public static SecurityToken GetToken(string username, string password, string tokenIssuer, string appliesTo, out RequestSecurityTokenResponse rsts) { WS2007HttpBinding binding = new WS2007HttpBinding(); binding.Security.Message.EstablishSecurityContext = false; binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None; binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName; binding.Security.Mode = SecurityMode.TransportWithMessageCredential; var tokenIssuerUrlFormat = "https://{0}/adfs/services/trust/13/usernamemixed"; var tokenIssuerUrl = string.Format(tokenIssuerUrlFormat, tokenIssuer); WSTrustChannelFactory trustChannelFactory = new WSTrustChannelFactory(binding, new EndpointAddress(tokenIssuerUrl)); trustChannelFactory.TrustVersion = TrustVersion.WSTrust13; trustChannelFactory.Credentials.UserName.UserName = username; trustChannelFactory.Credentials.UserName.Password = password; trustChannelFactory.ConfigureChannelFactory(); // Create issuance issuance and get security token RequestSecurityToken requestToken = new RequestSecurityToken(WSTrust13Constants.RequestTypes.Issue); requestToken.AppliesTo = new EndpointAddress(appliesTo); WSTrustChannel tokenClient = (WSTrustChannel) trustChannelFactory.CreateChannel(); SecurityToken token = tokenClient.Issue(requestToken, out rsts); return token; }
public static SecurityToken getToken(sts.Token token) { var textmessageEncoding = new TextMessageEncodingBindingElement(); textmessageEncoding.WriteEncoding = Encoding.UTF8; textmessageEncoding.MessageVersion = MessageVersion.Soap12WSAddressing10; var messageSecurity = new AsymmetricSecurityBindingElement(); messageSecurity.AllowSerializedSigningTokenOnReply = true; messageSecurity.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10; messageSecurity.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10; //messageSecurity.EnableUnsecuredResponse = true; messageSecurity.IncludeTimestamp = false; messageSecurity.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic128Rsa15; messageSecurity.SecurityHeaderLayout = SecurityHeaderLayout.Lax; messageSecurity.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; messageSecurity.LocalClientSettings.DetectReplays = false; messageSecurity.LocalServiceSettings.DetectReplays = false; var x509SecurityParamter = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.RawDataKeyIdentifier, SecurityTokenInclusionMode.AlwaysToInitiator); messageSecurity.RecipientTokenParameters = x509SecurityParamter; messageSecurity.RecipientTokenParameters.RequireDerivedKeys = false; var initiator = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.RawDataKeyIdentifier, SecurityTokenInclusionMode.AlwaysToRecipient); initiator.RequireDerivedKeys = false; messageSecurity.InitiatorTokenParameters = initiator; var binding = new CustomBinding(messageSecurity, textmessageEncoding, new StrippingChannelBindingElement(), new HttpTransportBindingElement()); Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannelFactory trustChannelFactory = new Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannelFactory(binding, new EndpointAddress(new Uri("http://login.staging.rapidsoft.ru:80/auth/sts"), EndpointIdentity.CreateDnsIdentity("test"))); trustChannelFactory.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindByIssuerName, "test"); trustChannelFactory.Credentials.ServiceCertificate.SetDefaultCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindByIssuerName, "test"); trustChannelFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; trustChannelFactory.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindByIssuerName, "test"); trustChannelFactory.Endpoint.Contract.ProtectionLevel = ProtectionLevel.None; trustChannelFactory.TrustVersion = System.ServiceModel.Security.TrustVersion.WSTrust13; Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel channel = (Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel)trustChannelFactory.CreateChannel(); RequestSecurityToken rst = new RequestSecurityToken(RequestTypes.Issue); rst.OnBehalfOf = new Microsoft.IdentityModel.Tokens.SecurityTokenElement(token, new Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection()); rst.KeyType = WSTrust13Constants.KeyTypes.Asymmetric; RequestSecurityTokenResponse rstr = null; SecurityToken SecurityToken = channel.Issue(rst, out rstr); return(SecurityToken); }
private static SecurityToken ConvertToToken(string xml) { WS2007FederationHttpBinding binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential, false); Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannelFactory factory = new Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannelFactory(binding, new EndpointAddress("https://null-EndPoint")); factory.TrustVersion = TrustVersion.WSTrustFeb2005; Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel trustChannel = (Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel)factory.CreateChannel(); RequestSecurityTokenResponse response = trustChannel.WSTrustResponseSerializer.CreateInstance(); response.RequestedSecurityToken = new RequestedSecurityToken(LoadXml(xml).DocumentElement); response.IsFinal = true; RequestSecurityToken requestToken = new RequestSecurityToken(WSTrustFeb2005Constants.RequestTypes.Issue); requestToken.KeyType = WSTrustFeb2005Constants.KeyTypes.Symmetric; return(trustChannel.GetTokenFromResponse(requestToken, response)); }