public static OAuth2AccessTokenRequest CreateAccessTokenRequestWithAssertion(System.IdentityModel.Tokens.SecurityToken token, string resource)
{
Utility.VerifyNonNullArgument("token", token);
Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection securityTokenHandlerCollection = Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection();
securityTokenHandlerCollection.Add(new JsonWebSecurityTokenHandler());
return(OAuth2MessageFactory.CreateAccessTokenRequestWithAssertion(token, securityTokenHandlerCollection, resource));
}
protected override void WriteTokenCore(System.Xml.XmlWriter writer,
System.IdentityModel.Tokens.SecurityToken token)
{
UserNameSecurityToken userToken = token as UserNameSecurityToken;
string tokennamespace = "o";
DateTime created = DateTime.Now;
string createdStr = created.ToString("yyyy-MM-ddTHH:mm:ss.fffZ");
// unique Nonce value - encode with SHA-1 for 'randomness'
// in theory the nonce could just be the GUID by itself
string phrase = Guid.NewGuid().ToString();
var nonce = GetSHA1String(phrase);
// in this case password is plain text
// for digest mode password needs to be encoded as:
// PasswordAsDigest = Base64(SHA-1(Nonce + Created + Password))
// and profile needs to change to
//string password = GetSHA1String(nonce + createdStr + userToken.Password);
string password = userToken.Password;
writer.WriteRaw(string.Format(
"<{0}:UsernameToken u:Id=\"" + token.Id +
"\" xmlns:u=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">" +
"<{0}:Username>" + userToken.UserName + "</{0}:Username>" +
"<{0}:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText\">" +
password + "</{0}:Password>" +
"<{0}:Nonce EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\">" +
nonce + "</{0}:Nonce>" +
"<u:Created>" + createdStr + "</u:Created></{0}:UsernameToken>", tokennamespace));
}
public override bool TryGetEntry(object key, out System.IdentityModel.Tokens.SecurityToken value)
{
if (key == null)
{
throw new ArgumentNullException("key");
}
CleanupOldTokens();
if (inner.TryGetEntry(key, out value))
{
return(true);
}
value = null;
var cacheKey = GetCacheKey(key);
var item = tokenCacheRepository.Get(cacheKey);
if (item == null)
{
return(false);
}
value = BytesToToken(item.Token);
// update in-mem cache from database
inner.TryAddEntry(key, value);
return(true);
}
protected override void WriteTokenCore(XmlWriter writer, System.IdentityModel.Tokens.SecurityToken token)
{
if (writer == null)
{
throw new ArgumentNullException("writer");
}
if (token == null)
{
throw new ArgumentNullException("token");
}
var c = token as SecurityToken;
if (c != null)
{
writer.WriteStartElement(Constants.UsernameTokenPrefix, Constants.UsernameTokenName, Constants.UsernameTokenNamespace);
writer.WriteAttributeString(Constants.WsUtilityPrefix, Constants.IdAttributeName, Constants.WsUtilityNamespace, token.Id);
writer.WriteElementString(Constants.UsernameElementName, Constants.UsernameTokenNamespace, c.Info.Username);
writer.WriteStartElement(Constants.UsernameTokenPrefix, Constants.PasswordElementName, Constants.UsernameTokenNamespace);
writer.WriteAttributeString(Constants.TypeAttributeName, Constants.PasswordDigestType);
writer.WriteValue(c.GetPasswordDigestAsBase64());
writer.WriteEndElement();
writer.WriteElementString(Constants.NonceElementName, Constants.UsernameTokenNamespace, c.GetNonceAsBase64());
writer.WriteElementString(Constants.CreatedElementName, Constants.WsUtilityNamespace, c.GetCreatedAsString());
writer.WriteEndElement();
writer.Flush();
}
else
{
base.WriteTokenCore(writer, token);
}
}
public void CreateClaimsPrincipalCrossVersionTest(CrossTokenVersionTheoryData theoryData)
{
var context = TestUtilities.WriteHeader($"{this}.CreateClaimsPrincipalCrossVersionTest", theoryData);
SecurityToken4x validatedToken4x = null;
SecurityToken validatedToken5x = null;
ClaimsPrincipal claimsPrincipal4x = null;
ClaimsPrincipal claimsPrincipal5x = null;
try
{
claimsPrincipal4x = CrossVersionUtility.ValidateSaml2Token(theoryData.TokenString4x, theoryData.ValidationParameters4x, out validatedToken4x);
