private static void OnFederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e) { List<CookieTransform> sessionTransforms = new List<CookieTransform>(new CookieTransform[] { new DeflateCookieTransform(), new RsaEncryptionCookieTransform(e.FederationConfiguration.ServiceCertificate), new RsaSignatureCookieTransform(e.FederationConfiguration.ServiceCertificate) }); SessionSecurityTokenHandler sessionHandler = new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly()); e.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers.AddOrReplace(sessionHandler); }
void OnServiceConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e) { // Change cookie encryption type from DPAPI to RSA. This avoids a security exception due to a cookie size limit with the SSO cookie. See http://fabriccontroller.net/blog/posts/key-not-valid-for-use-in-specified-state-exception-when-working-with-the-access-control-service/ var sessionTransforms = new List<CookieTransform>(new CookieTransform[] { new DeflateCookieTransform(), new RsaEncryptionCookieTransform(e.FederationConfiguration.ServiceCertificate), new RsaSignatureCookieTransform(e.FederationConfiguration.ServiceCertificate) }); var sessionHandler = new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly()); e.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers.AddOrReplace(sessionHandler); }
/// <summary> /// Initializes an instance of <see cref="WrappedRsaSecurityTokenAuthenticator"/> /// </summary> /// <param name="sessionTokenHandler">The sessionTokenHandler to wrap</param> /// <param name="wcfSessionAuthenticator">The wcf SessionTokenAuthenticator.</param> /// <param name="sctClaimsHandler">Handler that converts WCF generated IAuthorizationPolicy to <see cref="AuthorizationPolicy"/></param> /// <param name="exceptionMapper">Converts token validation exception to SOAP faults.</param> public WrappedSessionSecurityTokenAuthenticator( SessionSecurityTokenHandler sessionTokenHandler, SecurityTokenAuthenticator wcfSessionAuthenticator, SctClaimsHandler sctClaimsHandler, ExceptionMapper exceptionMapper ) : base() { if ( sessionTokenHandler == null ) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "sessionTokenHandler" ); } if ( wcfSessionAuthenticator == null ) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "wcfSessionAuthenticator" ); } if ( sctClaimsHandler == null ) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "sctClaimsHandler" ); } if ( exceptionMapper == null ) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "exceptionMapper" ); } _issuanceSecurityTokenAuthenticator = wcfSessionAuthenticator as IIssuanceSecurityTokenAuthenticator; if ( _issuanceSecurityTokenAuthenticator == null ) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperInvalidOperation( SR.GetString( SR.ID4244 ) ); } _communicationObject = wcfSessionAuthenticator as ICommunicationObject; if ( _communicationObject == null ) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperInvalidOperation( SR.GetString( SR.ID4245 ) ); } _sessionTokenHandler = sessionTokenHandler; _sctClaimsHandler = sctClaimsHandler; _exceptionMapper = exceptionMapper; }
public ActionResult SessionTokenRaw() { var cookieHandler = FederatedAuthentication.SessionAuthenticationModule.CookieHandler; var cookieBytes = cookieHandler.Read(); if (cookieBytes != null && cookieBytes.Length != 0) { var handler = new SessionSecurityTokenHandler(); var sam = FederatedAuthentication.SessionAuthenticationModule; var sessionToken = sam.ReadSessionTokenFromCookie(cookieBytes); var sb = new StringBuilder(128); handler.WriteToken(XmlWriter.Create(sb, new XmlWriterSettings { OmitXmlDeclaration = true }), sessionToken); return new ContentResult { ContentType = "text/xml", Content = sb.ToString() }; } return null; }
private static SessionSecurityTokenHandler GetOrCreateSessionSecurityTokenHandler() { SecurityTokenHandlerCollection defaultHandlers = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection(); SessionSecurityTokenHandler ssth = defaultHandlers[typeof(SessionSecurityToken)] as SessionSecurityTokenHandler; if (ssth == null) { ssth = new SessionSecurityTokenHandler(); defaultHandlers.AddOrReplace(ssth); } return ssth; }
/// <summary> /// Helper method to setup the WrappedSecureConversttion /// </summary> SecurityTokenAuthenticator SetupSecureConversationWrapper( RecipientServiceModelSecurityTokenRequirement tokenRequirement, SessionSecurityTokenHandler tokenHandler, out SecurityTokenResolver outOfBandTokenResolver ) { // This code requires Orcas SP1 to compile. // WCF expects this securityTokenAuthenticator to support: // 1. IIssuanceSecurityTokenAuthenticator // 2. ICommunicationObject is needed for this to work right. // WCF opens a listener in this STA that handles the nego and uses an internal class for negotiating the // the bootstrap tokens. We want to handle ValidateToken to return our authorization policies and surface the bootstrap tokens. // when sp1 is installed, use this one. //SecurityTokenAuthenticator sta = base.CreateSecureConversationTokenAuthenticator( tokenRequirement as RecipientServiceModelSecurityTokenRequirement, _saveBootstrapTokensInSession, out outOfBandTokenResolver ); // use this code if SP1 is not installed SecurityTokenAuthenticator sta = base.CreateSecurityTokenAuthenticator( tokenRequirement, out outOfBandTokenResolver ); SessionSecurityTokenHandler sessionTokenHandler = tokenHandler; // // If there is no SCT handler here, create one. // if ( tokenHandler == null ) { sessionTokenHandler = new SessionSecurityTokenHandler( _cookieTransforms, SessionSecurityTokenHandler.DefaultTokenLifetime ); sessionTokenHandler.ContainingCollection = _securityTokenHandlerCollection; sessionTokenHandler.Configuration = _securityTokenHandlerCollection.Configuration; } if ( ServiceCredentials != null ) { sessionTokenHandler.Configuration.MaxClockSkew = ServiceCredentials.IdentityConfiguration.MaxClockSkew; } SctClaimsHandler claimsHandler = new SctClaimsHandler( _securityTokenHandlerCollection, GetNormalizedEndpointId( tokenRequirement ) ); WrappedSessionSecurityTokenAuthenticator wssta = new WrappedSessionSecurityTokenAuthenticator( sessionTokenHandler, sta, claimsHandler, _exceptionMapper ); WrappedTokenCache wrappedTokenCache = new WrappedTokenCache( _tokenCache, claimsHandler); SetWrappedTokenCache( wrappedTokenCache, sta, wssta, claimsHandler ); outOfBandTokenResolver = wrappedTokenCache; return wssta; }
public SessionAuthenticationConfiguration() { Enabled = false; TokenHandler = new MachineKeySessionSecurityTokenHandler(); }