private FederationProviderInfo ParseFederationProviderInfo(XDocument xdoc, string fpDomainName)
{
foreach (XElement item in xdoc.Root.Elements("FP"))
{
if (item.Attribute("DomainName") != null && string.Equals(item.Attribute("DomainName").Value, fpDomainName, StringComparison.OrdinalIgnoreCase))
{
XElement elementAtPath = IdcrlUtility.GetElementAtPath(item, IdcrlMessageConstants.URL, IdcrlMessageConstants.GETUSERREALM);
XElement elementAtPath2 = IdcrlUtility.GetElementAtPath(item, IdcrlMessageConstants.URL, IdcrlMessageConstants.RST2);
XElement elementAtPath3 = IdcrlUtility.GetElementAtPath(item, IdcrlMessageConstants.URL, IdcrlMessageConstants.ENTITYID);
if (elementAtPath != null && elementAtPath2 != null && elementAtPath3 != null)
{
this._Logger?.LogError("Find federation provider information for federation provider domain name {0}. UserRealmServiceUrl={1}, SecurityTokenServiceUrl={2}, FederationTokenIssuer={3}", fpDomainName, elementAtPath.Value, elementAtPath2.Value, elementAtPath3.Value);
var federationProviderInfo = new FederationProviderInfo {
UserRealmServiceUrl = elementAtPath.Value,
SecurityTokenServiceUrl = elementAtPath2.Value,
FederationTokenIssuer = elementAtPath3.Value
};
return(federationProviderInfo);
}
this._Logger?.LogError("Cannot get the user realm service url or security token service url for federation provider {0}", fpDomainName);
throw IdcrlAuth.CreateIdcrlException(-2147186646);
}
}
this._Logger?.LogError("Cannot find federation provider information for federation domain {0}", fpDomainName);
throw IdcrlAuth.CreateIdcrlException(-2147186646);
}
private Exception GetSoapException(XDocument xdoc)
{
XElement elementAtPath = IdcrlUtility.GetElementAtPath(xdoc.Root, "{http://www.w3.org/2003/05/soap-envelope}Body", "{http://www.w3.org/2003/05/soap-envelope}Fault");
if (elementAtPath == null)
{
return(null);
}
XElement elementAtPathCode = IdcrlUtility.GetElementAtPath(xdoc.Root, "{http://www.w3.org/2003/05/soap-envelope}Body", "{http://www.w3.org/2003/05/soap-envelope}Fault", "{http://www.w3.org/2003/05/soap-envelope}Code", "{http://www.w3.org/2003/05/soap-envelope}Subcode", "{http://www.w3.org/2003/05/soap-envelope}Value");
XElement elementAtPathValue = IdcrlUtility.GetElementAtPath(xdoc.Root, "{http://www.w3.org/2003/05/soap-envelope}Body", "{http://www.w3.org/2003/05/soap-envelope}Fault", "{http://www.w3.org/2003/05/soap-envelope}Detail", "{http://schemas.microsoft.com/Passport/SoapServices/SOAPFault}error", "{http://schemas.microsoft.com/Passport/SoapServices/SOAPFault}value");
XElement elementAtPathInternalError = IdcrlUtility.GetElementAtPath(xdoc.Root, "{http://www.w3.org/2003/05/soap-envelope}Body", "{http://www.w3.org/2003/05/soap-envelope}Fault", "{http://www.w3.org/2003/05/soap-envelope}Detail", "{http://schemas.microsoft.com/Passport/SoapServices/SOAPFault}error", "{http://schemas.microsoft.com/Passport/SoapServices/SOAPFault}internalerror", "{http://schemas.microsoft.com/Passport/SoapServices/SOAPFault}text");
string textCode = null;
if (elementAtPathCode != null)
{
textCode = elementAtPathCode.Value;
int num = textCode.IndexOf(':');
