コード例 #1
0
        public ActionResult Callback()
        {
            string input;
            using (var reader = new StreamReader(Request.InputStream))
            {
                input = reader.ReadToEnd();
            }

            string locationBase = string.Format("{0}/auth/broker/end",
                                                Request.Url.GetComponents(UriComponents.SchemeAndServer,
                                                                          UriFormat.Unescaped));
            var inputInQueryStringUri = new Uri(locationBase + "?" + input);
            NameValueCollection tokenValues = inputInQueryStringUri.ParseQueryString();
            string tokenData = tokenValues["wresult"];

            //Validate SWT token
            var tokenSerializer = new WSTrustFeb2005ResponseSerializer();
            RequestSecurityTokenResponse requestSecrityTokenResponse =
                tokenSerializer.ReadXml(new XmlTextReader(new StringReader(tokenData)),
                                        new WSTrustSerializationContext());

            var simpleWebTokenHandler = new SimpleWebTokenHandler("https://" + _registrationService.ServiceNamespace + ".accesscontrol.windows.net/", _swtSigningKey);
            var securityToken = simpleWebTokenHandler.ReadToken(requestSecrityTokenResponse.RequestedSecurityToken.SecurityTokenXml.InnerText) as SimpleWebToken;
            simpleWebTokenHandler.ValidateToken(securityToken, _acsRealm);

            //Create delegation in ACS
            var authServerIdentifier = securityToken.Claims.FirstOrDefault(c => c.ClaimType == ClaimTypes.NameIdentifier);
            var authServerIdentity = new AuthorizationServerIdentity
                                         {
                                             NameIdentifier = authServerIdentifier.Value,
                                             IdentityProvider = authServerIdentifier.Issuer
                                         };

            //todo: Check if we can add some claims (role claims) to the scope
            string code = _registrationService.GetAuthorizationCode(_clientId, authServerIdentity, "scope");

            //todo: use OAuth parameter names in the return URL
            //return the token
            string location = string.Format("{0}?acsToken={1}", locationBase, code);

            Response.StatusCode = (int)HttpStatusCode.Redirect;
            Response.Headers.Add("Location", location);
            Response.End();

            return null;
        }
        /// <summary>
        /// Reads the 'wresult' and returns the embeded security token.
        /// </summary>
        /// <returns>the 'SecurityToken'.</returns>
        public virtual string GetToken()
        {
            if (Wresult == null)
            {
                return null;
            }

            using (StringReader sr = new StringReader(Wresult))
            {
                XmlReader xmlReader = XmlReader.Create(sr);
                xmlReader.MoveToContent();

                WSTrustResponseSerializer serializer = new WSTrust13ResponseSerializer();
                if (serializer.CanRead(xmlReader))
                {
                    RequestSecurityTokenResponse response = serializer.ReadXml(xmlReader, new WSTrustSerializationContext());
                    return response.RequestedSecurityToken.SecurityTokenXml.OuterXml;
                }

                serializer = new WSTrustFeb2005ResponseSerializer();
                if (serializer.CanRead(xmlReader))
                {
                    RequestSecurityTokenResponse response = serializer.ReadXml(xmlReader, new WSTrustSerializationContext());
                    return response.RequestedSecurityToken.SecurityTokenXml.OuterXml;
                }
            }

            return null;
        }