}
catch (Exception ex)
{
context.Diffs.Add($"CrossVersionTokenValidationTestsData.ValidateToken threw: '{ex}'.");
}
try
{
claimsPrincipal5x = new Tokens.Saml2.Saml2SecurityTokenHandler().ValidateToken(theoryData.TokenString4x, theoryData.ValidationParameters5x, out validatedToken5x);
}
catch (Exception ex)
{
context.Diffs.Add($"Tokens.Saml.SamlSecurityTokenHandler().ValidateToken threw: '{ex}'.");
}
AreSaml2TokensEqual(validatedToken4x, validatedToken5x, context);
IdentityComparer.AreClaimsPrincipalsEqual(claimsPrincipal4x, claimsPrincipal5x, context);
TestUtilities.AssertFailIfErrors(context);
}
public virtual string WriteTokenAsString(System.IdentityModel.Tokens.SecurityToken token)
{
Utility.VerifyNonNullArgument("token", token);
JsonWebSecurityToken jsonWebSecurityToken = token as JsonWebSecurityToken;
if (jsonWebSecurityToken == null)
{
throw new System.ArgumentException("Unsupported token type", "token");
}
if (jsonWebSecurityToken.CanWriteSourceData)
{
return(jsonWebSecurityToken.WriteSourceData());
}
System.Collections.Generic.IDictionary <string, string> self = jsonWebSecurityToken.CreateHeaderClaims();
System.Collections.Generic.IDictionary <string, string> self2 = jsonWebSecurityToken.CreatePayloadClaims();
string text = string.Format(System.Globalization.CultureInfo.InvariantCulture, "{0}.{1}", new object[]
{
Base64UrlEncoder.Encode(self.EncodeToJson()),
Base64UrlEncoder.Encode(self2.EncodeToJson())
});
string text2 = this.Sign(text, jsonWebSecurityToken.SigningCredentials);
return(string.Format(System.Globalization.CultureInfo.InvariantCulture, "{0}.{1}", new object[]
{
text,
text2
}));
}
public GenericXmlSecurityToken(System.Xml.XmlElement tokenXml,
System.IdentityModel.Tokens.SecurityToken proofToken,
DateTime effectiveTime,
DateTime expirationTime,
SecurityKeyIdentifierClause internalTokenReference,
SecurityKeyIdentifierClause externalTokenReference,
System.Collections.ObjectModel.ReadOnlyCollection <System.IdentityModel.Policy.IAuthorizationPolicy> authorizationPolicies)
{
}
protected override bool CanWriteTokenCore(System.IdentityModel.Tokens.SecurityToken token)
{
if (token is SecurityToken)
{
return(true);
}
return(base.CanWriteTokenCore(token));
}
private ClaimsIdentityCollection ValidateTokenCore(System.IdentityModel.Tokens.SecurityToken token, bool isActorToken)
{
JsonWebSecurityToken jsonWebSecurityToken = token as JsonWebSecurityToken;
if (jsonWebSecurityToken == null)
{
return(base.ValidateToken(token));
}
if (base.Configuration == null)
{
throw new System.InvalidOperationException("No configuration.");
}
if (base.Configuration.IssuerNameRegistry == null)
{
throw new System.InvalidOperationException("No issuername registry configured.");
}
this.ValidateLifetime(jsonWebSecurityToken);
this.ValidateAudience(jsonWebSecurityToken);
System.IdentityModel.Tokens.X509SecurityToken x509SecurityToken = jsonWebSecurityToken.IssuerToken as System.IdentityModel.Tokens.X509SecurityToken;
if (x509SecurityToken != null)
{
base.Configuration.CertificateValidator.Validate(x509SecurityToken.Certificate);
}
ClaimsIdentityCollection claimsIdentityCollection = new ClaimsIdentityCollection();
ClaimsIdentity claimsIdentity = new ClaimsIdentity("Federation");
if (!isActorToken && jsonWebSecurityToken.ActorToken != null)
{
ValidateActorTokenForAppOnly(jsonWebSecurityToken.ActorToken);
ClaimsIdentityCollection claimsIdentityCollection2 = this.ValidateActorToken(jsonWebSecurityToken.ActorToken);
if (claimsIdentityCollection2.Count > 1)
{
throw new System.IdentityModel.Tokens.SecurityTokenException("Invalid JWT token. Actor has multiple identities.");
}
claimsIdentity.Actor = claimsIdentityCollection2[0];
}
string issuerName = this.GetIssuerName(jsonWebSecurityToken);
foreach (JsonWebTokenClaim current in jsonWebSecurityToken.Claims)
{
if (claimsIdentity.Actor == null || !System.StringComparer.Ordinal.Equals("actortoken", current.ClaimType))
{
string text = current.Value;
if (text == null)
{
text = "NULL";
}