if (num >= 0)
{
textCode = textCode.Substring(num + 1);
}
}
string textValue = null;
if (elementAtPathValue != null)
{
textValue = elementAtPathValue.Value;
}
string textInternalError = null;
if (elementAtPathInternalError != null)
{
textInternalError = elementAtPathInternalError.Value;
}
this._Logger?.LogError("PassportErrorCode={0}, PassportDetailCode={1}, PassportErrorText={2}", textCode, textValue, textInternalError);
int errorCode;
long errorCodeValue = default(long);
if (string.IsNullOrEmpty(textValue))
{
errorCode = IdcrlAuth.MapPartnerSoapFault(textCode);
}
else
{
if ((textValue.StartsWith("0x", StringComparison.OrdinalIgnoreCase) && long.TryParse(textValue.Substring(2), NumberStyles.HexNumber, (IFormatProvider)CultureInfo.InvariantCulture, out errorCodeValue)) ||
(long.TryParse(textValue, NumberStyles.Integer, (IFormatProvider)CultureInfo.InvariantCulture, out errorCodeValue)))
{
errorCode = (int)errorCodeValue;
if (string.Compare(textCode, "FailedAuthentication", StringComparison.OrdinalIgnoreCase) == 0)
{
errorCode = ((errorCode == -2147186639) ? errorCode : (-2147186655));
}
}
else
{
errorCode = -2147186656;
}
}
return(IdcrlAuth.CreateIdcrlException(errorCode));
}
private async Task <string> GetPartnerTicketFromAdfsAsync(string adfsUrl, string username, string password)
{
string body = string.Format(
CultureInfo.InvariantCulture,
/*
* "<?xml version=\"1.0\" encoding=\"UTF-8\"?><s:Envelope xmlns:s=\"http://www.w3.org/2003/05/soap-envelope\" xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\" xmlns:wsa=\"http://www.w3.org/2005/08/addressing\" xmlns:wssc=\"http://schemas.xmlsoap.org/ws/2005/02/sc\" xmlns:wst=\"http://schemas.xmlsoap.org/ws/2005/02/trust\"><s:Header><wsa:Action s:mustUnderstand=\"1\">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</wsa:Action><wsa:To s:mustUnderstand=\"1\">{0}</wsa:To><wsa:MessageID>{1}</wsa:MessageID><ps:AuthInfo xmlns:ps=\"http://schemas.microsoft.com/Passport/SoapServices/PPCRL\" Id=\"PPAuthInfo\"><ps:HostingApp>Managed IDCRL</ps:HostingApp><ps:BinaryVersion>6</ps:BinaryVersion><ps:UIVersion>1</ps:UIVersion><ps:Cookies></ps:Cookies><ps:RequestParams>AQAAAAIAAABsYwQAAAAxMDMz</ps:RequestParams></ps:AuthInfo><wsse:Security><wsse:UsernameToken wsu:Id=\"user\"><wsse:Username>{2}</wsse:Username><wsse:Password>{3}</wsse:Password></wsse:UsernameToken><wsu:Timestamp Id=\"Timestamp\"><wsu:Created>{4}</wsu:Created><wsu:Expires>{5}</wsu:Expires></wsu:Timestamp></wsse:Security></s:Header><s:Body><wst:RequestSecurityToken Id=\"RST0\"><wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType><wsp:AppliesTo><wsa:EndpointReference><wsa:Address>{6}</wsa:Address></wsa:EndpointReference></wsp:AppliesTo><wst:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</wst:KeyType></wst:RequestSecurityToken></s:Body></s:Envelope>",
*/
IdcrlMessageConstants.AdfsAuthMessage,
IdcrlUtility.XmlValueEncode(adfsUrl),
Guid.NewGuid().ToString(),
IdcrlUtility.XmlValueEncode(username),
IdcrlUtility.XmlValueEncode(password),
DateTime.UtcNow.ToString("o", CultureInfo.InvariantCulture),
DateTime.UtcNow.AddMinutes(10.0).ToString("o", CultureInfo.InvariantCulture),
