예제 #1
0
        private HttpResponseMessage ProcessJwtRequest(TokenRequest request)
        {
            if (string.IsNullOrEmpty(request.Assertion))
            {
                Tracing.Error("ADFS integration authentication request (JWT) with empty assertion");
                return(OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant));
            }

            Tracing.Information("Starting ADFS integration authentication request (JWT) for scope: " + request.Scope);

            var bridge = new AdfsBridge(ConfigurationRepository);
            GenericXmlSecurityToken token;

            try
            {
                Tracing.Verbose("Starting ADFS integration authentication request (JWT) for assertion: " + request.Assertion);

                token = bridge.AuthenticateJwt(request.Assertion, request.Scope);
            }
            catch (Exception ex)
            {
                Tracing.Error("Error while communicating with ADFS: " + ex.ToString());
                return(OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidRequest));
            }

            var response = CreateTokenResponse(token, request.Scope);

            Tracing.Verbose("ADFS integration JWT authentication successful");

            return(response);
        }
예제 #2
0
        private HttpResponseMessage ProcessUserNameRequest(TokenRequest request)
        {
            if (string.IsNullOrEmpty(request.UserName) ||
                string.IsNullOrEmpty(request.Password))
            {
                Tracing.Error("ADFS integration username authentication request with empty username or password");
                return(OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant));
            }

            Tracing.Information("Starting ADFS integration username authentication request for scope: " + request.Scope);

            var bridge = new AdfsBridge(ConfigurationRepository);
            GenericXmlSecurityToken token;

            try
            {
                Tracing.Verbose("ADFS integration username authentication request for user: "******"Error while communicating with ADFS: " + ex.ToString());
                return(OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidRequest));
            }

            var response = CreateTokenResponse(token, request.Scope);

            Tracing.Verbose("ADFS integration username authentication request successful");

            return(response);
        }
        private HttpResponseMessage CreateTokenResponse(GenericXmlSecurityToken token, string scope)
        {
            var response = new TokenResponse();

            if (ConfigurationRepository.AdfsIntegration.PassThruAuthenticationToken)
            {
                response.AccessToken = token.TokenXml.OuterXml;
                response.ExpiresIn   = (int)(token.ValidTo.Subtract(DateTime.UtcNow).TotalSeconds);
            }
            else
            {
                var bridge = new AdfsBridge(ConfigurationRepository);
                if (ConfigurationRepository.Keys.DecryptionCertificate != null)
                {
                    var configuration = new SecurityTokenHandlerConfiguration
                    {
                        AudienceRestriction       = { AudienceMode = AudienceUriMode.Never },
                        CertificateValidationMode = X509CertificateValidationMode.None,
                        RevocationMode            = X509RevocationMode.NoCheck,
                        CertificateValidator      = X509CertificateValidator.None,
                        ServiceTokenResolver      = SecurityTokenResolver.CreateDefaultSecurityTokenResolver(
                            new ReadOnlyCollection <SecurityToken>(new SecurityToken[] { new X509SecurityToken(ConfigurationRepository.Keys.DecryptionCertificate) }), false)
                    };
                    var handler = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection(configuration);
                    response = bridge.ConvertSamlToJwt(token.ToSecurityToken(handler), scope);
                }
                else
                {
                    response = bridge.ConvertSamlToJwt(token.ToSecurityToken(), scope);
                }
            }

            return(Request.CreateResponse <TokenResponse>(HttpStatusCode.OK, response));
        }
        private HttpResponseMessage ProcessJwtRequest(TokenRequest request)
        {
            if (string.IsNullOrEmpty(request.Assertion))
            {
                Tracing.Error("ADFS integration authentication request (JWT) with empty assertion");
                return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant);
            }

            Tracing.Information("Starting ADFS integration authentication request (JWT) for scope: " + request.Scope);

            var bridge = new AdfsBridge(ConfigurationRepository);
            GenericXmlSecurityToken token;
            try
            {
                Tracing.Verbose("Starting ADFS integration authentication request (JWT) for assertion: " + request.Assertion);

                token = bridge.AuthenticateJwt(request.Assertion, request.Scope);
            }
            catch (Exception ex)
            {
                Tracing.Error("Error while communicating with ADFS: " + ex.ToString());
                return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidRequest);
            }

            var response = CreateTokenResponse(token, request.Scope);
            Tracing.Verbose("ADFS integration JWT authentication successful");

            return response;
        }
예제 #5
0
        private HttpResponseMessage CreateTokenResponse(GenericXmlSecurityToken token, string scope)
        {
            var response = new TokenResponse();

            if (ConfigurationRepository.AdfsIntegration.PassThruAuthenticationToken)
            {
                response.AccessToken = token.TokenXml.OuterXml;
                response.ExpiresIn   = (int)(token.ValidTo.Subtract(DateTime.UtcNow).TotalSeconds);
            }
            else
            {
                var bridge = new AdfsBridge(ConfigurationRepository);

                response = bridge.ConvertSamlToJwt(token.ToSecurityToken(), scope);
            }

            return(Request.CreateResponse <TokenResponse>(HttpStatusCode.OK, response));
        }
예제 #6
0
        private HttpResponseMessage ProcessSamlRequest(TokenRequest request)
        {
            if (string.IsNullOrEmpty(request.Assertion))
            {
                Tracing.Error("ADFS integration SAML authentication request with empty assertion");
                return(OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant));
            }