claimsIdentity.Claims.Add(new Claim(current.ClaimType, text, "http://www.w3.org/2001/XMLSchema#string", issuerName));
}
}
if (!isActorToken && base.Configuration.SaveBootstrapTokens)
{
claimsIdentity.BootstrapToken = token;
}
claimsIdentityCollection.Add(claimsIdentity);
return(claimsIdentityCollection);
}
public override string GetIssuerName(System.IdentityModel.Tokens.SecurityToken securityToken)
{
Utility.VerifyNonNullArgument("securityToken", securityToken);
string result = null;
BinarySecretSecurityToken binarySecretSecurityToken = securityToken as BinarySecretSecurityToken;
if (binarySecretSecurityToken != null)
{
this._issuerList.TryGetValue(System.Convert.ToBase64String(binarySecretSecurityToken.GetKeyBytes()), out result);
}
return(result);
}
public static OAuth2AccessTokenRequest CreateAccessTokenRequestWithAssertion(System.IdentityModel.Tokens.SecurityToken token, Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection securityTokenHandlers, string resource)
{
Utility.VerifyNonNullArgument("token", token);
if (token is JsonWebSecurityToken)
{
return(OAuth2MessageFactory.CreateAccessTokenRequestWithAssertion((JsonWebSecurityToken)token, securityTokenHandlers, resource));
}
if (token is System.IdentityModel.Tokens.GenericXmlSecurityToken)
{
return(OAuth2MessageFactory.CreateAccessTokenRequestWithAssertion((System.IdentityModel.Tokens.GenericXmlSecurityToken)token, resource));
}
if (token is System.IdentityModel.Tokens.SamlSecurityToken || token is Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken)
{
return(OAuth2MessageFactory.CreateAccessTokenRequestWithAssertionForSamlSecurityTokens(token, securityTokenHandlers, resource));
}
throw new System.ArgumentException("Unsupported SecurityToken");
}
protected override void WriteTokenCore(System.Xml.XmlWriter writer, System.IdentityModel.Tokens.SecurityToken token)
{
Random r = new Random();
string tokennamespace = "o";
DateTime created = DateTime.Now;
string createdStr = created.ToString("yyyy-MM-ddThh:mm:ss.fffZ");
string nonce = Convert.ToBase64String(Encoding.ASCII.GetBytes(SHA1Encrypt(created + r.Next().ToString())));
System.IdentityModel.Tokens.UserNameSecurityToken unToken = (System.IdentityModel.Tokens.UserNameSecurityToken)token;
writer.WriteRaw(String.Format(
"<{0}:UsernameToken u:Id=\"" + token.Id + "\" xmlns:u=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">" +
"<{0}:Username>" + unToken.UserName + "</{0}:Username>" +
"<{0}:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText\">" +
unToken.Password + "</{0}:Password>" +
"<{0}:Nonce EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\">" +
nonce + "</{0}:Nonce>" +
"<u:Created>" + createdStr + "</u:Created></{0}:UsernameToken>", tokennamespace));
}
public override void WriteToken(System.Xml.XmlWriter writer, System.IdentityModel.Tokens.SecurityToken token)
{
if (!(token is JsonWebSecurityToken))
{
base.WriteToken(writer, token);
}
Utility.VerifyNonNullArgument("writer", writer);
byte[] bytes = Base64UrlEncoder.TextEncoding.GetBytes(this.WriteTokenAsString(token));
writer.WriteStartElement("wsse", "BinarySecurityToken", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
if (token.Id != null)
{
writer.WriteAttributeString("wsu", "Id", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", token.Id);
}
writer.WriteAttributeString("ValueType", null, "http://oauth.net/grant_type/jwt/1.0/bearer");
writer.WriteAttributeString("EncodingType", null, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary");
writer.WriteBase64(bytes, 0, bytes.Length);
writer.WriteEndElement();
}
public override bool TryAddEntry(object key, System.IdentityModel.Tokens.SecurityToken value)
{
if (key == null)
{
throw new ArgumentNullException("key");
}
var cacheKey = GetCacheKey(key);
var item = new TokenCacheItem
{
Key = cacheKey,
Expires = value.ValidTo,
Token = TokenToBytes((SessionSecurityToken)value),
};
tokenCacheRepository.AddOrUpdate(item);
return(inner.TryAddEntry(key, value));
}
/// <summary>
/// Sends a <see cref="WsTrustRequest"/> to a STS to obtain a <see cref="WCFSecurityToken"/>.
