/// <summary>
/// Obtains a SWT token from ACSv2.
/// </summary>
/// <returns>A token from ACS.</returns>
static string GetManagementToken(AccessControlSettings settings)
{
try
{
//
// Request a token from ACS
//
WebClient client = new WebClient();
client.BaseAddress = string.Format(CultureInfo.CurrentCulture, "https://{0}.{1}", settings.ServiceNamespace,
settings.AccessControlServiceAddress);
Uri scopeUri = new Uri(client.BaseAddress + settings.AccessControlManagementPath);
NameValueCollection values = new NameValueCollection();
values.Add("grant_type", "client_credentials");
values.Add("client_id", settings.ManagementServiceIdentityName);
values.Add("client_secret", settings.ManagementServiceIdentityKey);
values.Add("scope", scopeUri.ToString());
byte[] responseBytes = client.UploadValues("/v2/OAuth2-13", "POST", values);
//
// Extract the access token and return it.
//
using (MemoryStream responseStream = new MemoryStream(responseBytes))
{
OAuth2TokenResponse tokenResponse =
(OAuth2TokenResponse) new DataContractJsonSerializer(typeof(OAuth2TokenResponse)).ReadObject(responseStream);
return(tokenResponse.access_token);
}
}
catch (Exception)
{
return(null);
}
}
public static AccessControlServiceIdentity Create(AccessControlSettings accessControlSettings, string name)
{
AccessControlServiceIdentity identity = new AccessControlServiceIdentity(accessControlSettings);
identity.RegenerateKey();
identity.Name = name;
return(identity);
}
/// <summary>
/// Creates and returns a ManagementService object. This is the only 'interface' used by other classes.
/// </summary>
/// <returns>An instance of the ManagementService.</returns>
public static ManagementService CreateManagementServiceClient(AccessControlSettings settings)
{
string managementServiceEndpoint = String.Format(CultureInfo.InvariantCulture, "https://{0}.{1}/{2}", settings.ServiceNamespace,
settings.AccessControlServiceAddress, settings.AccessControlManagementPath);
ManagementService managementService = new ManagementService(new Uri(managementServiceEndpoint));
managementService.SendingRequest += (o, e) => AddManagementTokenWithWritePermission((HttpWebRequest)e.Request, settings);
return(managementService);
}
public static void ResetNamespace(Uri rpAddress, AccessControlSettings settings)
{
rpAddress = new UriBuilder(rpAddress)
{
Scheme = "http", Port = -1
}.Uri;
var serviceClient = ManagementServiceHelper.CreateManagementServiceClient(settings);
foreach (var g1 in from g in serviceClient.RuleGroups where g.Name.StartsWith(rpAddress.AbsoluteUri) select g)
{
serviceClient.DeleteRuleGroupByNameIfExists(g1.Name);
}
serviceClient.SaveChanges();
}
public static AccessControlList GetAccessControlList(Uri relyingPartyUri, AccessControlSettings settings)
{
var localPath = relyingPartyUri.LocalPath;
relyingPartyUri =
new UriBuilder(relyingPartyUri)
{
Scheme = "http", Port = -1, Path = localPath.Substring(0, localPath.EndsWith("/") ? localPath.Length - 1 : localPath.Length)
}.Uri;
var relyingPartyAddress = relyingPartyUri.AbsoluteUri;
var serviceClient = ManagementServiceHelper.CreateManagementServiceClient(settings);
var longestPrefixRpAddress = GetLongestPrefixRelyingPartyAddress(serviceClient, relyingPartyAddress);
if (longestPrefixRpAddress != null)
{
var relyingParty = GetRelyingPartyByAddress(serviceClient, longestPrefixRpAddress);
if (relyingParty != null)
{
return(new AccessControlList(relyingPartyUri, relyingParty, serviceClient));
}
}
throw new InvalidOperationException();
}
/// <summary>
/// Helper function for the event handler above, adding the SWT token to the HTTP 'Authorization' header.
/// The SWT token is cached so that we don't need to obtain a token on every request.
/// </summary>
/// <param name = "args">Event arguments.</param>
public static void AddManagementTokenWithWritePermission(HttpWebRequest args, AccessControlSettings settings)
{
if (cachedSwtToken == null)
{
cachedSwtToken = GetManagementToken(settings);
}
args.Headers.Add(HttpRequestHeader.Authorization, "Bearer " + cachedSwtToken);
}
AccessControlServiceIdentity(AccessControlSettings settings)
{
this.settings = settings;
}
