public string GetServiceToken(string username, string password, string serviceTarget, string servicePolicy)
{
if (string.IsNullOrEmpty(username))
{
throw new ArgumentNullException("username");
}
if (string.IsNullOrEmpty(password))
{
throw new ArgumentNullException("password");
}
if (string.IsNullOrEmpty(serviceTarget))
{
throw new ArgumentNullException("serviceTarget");
}
this.InitFederationProviderInfoForUser(username);
IdcrlAuth.UserRealmInfo userRealm = this.GetUserRealm(username);
if (userRealm.IsFederated)
{
string partnerTicketFromAdfs = this.GetPartnerTicketFromAdfs(userRealm.STSAuthUrl, username, password);
return(this.GetServiceToken(partnerTicketFromAdfs, serviceTarget, servicePolicy));
}
string securityXml = this.BuildWsSecurityUsingUsernamePassword(username, password);
return(this.GetServiceToken(securityXml, serviceTarget, servicePolicy));
}
private IdcrlAuth.UserRealmInfo GetUserRealm(string login)
{
if (string.IsNullOrWhiteSpace(login))
{
throw new ArgumentNullException("login");
}
string userRealmServiceUrl = this.UserRealmServiceUrl;
string body = string.Format(CultureInfo.InvariantCulture, "login={0}&xml=1", new object[]
{
Uri.EscapeDataString(login)
});
XDocument xDocument = this.DoPost(userRealmServiceUrl, "application/x-www-form-urlencoded", body, null);
XAttribute xAttribute = xDocument.Root.Attribute("Success");
if (xAttribute == null || string.Compare(xAttribute.Value, "true", StringComparison.OrdinalIgnoreCase) != 0)
{
ClientULS.SendTraceTag(3454919u, ClientTraceCategory.Authentication, ClientTraceLevel.High, "Failed to get user's realm for user {0}", new object[]
{
login
});
throw IdcrlAuth.CreateIdcrlException(-2147186539);
}
XElement xElement = xDocument.Root.Element("NameSpaceType");
if (xElement == null)
{
ClientULS.SendTraceTag(3454920u, ClientTraceCategory.Authentication, ClientTraceLevel.High, "There is no NameSpaceType element in the response when get user realm for user {0}", new object[]
{
login
});
throw IdcrlAuth.CreateIdcrlException(-2147186539);
}
if (string.Compare(xElement.Value, "Federated", StringComparison.OrdinalIgnoreCase) != 0 && string.Compare(xElement.Value, "Managed", StringComparison.OrdinalIgnoreCase) != 0)
{
ClientULS.SendTraceTag(3454921u, ClientTraceCategory.Authentication, ClientTraceLevel.High, "Unknown namespace type for user {0}", new object[]
{
login
});
throw IdcrlAuth.CreateIdcrlException(-2147186539);
}
IdcrlAuth.UserRealmInfo userRealmInfo = new IdcrlAuth.UserRealmInfo();
userRealmInfo.IsFederated = (0 == string.Compare(xElement.Value, "Federated", StringComparison.OrdinalIgnoreCase));
xElement = xDocument.Root.Element("STSAuthURL");
if (xElement != null)
{
userRealmInfo.STSAuthUrl = xElement.Value;
}
if (userRealmInfo.IsFederated && string.IsNullOrEmpty(userRealmInfo.STSAuthUrl))
{
ClientULS.SendTraceTag(3454922u, ClientTraceCategory.Authentication, ClientTraceLevel.High, "User {0} is a federated account, but there is no STSAuthUrl for the user.", new object[]
{
login
});
throw IdcrlAuth.CreateIdcrlException(-2147186539);
}
ClientULS.SendTraceTag(3454923u, ClientTraceCategory.Authentication, ClientTraceLevel.Verbose, "User={0}, IsFederated={1}, STSAuthUrl={2}", new object[]
{
login,
userRealmInfo.IsFederated,
userRealmInfo.STSAuthUrl
});
return(userRealmInfo);
}