/// <summary> /// Helper function to check if SAML Token was issued by HomeRealmSTS /// </summary> /// <returns>True on success. False on failure.</returns> private static bool IssuedByHomeRealmSTS(ClaimsIdentity claimsId) { // Extract the issuer ClaimSet string issuerClaimsId = claimsId.Claims[0].Issuer; // Extract the thumbprint for the HomeRealmSTS.com certificate string certSubjectName = X509Helper.GetX509Certificate2(BookStoreSTSServiceConfig.CertStoreName, BookStoreSTSServiceConfig.CertStoreLocation, BookStoreSTSServiceConfig.IssuerDistinguishedName).SubjectName.Name; return(String.Equals(issuerClaimsId, certSubjectName)); }
/// <summary> /// Override this method to provide scope specific encrypting credentials. /// </summary> /// <param name="principal">The principal.</param> /// <param name="request">The request.</param> /// <returns></returns> protected override Scope GetScope(IClaimsPrincipal principal, RequestSecurityToken request) { ValidateAppliesTo(request.AppliesTo); Scope scope = new Scope(request.AppliesTo.Uri.AbsoluteUri); scope.SigningCredentials = new X509SigningCredentials(X509Helper.GetX509Certificate2(HomeRealmSTSServiceConfig.CertStoreName, HomeRealmSTSServiceConfig.CertStoreLocation, HomeRealmSTSServiceConfig.CertDistinguishedName)); //scope.EncryptingCredentials = new X509EncryptingCredentials( CertificateUtil.GetCertificate( StoreName.My, StoreLocation.LocalMachine, "CN=localhost" ) ); scope.EncryptingCredentials = new X509EncryptingCredentials(X509Helper.GetX509Certificate2(HomeRealmSTSServiceConfig.CertStoreName, HomeRealmSTSServiceConfig.CertStoreLocation, HomeRealmSTSServiceConfig.TargetDistinguishedName)); return(scope); }
/// <summary> /// Override this method to provide scope specific encrypting credentials. /// </summary> /// <param name="principal">The principal.</param> /// <param name="request">The request.</param> /// <returns></returns> protected override Scope GetScope(IClaimsPrincipal principal, RequestSecurityToken request) { ValidateAppliesTo(request.AppliesTo); Scope scope = new Scope(request.AppliesTo.Uri.AbsoluteUri); scope.SigningCredentials = new X509SigningCredentials(X509Helper.GetX509Certificate2(BookStoreSTSServiceConfig.CertStoreName, BookStoreSTSServiceConfig.CertStoreLocation, BookStoreSTSServiceConfig.CertDistinguishedName)); // Note: In this sample app only a single RP identity is shown, which is localhost, and the certificate of that RP is // populated as EncryptingCredentials // If you have multiple RPs for the STS you would select the certificate that is specific to // the RP that requests the token and then use that for EncryptingCredentials scope.EncryptingCredentials = new X509EncryptingCredentials(X509Helper.GetX509Certificate2(BookStoreSTSServiceConfig.CertStoreName, BookStoreSTSServiceConfig.CertStoreLocation, BookStoreSTSServiceConfig.TargetDistinguishedName)); return(scope); }