public static void tokenTest() { string relyingPartyId = "https://shadfs.sanfordhealth.org/adfs/ls/ldpinitiatedsignon.aspx"; WSTrustChannelFactory factory = null; try { // use a UserName Trust Binding for username authentication factory = new WSTrustChannelFactory( new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress("https://secure.genomenext.net/app/services/trust/13/usernamemixed")); /////I'll change this endpoint this later//////// factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.UserName.UserName = "******"; factory.Credentials.UserName.Password = "******"; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointReference(relyingPartyId), KeyType = KeyTypes.Bearer }; IWSTrustChannelContract channel = factory.CreateChannel(); GenericXmlSecurityToken genericToken = channel.Issue(rst) as GenericXmlSecurityToken; //MessageSecurityException -> PW falsch var _handler = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection(); var tokenString = genericToken.ToTokenXmlString(); var samlToken2 = _handler.ReadToken(new XmlTextReader(new StringReader(tokenString))); ValidateSamlToken(samlToken2); X509Certificate2 certificate = null; X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadOnly); certificate = store.Certificates.Find(X509FindType.FindByThumbprint, "thumb", false)[0]; // var jwt = ConvertSamlToJwt(samlToken2, "https://party.mycomp.com", certificate); } finally { if (factory != null) { try { factory.Close(); } catch (CommunicationObjectFaultedException) { factory.Abort(); } } }
/// <summary> /// Returns Generic XML Security Token from ADFS to generated FedAuth /// </summary> /// <param name="kerberosMixed">ADFS Endpoint for Kerberos Mixed Authentication</param> /// <param name="relyingPartyIdentifier">Identifier of the ADFS relying party that we're hitting</param> /// <returns></returns> private GenericXmlSecurityToken RequestToken(Uri kerberosMixed, string relyingPartyIdentifier) { GenericXmlSecurityToken genericToken = null; using (var factory = new WSTrustChannelFactory(new KerberosWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(kerberosMixed))) { factory.TrustVersion = TrustVersion.WSTrust13; var requestSecurityToken = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointReference(relyingPartyIdentifier), KeyType = KeyTypes.Bearer }; IWSTrustChannelContract channel = factory.CreateChannel(); genericToken = channel.Issue(requestSecurityToken) as GenericXmlSecurityToken; factory.Close(); } return(genericToken); }
/// <summary> /// Returns Generic XML Security Token from ADFS to generated FedAuth /// </summary> /// <param name="serialNumber">Serial Number of Certificate from CurrentUSer > My Certificate</param> /// <param name="certificateMixed">ADFS Endpoint for Certificate Mixed Authentication</param> /// <param name="relyingPartyIdentifier">Identifier of the ADFS relying party that we're hitting</param> /// <returns></returns> private GenericXmlSecurityToken RequestToken(string serialNumber, Uri certificateMixed, string relyingPartyIdentifier) { GenericXmlSecurityToken genericToken = null; using (var factory = new WSTrustChannelFactory(new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(certificateMixed))) { factory.TrustVersion = TrustVersion.WSTrust13; // Hookup the user and password factory.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySerialNumber, serialNumber); var requestSecurityToken = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointReference(relyingPartyIdentifier), KeyType = KeyTypes.Bearer }; IWSTrustChannelContract channel = factory.CreateChannel(); genericToken = channel.Issue(requestSecurityToken) as GenericXmlSecurityToken; factory.Close(); } return(genericToken); }
private GenericXmlSecurityToken RequestToken(string userName, string passWord, Uri userNameMixed, string relyingPartyIdentifier) { GenericXmlSecurityToken genericToken = null; using (var factory = new WSTrustChannelFactory(new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(userNameMixed))) { factory.TrustVersion = TrustVersion.WSTrust13; // Hookup the user and password factory.Credentials.UserName.UserName = userName; factory.Credentials.UserName.Password = passWord; var requestSecurityToken = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointReference(relyingPartyIdentifier), KeyType = KeyTypes.Bearer }; IWSTrustChannelContract channel = factory.CreateChannel(); genericToken = channel.Issue(requestSecurityToken) as GenericXmlSecurityToken; factory.Close(); } return genericToken; }
