public static IAppBuilder UseSaml11BearerAuthentication(this IAppBuilder app, Uri audience, string issuerThumbprint, string issuerName = null, X509CertificateValidator validator = null) { var handler = new HttpSamlSecurityTokenHandler(); ConfigureHandler(handler, audience, issuerThumbprint, issuerName, validator); return app.UseTokenHandlerAuthentication(handler); }
internal bool TryGetCertificateValidator(out X509CertificateValidator validator) { validator = null; if (this.certificateValidationMode == X509CertificateValidationMode.None) { validator = X509CertificateValidator.None; } else if (this.certificateValidationMode == X509CertificateValidationMode.PeerTrust) { validator = X509CertificateValidator.PeerTrust; } else if (this.certificateValidationMode == X509CertificateValidationMode.Custom) { validator = this.customCertificateValidator; } else { bool useMachineContext = this.trustedStoreLocation == StoreLocation.LocalMachine; X509ChainPolicy chainPolicy = new X509ChainPolicy { RevocationMode = this.revocationMode }; if (this.certificateValidationMode == X509CertificateValidationMode.ChainTrust) { validator = X509CertificateValidator.CreateChainTrustValidator(useMachineContext, chainPolicy); } else { validator = X509CertificateValidator.CreatePeerOrChainTrustValidator(useMachineContext, chainPolicy); } } return (validator != null); }
internal X509SecurityTokenAuthenticator(X509CertificateValidator validator, bool mapToWindows, bool includeWindowsGroups, bool cloneHandle) { _validator = validator ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(validator)); _mapToWindows = mapToWindows; _includeWindowsGroups = includeWindowsGroups; _cloneHandle = cloneHandle; }
public static Dictionary<string, DateTime> onlineUsers = new Dictionary<string, DateTime>(); //Список пользователей #endregion Fields #region Methods public static void ListenerCallback(IAsyncResult result) { HttpListener listener = (HttpListener)result.AsyncState; HttpListenerContext context = listener.EndGetContext(result); HttpListenerRequest request = context.Request;//Запрос от колиента System.Security.Cryptography.X509Certificates.X509Certificate2 cerFromClient = context.Request.GetClientCertificate(); X509CertificateValidator validator = new X509CertificateValidator(); validator.Validate(cerFromClient); HttpListenerResponse response = context.Response;//Ответ клиенту System.IO.Stream inputStream = context.Request.InputStream;//Текст от клиента byte[] inputByte = new byte[request.ContentLength64]; string responseString = ""; byte[] message; if (request.HttpMethod == "GET")//Отправка ответа { if (!onlineUsers.ContainsKey(request.RemoteEndPoint.Address.ToString()))//Добавленике пользователя к списку { onlineUsers.Add(request.RemoteEndPoint.Address.ToString(), DateTime.Now); } List<string> names = onlineUsers.Keys.ToList(); for (int i = 0; i < onlineUsers.Count; i++)//Поиск выключенных пользователей { TimeSpan off = (onlineUsers[names[i]] - DateTime.Now); if (off.Seconds < -10)//Если 10 секунд пользователь не в сети { onlineUsers.Remove(names[i]);//Убираем пользователя из списка } } string usersNow = ";"; for (int i = 0; i < onlineUsers.Count; i++) { usersNow = usersNow + names[i] + ";";//Формирование списка пользователей для клиента } Console.WriteLine("Connecting from IP: " + request.RemoteEndPoint.Address.ToString()); message = EncryptStringToBytes_Aes(log + usersNow, Convert.FromBase64String(keyAES), Convert.FromBase64String(ivAES)); responseString = Encoding.UTF8.GetString(message); } else//Получение сообщения от пользователя { inputStream.Read(inputByte, 0, (int)request.ContentLength64); string messageFromClient = DecryptStringFromBytes_Aes(inputByte, Convert.FromBase64String(keyAES), Convert.FromBase64String(ivAES)); log = log + request.RemoteEndPoint.Address.ToString() + ": " + messageFromClient + "\n"; Console.WriteLine("Message