/// <summary>
/// Helper function to check if SAML Token was issued by HomeRealmSTS
/// </summary>
/// <returns>True on success. False on failure.</returns>
private static bool IssuedByHomeRealmSTS(ClaimsIdentity claimsId)
{
// Extract the issuer ClaimSet
string issuerClaimsId = claimsId.Claims[0].Issuer;
// Extract the thumbprint for the HomeRealmSTS.com certificate
string certSubjectName = X509Helper.GetX509Certificate2(BookStoreSTSServiceConfig.CertStoreName,
BookStoreSTSServiceConfig.CertStoreLocation,
BookStoreSTSServiceConfig.IssuerDistinguishedName).SubjectName.Name;
return(String.Equals(issuerClaimsId, certSubjectName));
}
/// <summary>
/// Override this method to provide scope specific encrypting credentials.
/// </summary>
/// <param name="principal">The principal.</param>
/// <param name="request">The request.</param>
/// <returns></returns>
protected override Scope GetScope(IClaimsPrincipal principal, RequestSecurityToken request)
{
ValidateAppliesTo(request.AppliesTo);
Scope scope = new Scope(request.AppliesTo.Uri.AbsoluteUri);
scope.SigningCredentials = new X509SigningCredentials(X509Helper.GetX509Certificate2(HomeRealmSTSServiceConfig.CertStoreName,
HomeRealmSTSServiceConfig.CertStoreLocation,
HomeRealmSTSServiceConfig.CertDistinguishedName));
//scope.EncryptingCredentials = new X509EncryptingCredentials( CertificateUtil.GetCertificate( StoreName.My, StoreLocation.LocalMachine, "CN=localhost" ) );
scope.EncryptingCredentials = new X509EncryptingCredentials(X509Helper.GetX509Certificate2(HomeRealmSTSServiceConfig.CertStoreName,
HomeRealmSTSServiceConfig.CertStoreLocation,
HomeRealmSTSServiceConfig.TargetDistinguishedName));
return(scope);
}
/// <summary>
/// Override this method to provide scope specific encrypting credentials.
/// </summary>
/// <param name="principal">The principal.</param>
/// <param name="request">The request.</param>
/// <returns></returns>
protected override Scope GetScope(IClaimsPrincipal principal, RequestSecurityToken request)
{
ValidateAppliesTo(request.AppliesTo);
Scope scope = new Scope(request.AppliesTo.Uri.AbsoluteUri);
scope.SigningCredentials = new X509SigningCredentials(X509Helper.GetX509Certificate2(BookStoreSTSServiceConfig.CertStoreName,
BookStoreSTSServiceConfig.CertStoreLocation,
BookStoreSTSServiceConfig.CertDistinguishedName));
// Note: In this sample app only a single RP identity is shown, which is localhost, and the certificate of that RP is
// populated as EncryptingCredentials
// If you have multiple RPs for the STS you would select the certificate that is specific to
// the RP that requests the token and then use that for EncryptingCredentials
scope.EncryptingCredentials = new X509EncryptingCredentials(X509Helper.GetX509Certificate2(BookStoreSTSServiceConfig.CertStoreName,
BookStoreSTSServiceConfig.CertStoreLocation,
BookStoreSTSServiceConfig.TargetDistinguishedName));
return(scope);
}
