public static void tokenTest()
{
string relyingPartyId = "https://shadfs.sanfordhealth.org/adfs/ls/ldpinitiatedsignon.aspx";
WSTrustChannelFactory factory = null;
try
{
// use a UserName Trust Binding for username authentication
factory = new WSTrustChannelFactory(
new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential),
new EndpointAddress("https://secure.genomenext.net/app/services/trust/13/usernamemixed"));
/////I'll change this endpoint this later////////
factory.TrustVersion = TrustVersion.WSTrust13;
factory.Credentials.UserName.UserName = "******";
factory.Credentials.UserName.Password = "******";
var rst = new RequestSecurityToken
{
RequestType = RequestTypes.Issue,
AppliesTo = new EndpointReference(relyingPartyId),
KeyType = KeyTypes.Bearer
};
IWSTrustChannelContract channel = factory.CreateChannel();
GenericXmlSecurityToken genericToken = channel.Issue(rst) as GenericXmlSecurityToken; //MessageSecurityException -> PW falsch
var _handler = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection();
var tokenString = genericToken.ToTokenXmlString();
var samlToken2 = _handler.ReadToken(new XmlTextReader(new StringReader(tokenString)));
ValidateSamlToken(samlToken2);
X509Certificate2 certificate = null;
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
certificate = store.Certificates.Find(X509FindType.FindByThumbprint, "thumb", false)[0];
// var jwt = ConvertSamlToJwt(samlToken2, "https://party.mycomp.com", certificate);
}
finally
{
if (factory != null)
{
try
{
factory.Close();
}
catch (CommunicationObjectFaultedException)
{
factory.Abort();
}
}
}
/// <summary>
/// Issues the token
/// Mostly copied from Service References
/// </summary>
private GenericXmlSecurityToken IssueToken()
{
_logger.WriteDebug("Issue Token");
var issuerEndpoint = FindIssuerEndpoint();
var requestSecurityToken = new RequestSecurityToken
{
RequestType = RequestTypes.Issue,
AppliesTo = new EndpointReference(_infoShareWSAppliesTo.Value.AbsoluteUri),
KeyType = System.IdentityModel.Protocols.WSTrust.KeyTypes.Symmetric
};
using (var factory = new WSTrustChannelFactory((WS2007HttpBinding)issuerEndpoint.Binding, issuerEndpoint.Address))
{
ApplyCredentials(factory.Credentials);
ApplyTimeout(factory.Endpoint, _connectionParameters.IssueTimeout);
factory.TrustVersion = TrustVersion.WSTrust13;
factory.Credentials.SupportInteractive = false;
WSTrustChannel channel = null;
try
{
_logger.WriteDebug($"Issue Token for AppliesTo[{requestSecurityToken.AppliesTo.Uri}]");
channel = (WSTrustChannel)factory.CreateChannel();
RequestSecurityTokenResponse requestSecurityTokenResponse;
return(channel.Issue(requestSecurityToken, out requestSecurityTokenResponse) as GenericXmlSecurityToken);
}
catch
{
// Fallback to 10.0.X and 11.0.X configuration using relying party per url like /InfoShareWS/API25/Application.svc
requestSecurityToken.AppliesTo = new EndpointReference(_serviceUriByServiceName[Application25].AbsoluteUri);
_logger.WriteDebug($"Issue Token for AppliesTo[{requestSecurityToken.AppliesTo.Uri}] as fallback on 10.0.x/11.0.x");
RequestSecurityTokenResponse requestSecurityTokenResponse;
return(channel.Issue(requestSecurityToken, out requestSecurityTokenResponse) as GenericXmlSecurityToken);
}
finally
{
if (channel != null)
{
channel.Abort();
}
factory.Abort();
}
}
}
/// <summary>
/// Issues the token
/// Mostly copied from Service References
/// </summary>
public void IssueToken()
{
var requestSecurityToken = new RequestSecurityToken
{
RequestType = RequestTypes.Issue,
AppliesTo = new EndpointReference(uris["Application25"].AbsoluteUri),
KeyType = System.IdentityModel.Protocols.WSTrust.KeyTypes.Symmetric,
};
requestSecurityToken.TokenType = SamlSecurityTokenHandler.Assertion;
//This should have worked directly but I don't know why it doesn't.