from IP " + request.RemoteEndPoint.Address.ToString() + ": " + messageFromClient); string usersNow = ";"; List<string> names = onlineUsers.Keys.ToList(); for (int i = 0; i < onlineUsers.Count; i++) { usersNow = usersNow + names[i] + ";";//Формирование списка пользователей для клиента } message = EncryptStringToBytes_Aes(log + usersNow, Convert.FromBase64String(keyAES), Convert.FromBase64String(ivAES)); } System.IO.Stream output = response.OutputStream; output.Write(message, 0, message.Length);//Отправка output.Close();//Закрытие соединения listener.BeginGetContext(new AsyncCallback(ListenerCallback), listener); }
public X509CertificateMessageHandler( X509CertificateValidator validator, Func<X509Certificate2, string> issuerMapper ) { _validator = validator; _issuerMapper = issuerMapper; }
internal X509ServiceCertificateAuthentication(X509ServiceCertificateAuthentication other) { this.certificateValidationMode = other.certificateValidationMode; this.customCertificateValidator = other.customCertificateValidator; this.revocationMode = other.revocationMode; this.trustedStoreLocation = other.trustedStoreLocation; this.isReadOnly = other.isReadOnly; }
internal X509ServiceCertificateAuthentication(X509ServiceCertificateAuthentication other) { _certificateValidationMode = other._certificateValidationMode; _customCertificateValidator = other._customCertificateValidator; _revocationMode = other._revocationMode; _trustedStoreLocation = other._trustedStoreLocation; _isReadOnly = other._isReadOnly; }
internal X509ClientCertificateAuthentication(X509ClientCertificateAuthentication other) { this.certificateValidationMode = other.certificateValidationMode; this.customCertificateValidator = other.customCertificateValidator; this.includeWindowsGroups = other.includeWindowsGroups; this.mapClientCertificateToWindowsAccount = other.mapClientCertificateToWindowsAccount; this.trustedStoreLocation = other.trustedStoreLocation; this.revocationMode = other.revocationMode; this.isReadOnly = other.isReadOnly; }
static X509CertificateValidator() { none = new X509NoValidator(); chain = new X509CertificateValidatorImpl( false, true, false, new X509ChainPolicy()); peer = new X509CertificateValidatorImpl( true, false, false, null); peer_or_chain = new X509CertificateValidatorImpl( true, true, false, new X509ChainPolicy()); }
static X509CertificateValidator () { none = new X509NoValidator (); chain = new X509CertificateValidatorImpl ( false, true, false, new X509ChainPolicy ()); peer = new X509CertificateValidatorImpl ( true, false, false, null); peer_or_chain = new X509CertificateValidatorImpl ( true, true, false, new X509ChainPolicy ()); }
public static IAppBuilder UseClientCertificateAuthentication(this IAppBuilder app, X509CertificateValidator validator = null) { var options = new ClientCertificateAuthenticationOptions { Validator = validator ?? X509CertificateValidator.ChainTrust }; app.UseClientCertificateAuthentication(options); return app; }
internal X509SecurityTokenAuthenticator(X509CertificateValidator validator, bool mapToWindows, bool includeWindowsGroups, bool cloneHandle) { if (validator == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("validator"); } this.validator = validator; this.mapToWindows = mapToWindows; this.includeWindowsGroups = includeWindowsGroups; this.cloneHandle = cloneHandle; }
public X509SecurityTokenAuthenticator (X509CertificateValidator validator, bool mapToWindows, bool includeWindowsGroups) { if (validator == null) throw new ArgumentNullException ("validator"); this.validator = validator; map_to_windows = mapToWindows; include_win_groups = includeWindowsGroups; if (map_to_windows || include_win_groups) throw new NotSupportedException ("Why on earth do you expect that mapToWindows or includeWindowsGroups are supported here?"); }
