/// <summary>Creates <see cref="Claim"/>'s from the incoming token.
/// </summary>
/// <param name="simpleWebToken">The incoming <see cref="SimpleWebToken"/>.</param>
/// <returns>A <see cref="ClaimsIdentity"/> created from the token.</returns>
protected virtual ClaimsIdentity CreateClaims(SwtSecurityToken simpleWebToken)
{
if (simpleWebToken == null)
{
throw new ArgumentNullException("simpleWebToken");
}
NameValueCollection tokenProperties = simpleWebToken.GetAllProperties();
if (tokenProperties == null)
{
throw new SecurityTokenValidationException("No claims can be created from this Simple Web Token.");
}
if (Configuration.IssuerNameRegistry == null)
{
throw new InvalidOperationException("The Configuration.IssuerNameRegistry property of this SecurityTokenHandler is set to null. Tokens cannot be validated in this state.");
}
string normalizedIssuer = Configuration.IssuerNameRegistry.GetIssuerName(simpleWebToken);
ClaimsIdentity identity = new ClaimsIdentity(AuthenticationTypes.Federation);
foreach (string key in tokenProperties.Keys)
{
if (!IsReservedKeyName(key) && !string.IsNullOrEmpty(tokenProperties[key]))
{
identity.AddClaim(new Claim(key, tokenProperties[key], ClaimValueTypes.String, normalizedIssuer));
if (key == AcsNameClaimType)
{
// add a default name claim from the Name identifier claim.
identity.AddClaim(new Claim(DefaultNameClaimType, tokenProperties[key], ClaimValueTypes.String, normalizedIssuer));
}
}
}
return(identity);
}
/// <summary>
/// Serializes the given SecurityToken to the XmlWriter.
/// </summary>
/// <param name="writer">XmlWriter into which the token is serialized.</param>
/// <param name="token">SecurityToken to be serialized.</param>
public override void WriteToken(XmlWriter writer, SecurityToken token)
{
SwtSecurityToken simpleWebToken = token as SwtSecurityToken;
if (simpleWebToken == null)
{
throw new SecurityTokenException("The given token is not of the expected type 'SimpleWebToken'.");
}
string signedToken = null;
if (String.IsNullOrEmpty(simpleWebToken.SerializedToken))
{
StringBuilder strBuilder = new StringBuilder();
bool skipDelimiter = true;
NameValueCollection tokenProperties = simpleWebToken.GetAllProperties();
// Remove the signature if present
if (String.IsNullOrEmpty(tokenProperties[SwtSecurityTokenConstants.Signature]))
{
tokenProperties.Remove(SwtSecurityTokenConstants.Signature);
}
foreach (string key in tokenProperties.Keys)
{
if (tokenProperties[key] != null)
{
if (!skipDelimiter)
{
strBuilder.Append(ParameterSeparator);
}
strBuilder.Append(String.Format(
CultureInfo.InvariantCulture,
"{0}={1}",
HttpUtility.UrlEncode(key),
HttpUtility.UrlEncode(tokenProperties[key])));
skipDelimiter = false;
}
}
string serializedToken = strBuilder.ToString();
SwtSecurityTokenKeyIdentifierClause clause = new SwtSecurityTokenKeyIdentifierClause(simpleWebToken.Audience);
InMemorySymmetricSecurityKey securityKey = null;
try
{
securityKey = (InMemorySymmetricSecurityKey)this.Configuration.IssuerTokenResolver.ResolveSecurityKey(clause);
}
catch (InvalidOperationException)
{
throw new SecurityTokenValidationException("A Symmetric key was not found for the given key identifier clause.");
}
// append the signature
string signature = GenerateSignature(serializedToken, securityKey.GetSymmetricKey());
strBuilder.Append(String.Format(
CultureInfo.InvariantCulture,
"{0}{1}={2}",
ParameterSeparator,
HttpUtility.UrlEncode(SwtSecurityTokenConstants.Signature),
HttpUtility.UrlEncode(signature)));
signedToken = strBuilder.ToString();
}
else
{
// Reuse the stored serialized token if present
signedToken = simpleWebToken.SerializedToken;
}
string encodedToken = Convert.ToBase64String(Encoding.UTF8.GetBytes(signedToken));
writer.WriteStartElement(BinarySecurityToken);
writer.WriteAttributeString("Id", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", token.Id);
writer.WriteAttributeString(ValueType, SwtSecurityTokenConstants.ValueTypeUri);
writer.WriteAttributeString(EncodingType, Base64EncodingType);
writer.WriteString(encodedToken);
writer.WriteEndElement();
}
/// <summary>Creates <see cref="Claim"/>'s from the incoming token.
/// </summary>
/// <param name="simpleWebToken">The incoming <see cref="SimpleWebToken"/>.</param>
/// <returns>A <see cref="ClaimsIdentity"/> created from the token.</returns>
protected virtual ClaimsIdentity CreateClaims(SwtSecurityToken simpleWebToken)
{
if (simpleWebToken == null)
{
throw new ArgumentNullException("simpleWebToken");
}
NameValueCollection tokenProperties = simpleWebToken.GetAllProperties();
if (tokenProperties == null)
{
throw new SecurityTokenValidationException("No claims can be created from this Simple Web Token.");
}
if (Configuration.IssuerNameRegistry == null)
{
throw new InvalidOperationException("The Configuration.IssuerNameRegistry property of this SecurityTokenHandler is set to null. Tokens cannot be validated in this state.");
}
string normalizedIssuer = Configuration.IssuerNameRegistry.GetIssuerName(simpleWebToken);
ClaimsIdentity identity = new ClaimsIdentity(AuthenticationTypes.Federation);
foreach (string key in tokenProperties.Keys)
{
if (!IsReservedKeyName(key) && !string.IsNullOrEmpty(tokenProperties[key]))
{
identity.AddClaim(new Claim(key, tokenProperties[key], ClaimValueTypes.String, normalizedIssuer));
if (key == AcsNameClaimType)
{
// add a default name claim from the Name identifier claim.
identity.AddClaim(new Claim(DefaultNameClaimType, tokenProperties[key], ClaimValueTypes.String, normalizedIssuer));
}
}
}
return identity;
}