public KerberosReceiverSecurityToken ReadFromCache(string contextUsername) { IAppCache appCache = new CachingService(); KerberosReceiverSecurityToken token = appCache.Get <KerberosReceiverSecurityToken>(contextUsername.ToLower()); return(token); }
internal ReadOnlyCollection <IAuthorizationPolicy> ValidateToken(SecurityToken token, ChannelBinding channelBinding, ExtendedProtectionPolicy protectionPolicy) { KerberosReceiverSecurityToken kerberosToken = (KerberosReceiverSecurityToken)token; kerberosToken.Initialize(this.credentialsHandle, channelBinding, protectionPolicy); return(this.innerAuthenticator.ValidateToken(kerberosToken)); }
public void DeleteFromCache(string contextUsername) { IAppCache appCache = new CachingService(); KerberosReceiverSecurityToken token = appCache.Get <KerberosReceiverSecurityToken>(contextUsername.ToLower()); if (token != null) { appCache.Remove(contextUsername.ToLower()); } }
/// <summary> /// This method is called at the being of the thread that processes a request. /// </summary> protected override OperationContext ValidateRequest(RequestHeader requestHeader, RequestType requestType) { OperationContext context = base.ValidateRequest(requestHeader, requestType); if (requestType == RequestType.Write) { // reject all writes if no user provided. if (context.UserIdentity.TokenType == UserTokenType.Anonymous) { // construct translation object with default text. TranslationInfo info = new TranslationInfo( "NoWriteAllowed", "en-US", "Must provide a valid windows user before calling write."); // create an exception with a vendor defined sub-code. throw new ServiceResultException(new ServiceResult( StatusCodes.BadUserAccessDenied, "NoWriteAllowed", Namespaces.UserAuthentication, new LocalizedText(info))); } #if TODO SecurityToken securityToken = context.UserIdentity.GetSecurityToken(); // check for a kerberso token. KerberosReceiverSecurityToken kerberosToken = securityToken as KerberosReceiverSecurityToken; if (kerberosToken != null) { ImpersonationContext impersonationContext = new ImpersonationContext(); impersonationContext.Context = kerberosToken.WindowsIdentity.Impersonate(); lock (this.m_lock) { m_contexts.Add(context.RequestId, impersonationContext); } } // check for a user name token. UserNameSecurityToken userNameToken = securityToken as UserNameSecurityToken; if (userNameToken != null) { LogonUser(context, userNameToken); } #endif } return(context); }
public KerberosReceiverSecurityToken WriteToCache(string contextUsername, string contextPassword) { KerberosSecurityTokenProvider provider = new KerberosSecurityTokenProvider("YOURSPN", TokenImpersonationLevel.Impersonation, new NetworkCredential(contextUsername.ToLower(), contextPassword, "yourdomain")); KerberosRequestorSecurityToken requestorToken = provider.GetToken(TimeSpan.FromMinutes(double.Parse(ConfigurationManager.AppSettings["KerberosTokenExpiration"]))) as KerberosRequestorSecurityToken; KerberosReceiverSecurityToken receiverToken = new KerberosReceiverSecurityToken(requestorToken.GetRequest()); IAppCache appCache = new CachingService(); KerberosReceiverSecurityToken tokenFactory() => receiverToken; return(appCache.GetOrAdd(contextUsername.ToLower(), tokenFactory)); // this will either add the token or get the token if it exists }
/// <summary> /// Validates a Kerberos WSS user token. /// </summary> private SecurityToken ParseAndVerifyKerberosToken(byte[] tokenData) { XmlDocument document = new XmlDocument(); XmlNodeReader reader = null; try { document.InnerXml = new UTF8Encoding().GetString(tokenData).Trim(); reader = new XmlNodeReader(document.DocumentElement); SecurityToken securityToken = new WSSecurityTokenSerializer().ReadToken(reader, null); KerberosReceiverSecurityToken receiver = securityToken as KerberosReceiverSecurityToken; KerberosSecurityTokenAuthenticator authenticator = new KerberosSecurityTokenAuthenticator(); if (authenticator.CanValidateToken(receiver)) { authenticator.ValidateToken(receiver); } return(securityToken); } catch (Exception e) { // construct translation object with default text. TranslationInfo info = new TranslationInfo( "InvalidKerberosToken", "en-US", "'{0}' is not a valid Kerberos token.", document.DocumentElement.LocalName); // create an exception with a vendor defined sub-code. throw new ServiceResultException(new ServiceResult( e, StatusCodes.BadIdentityTokenRejected, "InvalidKerberosToken", Namespaces.Hsl, new LocalizedText(info))); } finally { if (reader != null) { reader.Close(); } } }