internal X509ServiceCertificateAuthentication(X509ServiceCertificateAuthentication other) { this.certificateValidationMode = X509CertificateValidationMode.ChainTrust; this.revocationMode = X509RevocationMode.Online; this.trustedStoreLocation = StoreLocation.CurrentUser; this.certificateValidationMode = other.certificateValidationMode; this.customCertificateValidator = other.customCertificateValidator; this.revocationMode = other.revocationMode; this.trustedStoreLocation = other.trustedStoreLocation; this.isReadOnly = other.isReadOnly; }
internal IssuedTokenServiceCredential(IssuedTokenServiceCredential other) { this.audienceUriMode = other.audienceUriMode; this.allowedAudienceUris = new List<string>(other.allowedAudienceUris); this.samlSerializer = other.samlSerializer; this.knownCertificates = new List<X509Certificate2>(other.knownCertificates); this.certificateValidationMode = other.certificateValidationMode; this.customCertificateValidator = other.customCertificateValidator; this.trustedStoreLocation = other.trustedStoreLocation; this.revocationMode = other.revocationMode; this.allowUntrustedRsaIssuers = other.allowUntrustedRsaIssuers; this.isReadOnly = other.isReadOnly; }
public X509SecurityTokenAuthenticator(X509CertificateValidator validator, bool mapToWindows, bool includeWindowsGroups) { if (validator == null) { throw new ArgumentNullException("validator"); } this.validator = validator; map_to_windows = mapToWindows; include_win_groups = includeWindowsGroups; if (map_to_windows || include_win_groups) { throw new NotSupportedException("Why on earth do you expect that mapToWindows or includeWindowsGroups are supported here?"); } }
public ExpectedJwtSecurityTokenRequirement ( uint? tokenSize = null, Int32? clock = null, uint? life = null, X509CertificateValidator cert = null, string name = JwtConstants.ReservedClaims.Sub, string role = null, X509RevocationMode? revMode = null, X509CertificateValidationMode? certMode = null, StoreLocation? storeLoc = null, ExpectedException expectedException = null, string handler = JwtSecurityTokenHandlerType, string requirement = Elements.JwtSecurityTokenRequirement, string attributeEx1 = "", string attributeEx2 = "", string attributeEx3 = "", string attributeEx4 = "", string elementEx1 = comment, string elementEx2 = comment, string elementEx3 = comment, string elementEx4 = comment, string elementEx5 = comment, string elementEx6 = comment, string elementClose = closeRequirement ) { MaxTokenSizeInBytes = tokenSize; NameClaimType = name; RoleClaimType = role; CertValidator = cert; ClockSkewInSeconds = clock; DefaultTokenLifetimeInMinutes = life; CertRevocationMode = revMode; CertValidationMode = certMode; CertStoreLocation = storeLoc; ExpectedException = expectedException ?? ExpectedException.NoExceptionExpected; string[] sParams = { handler, requirement, CertRevocationMode == null ? string.Empty : Attribute( Attributes.RevocationMode, CertRevocationMode.Value.ToString() ), attributeEx1, CertValidationMode == null ? string.Empty : Attribute( Attributes.ValidationMode, CertValidationMode.Value.ToString() ), attributeEx2, CertValidator == null ? string.Empty : Attribute( Attributes.Validator, CertValidator.GetType().ToString() +", System.IdentityModel.Tokens.Jwt.Tests" ), attributeEx3, CertStoreLocation == null ? string.Empty : Attribute( Attributes.TrustedStoreLocation, CertStoreLocation.ToString() ), attributeEx4, elementEx1, ClockSkewInSeconds == null ? string.Empty : ElementValue( Elements.MaxClockSkewInMinutes, ClockSkewInSeconds.Value.ToString() ), elementEx2, MaxTokenSizeInBytes == null ? string.Empty : ElementValue( Elements.MaxTokenSizeInBytes, MaxTokenSizeInBytes.Value.ToString() ), elementEx3, DefaultTokenLifetimeInMinutes == null ? string.Empty : ElementValue( Elements.DefaultTokenLifetimeInMinutes, DefaultTokenLifetimeInMinutes.Value.ToString() ), elementEx4, NameClaimType == null ? string.Empty : ElementValue( Elements.NameClaimType, NameClaimType ), elementEx5, RoleClaimType == null ? string.Empty : ElementValue( Elements.RoleClaimType, RoleClaimType ), elementEx6, elementClose, }; Config = string.Format(ElementTemplate, sParams); }