this.FederationTokenIssuer);
XDocument xDocument = await this.DoPostAsync(adfsUrl, IdcrlMessageConstants.SoapContentType, body, this.HandleWebException);
Exception soapException = this.GetSoapException(xDocument);
if (soapException != null)
{
this._Logger?.LogError("SOAP error from {0}. Exception={1}", adfsUrl, soapException);
throw soapException;
}
XElement elementAtPath = IdcrlUtility.GetElementAtPath(xDocument.Root, "{http://www.w3.org/2003/05/soap-envelope}Body", "{http://schemas.xmlsoap.org/ws/2005/02/trust}RequestSecurityTokenResponse", "{http://schemas.xmlsoap.org/ws/2005/02/trust}RequestedSecurityToken", "{urn:oasis:names:tc:SAML:1.0:assertion}Assertion");
if (elementAtPath == null)
{
this._Logger?.LogError("Cannot get security assertion for user {0} from {1}", username, adfsUrl);
throw CreateIdcrlException(-2147186451);
}
return(elementAtPath.ToString(SaveOptions.DisableFormatting | SaveOptions.OmitDuplicateNamespaces));
}
private IdcrlHeader GetIdcrlHeader(Uri url, bool alwaysThrowOnFailure, EventHandler <WebRequestEventArgs> executingWebRequest)
{
HttpWebRequest httpWebRequest = (HttpWebRequest)WebRequest.Create(url);
((NameValueCollection)httpWebRequest.Headers)[IdcrlConstants.HEADER_IDCRL_AUTH_ACCEPTED] = "t";
httpWebRequest.AuthenticationLevel = AuthenticationLevel.None;
if (executingWebRequest != null)
{
executingWebRequest(this, new WebRequestEventArgs(httpWebRequest));
}
HttpWebResponse httpWebResponse = null;
try {
httpWebResponse = (httpWebRequest.GetResponse() as HttpWebResponse);
} catch (WebException ex) {
this._Logger?.LogWarning("Exception in request. Url={0}, WebException={1}", url, ex);
httpWebResponse = (ex.Response as HttpWebResponse);
if (!alwaysThrowOnFailure)
{
goto end_IL_0048;
}
if (httpWebResponse != null)
{
if (httpWebResponse.StatusCode == HttpStatusCode.Forbidden)
{
goto end_IL_0048;
}
if (httpWebResponse.StatusCode == HttpStatusCode.Unauthorized)
{
goto end_IL_0048;
}
}
throw;
end_IL_0048 :;
}
if (httpWebResponse == null)
{
this._Logger?.LogError("Cannot get response for request to {0}", url);
if (alwaysThrowOnFailure)
{
throw new ClientRequestException($"Cannot get response for request to {url}");
}
return(null);
}
string webResponseHeader = IdcrlUtility.GetWebResponseHeader(httpWebResponse);
HttpStatusCode statusCode = httpWebResponse.StatusCode;
this._Logger?.LogWarning("Response.StatusCode={0}, Headers={1}", statusCode, webResponseHeader);
string text = ((NameValueCollection)httpWebResponse.Headers)[IdcrlConstants.HEADER_IDCRL_AUTH_PARAMS_V1];
if (string.IsNullOrEmpty(text))
{
text = httpWebResponse.Headers[HttpResponseHeader.WwwAuthenticate];
}
httpWebResponse.Close();
this._Logger?.LogWarning("IdcrlHeader={0}", text);
return(this.ParseIdcrlHeader(text, url, statusCode, webResponseHeader, alwaysThrowOnFailure));
}
private string ParseFPDomainName(XDocument xdoc)
{
XElement elementAtPath = IdcrlUtility.GetElementAtPath(xdoc.Root, IdcrlMessageConstants.FPDOMAINNAME);
if (elementAtPath == null)
{
this._Logger?.LogError("Cannot find FPDOMAINNAME element");
throw IdcrlAuth.CreateIdcrlException(-2147186646);
