResponse ProcessAccessTokenRequest(AccessTokenRequest requestMessage, SecurityTokenServiceConfiguration config, Boolean withRefreshToken)
{
ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true;
// Call issuer to create token
WSTrustChannelFactory factory = new WSTrustChannelFactory("issuer");
// TODO: factory.Credentials.UserName.UserName = requestMessage.Name ?? requestMessage.ClientId;
// TODO: factory.Credentials.UserName.Password = requestMessage.Password ?? requestMessage.ClientSecret;
WSTrustChannel issuer = factory.CreateChannel() as WSTrustChannel;
RequestSecurityToken rst = new RequestSecurityToken(WSTrust13Constants.RequestTypes.Issue);
rst.AppliesTo = new EndpointAddress("https://wrap.client");
rst.KeyType = WSTrust13Constants.KeyTypes.Bearer;
RequestSecurityTokenResponse response = null;
issuer.Issue(rst, out response);
WSTrustSerializationContext context = new WSTrustSerializationContext(
config.SecurityTokenHandlerCollectionManager,
config.CreateAggregateTokenResolver(),
config.IssuerTokenResolver);
// Create response
var token = response.RequestedSecurityToken.SecurityToken;
if (null == token)
{
using (XmlReader reader = new XmlNodeReader(response.RequestedSecurityToken.SecurityTokenXml))
{
token = FederatedAuthentication.ServiceConfiguration.SecurityTokenHandlers.ReadToken(reader);
}
token = ConvertToSimpleWebToken(token, response);
}
// Write token
return WriteToken(token, withRefreshToken);
}
/// <summary>
///
/// </summary>
/// <param name="request"></param>
/// <param name="message"></param>
public static void WriteRequest(this HttpWebRequest request, AccessTokenRequest message)
{
request.Method = "POST";
request.ContentType = "application/x-www-form-urlencoded";
using (TextWriter writer = new StreamWriter(request.GetRequestStream()))
{
writer.Write(message.ToString());
}
}
/// <summary>
///
/// </summary>
/// <param name="request"></param>
/// <param name="message"></param>
public static void WriteRequest(this WebRequest request, AccessTokenRequest message)
{
var httpRequest = request as HttpWebRequest;
if (null == httpRequest)
throw new NotSupportedException("Only HttpWebRequests are supported.");
httpRequest.WriteRequest(message);
}
public void ProcessCommon(AccessTokenRequest request)
{
// Example processing.
var name = String.Empty;
if (false == String.IsNullOrEmpty(request.Name))
name = request.Name;
else if (false == String.IsNullOrEmpty(request.ClientId))
name = request.ClientId;
var withRefreshToken = false == String.IsNullOrEmpty(request.ClientId);
if ("bad client" == name || "bad client id" == name)
{
Response.WriteResponse(AccessTokenResponse.CreateForUnauthorized());
return;
}
if ("client id for captcha" == name && null == request.CaptchaSolution)
{
Response.WriteResponse(new CaptchaResponse(new Uri("http://captcha.url")));
return;
}
if ("client id for captcha" == name && "incorrect solution" == request.CaptchaSolution)
{
Response.WriteResponse(AccessTokenResponse.CreateForUnauthorized());
return;
}
// Create claims
List<Claim> claims = new List<Claim>() {
new Claim(ClaimTypes.Name, name),
// new Claim("http://wrap.resource/can.post", "x")
};
// Respond with OK and access token
Response.WriteResponse(
WrapSecurityTokenServiceOperations.ProcessAccessTokenRequest(
request,
User,
new WrapIssuer(new SimpleWrapIssuerConfiguration(), new ReadOnlyCollection<Claim>(claims)),
withRefreshToken));
}
/// <summary>
///
/// </summary>
/// <param name="requestMessage"></param>
/// <param name="config"></param>
/// <returns></returns>
public static AccessTokenResponse ProcessAccessTokenRequest(AccessTokenRequest requestMessage, SecurityTokenServiceConfiguration config)
{
return ProcessAccessTokenRequest(requestMessage, config, false);
}
/// <summary>
/// Creates a message for requesting a security token with WS-Trust.
/// </summary>
/// <param name="requestMessage">A WRAP message for requesting access tokens.</param>
/// <returns>A WS-Trust Request Security Token (RST) message.</returns>
public RequestSecurityToken CreateRequest(AccessTokenRequest requestMessage)
{
return new RequestSecurityToken()
{
RequestType = RequestTypes.Issue,
Lifetime = null,
KeyType = KeyTypes.Bearer,
ReplyTo = String.Empty,
AppliesTo = new EndpointAddress("http://wrap.resource") // TODO
};
}
/// <summary>
/// Requests a token from the issuer and builds a response with that token.
/// </summary>
/// <param name="requestMessage"></param>
/// <param name="principal"></param>
/// <param name="sts"></param>
/// <param name="withRefreshToken"></param>
/// <returns></returns>
public static AccessTokenResponse ProcessAccessTokenRequest(AccessTokenRequest requestMessage, IPrincipal principal, SecurityTokenService sts, Boolean withRefreshToken)
{
if (null == requestMessage)
throw new ArgumentNullException("requestMessage");
if (null == principal)
throw new ArgumentNullException("principal");
if (null == sts)
throw new ArgumentNullException("sts");
// Call issuer to create token
var response = sts.Issue(
ClaimsPrincipal.CreateFromPrincipal(principal),
new WrapSerializer().CreateRequest(requestMessage));
// Create response
var token = response.RequestedSecurityToken.SecurityToken;
return WriteToken(token, withRefreshToken);
}
/// <summary>
///
/// </summary>
/// <param name="requestMessage"></param>
/// <param name="principal"></param>
/// <param name="sts"></param>
/// <returns></returns>
public static AccessTokenResponse ProcessAccessTokenRequest(AccessTokenRequest requestMessage, IPrincipal principal, SecurityTokenService sts)
{
return ProcessAccessTokenRequest(requestMessage, principal, sts, false);
}