public X509CertificateValidatorEx( X509CertificateValidationMode certificateValidationMode, X509RevocationMode revocationMode, StoreLocation trustedStoreLocation) { this.certificateValidationMode = certificateValidationMode; switch (this.certificateValidationMode) { case X509CertificateValidationMode.None: { this.validator = X509CertificateValidator.None; break; } case X509CertificateValidationMode.PeerTrust: { this.validator = X509CertificateValidator.PeerTrust; break; } case X509CertificateValidationMode.ChainTrust: { bool useMachineContext = trustedStoreLocation == StoreLocation.LocalMachine; this.chainPolicy = new X509ChainPolicy(); this.chainPolicy.RevocationMode = revocationMode; this.validator = X509CertificateValidator.CreateChainTrustValidator(useMachineContext, this.chainPolicy); break; } case X509CertificateValidationMode.PeerOrChainTrust: { bool useMachineContext = trustedStoreLocation == StoreLocation.LocalMachine; this.chainPolicy = new X509ChainPolicy(); this.chainPolicy.RevocationMode = revocationMode; this.validator = X509CertificateValidator.CreatePeerOrChainTrustValidator(useMachineContext, this.chainPolicy); break; } case X509CertificateValidationMode.Custom: default: throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID4256))); } }
private static void ConfigureHandler(SecurityTokenHandler handler, Uri audience, string issuerThumbprint, string issuerName = null, X509CertificateValidator validator = null) { var handlerConfiguration = new SecurityTokenHandlerConfiguration(); handlerConfiguration.AudienceRestriction.AllowedAudienceUris.Add(audience); var registry = new ConfigurationBasedIssuerNameRegistry(); registry.AddTrustedIssuer(issuerThumbprint, issuerName ?? issuerThumbprint); if (validator != null) { handlerConfiguration.CertificateValidator = validator; } else { handlerConfiguration.CertificateValidator = X509CertificateValidator.None; } handlerConfiguration.IssuerNameRegistry = registry; handler.Configuration = handlerConfiguration; }
public X509CertificateValidatorEx(X509CertificateValidationMode certificateValidationMode, X509RevocationMode revocationMode, StoreLocation trustedStoreLocation) { this.certificateValidationMode = certificateValidationMode; switch (this.certificateValidationMode) { case X509CertificateValidationMode.None: { this.validator = X509CertificateValidator.None; break; } case X509CertificateValidationMode.PeerTrust: { this.validator = X509CertificateValidator.PeerTrust; break; } case X509CertificateValidationMode.ChainTrust: { bool useMachineContext = trustedStoreLocation == StoreLocation.LocalMachine; this.chainPolicy = new X509ChainPolicy(); this.chainPolicy.RevocationMode = revocationMode; this.validator = X509CertificateValidator.CreateChainTrustValidator(useMachineContext, this.chainPolicy); break; } case X509CertificateValidationMode.PeerOrChainTrust: { bool useMachineContext = trustedStoreLocation == StoreLocation.LocalMachine; this.chainPolicy = new X509ChainPolicy(); this.chainPolicy.RevocationMode = revocationMode; this.validator = X509CertificateValidator.CreatePeerOrChainTrustValidator(useMachineContext, this.chainPolicy); break; } default: throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, ErrorMessages.IDX10637, this.certificateValidationMode)); } }
public X509SecurityTokenAuthenticator(X509CertificateValidator validator) : this(validator, false) { }