//using (var factory = new WSTrustChannelFactory(this.issuerServiceEndpoint))
using (var factory = new WSTrustChannelFactory((WS2007HttpBinding)this.issuerServiceEndpoint.Binding, this.issuerServiceEndpoint.Address))
{
ApplyCredentials(factory.Credentials);
//Apply the connection timeout to the token issue process
ApplyTimeout(factory.Endpoint, IssueTimeout);
factory.TrustVersion = TrustVersion.WSTrust13;
factory.Credentials.SupportInteractive = false;
WSTrustChannel channel = null;
try
{
channel = (WSTrustChannel)factory.CreateChannel();
RequestSecurityTokenResponse requestSecurityTokenResponse;
this.issuedToken = channel.Issue(requestSecurityToken, out requestSecurityTokenResponse) as GenericXmlSecurityToken;
}
catch (Exception ex)
{
throw;
}
finally
{
if (channel != null)
{
channel.Abort();
}
factory.Abort();
}
}
}
private static SecurityToken GetSamlToken(string realm, string stsEndpoint, ClientCredentials clientCredentials)
{
using (var factory = new WSTrustChannelFactory(
new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential),
new EndpointAddress(new Uri(stsEndpoint))))
{
factory.Credentials.UserName.UserName = clientCredentials.UserName.UserName;
factory.Credentials.UserName.Password = clientCredentials.UserName.Password;
factory.TrustVersion = TrustVersion.WSTrust13;
WSTrustChannel channel = null;
try
{
var rst = new RequestSecurityToken
{
RequestType = WSTrust13Constants.RequestTypes.Issue,
AppliesTo = new EndpointAddress(realm),
KeyType = KeyTypes.Bearer,
};
channel = (WSTrustChannel)factory.CreateChannel();
RequestSecurityTokenResponse response;
var token = channel.Issue(rst, out response);
return(token);
}
finally
{
if (channel != null)
{
channel.Abort();
}
factory.Abort();
}
}
}
private static SecurityToken GetSAMLTokenWithKerberosCredentials(string kerberosEndpoint = null, string servicePrincipalName = null, string relyingPartyIdentifier = null, RequestSecurityToken rst = null)
{
var stsEndpoint = kerberosEndpoint ?? ConfigurationManager.AppSettings["kerberosEndpoint"];
var spnIdentity = servicePrincipalName ?? ConfigurationManager.AppSettings["servicePrincipalName"];
string serviceEndpoint = relyingPartyIdentifier ?? ConfigurationManager.AppSettings["relyingPartyIdentifier"];
using (var factory = new WSTrustChannelFactory(GetWindowsWSTrustBinding(), new EndpointAddress(new Uri(stsEndpoint),
EndpointIdentity.CreateSpnIdentity(spnIdentity), new AddressHeaderCollection())))
{
factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
factory.TrustVersion = TrustVersion.WSTrust13;
WSTrustChannel channel = null;
try
{
if (rst == null)
{
rst = BuildRequestSecurityToken();
}
channel = (WSTrustChannel)factory.CreateChannel();
return channel.Issue(rst);
}
finally
{
if (channel != null)
{
channel.Abort();
}
factory.Abort();
}
}
}
private static SecurityToken GetSAMLTokenWithUserNameCredentials(string user, string password, string usernamePasswordEndpoint = null, string relyingParty = null, RequestSecurityToken rst = null)
{
Uri stsEndpoint = new Uri(usernamePasswordEndpoint ?? ConfigurationManager.AppSettings["usernamePasswordEndpoint"]);
EndpointAddress endpointAddress;
if (stsEndpoint.Host.Contains("localhost"))
{
endpointAddress = new EndpointAddress(stsEndpoint, new DnsEndpointIdentity("SelfSTS"), new AddressHeaderCollection());
}
else
{
endpointAddress = new EndpointAddress(stsEndpoint);
}
Binding binding = stsEndpoint.Scheme == "https" ? GetUserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential) : GetUserNameWSTrustBinding(SecurityMode.Message);
using (var factory = new WSTrustChannelFactory(binding, endpointAddress))
{
factory.Credentials.UserName.UserName = user;
factory.Credentials.UserName.Password = password;
factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
factory.TrustVersion = TrustVersion.WSTrust13;
WSTrustChannel channel = null;
try
{
if (rst == null)
{
rst = BuildRequestSecurityToken();
}
channel = (WSTrustChannel)factory.CreateChannel();
return channel.Issue(rst);
}
finally
{
if (channel != null)
{
channel.Abort();
}
factory.Abort();
}
}
}
void ICommunicationObject.Abort()
{
_factory.Abort();
}
/// <summary>
/// Uses the WSTrustChannel to retrieve an issued token from the STS.
/// </summary>
/// <returns>The SecurityToken issued by the STS.</returns>
private static SecurityToken GetIssuedToken()
{
//
// Note that the default trust version used by the WSTrustChannel
// is the trust version found on any security binding element in the
// WSTrustChannelFactory's binding.
//
// However, set the TrustVersion property directly on the WSTrustChannelFactory
// to be explicit.
//
WSTrustChannelFactory trustChannelFactory = new WSTrustChannelFactory(GetSecurityTokenServiceBinding(), new EndpointAddress(STSAddress));
trustChannelFactory.TrustVersion = TrustVersion.WSTrust13;
WSTrustChannel channel = null;
try
{
//
// Instantiate the RST object used for the issue request
// to the STS.
//
// To use the February 2005 spec:
//
// RequestSecurityToken rst = new RequestSecurityToken( WSTrustFeb2005Constants.RequestTypes.Issue );
//
RequestSecurityToken rst = new RequestSecurityToken(WSTrust13Constants.RequestTypes.Issue);
rst.AppliesTo = new EndpointAddress(ServiceAddress);
// Set client entropy, protect with STS's cert.
// It is not necessary to encrypt the entropy as the message body is encrypted.
// This sample shows how to encrypt the entropy for scenarios where it is required.
rst.Entropy = new Entropy(CreateEntropy(), new X509EncryptingCredentials(STSCertificate));
// Set key type to symmetric.
rst.KeyType = KeyTypes.Symmetric;
// Set key size for the symmetric proof key.
rst.KeySizeInBits = 256;
//
// Sends the RST message to the STS and extracts the
// issued security token in accordance with the WS-Trust
// specification.
//
channel = (WSTrustChannel)trustChannelFactory.CreateChannel();
SecurityToken token = channel.Issue(rst);
((IChannel)channel).Close();
channel = null;
trustChannelFactory.Close();
trustChannelFactory = null;
return(token);
}
finally
{
if (channel != null)
{
((IChannel)channel).Abort();
}
if (trustChannelFactory != null)
{
trustChannelFactory.Abort();
}
}
}
