public bool TryIssueToken(EndpointReference appliesTo, ClaimsPrincipal principal, string tokenType, out TokenResponse response) { SecurityToken token = null; response = new TokenResponse { TokenType = tokenType }; var result = TryIssueToken(appliesTo, principal, tokenType, out token); if (result == false) { return false; } var ts = token.ValidTo.Subtract(DateTime.UtcNow); response.ExpiresIn = (int)ts.TotalSeconds; if (tokenType == TokenTypes.JsonWebToken || tokenType == TokenTypes.SimpleWebToken) { var handler = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers[tokenType]; response.AccessToken = handler.WriteToken(token); } else { var handler = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers; var sb = new StringBuilder(128); handler.WriteToken(new XmlTextWriter(new StringWriter(sb)), token); response.AccessToken = sb.ToString(); } return result; }
public bool TryIssueToken(EndpointReference appliesTo, ClaimsPrincipal principal, string tokenType, out SecurityToken token) { token = null; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = appliesTo, KeyType = KeyTypes.Bearer, TokenType = tokenType }; try { var rstr = _sts.Issue(principal, rst); token = rstr.RequestedSecurityToken.SecurityToken; return true; } catch (Exception e) { Tracing.Error("Failed to issue token. An exception occurred. " + e); return false; } }
private void ValidateAppliesTo(EndpointReference appliesTo) { if (appliesTo == null) { throw new InvalidRequestException("The AppliesTo is null."); } // should check applies to, but for convienence, not }
public HttpResponseMessage Post(TokenRequest tokenRequest) { Tracing.Information("OAuth2 endpoint called."); Client client = null; if (!ValidateClient(out client)) { Tracing.Error("Invalid client: " + ClaimsPrincipal.Current.Identity.Name); return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidClient); } Tracing.Information("Client: " + client.Name); var tokenType = ConfigurationRepository.Global.DefaultHttpTokenType; // validate scope EndpointReference appliesTo; try { appliesTo = new EndpointReference(tokenRequest.Scope); Tracing.Information("OAuth2 endpoint called for scope: " + tokenRequest.Scope); } catch { Tracing.Error("Malformed scope: " + tokenRequest.Scope); return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidScope); } // check grant type if (string.Equals(tokenRequest.Grant_Type, OAuth2Constants.GrantTypes.Password, System.StringComparison.Ordinal)) { if (ConfigurationRepository.OAuth2.EnableResourceOwnerFlow) { if (client.AllowResourceOwnerFlow) { return ProcessResourceOwnerCredentialRequest(tokenRequest.UserName, tokenRequest.Password, appliesTo, tokenType, client); } else { Tracing.Error("Client is not allowed to use the resource owner password flow:" + client.Name); } } } Tracing.Error("invalid grant type: " + tokenRequest.Grant_Type); return OAuthErrorResponseMessage(OAuth2Constants.Errors.UnsupportedGrantType); }
public HttpResponseMessage Get(HttpRequestMessage request) { Tracing.Information("Simple HTTP endpoint called."); var query = request.GetQueryNameValuePairs(); var auth = new AuthenticationHelper(); var realm = query.FirstOrDefault(p => p.Key.Equals("realm", System.StringComparison.OrdinalIgnoreCase)).Value; var tokenType = query.FirstOrDefault(p => p.Key.Equals("tokenType", System.StringComparison.OrdinalIgnoreCase)).Value; if (string.IsNullOrWhiteSpace(realm)) { return request.CreateErrorResponse(HttpStatusCode.BadRequest, "realm parameter is missing."); } EndpointReference appliesTo; try { appliesTo = new EndpointReference(realm); Tracing.Information("Simple HTTP endpoint called for realm: " + realm); } catch { Tracing.Error("Malformed realm: " + realm); return request.CreateErrorResponse(HttpStatusCode.BadRequest, "malformed realm name."); } if (string.IsNullOrWhiteSpace(tokenType)) { tokenType = ConfigurationRepository.Global.DefaultHttpTokenType; } Tracing.Verbose("Token type: " + tokenType); TokenResponse tokenResponse; var sts = new STS(); if (sts.TryIssueToken(appliesTo, ClaimsPrincipal.Current, tokenType, out tokenResponse)) { var resp = request.CreateResponse<TokenResponse>(HttpStatusCode.OK, tokenResponse); return resp; } else { return request.CreateErrorResponse(HttpStatusCode.BadRequest, "invalid request."); } }
