protected override async Task <AuthenticationTicket> AuthenticateCoreAsync()
{
ClientCertificateValidationResult validationResult = await Task <ClientCertificateValidationResult> .Run(() => ValidateCertificate(Request.Environment));
if (validationResult.CertificateValid)
{
AuthenticationProperties authProperties = new AuthenticationProperties();
authProperties.IssuedUtc = DateTime.UtcNow;
authProperties.ExpiresUtc = DateTime.UtcNow.AddDays(1);
authProperties.AllowRefresh = true;
authProperties.IsPersistent = true;
IList <System.Security.Claims.Claim> claimCollection = new List <System.Security.Claims.Claim>
{
new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Name, "Andras")
, new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Country, "Sweden")
, new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Gender, "M")
, new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Surname, "Nemes")
, new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Email, "*****@*****.**")
, new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Role, "IT")
, new System.Security.Claims.Claim("HasValidClientCertificate", "true")
};
ClaimsIdentity claimsIdentity = new ClaimsIdentity(claimCollection, "X.509");
AuthenticationTicket ticket = new AuthenticationTicket(claimsIdentity, authProperties);
return(ticket);
}
return(await Task.FromResult <AuthenticationTicket>(null));
}
private ClientCertificateValidationResult ValidateCertificate(IDictionary <string, object> owinEnvironment)
{
if (owinEnvironment.ContainsKey(_owinClientCertKey))
{
X509Certificate2 clientCert = Context.Get <X509Certificate2>(_owinClientCertKey);
return(_clientCertificateValidator.Validate(clientCert));
}
ClientCertificateValidationResult invalid = new ClientCertificateValidationResult(false);
invalid.AddValidationException("There's no client certificate attached to the request.");
return(invalid);
}
public ClientCertificateValidationResult Validate(X509Certificate2 certificate)
{
bool isValid = false;
List <string> exceptions = new List <string>();
try
{
X509Chain chain = new X509Chain();
X509ChainPolicy chainPolicy = new X509ChainPolicy()
{
RevocationMode = X509RevocationMode.NoCheck,
RevocationFlag = X509RevocationFlag.EntireChain
};
chain.ChainPolicy = chainPolicy;
if (!chain.Build(certificate))
{
foreach (X509ChainElement chainElement in chain.ChainElements)
{
foreach (X509ChainStatus chainStatus in chainElement.ChainElementStatus)
{
exceptions.Add(chainStatus.StatusInformation);
}
}
}
else
{
isValid = true;
}
}
catch (Exception ex)
{
exceptions.Add(ex.Message);
}
ClientCertificateValidationResult res = new ClientCertificateValidationResult(isValid);
res.AddValidationExceptions(exceptions);
return(res);
}