/// </summary>
/// <param name="trustRequest">The <see cref="WsTrustRequest" /> sent to the STS.</param>
/// <returns>A <see cref="WCFSecurityToken" /> issued by the STS.</returns>
public async virtual Task <WCFSecurityToken> IssueAsync(WsTrustRequest trustRequest)
{
_ = trustRequest ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(trustRequest));
Message requestMessage = CreateRequest(trustRequest);
Message response = await Task.Factory.FromAsync(RequestChannel.BeginRequest, RequestChannel.EndRequest, requestMessage, null, TaskCreationOptions.None).ConfigureAwait(false);
if (response.IsFault)
{
MessageFault fault = MessageFault.CreateFault(response, FaultMaxBufferSize);
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(FaultException.CreateFault(fault, response.Headers?.Action));
}
WsTrustResponse trustResponse = TrustSerializer.ReadResponse(response.GetReaderAtBodyContents());
WCFSecurityToken token = WSTrustUtilities.CreateGenericXmlSecurityToken(trustRequest, trustResponse, GetSerializationContext(trustRequest), null);
if (token == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.Format(SR.TokenProviderUnableToGetToken, string.IsNullOrEmpty(Address) ? ToString() : Address)));
}
return(token);
}
public SecurityTokenSpecification(System.IdentityModel.Tokens.SecurityToken token, System.Collections.ObjectModel.ReadOnlyCollection <System.IdentityModel.Policy.IAuthorizationPolicy> tokenPolicies)
{
}
protected override bool CanValidateTokenCore(System.IdentityModel.Tokens.SecurityToken token)
{
return(token is DummySecurityToken);
}
protected virtual System.IdentityModel.Tokens.SecurityToken VerifySignature(string signingInput, string signature, string algorithm, System.IdentityModel.Tokens.SecurityToken signingToken)
{
Utility.VerifyNonNullArgument("signingToken", signingToken);
bool flag = false;
System.IdentityModel.Tokens.SecurityToken result = null;
if (string.Equals(algorithm, "RS256", System.StringComparison.Ordinal))
{
System.IdentityModel.Tokens.X509SecurityToken x509SecurityToken = signingToken as System.IdentityModel.Tokens.X509SecurityToken;
if (x509SecurityToken == null)
{
throw new System.IdentityModel.Tokens.SecurityTokenException("Unsupported issuer token type for asymmetric signature.");
}
System.Security.Cryptography.RSACryptoServiceProvider rSACryptoServiceProvider = x509SecurityToken.Certificate.PublicKey.Key as System.Security.Cryptography.RSACryptoServiceProvider;
if (rSACryptoServiceProvider == null)
{
throw new System.IdentityModel.Tokens.SecurityTokenException("Unsupported asymmetric signing algorithm.");
}
using (X509AsymmetricSignatureProvider x509AsymmetricSignatureProvider = new X509AsymmetricSignatureProvider(rSACryptoServiceProvider))
{
flag = x509AsymmetricSignatureProvider.Verify(Base64UrlEncoder.TextEncoding.GetBytes(signingInput), Base64UrlEncoder.DecodeBytes(signature));
if (flag)
{
result = signingToken;
}
goto IL_133;
}
}
if (string.Equals(algorithm, "HS256", System.StringComparison.Ordinal))
{
byte[] bytes = Base64UrlEncoder.TextEncoding.GetBytes(signingInput);
byte[] signature2 = Base64UrlEncoder.DecodeBytes(signature);
using (System.Collections.Generic.IEnumerator <System.IdentityModel.Tokens.SecurityKey> enumerator = signingToken.SecurityKeys.GetEnumerator())
{
while (enumerator.MoveNext())
{
System.IdentityModel.Tokens.SecurityKey current = enumerator.Current;
System.IdentityModel.Tokens.SymmetricSecurityKey symmetricSecurityKey = current as System.IdentityModel.Tokens.SymmetricSecurityKey;
if (symmetricSecurityKey != null)
{
using (SymmetricSignatureProvider symmetricSignatureProvider = new SymmetricSignatureProvider(symmetricSecurityKey))
{
flag = symmetricSignatureProvider.Verify(bytes, signature2);
if (flag)
{
result = new BinarySecretSecurityToken(symmetricSecurityKey.GetSymmetricKey());
