/// <summary> /// Validates a Kerberos WSS user token. /// </summary> private SecurityToken ParseAndVerifyKerberosToken(byte[] tokenData) { XmlDocument document = new XmlDocument(); XmlNodeReader reader = null; try { document.InnerXml = new UTF8Encoding().GetString(tokenData).Trim(); reader = new XmlNodeReader(document.DocumentElement); SecurityToken securityToken = new WSSecurityTokenSerializer().ReadToken(reader, null); System.IdentityModel.Tokens.KerberosReceiverSecurityToken receiver = securityToken as KerberosReceiverSecurityToken; KerberosSecurityTokenAuthenticator authenticator = new KerberosSecurityTokenAuthenticator(); if (authenticator.CanValidateToken(receiver)) { authenticator.ValidateToken(receiver); } return securityToken; } catch (Exception e) { // construct translation object with default text. TranslationInfo info = new TranslationInfo( "InvalidKerberosToken", "en-US", "'{0}' is not a valid Kerberos token.", document.DocumentElement.LocalName); // create an exception with a vendor defined sub-code. throw new ServiceResultException(new ServiceResult( e, StatusCodes.BadIdentityTokenRejected, "InvalidKerberosToken", Namespaces.UserAuthentication, new LocalizedText(info))); } finally { if (reader != null) { reader.Close(); } } }
public KerberosSecurityTokenAuthenticatorWrapper(KerberosSecurityTokenAuthenticator innerAuthenticator) { this.innerAuthenticator = innerAuthenticator; }