private void ParseToken(string xmlToken, X509Certificate2 cert) { int skew = 300; // default to 5 minutes string tokenskew = System.Configuration.ConfigurationManager.AppSettings["MaximumClockSkew"]; if (!string.IsNullOrEmpty(tokenskew)) { skew = Int32.Parse(tokenskew); } XmlReader tokenReader = new XmlTextReader(new StringReader(xmlToken)); EncryptedData enc = new EncryptedData(); enc.TokenSerializer = WSSecurityTokenSerializer.DefaultInstance; enc.ReadFrom(tokenReader); List <SecurityToken> tokens = new List <SecurityToken>(); SecurityToken encryptingToken = new X509SecurityToken(cert); tokens.Add(encryptingToken); SecurityTokenResolver tokenResolver = SecurityTokenResolver.CreateDefaultSecurityTokenResolver(tokens.AsReadOnly(), false); SymmetricSecurityKey encryptingCrypto; // an error here usually means that you have selected the wrong key. encryptingCrypto = (SymmetricSecurityKey)tokenResolver.ResolveSecurityKey(enc.KeyIdentifier[0]); SymmetricAlgorithm algorithm = encryptingCrypto.GetSymmetricAlgorithm(enc.EncryptionMethod); byte[] decryptedData = enc.GetDecryptedBuffer(algorithm); SecurityTokenSerializer tokenSerializer = WSSecurityTokenSerializer.DefaultInstance; XmlReader reader = new XmlTextReader(new StreamReader(new MemoryStream(decryptedData), Encoding.UTF8)); m_token = (SamlSecurityToken)tokenSerializer.ReadToken(reader, tokenResolver); SamlSecurityTokenAuthenticator authenticator = new SamlSecurityTokenAuthenticator(new List <SecurityTokenAuthenticator>( new SecurityTokenAuthenticator[] { new RsaSecurityTokenAuthenticator(), new X509SecurityTokenAuthenticator() }), new TimeSpan(0, 0, skew)); if (authenticator.CanValidateToken(m_token)) { ReadOnlyCollection <IAuthorizationPolicy> policies = authenticator.ValidateToken(m_token); m_authorizationContext = AuthorizationContext.CreateDefaultAuthorizationContext(policies); m_identityClaims = FindIdentityClaims(m_authorizationContext); } else { throw new Exception("Unable to validate the token."); } }
protected static string SerializeToken(SimpleWebToken swt, SecurityTokenResolver tokenResolver) { StringBuilder builder = new StringBuilder(64); builder.Append("Id="); builder.Append(swt.Id); builder.Append('&'); builder.Append(IssuerLabel); builder.Append('='); builder.Append(swt.Issuer); if (swt.Parameters.Count > 0) { builder.Append('&'); foreach (string key in swt.Parameters.AllKeys) { builder.Append(key); builder.Append('='); builder.Append(swt.Parameters[key]); builder.Append('&'); } } else { builder.Append('&'); } builder.Append(ExpiresOnLabel); builder.Append('='); builder.Append(GetExpiresOn(swt.TokenValidity)); if (!string.IsNullOrEmpty(swt.Audience)) { builder.Append('&'); builder.Append(AudienceLabel); builder.Append('='); builder.Append(swt.Audience); } builder.Append('&'); builder.Append(SignatureAlgorithmLabel); builder.Append('='); builder.Append(SignatureAlgorithm); var keyIdentifierClause = new DictionaryBasedKeyIdentifierClause(ToDictionary(swt)); InMemorySymmetricSecurityKey securityKey; try { securityKey = (InMemorySymmetricSecurityKey)tokenResolver.ResolveSecurityKey(keyIdentifierClause); } catch (InvalidOperationException) { throw new SecurityTokenValidationException(string.Format(CultureInfo.InvariantCulture, "Simmetryc key was not found for the key identifier clause: Keys='{0}', Values='{1}'", string.Join(",", keyIdentifierClause.Dictionary.Keys.ToArray()), string.Join(",", keyIdentifierClause.Dictionary.Values.ToArray()))); } string signature = GenerateSignature(builder.ToString(), securityKey.GetSymmetricKey()); builder.Append("&" + SignatureLabel + "="); builder.Append(signature); return(builder.ToString()); }
DerivedKeySecurityToken ReadDerivedKeyTokenCore( XmlReader reader, SecurityTokenResolver tokenResolver) { if (tokenResolver == null) { throw new ArgumentNullException("tokenResolver"); } string id = reader.GetAttribute("Id", Constants.WsuNamespace); string algorithm = reader.MoveToAttribute("Algorithm") ? reader.Value : null; reader.MoveToElement(); reader.ReadStartElement(); reader.MoveToContent(); SecurityKeyIdentifierClause kic = ReadKeyIdentifierClause(reader); int?generation = null, offset = null, length = null; byte [] nonce = null; string name = null, label = null; for (reader.MoveToContent(); reader.NodeType != XmlNodeType.EndElement; reader.MoveToContent()) { switch (reader.LocalName) { case "Properties": reader.ReadStartElement("Properties", Constants.WsscNamespace); for (reader.MoveToContent(); reader.NodeType != XmlNodeType.EndElement; reader.MoveToContent()) { switch (reader.LocalName) { case "Name": name = reader.ReadElementContentAsString("Name", Constants.WsscNamespace); break; case "Label": label = reader.ReadElementContentAsString("Label", Constants.WsscNamespace); break; case "Nonce": nonce = Convert.FromBase64String(reader.ReadElementContentAsString("Nonce", Constants.WsscNamespace)); break; } } reader.ReadEndElement(); break; case "Offset": offset = reader.ReadElementContentAsInt("Offset", Constants.WsscNamespace); break; case "Length": length = reader.ReadElementContentAsInt("Length", Constants.WsscNamespace); break; case "Nonce": nonce = Convert.FromBase64String(reader.ReadElementContentAsString("Nonce", Constants.WsscNamespace)); break; case "Label": label = reader.ReadElementContentAsString("Label", Constants.WsscNamespace); break; } } reader.ReadEndElement(); // resolve key reference SymmetricSecurityKey key = tokenResolver.ResolveSecurityKey(kic) as SymmetricSecurityKey; if (key == null) { throw new XmlException("Cannot resolve the security key referenced by the DerivedKeyToken as a symmetric key"); } return(new DerivedKeySecurityToken(id, algorithm, kic, key, name, generation, offset, length, label, nonce)); }