private string GetServiceToken(string securityXml, string serviceTarget, string servicePolicy) { string serviceTokenUrl = this.ServiceTokenUrl; string text = string.Empty; if (!string.IsNullOrEmpty(servicePolicy)) { text = string.Format(CultureInfo.InvariantCulture, "<wsp:PolicyReference URI=\"{0}\"></wsp:PolicyReference>", new object[] { servicePolicy }); } string body = string.Format(CultureInfo.InvariantCulture, "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<S:Envelope xmlns:S=\"http://www.w3.org/2003/05/soap-envelope\" xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\" xmlns:wsa=\"http://www.w3.org/2005/08/addressing\" xmlns:wst=\"http://schemas.xmlsoap.org/ws/2005/02/trust\">\r\n <S:Header>\r\n <wsa:Action S:mustUnderstand=\"1\">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</wsa:Action>\r\n <wsa:To S:mustUnderstand=\"1\">{0}</wsa:To>\r\n <ps:AuthInfo xmlns:ps=\"http://schemas.microsoft.com/LiveID/SoapServices/v1\" Id=\"PPAuthInfo\">\r\n <ps:BinaryVersion>5</ps:BinaryVersion>\r\n <ps:HostingApp>Managed IDCRL</ps:HostingApp>\r\n </ps:AuthInfo>\r\n <wsse:Security>{1}</wsse:Security>\r\n </S:Header>\r\n <S:Body>\r\n <wst:RequestSecurityToken xmlns:wst=\"http://schemas.xmlsoap.org/ws/2005/02/trust\" Id=\"RST0\">\r\n <wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>\r\n <wsp:AppliesTo>\r\n <wsa:EndpointReference>\r\n <wsa:Address>{2}</wsa:Address>\r\n </wsa:EndpointReference>\r\n </wsp:AppliesTo>\r\n {3}\r\n </wst:RequestSecurityToken>\r\n </S:Body>\r\n</S:Envelope>\r\n", new object[] { IdcrlUtility.XmlValueEncode(serviceTokenUrl), securityXml, IdcrlUtility.XmlValueEncode(serviceTarget), text }); XDocument xDocument = this.DoPost(serviceTokenUrl, "application/soap+xml; charset=utf-8", body, new Func <WebException, Exception>(IdcrlAuth.HandleWebException)); Exception soapException = IdcrlAuth.GetSoapException(xDocument); if (soapException != null) { ClientULS.SendTraceTag(3454926u, ClientTraceCategory.Authentication, ClientTraceLevel.High, "Soap error from {0}. Exception={1}", new object[] { serviceTokenUrl, soapException }); throw soapException; } XElement elementAtPath = IdcrlUtility.GetElementAtPath(xDocument.Root, new string[] { "{http://www.w3.org/2003/05/soap-envelope}Body", "{http://schemas.xmlsoap.org/ws/2005/02/trust}RequestSecurityTokenResponse", "{http://schemas.xmlsoap.org/ws/2005/02/trust}RequestedSecurityToken", "{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}BinarySecurityToken" }); if (elementAtPath == null) { ClientULS.SendTraceTag(3454927u, ClientTraceCategory.Authentication, ClientTraceLevel.High, "Cannot get binary security token for from {0}", new object[] { serviceTokenUrl }); throw IdcrlAuth.CreateIdcrlException(-2147186656); } return(elementAtPath.Value); }
private string GetPartnerTicketFromAdfs(string adfsUrl, string username, string password) { string body = string.Format(CultureInfo.InvariantCulture, "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<s:Envelope xmlns:s=\"http://www.w3.org/2003/05/soap-envelope\" xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\" xmlns:wsa=\"http://www.w3.org/2005/08/addressing\" xmlns:wssc=\"http://schemas.xmlsoap.org/ws/2005/02/sc\" xmlns:wst=\"http://schemas.xmlsoap.org/ws/2005/02/trust\">\r\n <s:Header>\r\n <wsa:Action s:mustUnderstand=\"1\">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</wsa:Action>\r\n <wsa:To s:mustUnderstand=\"1\">{0}</wsa:To>\r\n <wsa:MessageID>{1}</wsa:MessageID>\r\n <ps:AuthInfo xmlns:ps=\"http://schemas.microsoft.com/Passport/SoapServices/PPCRL\" Id=\"PPAuthInfo\">\r\n <ps:HostingApp>Managed IDCRL</ps:HostingApp>\r\n <ps:BinaryVersion>6</ps:BinaryVersion>\r\n <ps:UIVersion>1</ps:UIVersion>\r\n <ps:Cookies></ps:Cookies>\r\n <ps:RequestParams>AQAAAAIAAABsYwQAAAAxMDMz</ps:RequestParams>\r\n </ps:AuthInfo>\r\n <wsse:Security>\r\n <wsse:UsernameToken wsu:Id=\"user\">\r\n <wsse:Username>{2}</wsse:Username>\r\n <wsse:Password>{3}</wsse:Password>\r\n </wsse:UsernameToken>\r\n <wsu:Timestamp Id=\"Timestamp\">\r\n <wsu:Created>{4}</wsu:Created>\r\n <wsu:Expires>{5}</wsu:Expires>\r\n </wsu:Timestamp>\r\n </wsse:Security>\r\n </s:Header>\r\n <s:Body>\r\n <wst:RequestSecurityToken Id=\"RST0\">\r\n <wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>\r\n <wsp:AppliesTo>\r\n <wsa:EndpointReference>\r\n <wsa:Address>{6}</wsa:Address>\r\n </wsa:EndpointReference>\r\n </wsp:AppliesTo>\r\n <wst:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</wst:KeyType>\r\n </wst:RequestSecurityToken>\r\n </s:Body>\r\n</s:Envelope>", new object[] { IdcrlUtility.XmlValueEncode(adfsUrl), Guid.NewGuid().ToString(), IdcrlUtility.XmlValueEncode(username), IdcrlUtility.XmlValueEncode(password), DateTime.UtcNow.ToString("o", CultureInfo.InvariantCulture), DateTime.UtcNow.AddMinutes(10.0).ToString("o", CultureInfo.InvariantCulture), this.FederationTokenIssuer }); XDocument xDocument = this.DoPost(adfsUrl, "application/soap+xml; charset=utf-8", body, new Func <WebException, Exception>(IdcrlAuth.HandleWebException)); Exception soapException = IdcrlAuth.GetSoapException(xDocument); if (soapException != null) { ClientULS.SendTraceTag(3454924u, ClientTraceCategory.Authentication, ClientTraceLevel.High, "SOAP error from {0}. Exception={1}", new object[] { adfsUrl, soapException }); throw soapException; } XElement elementAtPath = IdcrlUtility.GetElementAtPath(xDocument.Root, new string[] { "{http://www.w3.org/2003/05/soap-envelope}Body", "{http://schemas.xmlsoap.org/ws/2005/02/trust}RequestSecurityTokenResponse", "{http://schemas.xmlsoap.org/ws/2005/02/trust}RequestedSecurityToken", "{urn:oasis:names:tc:SAML:1.0:assertion}Assertion" }); if (elementAtPath == null) { ClientULS.SendTraceTag(3454925u, ClientTraceCategory.Authentication, ClientTraceLevel.High, "Cannot get security assertion for user {0} from {1}", new object[] { username, adfsUrl }); throw IdcrlAuth.CreateIdcrlException(-2147186451); } return(elementAtPath.ToString(SaveOptions.DisableFormatting | SaveOptions.OmitDuplicateNamespaces)); }
private static Exception HandleWebException(WebException webException) { HttpWebResponse httpWebResponse = webException.Response as HttpWebResponse; if (httpWebResponse != null && httpWebResponse.ContentType != null && httpWebResponse.ContentType.IndexOf("application/soap+xml", StringComparison.OrdinalIgnoreCase) >= 0) { try { using (TextReader textReader = new StreamReader(httpWebResponse.GetResponseStream())) { string text = textReader.ReadToEnd(); ClientULS.SendTraceTag(3454932u, ClientTraceCategory.Authentication, ClientTraceLevel.High, "StatusCode={0}, ResponseText={1}", new object[] { (int)httpWebResponse.StatusCode, text }); using (XmlReader xmlReader = XmlReader.Create(new StringReader(text))) { XDocument xdoc = XDocument.Load(xmlReader); return(IdcrlAuth.GetSoapException(xdoc)); } } } catch (XmlException ex) { ClientULS.SendTraceTag(3454933u, ClientTraceCategory.Authentication, ClientTraceLevel.Medium, "Error when read error response. Exception={0}", new object[] { ex }); } catch (IOException ex2) { ClientULS.SendTraceTag(3454934u, ClientTraceCategory.Authentication, ClientTraceLevel.Medium, "Error when read error response. Exception={0}", new object[] { ex2 }); } } return(null); }