/// <summary>
/// Loads configuration elements pertaining to the <see cref="SecurityTokenHandlerCollection"/>
/// </summary>
/// <param name="baseConfiguration">Base <see cref="SecurityTokenHandlerConfiguration"/> from which to inherit default values.</param>
/// <param name="element">The <see cref="SecurityTokenHandlerConfigurationElement"/> from the configuration file.</param>
/// <returns></returns>
protected SecurityTokenHandlerConfiguration LoadHandlerConfiguration(SecurityTokenHandlerConfiguration baseConfiguration, SecurityTokenHandlerConfigurationElement element)
{
SecurityTokenHandlerConfiguration handlerConfiguration = (baseConfiguration == null) ? new SecurityTokenHandlerConfiguration() : baseConfiguration;
if (element.AudienceUris.IsConfigured)
{
//
// There is no inheritance of the content of the element from base to child, only the whole element. If the
// user specifies any part, they must specify it all.
//
handlerConfiguration.AudienceRestriction.AudienceMode = AudienceUriMode.Always;
handlerConfiguration.AudienceRestriction.AllowedAudienceUris.Clear();
handlerConfiguration.AudienceRestriction.AudienceMode = element.AudienceUris.Mode;
foreach (AudienceUriElement audienceUriElement in element.AudienceUris)
{
handlerConfiguration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(audienceUriElement.Value, UriKind.RelativeOrAbsolute));
}
}
if (element.Caches.IsConfigured)
{
if (element.Caches.TokenReplayCache.IsConfigured)
{
handlerConfiguration.Caches.TokenReplayCache = CustomTypeElement.Resolve<TokenReplayCache>(element.Caches.TokenReplayCache);
}
if (element.Caches.SessionSecurityTokenCache.IsConfigured)
{
handlerConfiguration.Caches.SessionSecurityTokenCache = CustomTypeElement.Resolve<SessionSecurityTokenCache>(element.Caches.SessionSecurityTokenCache);
}
}
if (element.CertificateValidation.IsConfigured)
{
handlerConfiguration.RevocationMode = element.CertificateValidation.RevocationMode;
handlerConfiguration.CertificateValidationMode = element.CertificateValidation.CertificateValidationMode;
handlerConfiguration.TrustedStoreLocation = element.CertificateValidation.TrustedStoreLocation;
if (element.CertificateValidation.CertificateValidator.IsConfigured)
{
handlerConfiguration.CertificateValidator = CustomTypeElement.Resolve<X509CertificateValidator>(element.CertificateValidation.CertificateValidator);
}
}
//
// Load the issuer name registry
//
if (element.IssuerNameRegistry.IsConfigured)
{
handlerConfiguration.IssuerNameRegistry = GetIssuerNameRegistry(element.IssuerNameRegistry);
}
//
// Load the issuer token resolver
//
if (element.IssuerTokenResolver.IsConfigured)
{
handlerConfiguration.IssuerTokenResolver = CustomTypeElement.Resolve<SecurityTokenResolver>(element.IssuerTokenResolver);
}
//
// Load MaxClockSkew
//
try
{
if (element.ElementInformation.Properties[ConfigurationStrings.MaximumClockSkew].ValueOrigin != PropertyValueOrigin.Default)
{
handlerConfiguration.MaxClockSkew = element.MaximumClockSkew;
}
}
catch (ArgumentException inner)
{
throw DiagnosticUtility.ThrowHelperConfigurationError(element, ConfigurationStrings.MaximumClockSkew, inner);
}
//
// SaveBootstrapTokens
//
if (element.ElementInformation.Properties[ConfigurationStrings.SaveBootstrapContext].ValueOrigin != PropertyValueOrigin.Default)
{
handlerConfiguration.SaveBootstrapContext = element.SaveBootstrapContext;
}
//
// Load the service token resolver
//
if (element.ServiceTokenResolver.IsConfigured)
{
handlerConfiguration.ServiceTokenResolver = CustomTypeElement.Resolve<SecurityTokenResolver>(element.ServiceTokenResolver);
}
//
// TokenReplayCache related items
//
if (element.TokenReplayDetection.IsConfigured)
{
//
// Set on SecurityTokenHandlerConfiguration
//
//
// DetectReplayedTokens set - { true | false }
//
handlerConfiguration.DetectReplayedTokens = element.TokenReplayDetection.Enabled;
//
// ExpirationPeriod { TimeSpan }
//
handlerConfiguration.TokenReplayCacheExpirationPeriod = element.TokenReplayDetection.ExpirationPeriod;
}
return handlerConfiguration;
}
/// <summary>
/// Loads configuration elements pertaining to the <see cref="SecurityTokenHandlerCollection"/>
/// </summary>
/// <param name="baseConfiguration">Base <see cref="SecurityTokenHandlerConfiguration"/> from which to inherit default values.</param>
/// <param name="element">The <see cref="SecurityTokenHandlerConfigurationElement"/> from the configuration file.</param>
/// <returns></returns>
protected SecurityTokenHandlerConfiguration LoadHandlerConfiguration(SecurityTokenHandlerConfiguration baseConfiguration, SecurityTokenHandlerConfigurationElement element)
{
SecurityTokenHandlerConfiguration handlerConfiguration = (baseConfiguration == null) ? new SecurityTokenHandlerConfiguration() : baseConfiguration;
if (element.AudienceUris.IsConfigured)
{
//
// There is no inheritance of the content of the element from base to child, only the whole element. If the
// user specifies any part, they must specify it all.
