public ClaimsPrincipal Validate(string userName, string password) { var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential); var credentials = new ClientCredentials(); credentials.UserName.UserName = userName; credentials.UserName.Password = password; GenericXmlSecurityToken genericToken; genericToken = WSTrustClient.Issue( new EndpointAddress(_address), new EndpointAddress(_realm), binding, credentials) as GenericXmlSecurityToken; var config = new SecurityTokenHandlerConfiguration(); config.AudienceRestriction.AllowedAudienceUris.Add(new Uri(_realm)); config.CertificateValidationMode = X509CertificateValidationMode.None; config.CertificateValidator = X509CertificateValidator.None; var registry = new ConfigurationBasedIssuerNameRegistry(); registry.AddTrustedIssuer(_issuerThumbprint, _address); config.IssuerNameRegistry = registry; var handler = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection(config); ClaimsPrincipal principal; var token = genericToken.ToSecurityToken(); principal = new ClaimsPrincipal(handler.ValidateToken(token)); Tracing.Information("Successfully requested token for user via WS-Trust"); return FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager.Authenticate("ResourceOwnerPasswordValidation", principal); }
//https://leastprivilege.com/2010/10/28/wif-adfs-2-and-wcfpart-6-chaining-multiple-token-services/ //https://msdn.microsoft.com/en-us/library/ee517297.aspx public SecurityToken GetToken(string idpEndpoint, string rstsRealm, string userName, string password) { var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential); var factory = new System.ServiceModel.Security.WSTrustChannelFactory(binding, new EndpointAddress(new Uri(idpEndpoint))); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.SupportInteractive = false; factory.Credentials.UserName.UserName = userName; factory.Credentials.UserName.Password = password; var rst = new System.IdentityModel.Protocols.WSTrust.RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new System.IdentityModel.Protocols.WSTrust.EndpointReference(rstsRealm), KeyType = KeyTypes.Bearer, TokenType = "urn:oasis:names:tc:SAML:2.0:assertion" }; var channel = factory.CreateChannel(); var securityToken = channel.Issue(rst); return securityToken; }
private SecurityToken GetActAsToken() { // Retrieve the token that was saved during initial user login BootstrapContext bootstrapContext = ClaimsPrincipal.Current.Identities.First().BootstrapContext as BootstrapContext; // Use the Thinktecture-implementation of the UserNameWSBinding to setup the channel factory to ADFS var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential); var factory = new WSTrustChannelFactory(binding, new EndpointAddress("https://[ADFS]/adfs/services/trust/13/usernamemixed")); // For demo purposes, we're authenticating to ADFS using a user name and password representing the web application // If the web server is domain-joined, you can use Windows Authentication instead factory.Credentials.UserName.UserName = "******"; factory.Credentials.UserName.Password = "******"; factory.TrustVersion = TrustVersion.WSTrust13; // Setup the request details to ask for a token for the backend service, acting as the logged in user var request = new RequestSecurityToken(); request.RequestType = Thinktecture.IdentityModel.Constants.WSTrust13Constants.RequestTypes.Issue; request.AppliesTo = new EndpointReference("https://[BackendService]/Service.svc"); request.ActAs = new SecurityTokenElement(bootstrapContext.SecurityToken); // Create the channel var channel = factory.CreateChannel(); RequestSecurityTokenResponse response = null; SecurityToken delegatedToken = channel.Issue(request, out response); // Return the acquired token return delegatedToken; }
private static SecurityToken RequestToken() { var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential); var credentials = new ClientCredentials(); credentials.UserName.UserName = "******"; credentials.UserName.Password = "******"; return WSTrustClient.Issue( new EndpointAddress(_idsrvEndpoint), new EndpointAddress(_realm), binding, credentials); }