public static ExternalAuthentication GetCurrent() { if (ExternalAuthentication.instance == null) { ExternalAuthentication.instance = ExternalAuthentication.CreateExternalAuthentication(); } return(ExternalAuthentication.instance); }
private static bool IsRequiredPropertyAvailable(X509Certificate2 certificate, string name) { return(ExternalAuthentication.IsRequiredPropertyAvailable((certificate == null) ? null : certificate.Thumbprint, name)); }
private static ExternalAuthentication.FederationTrustResults TryCreateSecurityTokenService(FederationTrust federationTrust, WebProxy webProxy) { if (!ExternalAuthentication.IsRequiredPropertyAvailable(federationTrust.TokenIssuerUri, "TokenIssuerUri")) { return(new ExternalAuthentication.FederationTrustResults { FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust, SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.MissingTokenIssuerUri }); } if (!ExternalAuthentication.IsRequiredPropertyAvailable(federationTrust.TokenIssuerEpr, "TokenIssuerEpr")) { return(new ExternalAuthentication.FederationTrustResults { FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust, SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.MissingTokenIssuerEpr }); } if (!ExternalAuthentication.IsRequiredPropertyAvailable(federationTrust.ApplicationUri, "ApplicationUri")) { return(new ExternalAuthentication.FederationTrustResults { FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust, SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.MissingApplicationUri }); } if (!ExternalAuthentication.IsRequiredPropertyAvailable(federationTrust.TokenIssuerCertificate, "TokenIssuerCertificate")) { return(new ExternalAuthentication.FederationTrustResults { FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust, SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.MissingTokenIssuerCertificate }); } X509Certificate2[] tokenSignatureCertificates = (federationTrust.TokenIssuerPrevCertificate != null) ? new X509Certificate2[] { federationTrust.TokenIssuerCertificate, federationTrust.TokenIssuerPrevCertificate } : new X509Certificate2[] { federationTrust.TokenIssuerCertificate }; if (!ExternalAuthentication.HasAtLeastOneValidCertificate(tokenSignatureCertificates, federationTrust.Id, "TokenIssuerCertificate and TokenIssuerPrevCertificate")) { return(new ExternalAuthentication.FederationTrustResults { FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.InvalidTokenIssuerCertificate, SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.NoSubCode }); } if (!ExternalAuthentication.IsRequiredPropertyAvailable(federationTrust.OrgPrivCertificate, "OrgPrivCertificate")) { return(new ExternalAuthentication.FederationTrustResults { FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust, SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.MissingOrgPrivCertificate }); } X509Store x509Store = new X509Store(StoreName.My, StoreLocation.LocalMachine); x509Store.Open(OpenFlags.ReadOnly); X509Certificate2 certificate; X509Certificate2[] tokenDecryptionCertificates; try { ExternalAuthentication.ExternalAuthenticationSubFailureType externalAuthenticationSubFailureType; certificate = ExternalAuthentication.GetCertificate(x509Store, federationTrust.OrgPrivCertificate, federationTrust.Id, "OrgPrivCertificate", true, out externalAuthenticationSubFailureType); if (certificate == null) { ExternalAuthentication.ConfigurationTracer.TraceError <string>(0L, "Federation trust is misconfigured. Unable to find certificate corresponding to OrgPrivCertificate={0}", federationTrust.OrgPrivCertificate); return(new ExternalAuthentication.FederationTrustResults { FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust, SubFailureType = externalAuthenticationSubFailureType }); } X509Certificate2 x509Certificate = null; if (!string.IsNullOrEmpty(federationTrust.OrgPrevPrivCertificate)) { x509Certificate = ExternalAuthentication.GetCertificate(x509Store, federationTrust.OrgPrevPrivCertificate, federationTrust.Id, "OrgPrevPrivCertificate", false, out externalAuthenticationSubFailureType); } tokenDecryptionCertificates = ((x509Certificate != null) ? new X509Certificate2[] { certificate, x509Certificate } : new X509Certificate2[] { certificate }); } finally { x509Store.Close(); } SecurityTokenService securityTokenService = new SecurityTokenService(federationTrust.TokenIssuerEpr, webProxy, certificate, federationTrust.TokenIssuerUri, federationTrust.PolicyReferenceUri, federationTrust.ApplicationUri.OriginalString); ExternalAuthentication.ConfigurationTracer.TraceDebug(0L, "New instance of SecurityTokenService successfully built."); return(new ExternalAuthentication.FederationTrustResults { FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.NoFailure, SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.NoFailure, SecurityTokenService = securityTokenService, TokenSignatureCertificates = tokenSignatureCertificates, TokenDecryptionCertificates = tokenDecryptionCertificates }); }