            // un-base64 saml token string
            string incomingSamlToken;

            try
            {
                incomingSamlToken = Encoding.UTF8.GetString(Convert.FromBase64String(request.Assertion));
            }
            catch
            {
                Tracing.Error("ADFS integration SAML authentication request with malformed SAML assertion: " + request.Assertion);
                return(OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant));
            }

            Tracing.Information("Starting ADFS integration SAML authentication request for scope: " + request.Scope);

            var bridge = new AdfsBridge(ConfigurationRepository);
            GenericXmlSecurityToken token;

            try
            {
                Tracing.Verbose("ADFS integration SAML authentication request for assertion: " + request.Assertion);

                token = bridge.AuthenticateSaml(incomingSamlToken, request.Scope);
            }
            catch (Exception ex)
            {
                Tracing.Error("Error while communicating with ADFS: " + ex.ToString());
                return(OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidRequest));
            }

            var response = CreateTokenResponse(token, request.Scope);

            Tracing.Verbose("ADFS integration SAML authentication request successful");

            return(response);
        }
        private HttpResponseMessage CreateTokenResponse(GenericXmlSecurityToken token, string scope)
        {
            var response = new TokenResponse();

            if (ConfigurationRepository.AdfsIntegration.PassThruAuthenticationToken)
            {
                response.AccessToken = token.TokenXml.OuterXml;
                response.ExpiresIn = (int)(token.ValidTo.Subtract(DateTime.UtcNow).TotalSeconds);
            }
            else
            {
                var bridge = new AdfsBridge(ConfigurationRepository);

                response = bridge.ConvertSamlToJwt(token.ToSecurityToken(), scope);
            }

            return Request.CreateResponse<TokenResponse>(HttpStatusCode.OK, response);
        }
        private HttpResponseMessage ProcessUserNameRequest(TokenRequest request)
        {
            if (string.IsNullOrEmpty(request.UserName) ||
                string.IsNullOrEmpty(request.Password))
            {
                Tracing.Error("ADFS integration username authentication request with empty username or password");
                return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant);
            }

            Tracing.Information("Starting ADFS integration username authentication request for scope: " + request.Scope);

            var bridge = new AdfsBridge(ConfigurationRepository);
            GenericXmlSecurityToken token;
            try
            {
                Tracing.Verbose("ADFS integration username authentication request for user: "******"Error while communicating with ADFS: " + ex.ToString());
                return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidRequest);
            }

            var response = CreateTokenResponse(token, request.Scope);
            Tracing.Verbose("ADFS integration username authentication request successful");

            return response;
        }
        private HttpResponseMessage ProcessSamlRequest(TokenRequest request)
        {
            if (string.IsNullOrEmpty(request.Assertion))
            {
                Tracing.Error("ADFS integration SAML authentication request with empty assertion");
                return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant);
            }

            // un-base64 saml token string
            string incomingSamlToken;
            try
            {
                incomingSamlToken = Encoding.UTF8.GetString(Convert.FromBase64String(request.Assertion));
            }
            catch
            {
                Tracing.Error("ADFS integration SAML authentication request with malformed SAML assertion: " + request.Assertion);
                return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant);
            }

            Tracing.Information("Starting ADFS integration SAML authentication request for scope: " + request.Scope);

            var bridge = new AdfsBridge(ConfigurationRepository);
            GenericXmlSecurityToken token;
            try
            {
                Tracing.Verbose("ADFS integration SAML authentication request for assertion: " + request.Assertion);

                token = bridge.AuthenticateSaml(incomingSamlToken, request.Scope);
            }
            catch (Exception ex)
            {
                Tracing.Error("Error while communicating with ADFS: " + ex.ToString());
                return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidRequest);
            }

            var response = CreateTokenResponse(token, request.Scope);
            Tracing.Verbose("ADFS integration SAML authentication request successful");

            return response;
        }
        private HttpResponseMessage CreateTokenResponse(GenericXmlSecurityToken token, string scope)
        {
            var response = new TokenResponse();

            if (ConfigurationRepository.AdfsIntegration.PassThruAuthenticationToken)
            {
                response.AccessToken = token.TokenXml.OuterXml;
                response.ExpiresIn = (int)(token.ValidTo.Subtract(DateTime.UtcNow).TotalSeconds);
            }
            else
            {
                var bridge = new AdfsBridge(ConfigurationRepository);
                if (ConfigurationRepository.Keys.DecryptionCertificate != null)
                {
                    var configuration = new SecurityTokenHandlerConfiguration
                    {
                        AudienceRestriction = { AudienceMode = AudienceUriMode.Never },
                        CertificateValidationMode = X509CertificateValidationMode.None,
                        RevocationMode = X509RevocationMode.NoCheck,
                        CertificateValidator = X509CertificateValidator.None,
                        ServiceTokenResolver = SecurityTokenResolver.CreateDefaultSecurityTokenResolver(
                            new ReadOnlyCollection<SecurityToken>(new SecurityToken[] { new X509SecurityToken(ConfigurationRepository.Keys.DecryptionCertificate) }), false)
                    };
                    var handler = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection(configuration);
                    response = bridge.ConvertSamlToJwt(token.ToSecurityToken(handler), scope);
                }
                else
                {
                    response = bridge.ConvertSamlToJwt(token.ToSecurityToken(), scope);
                }
            }

            return Request.CreateResponse<TokenResponse>(HttpStatusCode.OK, response);
        }