private GenericXmlSecurityToken RequestToken(string userName, string passWord, Uri userNameMixed, string relyingPartyIdentifier) { GenericXmlSecurityToken genericToken = null; using (var factory = new WSTrustChannelFactory(new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(userNameMixed))) { factory.TrustVersion = TrustVersion.WSTrust13; // Hookup the user and password factory.Credentials.UserName.UserName = userName; factory.Credentials.UserName.Password = passWord; var requestSecurityToken = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointReference(relyingPartyIdentifier), KeyType = KeyTypes.Bearer }; IWSTrustChannelContract channel = factory.CreateChannel(); genericToken = channel.Issue(requestSecurityToken) as GenericXmlSecurityToken; factory.Close(); } return(genericToken); }
/// <summary> /// Returns Generic XML Security Token from ADFS to generated FedAuth /// </summary> /// <param name="serialNumber">Serial Number of Certificate from CurrentUSer > My Certificate</param> /// <param name="certificateMixed">ADFS Endpoint for Certificate Mixed Authentication</param> /// <param name="relyingPartyIdentifier">Identifier of the ADFS relying party that we're hitting</param> /// <returns></returns> private GenericXmlSecurityToken RequestToken(string serialNumber, Uri certificateMixed, string relyingPartyIdentifier) { GenericXmlSecurityToken genericToken = null; using (var factory = new WSTrustChannelFactory(new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(certificateMixed))) { factory.TrustVersion = TrustVersion.WSTrust13; // Hookup the user and password factory.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySerialNumber, serialNumber); var requestSecurityToken = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointReference(relyingPartyIdentifier), KeyType = KeyTypes.Bearer }; IWSTrustChannelContract channel = factory.CreateChannel(); genericToken = channel.Issue(requestSecurityToken) as GenericXmlSecurityToken; factory.Close(); } return genericToken; }
void IDisposable.Dispose() { _factory.Close(); }
/// <summary> /// Uses the WSTrustChannel to retrieve an issued token from the STS. /// </summary> /// <returns>The SecurityToken issued by the STS.</returns> private static SecurityToken GetIssuedToken() { // // Note that the default trust version used by the WSTrustChannel // is the trust version found on any security binding element in the // WSTrustChannelFactory's binding. // // However, set the TrustVersion property directly on the WSTrustChannelFactory // to be explicit. // WSTrustChannelFactory trustChannelFactory = new WSTrustChannelFactory(GetSecurityTokenServiceBinding(), new EndpointAddress(STSAddress)); trustChannelFactory.TrustVersion = TrustVersion.WSTrust13; WSTrustChannel channel = null; try { // // Instantiate the RST object used for the issue request // to the STS. // // To use the February 2005 spec: // // RequestSecurityToken rst = new RequestSecurityToken( WSTrustFeb2005Constants.RequestTypes.Issue ); // RequestSecurityToken rst = new RequestSecurityToken(WSTrust13Constants.RequestTypes.Issue); rst.AppliesTo = new EndpointAddress(ServiceAddress); // Set client entropy, protect with STS's cert. // It is not necessary to encrypt the entropy as the message body is encrypted. // This sample shows how to encrypt the entropy for scenarios where it is required. rst.Entropy = new Entropy(CreateEntropy(), new X509EncryptingCredentials(STSCertificate)); // Set key type to symmetric. rst.KeyType = KeyTypes.Symmetric; // Set key size for the symmetric proof key. rst.KeySizeInBits = 256; // // Sends the RST message to the STS and extracts the // issued security token in accordance with the WS-Trust // specification. // channel = (WSTrustChannel)trustChannelFactory.CreateChannel(); SecurityToken token = channel.Issue(rst); ((IChannel)channel).Close(); channel = null; trustChannelFactory.Close(); trustChannelFactory = null; return(token); } finally { if (channel != null) { ((IChannel)channel).Abort(); } if (trustChannelFactory != null) { trustChannelFactory.Abort(); } } }