public string GetFederationMetadata(Uri endpoint) { // hostname var passiveEndpoint = new EndpointReference(endpoint.AbsoluteUri); var activeEndpoint = new EndpointReference(endpoint.AbsoluteUri); // metadata document var entity = new EntityDescriptor(new EntityId(TwitterClaims.IssuerName)); var sts = new SecurityTokenServiceDescriptor(); entity.RoleDescriptors.Add(sts); // signing key var signingKey = new KeyDescriptor(SigningCredentials.SigningKeyIdentifier) { Use = KeyType.Signing }; sts.Keys.Add(signingKey); // claim types sts.ClaimTypesOffered.Add(new DisplayClaim(ClaimTypes.Name, "Name", "User name")); sts.ClaimTypesOffered.Add(new DisplayClaim(ClaimTypes.NameIdentifier, "Name Identifier", "User name identifier")); sts.ClaimTypesOffered.Add(new DisplayClaim(TwitterClaims.TwitterToken, "Token", "Service token")); sts.ClaimTypesOffered.Add(new DisplayClaim(TwitterClaims.TwitterTokenSecret, "Token Secret", "Service token secret")); // passive federation endpoint sts.PassiveRequestorEndpoints.Add(passiveEndpoint); // supported protocols //Inaccessable due to protection level //sts.ProtocolsSupported.Add(new Uri(WSFederationConstants.Namespace)); sts.ProtocolsSupported.Add(new Uri("http://docs.oasis-open.org/wsfed/federation/200706")); // add passive STS endpoint sts.SecurityTokenServiceEndpoints.Add(activeEndpoint); // metadata signing entity.SigningCredentials = SigningCredentials; // serialize var serializer = new MetadataSerializer(); using (var memoryStream = new MemoryStream()) { serializer.WriteMetadata(memoryStream, entity); return Encoding.UTF8.GetString(memoryStream.ToArray()); } }
public byte[] GetFederationMetadata(Uri passiveSignInUrl, Uri identifier, X509Certificate2 signingCertificate) { var credentials = new X509SigningCredentials(signingCertificate); // Figure out the hostname exposed from Azure and what port the service is listening on var realm = new EndpointAddress(identifier); var passiveEndpoint = new EndpointReference(passiveSignInUrl.AbsoluteUri); // Create metadata document for relying party EntityDescriptor entity = new EntityDescriptor(new EntityId(realm.Uri.AbsoluteUri)); SecurityTokenServiceDescriptor sts = new SecurityTokenServiceDescriptor(); entity.RoleDescriptors.Add(sts); // Add STS's signing key KeyDescriptor signingKey = new KeyDescriptor(credentials.SigningKeyIdentifier); signingKey.Use = KeyType.Signing; sts.Keys.Add(signingKey); // Add offered claim types sts.ClaimTypesOffered.Add(new DisplayClaim(ClaimTypes.AuthenticationMethod)); sts.ClaimTypesOffered.Add(new DisplayClaim(ClaimTypes.AuthenticationInstant)); sts.ClaimTypesOffered.Add(new DisplayClaim(ClaimTypes.Name)); // Add passive federation endpoint sts.PassiveRequestorEndpoints.Add(passiveEndpoint); // Add supported protocols sts.ProtocolsSupported.Add(new Uri(WSFederationConstants.Namespace)); // Add passive STS endpoint sts.SecurityTokenServiceEndpoints.Add(passiveEndpoint); // Set credentials with which to sign the metadata entity.SigningCredentials = credentials; // Serialize the metadata and convert it to an XElement MetadataSerializer serializer = new MetadataSerializer(); MemoryStream stream = new MemoryStream(); serializer.WriteMetadata(stream, entity); stream.Flush(); return stream.ToArray(); }