break;
}
}
}
}
goto IL_133;
}
}
throw new System.IdentityModel.Tokens.SecurityTokenException("Unsupported signing algorithm.");
IL_133:
if (!flag)
{
throw new System.IdentityModel.Tokens.SecurityTokenException("Invalid issuer or signature.");
}
return(result);
}
public override ClaimsIdentityCollection ValidateToken(System.IdentityModel.Tokens.SecurityToken token)
{
return(this.ValidateTokenCore(token, false));
}
protected override ReadOnlyCollection <IAuthorizationPolicy> ValidateTokenCore(System.IdentityModel.Tokens.SecurityToken token)
{
List <IAuthorizationPolicy> list = new List <IAuthorizationPolicy>();
list.Add(new DummyAuthorizationPolicy(new DefaultClaimSet(Claim.CreateDnsClaim(uri.Host))));
return(new ReadOnlyCollection <IAuthorizationPolicy>(list));
}
private System.IdentityModel.Tokens.SecurityToken ReadTokenCore(string token, bool isActorToken)
{
Utility.VerifyNonNullOrEmptyStringArgument("token", token);
if (base.Configuration == null)
{
throw new System.InvalidOperationException("No configuration");
}
if (base.Configuration.IssuerTokenResolver == null)
{
throw new System.InvalidOperationException("No configured IssuerTokenResolver");
}
if (!this.CanReadToken(token))
{
throw new System.IdentityModel.Tokens.SecurityTokenException("Unsupported security token.");
}
string[] array = token.Split(new char[]
{
'.'
});
string text = array[0];
string text2 = array[1];
string text3 = array[2];
System.Collections.Generic.Dictionary <string, string> dictionary = new System.Collections.Generic.Dictionary <string, string>(System.StringComparer.Ordinal);
dictionary.DecodeFromJson(Base64UrlEncoder.Decode(text));
System.Collections.Generic.Dictionary <string, string> dictionary2 = new System.Collections.Generic.Dictionary <string, string>(System.StringComparer.Ordinal);
dictionary2.DecodeFromJson(Base64UrlEncoder.Decode(text2));
string text4;
dictionary.TryGetValue("alg", out text4);
System.IdentityModel.Tokens.SecurityToken issuerToken = null;
if (!System.StringComparer.Ordinal.Equals(text4, "none"))
{
if (string.IsNullOrEmpty(text3))
{
throw new System.IdentityModel.Tokens.SecurityTokenException("Missing signature.");
}
System.IdentityModel.Tokens.SecurityKeyIdentifier signingKeyIdentifier = this.GetSigningKeyIdentifier(dictionary, dictionary2);
System.IdentityModel.Tokens.SecurityToken securityToken;
base.Configuration.IssuerTokenResolver.TryResolveToken(signingKeyIdentifier, out securityToken);
if (securityToken == null)
{
throw new System.IdentityModel.Tokens.SecurityTokenException("Invalid JWT token. Could not resolve issuer token.");
}
issuerToken = this.VerifySignature(string.Format(System.Globalization.CultureInfo.InvariantCulture, "{0}.{1}", new object[]
{
text,
text2
}), text3, text4, securityToken);
}
JsonWebSecurityToken actorToken = null;
if (!isActorToken)
{
actorToken = this.ReadActor(dictionary2);
}
string text5;
dictionary2.TryGetValue("iss", out text5);
if (string.IsNullOrEmpty(text5))
{
throw new System.IdentityModel.Tokens.SecurityTokenValidationException("The token being parsed does not have an issuer.");
}
string text6;
dictionary2.TryGetValue("aud", out text6);
if (string.IsNullOrEmpty(text6))
{
throw new System.IdentityModel.Tokens.SecurityTokenValidationException("The token being parsed does not have an audience.");
}
string text7;
dictionary2.TryGetValue("nbf", out text7);
if (string.IsNullOrEmpty(text7))
{
throw new System.IdentityModel.Tokens.SecurityTokenValidationException("The token being parsed does not have an 'not before' claim.");
}
System.DateTime dateTimeFromSeconds = this.GetDateTimeFromSeconds(text7);
text7 = "";
dictionary2.TryGetValue("exp", out text7);
if (string.IsNullOrEmpty(text7))
{
throw new System.IdentityModel.Tokens.SecurityTokenValidationException("The token being parsed does not have an 'expires at' claim.");
