public AuthTokenDto Authenticate(ServerDto serverDto, LoginDto loginDto, string clientId)
{
var tenant = Uri.EscapeDataString(loginDto.TenantName);
var url = ServiceConfigManager.GetLoginUrl(serverDto, tenant);
ServicePointManager.ServerCertificateValidationCallback = delegate { return(true); };
var data = ServiceConfigManager.FormatLoginArgs(loginDto);
var requestConfig = new RequestSettings
{
Method = HttpMethod.Post,
};
var headers = ServiceHelper.AddHeaders();
var result = _webRequestManager.GetResponse(url, requestConfig, headers, null, data);
var token = JsonConvert.Deserialize <Token>(result);
token.Raw = result;
token.ClientId = clientId;
token.TokenType = TokenType.Bearer.ToString();
var certificates = GetCertificates(serverDto, loginDto.TenantName, CertificateScope.TENANT, token);
var claimsPrincipal = Validate(serverDto, loginDto.User + "@" + loginDto.DomainName, certificates[certificates.Count - 1], loginDto.TenantName, token.IdToken);
if (claimsPrincipal != null)
{
return new AuthTokenDto(Refresh)
{
Token = token, ClaimsPrincipal = claimsPrincipal, Login = loginDto, ServerDto = serverDto
}
}
;
return(new AuthTokenDto(Refresh)
{
Token = token, ClaimsPrincipal = claimsPrincipal, Login = loginDto, ServerDto = serverDto
});
}
public AuthTokenDto GetTokenFromCertificate(ServerDto serverDto, X509Certificate2 certificate, RSACryptoServiceProvider rsa)
{
var url = ServiceConfigManager.GetTokenFromCertificateUrl(serverDto);
var signedToken = GetSignedJwtToken(rsa, certificate, url);
if (signedToken == null)
{
throw new Exception("Could not generate a valid token");
}
ServicePointManager.ServerCertificateValidationCallback = delegate { return(true); };
var data = ServiceConfigManager.GetJwtTokenBySolutionUserArgs(signedToken);
var requestConfig = new RequestSettings
{
Method = HttpMethod.Post,
};
var headers = ServiceHelper.AddHeaders();
var result = _webRequestManager.GetResponse(url, requestConfig, headers, null, data);
var token = JsonConvert.Deserialize <Token>(result);
token.Raw = result;
return(new AuthTokenDto(Refresh)
{
Token = token, ClaimsPrincipal = null, Login = null, ServerDto = serverDto
});
}
public Token Refresh(ServerDto serverDto, LoginDto loginDto, Token tokenToRefresh)
{
var tenant = Uri.EscapeDataString(loginDto.TenantName);
var url = ServiceConfigManager.GetRefreshUrl(serverDto, tenant);
ServicePointManager.ServerCertificateValidationCallback = delegate { return(true); };
var data = ServiceConfigManager.FormatRefreshTokenArgs(tokenToRefresh.RefreshToken);
var requestConfig = new RequestSettings
{
Method = HttpMethod.Post,
};
var headers = ServiceHelper.AddHeaders();
var result = _webRequestManager.GetResponse(url, requestConfig, headers, null, data);
var token = JsonConvert.Deserialize <Token>(result);
token.RefreshToken = tokenToRefresh.RefreshToken;
token.ClientId = tokenToRefresh.ClientId;
return(token);
}
private List <CertificateChainDto> GetCertificates(ServerDto serverDto, string tenantName, CertificateScope scope, Token token)
{
tenantName = Uri.EscapeDataString(tenantName);
var url = ServiceConfigManager.GetCertificatesUrl(serverDto, tenantName);
url += "?scope=" + scope;
ServicePointManager.ServerCertificateValidationCallback = delegate { return(true); };
var requestConfig = new RequestSettings
{
Method = HttpMethod.Get
};
var headers = ServiceHelper.AddHeaders(ServiceConfigManager.JsonContentType);
var authorization = string.Format("{0} {1}", token.TokenType, token.AccessToken);
headers.Add(HttpRequestHeader.Authorization, authorization);
var response = _webRequestManager.GetResponse(url, requestConfig, headers, null, null);
return(JsonConvert.Deserialize <List <CertificateChainDto> >(response));
}
public AuthTokenDto GetTokenFromGssTicket(ServerDto serverDto, string base64EncodedGSSTicketBytes, string clientId)
{
var url = ServiceConfigManager.GetTokenFromGssTicketUrl(serverDto);
ServicePointManager.ServerCertificateValidationCallback = delegate { return(true); };
var data = ServiceConfigManager.GetTokenFromGssTicketArgs(base64EncodedGSSTicketBytes, clientId);
var requestConfig = new RequestSettings
{
Method = HttpMethod.Post,
};
var headers = ServiceHelper.AddHeaders();
var result = _webRequestManager.GetResponse(url, requestConfig, headers, null, data);
var token = JsonConvert.Deserialize <Token>(result);
token.Raw = result;
token.ClientId = clientId;
return(new AuthTokenDto(Refresh)
{
Token = token, ClaimsPrincipal = null, Login = null, ServerDto = serverDto
});
}
private ClaimsPrincipal Validate(ServerDto serverDto, string audience, CertificateChainDto certificateChain, string tenantName, string token)
{
var certificate = certificateChain.Certificates[0];
var publicKey = certificate.Encoded;
var x509Certificate2 = new X509Certificate2();
var cert = Encoding.UTF8.GetBytes(publicKey);
x509Certificate2.Import(cert);
var hostName = ServiceHelper.GetHostName(serverDto.ServerName);
var validationParams = new TokenValidationParameters
{
ValidIssuer = ServiceConfigManager.GetValidIssuer(serverDto, hostName, tenantName),
ValidAudience = audience,
IssuerSigningToken = new X509SecurityToken(x509Certificate2),
ValidateIssuer = false
};
var jwtSecurityTokenHandler = new JwtSecurityTokenHandler();
SecurityToken validatedToken;
return(jwtSecurityTokenHandler.ValidateToken(token, validationParams, out validatedToken));
}