private static ExternalAuthentication CreateExternalAuthentication() { ExternalAuthentication.InitializeNotificationsIfNeeded(); ExternalAuthentication.ConfigurationTracer.TraceDebug(0L, "Searching for federation trust configuration in AD"); WebProxy webProxy = null; Server localServer = LocalServerCache.LocalServer; Uri uri = null; if (localServer != null && localServer.InternetWebProxy != null) { ExternalAuthentication.ConfigurationTracer.TraceDebug <Uri>(0L, "Using custom InternetWebProxy {0}.", localServer.InternetWebProxy); uri = localServer.InternetWebProxy; webProxy = new WebProxy(localServer.InternetWebProxy); } ExternalAuthentication.currentWebProxy = uri; IEnumerable <FederationTrust> enumerable = null; try { enumerable = FederationTrustCache.GetFederationTrusts(); } catch (LocalizedException arg) { ExternalAuthentication.ConfigurationTracer.TraceError <LocalizedException>(0L, "Unable to get federation trust. Exception: {0}", arg); return(new ExternalAuthentication(ExternalAuthentication.ExternalAuthenticationFailureType.ErrorReadingFederationTrust, ExternalAuthentication.ExternalAuthenticationSubFailureType.DirectoryReadError)); } Uri uri2 = null; List <X509Certificate2> list = new List <X509Certificate2>(4); List <X509Certificate2> list2 = new List <X509Certificate2>(4); Dictionary <ADObjectId, SecurityTokenService> dictionary = new Dictionary <ADObjectId, SecurityTokenService>(2); ExternalAuthentication.ExternalAuthenticationFailureType externalAuthenticationFailureType = ExternalAuthentication.ExternalAuthenticationFailureType.NoFederationTrust; ExternalAuthentication.ExternalAuthenticationSubFailureType externalAuthenticationSubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.NoFailure; int num = 0; bool flag = false; if (enumerable != null) { foreach (FederationTrust federationTrust in enumerable) { num++; ExternalAuthentication.FederationTrustResults federationTrustResults = ExternalAuthentication.TryCreateSecurityTokenService(federationTrust, webProxy); if (federationTrustResults.FailureType == ExternalAuthentication.ExternalAuthenticationFailureType.NoFailure) { dictionary.Add(federationTrust.Id, federationTrustResults.SecurityTokenService); list.AddRange(federationTrustResults.TokenSignatureCertificates); list2.AddRange(federationTrustResults.TokenDecryptionCertificates); if (uri2 == null) { uri2 = federationTrust.ApplicationUri; ExternalAuthentication.ConfigurationTracer.TraceDebug <Uri>(0L, "Using {0} as applicationUri", uri2); } else if (!federationTrust.ApplicationUri.Equals(uri2)) { ExternalAuthentication.ConfigurationTracer.TraceError <Uri>(0L, "Cannot have multiple FederationTrust with different ApplicationUri values: {0}. Uri will be ignored", federationTrust.ApplicationUri); flag = true; } } else { externalAuthenticationFailureType = federationTrustResults.FailureType; externalAuthenticationSubFailureType = federationTrustResults.SubFailureType; } } } if (dictionary.Count == 0) { return(new ExternalAuthentication(externalAuthenticationFailureType, externalAuthenticationSubFailureType)); } if (dictionary.Count != num) { ExternalAuthentication.ConfigurationTracer.TraceError <string, string>(0L, "Number of Security Token Service clients {0} does not match number of federation trusts {1}", dictionary.Count.ToString(), num.ToString()); } TokenValidator tokenValidator = new TokenValidator(uri2, list, list2); List <X509Certificate2> list3 = new List <X509Certificate2>(list.Count + list2.Count); list3.AddRange(list); list3.AddRange(list2); if (flag) { return(new ExternalAuthentication(dictionary, tokenValidator, list3, uri2, ExternalAuthentication.ExternalAuthenticationFailureType.NoFailure, ExternalAuthentication.ExternalAuthenticationSubFailureType.WarningApplicationUriSkipped)); } return(new ExternalAuthentication(dictionary, tokenValidator, list3, uri2)); }