}
return(elementAtPath.Value);
}
private string BuildWsSecurityUsingUsernamePassword(string username, string password)
{
DateTime utcNow = DateTime.UtcNow;
return(string.Format(
CultureInfo.InvariantCulture,
"<wsse:UsernameToken wsu:Id=\"user\"><wsse:Username>{0}</wsse:Username><wsse:Password>{1}</wsse:Password></wsse:UsernameToken><wsu:Timestamp Id=\"Timestamp\"><wsu:Created>{2}</wsu:Created><wsu:Expires>{3}</wsu:Expires></wsu:Timestamp>\r\n",
IdcrlUtility.XmlValueEncode(username),
IdcrlUtility.XmlValueEncode(password),
utcNow.ToString("o", CultureInfo.InvariantCulture),
utcNow.AddDays(1.0).ToString("o", CultureInfo.InvariantCulture)));
}
private async Task <string> GetServiceTokenAsync(string securityXml, string serviceTarget, string servicePolicy)
{
string serviceTokenUrl = this.ServiceTokenUrl;
string text = string.Empty;
if (!string.IsNullOrEmpty(servicePolicy))
{
text = string.Format(CultureInfo.InvariantCulture, "<wsp:PolicyReference URI=\"{0}\"></wsp:PolicyReference>", new object[1] {
servicePolicy
});
}
string body = string.Format(
CultureInfo.InvariantCulture,
/*
* "<?xml version=\"1.0\" encoding=\"UTF-8\"?><S:Envelope xmlns:S=\"http://www.w3.org/2003/05/soap-envelope\" xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\" xmlns:wsa=\"http://www.w3.org/2005/08/addressing\" xmlns:wst=\"http://schemas.xmlsoap.org/ws/2005/02/trust\"><S:Header><wsa:Action S:mustUnderstand=\"1\">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</wsa:Action><wsa:To S:mustUnderstand=\"1\">{0}</wsa:To><ps:AuthInfo xmlns:ps=\"http://schemas.microsoft.com/LiveID/SoapServices/v1\" Id=\"PPAuthInfo\"><ps:BinaryVersion>5</ps:BinaryVersion><ps:HostingApp>Managed IDCRL</ps:HostingApp></ps:AuthInfo><wsse:Security>{1}</wsse:Security></S:Header><S:Body><wst:RequestSecurityToken xmlns:wst=\"http://schemas.xmlsoap.org/ws/2005/02/trust\" Id=\"RST0\"><wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType><wsp:AppliesTo><wsa:EndpointReference><wsa:Address>{2}</wsa:Address></wsa:EndpointReference></wsp:AppliesTo>{3}</wst:RequestSecurityToken></S:Body></S:Envelope>\r\n",
*/
IdcrlMessageConstants.AuthMessage,
IdcrlUtility.XmlValueEncode(serviceTokenUrl),
securityXml,
IdcrlUtility.XmlValueEncode(serviceTarget),
text);
XDocument xDocument = await this.DoPostAsync(serviceTokenUrl, IdcrlMessageConstants.SoapContentType, body, this.HandleWebException);
Exception soapException = GetSoapException(xDocument);
if (soapException != null)
{
this._Logger?.LogError("Soap error from {0}. Exception={1}", serviceTokenUrl, soapException);
throw soapException;
}
XElement elementAtPath = IdcrlUtility.GetElementAtPath(xDocument.Root, "{http://www.w3.org/2003/05/soap-envelope}Body", "{http://schemas.xmlsoap.org/ws/2005/02/trust}RequestSecurityTokenResponse", "{http://schemas.xmlsoap.org/ws/2005/02/trust}RequestedSecurityToken", "{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}BinarySecurityToken");
if (elementAtPath == null)
{
this._Logger?.LogError("Cannot get binary security token for from {0}", serviceTokenUrl);
throw IdcrlAuth.CreateIdcrlException(-2147186656);
}
return(elementAtPath.Value);
}
