public ActionResult Issue() { Tracing.Verbose("OAuth WRAP endpoint called."); if (!ConfigurationRepository.Endpoints.OAuthWRAP) { Tracing.Error("OAuth WRAP endpoint is disabled in configuration"); return new HttpNotFoundResult(); } var scope = Request.Form["wrap_scope"]; if (string.IsNullOrWhiteSpace(scope)) { Tracing.Error("OAuth WRAP endpoint called with empty realm."); return new HttpStatusCodeResult(400); } Uri uri; if (!Uri.TryCreate(scope, UriKind.Absolute, out uri)) { Tracing.Error("OAuth WRAP endpoint called with malformed realm: " + scope); return new HttpStatusCodeResult(400); } Tracing.Information("OAuth WRAP endpoint called with realm: " + scope); var endpoint = new EndpointAddress(uri); var auth = new AuthenticationHelper(); ClaimsPrincipal principal; if (!auth.TryGetPrincipalFromWrapRequest(Request, out principal)) { Tracing.Error("Authentication failed"); return new UnauthorizedResult("WRAP", UnauthorizedResult.ResponseAction.Send401); } if (!ClaimsAuthorize.CheckAccess(principal, Constants.Actions.Issue, Constants.Resources.WRAP)) { Tracing.Error("User not authorized"); return new UnauthorizedResult("WRAP", UnauthorizedResult.ResponseAction.Send401); } TokenResponse response; if (auth.TryIssueToken(endpoint, principal, TokenTypes.SimpleWebToken, out response)) { return new WrapResult(response); } else { return new HttpStatusCodeResult(400); } }