private HttpResponseMessage ProcessResourceOwnerCredentialRequest(TokenRequest request, string tokenType, Client client) { Tracing.Information("Starting resource owner password credential flow for client: " + client.Name); var appliesTo = new EndpointReference(request.Scope); if (string.IsNullOrWhiteSpace(request.UserName) || string.IsNullOrWhiteSpace(request.Password)) { Tracing.Error("Invalid resource owner credentials for: " + appliesTo.Uri.AbsoluteUri); return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant); } if (UserRepository.ValidateUser(request.UserName, request.Password)) { return CreateTokenResponse(request.UserName, client, appliesTo, tokenType, includeRefreshToken: client.AllowRefreshToken); } else { Tracing.Error("Resource owner credential validation failed: " + request.UserName); return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant); } }
/// <summary> /// Reads an <see cref="EndpointReference"/> from xml dictionary reader. The addressing version is defaulted to /// <see cref="WSAddressing10Constants.Elements.Address"/>. /// </summary> /// <param name="reader">The xml dictionary reader.</param> /// <returns>An <see cref="EndpointReference"/> instance.</returns> public static EndpointReference ReadFrom(XmlDictionaryReader reader) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); } reader.ReadFullStartElement(); reader.MoveToContent(); if (reader.IsNamespaceUri(WSAddressing10Constants.NamespaceUri) || reader.IsNamespaceUri(WSAddressing200408Constants.NamespaceUri)) { if (reader.IsStartElement(WSAddressing10Constants.Elements.Address, WSAddressing10Constants.NamespaceUri) || reader.IsStartElement(WSAddressing10Constants.Elements.Address, WSAddressing200408Constants.NamespaceUri)) { EndpointReference er = new EndpointReference(reader.ReadElementContentAsString()); while (reader.IsStartElement()) { bool emptyElement = reader.IsEmptyElement; XmlReader subtreeReader = reader.ReadSubtree(); XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; doc.Load(subtreeReader); er._details.Add(doc.DocumentElement); if (!emptyElement) { reader.ReadEndElement(); } } reader.ReadEndElement(); return(er); } } return(null); }
public bool TryIssueToken(EndpointReference appliesTo, ClaimsPrincipal principal, string tokenType, out SecurityToken token) { token = null; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = appliesTo, KeyType = KeyTypes.Bearer, TokenType = tokenType }; try { var rstr = _sts.Issue(principal, rst); token = rstr.RequestedSecurityToken.SecurityToken; return true; } catch { return false; } }
private HttpResponseMessage ProcessResourceOwnerCredentialRequest(string userName, string password, EndpointReference appliesTo, string tokenType, Client client) { Tracing.Information("Starting resource owner password credential flow for client: " + client.Name); if (string.IsNullOrWhiteSpace(userName) || string.IsNullOrWhiteSpace(password)) { Tracing.Error("Invalid resource owner credentials for: " + appliesTo.Uri.AbsoluteUri); return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant); } var auth = new AuthenticationHelper(); ClaimsPrincipal principal; if (UserRepository.ValidateUser(userName, password)) { principal = auth.CreatePrincipal(userName, "OAuth2", new Claim[] { new Claim(Constants.Claims.Client, client.Name), new Claim(Constants.Claims.Scope, appliesTo.Uri.AbsoluteUri) }); if (!ClaimsAuthorization.CheckAccess(principal, Constants.Actions.Issue, Constants.Resources.OAuth2)) { Tracing.Error("OAuth2 endpoint authorization failed for user: "******"Resource owner credential validation failed: " + userName); return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant); } var sts = new STS(); TokenResponse tokenResponse; if (sts.TryIssueToken(appliesTo, principal, tokenType, out tokenResponse)) { var resp = Request.CreateResponse<TokenResponse>(HttpStatusCode.OK, tokenResponse); return resp; } else { return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidRequest); } }
