public ListenerLoop() { // Start re-populating signing keys. If the code-cached keys are out of date, it may take a few seconds to freshen. SigningKeys.UpdateKeyCache(); // Tracing setup var currentDomain = AppDomain.CurrentDomain; currentDomain.UnhandledException += BaseExceptionHandler; Trace.UseGlobalLock = false; Trace.AutoFlush = false; Trace.Listeners.Add(LocalTrace.Instance); Trace.TraceInformation("WrapperRoleListener coming up"); Trace.TraceInformation("Old connection limit was " + ServicePointManager.DefaultConnectionLimit); ServicePointManager.DefaultConnectionLimit = Parallelism; Trace.TraceInformation("New connection limit is " + ServicePointManager.DefaultConnectionLimit); ServicePointManager.ReusePort = true; ServicePointManager.EnableDnsRoundRobin = true; // can load balance with DNS ServicePointManager.SetTcpKeepAlive(false, 0, 0); _handler = new MainRequestHandler(new AadSecurityCheck()); }
static void Main(string[] args) { var raw = File.ReadAllText(@"C:\Temp\security.json"); var config = JsonTool.Defrost <SecurityConfig>(raw); Console.WriteLine("Cache is populating."); SigningKeys.RefreshKeys(config.KeyDiscoveryUrl, TimeSpan.FromHours(1)); var testToken = "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik4tbEMwbi05REFMcXdodUhZbkhRNjNHZUNYYyIsImtpZCI6Ik4tbEMwbi05REFMcXdodUhZbkhRNjNHZUNYYyJ9.eyJhdWQiOiIyODY4YTdiNS1lYTY0LTQ1NTEtOWY4NC1jOTUxMTk5YmFjMTQiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC80ZDEzMzgwZi1iMmRjLTQwMWUtYWRlOC0wM2E2NzgwMWM2NzYvIiwiaWF0IjoxNTUyOTE2MDU0LCJuYmYiOjE1NTI5MTYwNTQsImV4cCI6MTU1MjkxOTk1NCwiYWlvIjoiNDJKZ1lIajR4U3JTYWJaMndhVnpHM2N0NFg0NENRQT0iLCJhcHBpZCI6IjI4NjhhN2I1LWVhNjQtNDU1MS05Zjg0LWM5NTExOTliYWMxNCIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0LzRkMTMzODBmLWIyZGMtNDAxZS1hZGU4LTAzYTY3ODAxYzY3Ni8iLCJvaWQiOiI1MDhkYmEyMi0zYTJjLTQzMGQtODY3OC04YjA2MDk4Mjk3NGQiLCJzdWIiOiI1MDhkYmEyMi0zYTJjLTQzMGQtODY3OC04YjA2MDk4Mjk3NGQiLCJ0aWQiOiI0ZDEzMzgwZi1iMmRjLTQwMWUtYWRlOC0wM2E2NzgwMWM2NzYiLCJ1dGkiOiItdHdkamhGMHlVdWhhVkxwOERYQkFBIiwidmVyIjoiMS4wIn0.Y1eO8SXXHIRgQ3urJG93lLepBlxxmdWc1B7Nx8FSKeCU18saJa145wbQ2kwVzlCrzb5N7siKUU7UIeuKgjJWCJh7F-j0XWZcvgpk2YU5RsuHsdLU2HrEpXfnoKNpWPhsi864RvI7P7unQI761Jj1PTZ49-oslotgD76fHfzSEbFbWNaPb5SN1cAKdgRkIsAn9XA4bgQqPMZ4zTkoWpC37tSkHlxT3NhpWq6MLHnvvLIqssu89u5FhfHal-MXsPymb7fdzdoF14sMv7WLU_p5r_H9Gcryt2VVmdhV5GAAyt9Y7lE4HdXFCidHOFA06vdkB1Yu9rdBcO2jzqhGzDXDFg"; var subject = new AadSecurityCheck(config); var outcome = subject.Validate(testToken); switch (outcome) { case SecurityOutcome.Fail: Console.WriteLine("Validation failed"); break; case SecurityOutcome.Pass: Console.WriteLine("Validated OK!"); break; } Console.ReadLine(); }
static void Main(string[] args) { var raw = File.ReadAllText(@"C:\Temp\security.json"); var config = JsonTool.Defrost <SecurityConfig>(raw); Console.WriteLine("Cache is populating."); SigningKeys.RefreshKeys(config.KeyDiscoveryUrl, TimeSpan.FromHours(1)); var testToken = "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik4tbEMwbi05REFMcXdodUhZbkhRNjNHZUNYYyIsImtpZCI6Ik4tbEMwbi05REFMcXdodUhZbkhRNjNHZUNYYyJ9.eyJhdWQiOiI4NWRjZTY2Mi1lYTdmLTRmNTEtODEzNy1hM2QzYzRjNWNlMzEiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9kMjA3MjkxNi1hMWRmLTQzZTgtYWNiMC1iZjVjN2M2MWE1NjAvIiwiaWF0IjoxNTUzMDAyMDY4LCJuYmYiOjE1NTMwMDIwNjgsImV4cCI6MTU1MzAwNTk2OCwiYWlvIjoiNDJKZ1lIalBJWFR0U0lPeXdKcnoveVhldkpQYkNBQT0iLCJhcHBpZCI6Ijg1ZGNlNjYyLWVhN2YtNGY1MS04MTM3LWEzZDNjNGM1Y2UzMSIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0L2QyMDcyOTE2LWExZGYtNDNlOC1hY2IwLWJmNWM3YzYxYTU2MC8iLCJvaWQiOiI3OWQwMTRlYi1lYzRkLTQxMmYtYTc1OS1mM2YxYmJkZjlkNGEiLCJzdWIiOiI3OWQwMTRlYi1lYzRkLTQxMmYtYTc1OS1mM2YxYmJkZjlkNGEiLCJ0aWQiOiJkMjA3MjkxNi1hMWRmLTQzZTgtYWNiMC1iZjVjN2M2MWE1NjAiLCJ1dGkiOiI3NDZHV1NIbmswTzNTWE5UdHViTUFBIiwidmVyIjoiMS4wIn0.OVSVmTBpdOKSfQIIrJ3Xom8QCHTjR7KRbiAqTIFk9E3o2JlU1jRjoJNhfVmDpVzIXELjqNA0QI9zdh4U_QBGBLMT_p8YRdcGNoZlm5ouVQcVzrR5dxfWw5aF0AbunOGnIfwomvrHj2S92eU2uzEzuChGiNAnI-WcaJrN3Fet0gvyqskn1VjAkGBqVrj5AasbhqPt4Dd-OukFsV9l-u3TdpWeSqCnGCzlbBCeUvErsKiOLcCenarcGen7zJZ9COegytzza5l_cxcO2LYFNRCnCrGk9vyNW8ZCsHqLMjm14A09QKoO6nCJpWlna9WFWvaIDsEXC_ow976ZTe2QwGqaBA"; var subject = new AadSecurityCheck(config); var outcome = subject.Validate(testToken); switch (outcome) { case SecurityOutcome.Fail: Console.WriteLine("Validation failed"); break; case SecurityOutcome.Pass: Console.WriteLine("Validated OK!"); break; } Console.ReadLine(); }
/// <summary> /// Read authentication headers and check them against an AAD server. /// </summary> public SecurityOutcome Validate(IContext ctx) { try { var token = ctx.Request.Headers.Get("Authorization") ?? ctx.Request.Headers.Get("WWW-Authenticate"); if (string.IsNullOrWhiteSpace(token)) { return(SecurityOutcome.Fail); } token = token.Replace("Bearer ", ""); if (string.IsNullOrWhiteSpace(token)) { return(SecurityOutcome.Fail); } // Set-up the validator... using (var signingTokens = SigningKeys.AllAvailableKeys()) { var validationParams = new TokenValidationParameters { ValidAudience = Audience, ValidIssuer = Issuer, IssuerSigningTokens = signingTokens }; var x = new JwtSecurityTokenHandler(); x.ValidateToken(token, validationParams, out var y); return((y == null) ? SecurityOutcome.Fail : SecurityOutcome.Pass); } } catch (Exception ex) { Console.WriteLine(ex); return(SecurityOutcome.Fail); } }
private void Validate() { if (Binding == 0) { throw new ConfigurationErrorsException("Missing binding configuration on Idp " + EntityId.Id + "."); } if (!SigningKeys.Any()) { throw new ConfigurationErrorsException("Missing signing certificate configuration on Idp " + EntityId.Id + "."); } if (SingleSignOnServiceUrl == null) { throw new ConfigurationErrorsException("Missing assertion consumer service url configuration on Idp " + EntityId.Id + "."); } }
/// <summary> /// Handle setup from the C++ side /// </summary> /// <param name="basePath">base path for the .Net binary</param> /// <param name="output">error message, if any</param> private static void WakeupCallback(string basePath, out string output) { BaseDirectory = Path.GetDirectoryName(basePath); output = null; // Do the wake up, similar to the ListenerLoop class try { // Start re-populating signing keys. If the code-cached keys are out of date, it may take a few seconds to freshen. SigningKeys.UpdateKeyCache(); // Set up the internal trace Trace.UseGlobalLock = false; Trace.AutoFlush = false; Trace.Listeners.Clear(); Trace.Listeners.Add(LocalTrace.Instance); ThreadPool.SetMaxThreads(ListenerLoop.Parallelism, ListenerLoop.Parallelism); ThreadPool.SetMinThreads(1, 1); // Load the config file var configurationMap = new ExeConfigurationFileMap { ExeConfigFilename = basePath + ".config" }; // this will load the app.config file. MainRequestHandler.ExplicitConfiguration = ConfigurationManager.OpenMappedExeConfiguration(configurationMap, ConfigurationUserLevel.None); // Check to see if HTTPS is bound in IIS if (GetBindings(BaseDirectory).Contains("https")) { MainRequestHandler.HttpsAvailable = true; } // Load the wrapper _core = new MainRequestHandler(new AadSecurityCheck()); } catch (Exception ex) { RecPrintException(ex); output = basePath + "\r\n" + ex; } }