}
System.DateTime dateTimeFromSeconds2 = this.GetDateTimeFromSeconds(text7);
JsonWebSecurityToken jsonWebSecurityToken = new JsonWebSecurityToken(text5, text6, dateTimeFromSeconds, dateTimeFromSeconds2, this.CreateClaims(dictionary2), issuerToken, actorToken);
jsonWebSecurityToken.CaptureSourceData(token);
return(jsonWebSecurityToken);
}
protected override bool TryResolveTokenCore(System.IdentityModel.Tokens.SecurityKeyIdentifierClause keyIdentifierClause, out System.IdentityModel.Tokens.SecurityToken token)
{
token = default(System.IdentityModel.Tokens.SecurityToken);
return(default(bool));
}
public WrappedKeySecurityToken(string id, byte[] keyToWrap, string wrappingAlgorithm, System.IdentityModel.Tokens.SecurityToken wrappingToken, System.IdentityModel.Tokens.SecurityKeyIdentifier wrappingTokenReference)
{
}
protected override bool TryResolveTokenCore(System.IdentityModel.Tokens.SecurityKeyIdentifierClause keyIdentifierClause, out System.IdentityModel.Tokens.SecurityToken token)
{
return(base.TryResolveTokenCore(keyIdentifierClause, out token));
}
private static OAuth2AccessTokenRequest CreateAccessTokenRequestWithAssertionForSamlSecurityTokens(System.IdentityModel.Tokens.SecurityToken token, Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection securityTokenHandlers, string resource)
{
Utility.VerifyNonNullArgument("securityTokenHandlers", securityTokenHandlers);
OAuth2AccessTokenRequest oAuth2AccessTokenRequest = new OAuth2AccessTokenRequest();
if (token is System.IdentityModel.Tokens.SamlSecurityToken)
{
oAuth2AccessTokenRequest.GrantType = "urn:oasis:names:tc:SAML:1.0:assertion";
}
else
{
oAuth2AccessTokenRequest.GrantType = "urn:oasis:names:tc:SAML:2.0:assertion";
}
System.Xml.XmlWriterSettings xmlWriterSettings = new System.Xml.XmlWriterSettings();
System.Text.StringBuilder stringBuilder = new System.Text.StringBuilder();
xmlWriterSettings.OmitXmlDeclaration = true;
using (System.Xml.XmlWriter xmlWriter = System.Xml.XmlWriter.Create(stringBuilder, xmlWriterSettings))
{
securityTokenHandlers.WriteToken(xmlWriter, token);
oAuth2AccessTokenRequest.Assertion = stringBuilder.ToString();
}
oAuth2AccessTokenRequest.Resource = resource;
return(oAuth2AccessTokenRequest);
}
public override System.IdentityModel.Tokens.SecurityKeyIdentifierClause CreateSecurityTokenReference(System.IdentityModel.Tokens.SecurityToken token, bool attached)
{
return(null);
}
public override string GetIssuerName(System.IdentityModel.Tokens.SecurityToken securityToken, string requestedIssuerName)
{
return(base.GetIssuerName(securityToken, requestedIssuerName));
}
protected internal override System.IdentityModel.Tokens.SecurityKeyIdentifierClause CreateKeyIdentifierClause(System.IdentityModel.Tokens.SecurityToken token, SecurityTokenReferenceStyle referenceStyle)
{
return(default(System.IdentityModel.Tokens.SecurityKeyIdentifierClause));
}
protected override void WriteTokenCore(System.Xml.XmlWriter writer, System.IdentityModel.Tokens.SecurityToken token)
{
System.IdentityModel.Tokens.UserNameSecurityToken unToken = (System.IdentityModel.Tokens.UserNameSecurityToken)token;
writer.WriteRaw(@"<o:UsernameToken u:Id=""" + token.Id + @"""> <o:Username>" + unToken.UserName + @"</o:Username> <o:Password Type=""http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"">" + unToken.Password + @"</o:Password> </o:UsernameToken> ");
}
public JsonWebSecurityToken(string issuer, string audience, System.DateTime validFrom, System.DateTime validTo, System.Collections.Generic.IEnumerable <JsonWebTokenClaim> claims, System.IdentityModel.Tokens.SecurityToken issuerToken, JsonWebSecurityToken actorToken) : this(issuer, audience, validFrom, validTo, claims)
{
this._issuerToken = issuerToken;
this._actorToken = actorToken;
}