//
handlerConfiguration.AudienceRestriction.AudienceMode = AudienceUriMode.Always;
handlerConfiguration.AudienceRestriction.AllowedAudienceUris.Clear();
handlerConfiguration.AudienceRestriction.AudienceMode = element.AudienceUris.Mode;
foreach (AudienceUriElement audienceUriElement in element.AudienceUris)
{
handlerConfiguration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(audienceUriElement.Value, UriKind.RelativeOrAbsolute));
}
}
if (element.Caches.IsConfigured)
{
if (element.Caches.TokenReplayCache.IsConfigured)
{
handlerConfiguration.Caches.TokenReplayCache = CustomTypeElement.Resolve <TokenReplayCache>(element.Caches.TokenReplayCache);
}
if (element.Caches.SessionSecurityTokenCache.IsConfigured)
{
handlerConfiguration.Caches.SessionSecurityTokenCache = CustomTypeElement.Resolve <SessionSecurityTokenCache>(element.Caches.SessionSecurityTokenCache);
}
}
if (element.CertificateValidation.IsConfigured)
{
handlerConfiguration.RevocationMode = element.CertificateValidation.RevocationMode;
handlerConfiguration.CertificateValidationMode = element.CertificateValidation.CertificateValidationMode;
handlerConfiguration.TrustedStoreLocation = element.CertificateValidation.TrustedStoreLocation;
if (element.CertificateValidation.CertificateValidator.IsConfigured)
{
handlerConfiguration.CertificateValidator = CustomTypeElement.Resolve <X509CertificateValidator>(element.CertificateValidation.CertificateValidator);
}
}
//
// Load the issuer name registry
//
if (element.IssuerNameRegistry.IsConfigured)
{
handlerConfiguration.IssuerNameRegistry = GetIssuerNameRegistry(element.IssuerNameRegistry);
}
//
// Load the issuer token resolver
//
if (element.IssuerTokenResolver.IsConfigured)
{
handlerConfiguration.IssuerTokenResolver = CustomTypeElement.Resolve <SecurityTokenResolver>(element.IssuerTokenResolver);
}
//
// Load MaxClockSkew
//
try
{
if (element.ElementInformation.Properties[ConfigurationStrings.MaximumClockSkew].ValueOrigin != PropertyValueOrigin.Default)
{
handlerConfiguration.MaxClockSkew = element.MaximumClockSkew;
}
}
catch (ArgumentException inner)
{
throw DiagnosticUtility.ThrowHelperConfigurationError(element, ConfigurationStrings.MaximumClockSkew, inner);
}
//
// SaveBootstrapTokens
//
if (element.ElementInformation.Properties[ConfigurationStrings.SaveBootstrapContext].ValueOrigin != PropertyValueOrigin.Default)
{
handlerConfiguration.SaveBootstrapContext = element.SaveBootstrapContext;
}
//
// Load the service token resolver
//
if (element.ServiceTokenResolver.IsConfigured)
{
handlerConfiguration.ServiceTokenResolver = CustomTypeElement.Resolve <SecurityTokenResolver>(element.ServiceTokenResolver);
}
//
// TokenReplayCache related items
//
if (element.TokenReplayDetection.IsConfigured)
{
//
// Set on SecurityTokenHandlerConfiguration
//
//
// DetectReplayedTokens set - { true | false }
//
handlerConfiguration.DetectReplayedTokens = element.TokenReplayDetection.Enabled;
//
// ExpirationPeriod { TimeSpan }
//
handlerConfiguration.TokenReplayCacheExpirationPeriod = element.TokenReplayDetection.ExpirationPeriod;
}
return(handlerConfiguration);
}