/// <summary> /// Creates an instance of <see cref="SamlSecurityTokenRequirement"/> /// <param name="element">The XmlElement from which the instance is to be loaded.</param> /// </summary> public SamlSecurityTokenRequirement(XmlElement element) { if (element == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("element"); } if (element.LocalName != ConfigurationStrings.SamlSecurityTokenRequirement) { throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID7000, ConfigurationStrings.SamlSecurityTokenRequirement, element.LocalName)); } bool foundCustomX509Validator = false; X509RevocationMode revocationMode = DefaultRevocationMode; X509CertificateValidationMode certificateValidationMode = DefaultValidationMode; StoreLocation trustedStoreLocation = DefaultStoreLocation; string customValidator = null; foreach (XmlAttribute attribute in element.Attributes) { if (StringComparer.OrdinalIgnoreCase.Equals(attribute.LocalName, ConfigurationStrings.MapToWindows)) { bool outMapToWindows = false; if (!bool.TryParse(attribute.Value, out outMapToWindows)) { throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID7022, attribute.Value)); } this.MapToWindows = outMapToWindows; } else if (StringComparer.OrdinalIgnoreCase.Equals(attribute.LocalName, ConfigurationStrings.IssuerCertificateValidator)) { customValidator = attribute.Value.ToString(); } else if (StringComparer.OrdinalIgnoreCase.Equals(attribute.LocalName, ConfigurationStrings.IssuerCertificateRevocationMode)) { foundCustomX509Validator = true; string revocationModeString = attribute.Value.ToString(); if (StringComparer.OrdinalIgnoreCase.Equals(revocationModeString, ConfigurationStrings.X509RevocationModeNoCheck)) { revocationMode = X509RevocationMode.NoCheck; } else if (StringComparer.OrdinalIgnoreCase.Equals(revocationModeString, ConfigurationStrings.X509RevocationModeOffline)) { revocationMode = X509RevocationMode.Offline; } else if (StringComparer.OrdinalIgnoreCase.Equals(revocationModeString, ConfigurationStrings.X509RevocationModeOnline)) { revocationMode = X509RevocationMode.Online; } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID7011, attribute.LocalName, element.LocalName))); } } else if (StringComparer.OrdinalIgnoreCase.Equals(attribute.LocalName, ConfigurationStrings.IssuerCertificateValidationMode)) { foundCustomX509Validator = true; string validationModeString = attribute.Value.ToString(); if (StringComparer.OrdinalIgnoreCase.Equals(validationModeString, ConfigurationStrings.X509CertificateValidationModeChainTrust)) { certificateValidationMode = X509CertificateValidationMode.ChainTrust; } else if (StringComparer.OrdinalIgnoreCase.Equals(validationModeString, ConfigurationStrings.X509CertificateValidationModePeerOrChainTrust)) { certificateValidationMode = X509CertificateValidationMode.PeerOrChainTrust; } else if (StringComparer.OrdinalIgnoreCase.Equals(validationModeString, ConfigurationStrings.X509CertificateValidationModePeerTrust)) { certificateValidationMode = X509CertificateValidationMode.PeerTrust; } else if (StringComparer.OrdinalIgnoreCase.Equals(validationModeString, ConfigurationStrings.X509CertificateValidationModeNone)) { certificateValidationMode = X509CertificateValidationMode.None; } else if (StringComparer.OrdinalIgnoreCase.Equals(validationModeString, ConfigurationStrings.X509CertificateValidationModeCustom)) { certificateValidationMode = X509CertificateValidationMode.Custom; } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID7011, attribute.LocalName, element.LocalName))); } } else if (StringComparer.OrdinalIgnoreCase.Equals(attribute.LocalName, ConfigurationStrings.IssuerCertificateTrustedStoreLocation)) { foundCustomX509Validator = true; string trustedStoreLocationString = attribute.Value.ToString(); if (StringComparer.OrdinalIgnoreCase.Equals(trustedStoreLocationString, ConfigurationStrings.X509TrustedStoreLocationCurrentUser)) { trustedStoreLocation = StoreLocation.CurrentUser; } else if (StringComparer.OrdinalIgnoreCase.Equals(trustedStoreLocationString, ConfigurationStrings.X509TrustedStoreLocationLocalMachine)) { trustedStoreLocation = StoreLocation.LocalMachine; } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID7011, attribute.LocalName, element.LocalName))); } } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID7004, attribute.LocalName, element.LocalName))); } } List<XmlElement> configElements = XmlUtil.GetXmlElements(element.ChildNodes); foreach (XmlElement childElement in configElements) { if (StringComparer.Ordinal.Equals(childElement.LocalName, ConfigurationStrings.NameClaimType)) { if (childElement.Attributes.Count != 1 || !StringComparer.Ordinal.Equals(childElement.Attributes[0].LocalName, ConfigurationStrings.Value)) { throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID7001, String.Format(System.Globalization.CultureInfo.InvariantCulture, "{0}/{1}", element.LocalName, childElement.LocalName), ConfigurationStrings.Value)); } this.NameClaimType = childElement.Attributes[0].Value; } else if (StringComparer.Ordinal.Equals(childElement.LocalName, ConfigurationStrings.RoleClaimType)) { if (childElement.Attributes.Count != 1 || !StringComparer.Ordinal.Equals(childElement.Attributes[0].LocalName, ConfigurationStrings.Value)) { throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID7001, String.Format(System.Globalization.CultureInfo.InvariantCulture, "{0}/{1}", element.LocalName, childElement.LocalName), ConfigurationStrings.Value)); } this.RoleClaimType = childElement.Attributes[0].Value; } else { throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID7002, childElement.LocalName, ConfigurationStrings.SamlSecurityTokenRequirement)); } } if (certificateValidationMode == X509CertificateValidationMode.Custom) { if (string.IsNullOrEmpty(customValidator)) { throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID7028)); } Type customValidatorType = Type.GetType(customValidator, true); if (customValidatorType == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("value", SR.GetString(SR.ID7007, customValidatorType)); } _certificateValidator = CustomTypeElement.Resolve<X509CertificateValidator>(new CustomTypeElement(customValidatorType)); } else if (foundCustomX509Validator) { _certificateValidator = X509Util.CreateCertificateValidator(certificateValidationMode, revocationMode, trustedStoreLocation); } }
public PeerOrChainTrustValidator(bool useMachineContext, X509ChainPolicy chainPolicy) { this.chain = X509CertificateValidator.CreateChainTrustValidator(useMachineContext, chainPolicy); this.peer = (PeerTrustValidator)X509CertificateValidator.PeerTrust; }
public X509SecurityTokenAuthenticator(X509CertificateValidator validator, bool mapToWindows) : this(validator, mapToWindows, /* WindowsClaimSet.DefaultIncludeWindowsGroups */ true) { }
public PeerOrChainTrustValidator() { this.chain = X509CertificateValidator.ChainTrust; this.peer = (X509CertificateValidator.PeerTrustValidator)X509CertificateValidator.PeerTrust; }
/// <summary> /// Load custom configuration from Xml /// </summary> /// <param name="customConfigElements">XmlElement to custom configuration.</param> /// <exception cref="ArgumentNullException">The param 'customConfigElements' is null.</exception> /// <exception cref="InvalidOperationException">Custom configuration specified was invalid.</exception> public override void LoadCustomConfiguration(XmlNodeList customConfigElements) { if (customConfigElements == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("customConfigElements"); } List<XmlElement> configNodes = XmlUtil.GetXmlElements(customConfigElements); bool foundValidConfig = false; bool foundCustomX509Validator = false; X509RevocationMode revocationMode = defaultRevocationMode; X509CertificateValidationMode certificateValidationMode = defaultValidationMode; StoreLocation trustedStoreLocation = defaultStoreLocation; string customValidator = null; foreach (XmlElement customConfigElement in configNodes) { if (!StringComparer.Ordinal.Equals(customConfigElement.LocalName, ConfigurationStrings.X509SecurityTokenHandlerRequirement)) { continue; } if (foundValidConfig) { throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID7026, ConfigurationStrings.X509SecurityTokenHandlerRequirement)); } foreach (XmlAttribute attribute in customConfigElement.Attributes) { if (StringComparer.OrdinalIgnoreCase.Equals(attribute.LocalName, ConfigurationStrings.MapToWindows)) { mapToWindows = XmlConvert.ToBoolean(attribute.Value.ToLowerInvariant()); } else if (StringComparer.OrdinalIgnoreCase.Equals(attribute.LocalName, ConfigurationStrings.X509CertificateValidator)) { customValidator = attribute.Value.ToString(); } else if (StringComparer.OrdinalIgnoreCase.Equals(attribute.LocalName, ConfigurationStrings.X509CertificateRevocationMode)) { foundCustomX509Validator = true; string revocationModeString = attribute.Value.ToString(); if (StringComparer.OrdinalIgnoreCase.Equals(revocationModeString, ConfigurationStrings.X509RevocationModeNoCheck)) { revocationMode = X509RevocationMode.NoCheck; } else if (StringComparer.OrdinalIgnoreCase.Equals(revocationModeString, ConfigurationStrings.X509RevocationModeOffline)) { revocationMode = X509RevocationMode.Offline; } else if (StringComparer.OrdinalIgnoreCase.Equals(revocationModeString, ConfigurationStrings.X509RevocationModeOnline)) { revocationMode = X509RevocationMode.Online; } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID7011, attribute.LocalName, customConfigElement.LocalName))); } } else if (StringComparer.OrdinalIgnoreCase.Equals(attribute.LocalName, ConfigurationStrings.X509CertificateValidationMode)) { foundCustomX509Validator = true; string validationModeString = attribute.Value.ToString(); if (StringComparer.OrdinalIgnoreCase.Equals(validationModeString, ConfigurationStrings.X509CertificateValidationModeChainTrust)) { certificateValidationMode = X509CertificateValidationMode.ChainTrust; } else if (StringComparer.OrdinalIgnoreCase.Equals(validationModeString, ConfigurationStrings.X509CertificateValidationModePeerOrChainTrust)) { certificateValidationMode = X509CertificateValidationMode.PeerOrChainTrust; } else if (StringComparer.OrdinalIgnoreCase.Equals(validationModeString, ConfigurationStrings.X509CertificateValidationModePeerTrust)) { certificateValidationMode = X509CertificateValidationMode.PeerTrust; } else if (StringComparer.OrdinalIgnoreCase.Equals(validationModeString, ConfigurationStrings.X509CertificateValidationModeNone)) { certificateValidationMode = X509CertificateValidationMode.None; } else if (StringComparer.OrdinalIgnoreCase.Equals(validationModeString, ConfigurationStrings.X509CertificateValidationModeCustom)) { certificateValidationMode = X509CertificateValidationMode.Custom; } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID7011, attribute.LocalName, customConfigElement.LocalName))); } } else if (StringComparer.OrdinalIgnoreCase.Equals(attribute.LocalName, ConfigurationStrings.X509TrustedStoreLocation)) { foundCustomX509Validator = true; string trustedStoreLocationString = attribute.Value.ToString(); if (StringComparer.OrdinalIgnoreCase.Equals(trustedStoreLocationString, ConfigurationStrings.X509TrustedStoreLocationCurrentUser)) { trustedStoreLocation = StoreLocation.CurrentUser; } else if (StringComparer.OrdinalIgnoreCase.Equals(trustedStoreLocationString, ConfigurationStrings.X509TrustedStoreLocationLocalMachine)) { trustedStoreLocation = StoreLocation.LocalMachine; } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID7011, attribute.LocalName, customConfigElement.LocalName))); } } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID7004, attribute.LocalName, customConfigElement.LocalName))); } } foundValidConfig = true; } if (certificateValidationMode == X509CertificateValidationMode.Custom) { if (String.IsNullOrEmpty(customValidator)) { throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID7028)); } Type customValidatorType = Type.GetType(customValidator, true); if (customValidatorType == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("value", SR.GetString(SR.ID7007, customValidatorType)); } certificateValidator = CustomTypeElement.Resolve<X509CertificateValidator>(new CustomTypeElement(customValidatorType)); } else if (foundCustomX509Validator) { certificateValidator = X509Util.CreateCertificateValidator(certificateValidationMode, revocationMode, trustedStoreLocation); } }