private HttpResponseMessage ValidateRequest(TokenRequest request, out Client client) { client = null; // grant type is required if (string.IsNullOrWhiteSpace(request.Grant_Type)) { return OAuthErrorResponseMessage(OAuth2Constants.Errors.UnsupportedGrantType); } // check supported grant types if (!request.Grant_Type.Equals(OAuth2Constants.GrantTypes.AuthorizationCode) && !request.Grant_Type.Equals(OAuth2Constants.GrantTypes.Password) && !request.Grant_Type.Equals(OAuth2Constants.GrantTypes.RefreshToken)) { return OAuthErrorResponseMessage(OAuth2Constants.Errors.UnsupportedGrantType); } // resource owner password flow requires a well-formed scope EndpointReference appliesTo = null; if (request.Grant_Type.Equals(OAuth2Constants.GrantTypes.Password)) { try { appliesTo = new EndpointReference(request.Scope); Tracing.Information("OAuth2 endpoint called for scope: " + request.Scope); } catch { Tracing.Error("Malformed scope: " + request.Scope); return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidScope); } } if (!ValidateClient(out client)) { Tracing.Error("Invalid client: " + ClaimsPrincipal.Current.Identity.Name); return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidClient); } // validate grant types against global and client configuration if (request.Grant_Type.Equals(OAuth2Constants.GrantTypes.AuthorizationCode)) { if (!ConfigurationRepository.OAuth2.EnableCodeFlow || !client.AllowCodeFlow) { return OAuthErrorResponseMessage(OAuth2Constants.Errors.UnsupportedGrantType); } } if (request.Grant_Type.Equals(OAuth2Constants.GrantTypes.Password)) { if (!ConfigurationRepository.OAuth2.EnableResourceOwnerFlow || !client.AllowResourceOwnerFlow) { return OAuthErrorResponseMessage(OAuth2Constants.Errors.UnsupportedGrantType); } } if (request.Grant_Type.Equals(OAuth2Constants.GrantTypes.RefreshToken)) { if (!client.AllowRefreshToken) { return OAuthErrorResponseMessage(OAuth2Constants.Errors.UnsupportedGrantType); } } return null; }
void ValidateAppliesTo(EndpointReference appliesTo) { if (appliesTo == null) { throw new InvalidRequestException("The appliesTo is null."); } if (!appliesTo.Uri.Equals(new Uri(_addressExpected))) { throw new InvalidRequestException(String.Format("The relying party address is not valid. Expected value is {0}, the actual value is {1}.", _addressExpected, appliesTo.Uri.AbsoluteUri)); } }
private void ValidateAppliesTo(EndpointReference appliesTo) { if (appliesTo == null) { throw new InvalidRequestException("The AppliesTo is null."); } }
private HttpResponseMessage CreateTokenResponse(string userName, Client client, EndpointReference scope, string tokenType, bool includeRefreshToken) { var auth = new AuthenticationHelper(); var principal = auth.CreatePrincipal(userName, "OAuth2", new Claim[] { new Claim(Constants.Claims.Client, client.Name), new Claim(Constants.Claims.Scope, scope.Uri.AbsoluteUri) }); if (!ClaimsAuthorization.CheckAccess(principal, Constants.Actions.Issue, Constants.Resources.OAuth2)) { Tracing.Error("OAuth2 endpoint authorization failed for user: " + userName); return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant); } var sts = new STS(); TokenResponse tokenResponse; if (sts.TryIssueToken(scope, principal, tokenType, out tokenResponse)) { if (includeRefreshToken) { tokenResponse.RefreshToken = RefreshTokenRepository.AddCode(CodeTokenType.RefreshTokenIdentifier, client.ID, userName, scope.Uri.AbsoluteUri); } var resp = Request.CreateResponse<TokenResponse>(HttpStatusCode.OK, tokenResponse); return resp; } else { return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidRequest); } }
static void ValidateAppliesTo(EndpointReference appliesTo) { if (SupportedWebApps == null || SupportedWebApps.Length == 0) return; var validAppliesTo = SupportedWebApps.Any(x => appliesTo.Uri.Equals(x)); if (!validAppliesTo) { throw new InvalidRequestException(String.Format("The 'appliesTo' address '{0}' is not valid.", appliesTo.Uri.OriginalString)); } }