public KerberosReceiverSecurityToken GenerateReceiver() { KerberosReceiverSecurityToken receiverToken = null; //string SPN1 = "HTTP/s001nd-sp-api1.BG.local BG\a001-dpdservice"; string SPN = "HTTP/s001nd-sp-api1.BG.local";// garage\dpd_service"; var currUserName = HttpContext.Current.User.Identity.Name; var WindowsAccountName = HttpContext.Current.Request.LogonUserIdentity.Name; //KerberosSecurityTokenProvider provider1 = // new KerberosSecurityTokenProvider(SPN, // TokenImpersonationLevel.Impersonation, // new NetworkCredential("dpd_service", "123", "Garage")); //KerberosSecurityTokenProvider provider2 = // new KerberosSecurityTokenProvider(SPN, // TokenImpersonationLevel.Impersonation, // CredentialCache.DefaultNetworkCredentials); KerberosSecurityTokenProvider provider3 = new KerberosSecurityTokenProvider(SPN, TokenImpersonationLevel.Impersonation); //KerberosSecurityTokenProvider provider4 = // new KerberosSecurityTokenProvider(SPN); try { KerberosRequestorSecurityToken requestorToken = provider3.GetToken(TimeSpan.FromMinutes(180)) as KerberosRequestorSecurityToken; var abRequest = requestorToken.GetRequest(); var sId = requestorToken.Id; KerberosReceiverSecurityToken oReceivedToken = new KerberosReceiverSecurityToken(abRequest, sId); using (FileStream fstream = new FileStream(@"C:\DPD500LOG\good_note.txt", FileMode.OpenOrCreate)) { // var oAuthenticator = new KerberosSecurityTokenAuthenticator(); // var oCol = oAuthenticator.ValidateToken(oReceivedToken); // foreach (var o in oCol) // { // Console.WriteLine(o.Id); // } // преобразуем строку в байты byte[] array = System.Text.Encoding.Default.GetBytes(oReceivedToken.Id);// exception.ToString()); // запись массива байтов в файл fstream.Write(array, 0, array.Length); } } catch (Exception ex) { Console.WriteLine(ex.Message); using (FileStream fstream = new FileStream(@"C:\DPD500LOG\error_note.txt", FileMode.OpenOrCreate)) { // преобразуем строку в байты byte[] array = System.Text.Encoding.Default.GetBytes(ex.Message);// exception.ToString()); // запись массива байтов в файл fstream.Write(array, 0, array.Length); } } return(receiverToken); }
/// <summary> /// Initializes the object with a .NET security token /// </summary> private void Initialize(SecurityToken token) { if (token == null) { throw new ArgumentNullException("token"); } m_token = token; UserNameSecurityToken usernameToken = token as UserNameSecurityToken; if (usernameToken != null) { m_displayName = usernameToken.UserName; m_tokenType = UserTokenType.UserName; m_issuedTokenType = null; return; } X509SecurityToken x509Token = token as X509SecurityToken; if (x509Token != null) { m_displayName = x509Token.Certificate.Subject; m_tokenType = UserTokenType.Certificate; m_issuedTokenType = null; return; } KerberosReceiverSecurityToken kerberosToken1 = token as KerberosReceiverSecurityToken; if (kerberosToken1 != null) { m_displayName = kerberosToken1.WindowsIdentity.Name; m_tokenType = UserTokenType.IssuedToken; m_issuedTokenType = new XmlQualifiedName("", "http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1"); return; } KerberosRequestorSecurityToken kerberosToken2 = token as KerberosRequestorSecurityToken; if (kerberosToken2 != null) { m_displayName = kerberosToken2.ServicePrincipalName; m_tokenType = UserTokenType.IssuedToken; m_issuedTokenType = new XmlQualifiedName("", "http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1"); return; } SamlSecurityToken samlToken = token as SamlSecurityToken; if (samlToken != null) { m_displayName = "SAML"; // find the subject of the SAML assertion. foreach (SamlStatement statement in samlToken.Assertion.Statements) { SamlAttributeStatement attribute = statement as SamlAttributeStatement; if (attribute != null) { m_displayName = attribute.SamlSubject.Name; break; } } m_tokenType = UserTokenType.IssuedToken; m_issuedTokenType = new XmlQualifiedName("", "urn:oasis:names:tc:SAML:1.0:assertion"); return; } m_displayName = UserTokenType.IssuedToken.ToString(); m_tokenType = UserTokenType.IssuedToken; }