/// <summary> /// Creates an instance of <see cref="X509SecurityTokenHandler"/>. /// </summary> /// <param name="mapToWindows">Boolean to indicate if the certificate should be mapped to a windows account.</param> /// <param name="certificateValidator">The certificate validator.</param> public X509SecurityTokenHandler(bool mapToWindows, X509CertificateValidator certificateValidator) { this.mapToWindows = mapToWindows; this.certificateValidator = certificateValidator; }
/// <summary> /// Creates an instance of <see cref="X509SecurityTokenHandler"/> with an X509 certificate validator. /// MapToWindows is to false by default. /// </summary> /// <param name="certificateValidator">The certificate validator.</param> public X509SecurityTokenHandler(X509CertificateValidator certificateValidator) : this(false, certificateValidator) { }
public static IEnumerable<Claim> ValidateIdentityToken(string token, string issuer, string audience, X509Certificate2 signingCertificate, X509CertificateValidator certificateValidator = null) { if (certificateValidator == null) { certificateValidator = X509CertificateValidator.None; } var configuration = new SecurityTokenHandlerConfiguration { CertificateValidator = certificateValidator }; var handler = new JwtSecurityTokenHandler { Configuration = configuration }; var parameters = new TokenValidationParameters { ValidIssuer = issuer, AllowedAudience = audience, SigningToken = new X509SecurityToken(signingCertificate) }; return handler.ValidateToken(token, parameters).Claims; }
public RequireSslOptions() { RequireClientCertificate = false; ClientCertificateValidator = X509CertificateValidator.None; }
public PeerOrChainTrustValidator(bool useMachineContext, X509ChainPolicy chainPolicy) { _chain = X509CertificateValidator.CreateChainTrustValidator(useMachineContext, chainPolicy); _peer = (PeerTrustValidator)X509CertificateValidator.PeerTrust; }
public X509SecurityTokenAuthenticator(X509CertificateValidator validator, bool mapToWindows, bool includeWindowsGroups) : this(validator, mapToWindows, includeWindowsGroups, true) { }
public X509SecurityTokenAuthenticator(X509CertificateValidator validator, bool mapToWindows) : this(validator, mapToWindows, false) { }
public PeerCertificateClientCredentials(X509Certificate2 selfCertificate, X509CertificateValidator validator) { this.selfCertificate = selfCertificate; this.certificateValidator = validator; }
public PeerOrChainTrustValidator() { _chain = X509CertificateValidator.ChainTrust; _peer = (PeerTrustValidator)X509CertificateValidator.PeerTrust; }
public PeerOrChainTrustValidator() { this.chain = X509CertificateValidator.ChainTrust; this.peer = (PeerTrustValidator)X509CertificateValidator.PeerTrust; }
public static void AddSaml2(this AuthenticationConfiguration configuration, string issuerThumbprint, string issuerName, string audienceUri, X509CertificateValidator certificateValidator, AuthenticationOptions options, AuthenticationScheme scheme) { var registry = new ConfigurationBasedIssuerNameRegistry(); registry.AddTrustedIssuer(issuerThumbprint, issuerName); var handlerConfig = new SecurityTokenHandlerConfiguration(); handlerConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(audienceUri)); handlerConfig.IssuerNameRegistry = registry; handlerConfig.CertificateValidator = certificateValidator; configuration.AddSaml2(handlerConfig, options, scheme); }