public static void WriteAppliesTo(XmlWriter writer, EndpointReference appliesTo, WSTrustConstantsAdapter trustConstants) { if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if (appliesTo == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("appliesTo"); } if (trustConstants == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("trustConstants"); } writer.WriteStartElement(WSPolicyConstants.Prefix, WSPolicyConstants.ElementNames.AppliesTo, WSPolicyConstants.NamespaceURI); appliesTo.WriteTo(writer); writer.WriteEndElement(); }
/// <summary> /// Reads an <see cref="EndpointReference"/> from xml dictionary reader. The addressing version is defaulted to /// <see cref="WSAddressing10Constants.Elements.Address"/>. /// </summary> /// <param name="reader">The xml dictionary reader.</param> /// <returns>An <see cref="EndpointReference"/> instance.</returns> public static EndpointReference ReadFrom(XmlDictionaryReader reader) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); } reader.ReadFullStartElement(); reader.MoveToContent(); if (reader.IsNamespaceUri(WSAddressing10Constants.NamespaceUri) || reader.IsNamespaceUri(WSAddressing200408Constants.NamespaceUri)) { if (reader.IsStartElement(WSAddressing10Constants.Elements.Address, WSAddressing10Constants.NamespaceUri) || reader.IsStartElement(WSAddressing10Constants.Elements.Address, WSAddressing200408Constants.NamespaceUri)) { EndpointReference er = new EndpointReference(reader.ReadElementContentAsString()); while ( reader.IsStartElement() ) { bool emptyElement = reader.IsEmptyElement; XmlReader subtreeReader = reader.ReadSubtree(); XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; doc.Load( subtreeReader ); er._details.Add( doc.DocumentElement ); if ( !emptyElement ) { reader.ReadEndElement(); } } reader.ReadEndElement(); return er; } } return null; }
internal virtual void Read(string xml, bool validateXmlSignature = false) { #if DEBUG Debug.WriteLine("Saml2P: " + xml); #endif XmlDocument = xml.ToXmlDocument(); if (XmlDocument.DocumentElement.NamespaceURI != Saml2Constants.ProtocolNamespace.OriginalString) { throw new Saml2ResponseException("Not SAML2 Protocol."); } ValidateElementName(); Id = new Saml2Id(XmlDocument.DocumentElement.Attributes[Saml2Constants.Message.Id].GetValueOrNull()); Version = XmlDocument.DocumentElement.Attributes[Saml2Constants.Message.Version].GetValueOrNull(); if (Version != Saml2Constants.VersionNumber) { throw new Saml2ResponseException("Invalid SAML2 version."); } IssueInstant = DateTime.Parse(XmlDocument.DocumentElement.Attributes[Saml2Constants.Message.IssueInstant].GetValueOrNull(), CultureInfo.InvariantCulture, DateTimeStyles.AdjustToUniversal); var issuerString = XmlDocument.DocumentElement[Saml2Constants.Message.Issuer, Saml2Constants.AssertionNamespace.OriginalString].GetTextOrNull(); if (!string.IsNullOrEmpty(issuerString)) { Issuer = new EndpointReference(issuerString); } var destinationString = XmlDocument.DocumentElement.Attributes[Saml2Constants.Message.Destination].GetValueOrNull(); if (!string.IsNullOrEmpty(destinationString)) { Destination = new EndpointAddress(destinationString); } }
public ActionResult Issue() { Tracing.Verbose("Sitefinity endpoint called."); var query = _currrenContext.Request.QueryString; var realm = query[query.AllKeys.FirstOrDefault(p => p.Equals("realm", System.StringComparison.OrdinalIgnoreCase))]; var tokenType = query[query.AllKeys.FirstOrDefault(p => p.Equals("tokenType", System.StringComparison.OrdinalIgnoreCase))]; var reply = query[query.AllKeys.FirstOrDefault(p => p.Equals("redirect_uri", System.StringComparison.OrdinalIgnoreCase))]; var deflateTemp = query[query.AllKeys.FirstOrDefault(p => p.Equals("deflate", System.StringComparison.OrdinalIgnoreCase))]; var isSignout = query[query.AllKeys.FirstOrDefault(p => p.Equals("sign_out", System.StringComparison.OrdinalIgnoreCase))]; //if this is a signout request, sign out the user and redirect if (!string.IsNullOrWhiteSpace(isSignout)) { Tracing.Verbose("Sitefinity signout request detected - signout var = " + isSignout); if (isSignout.Equals("true", StringComparison.OrdinalIgnoreCase)) { Tracing.Verbose("Sitefinity logout request"); FederatedAuthentication.SessionAuthenticationModule.SignOut(); return Redirect((new Uri(new Uri(realm), reply)).AbsoluteUri); } } if (string.IsNullOrWhiteSpace(deflateTemp)) deflateTemp = "false"; var deflate = "true".Equals(deflateTemp, StringComparison.OrdinalIgnoreCase); Tracing.Verbose("Sitefinity query string parsed"); if (string.IsNullOrWhiteSpace(realm)) { Tracing.Error("Malformed realm: " + realm); return new HttpStatusCodeResult(HttpStatusCode.BadRequest, "realm parameter is missing."); } EndpointReference appliesTo; try { appliesTo = new EndpointReference(realm); Tracing.Information("Sitefinity Simple HTTP endpoint called for realm: " + realm); } catch { Tracing.Error("Malformed realm: " + realm); return new HttpStatusCodeResult(HttpStatusCode.BadRequest, "malformed realm name.");// request.CreateErrorResponse(HttpStatusCode.BadRequest, "malformed realm name."); } if (string.IsNullOrWhiteSpace(tokenType)) tokenType = TokenTypes.SimpleWebToken; Tracing.Verbose("Sitefinity Token type: " + tokenType); Tracing.Verbose("Sitefinity Current Claims Principal: " + ClaimsPrincipal.Current.Claims.ToString() + ", " + ClaimsPrincipal.Current.Identity.Name + ", " + appliesTo.Uri + ", " + appliesTo.Details.ToString()); SecurityToken tokenResponse; var sts = new STS(); if (sts.TryIssueToken(appliesTo, ClaimsPrincipal.Current, tokenType, out tokenResponse)) { NameValueCollection queryString; if (tokenResponse != null) Tracing.Verbose(string.Join(", ", "UID: " + tokenResponse.Id)); else Tracing.Error("Token is null after being issued"); var token = new SFSimpleWebToken(tokenResponse as SimpleWebToken); //if (token != null) // Tracing.Verbose("Sitefinity Token: " + token.ToString()); //else // Tracing.Error("Sitefinity Token is null"); try { if (!String.IsNullOrEmpty(reply)) { string path; var issuer = HttpContext.Request.Url.AbsoluteUri; var idx = issuer.IndexOf("?"); idx = reply.IndexOf('?'); if (idx != -1) { path = reply.Substring(0, idx); queryString = HttpUtility.ParseQueryString(reply.Substring(idx + 1)); } else { path = reply; queryString = new NameValueCollection(); } Tracing.Verbose("Begin wrapping SWT"); SFHelper.WrapSWT(queryString, token, deflate); Tracing.Verbose("Begin building path and query for return url"); path = String.Concat(path, SFHelper.ToQueryString(queryString)); var uri = new Uri(new Uri(realm), path); return Redirect(uri.AbsoluteUri); } queryString = new NameValueCollection(); SFHelper.WrapSWT(queryString, token, deflate); return File(SFHelper.ToQueryString(queryString), "application/x-www-form-urlencoded", "token"); } catch (Exception e) { Tracing.Error(e.Message + " " + e.InnerException); Tracing.Error("invalid request - token couldn't issue for realm " + realm); return new HttpStatusCodeResult(HttpStatusCode.BadRequest, "invalid request."); } } else { Tracing.Error("invalid request - token couldn't issue for realm " + realm); return new HttpStatusCodeResult(HttpStatusCode.BadRequest, "invalid request."); } }
private void FillEndpoints(SecurityTokenServiceDescriptor sts) { if (string.IsNullOrEmpty(Endpoint)) return; var endpoint = new EndpointReference(string.Format("{0}", Endpoint)); sts.SecurityTokenServiceEndpoints.Add(endpoint); sts.PassiveRequestorEndpoints.Add(endpoint); }
public static void WriteOnBehalfOfIssuer(XmlWriter writer, EndpointReference issuer, WSTrustConstantsAdapter trustConstants) { if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if (issuer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("issuer"); } if (trustConstants == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("trustConstants"); } writer.WriteStartElement(trustConstants.Prefix, trustConstants.Elements.Issuer, trustConstants.NamespaceURI); issuer.WriteTo(writer); writer.WriteEndElement(); }