/// <summary> /// Verify if a delegation exists. /// </summary> /// <param name="clientId">The client id.</param> /// <param name="delegatedIdentity">The delegated identity.</param> /// <param name="scope">The scope.</param> /// <returns>True if a delegation exists, false otherwise.</returns> public bool DelegationExists(string clientId, AuthorizationServerIdentity delegatedIdentity, string scope) { var client = CreateManagementServiceClient(); var relyingParty = client.RelyingParties.Where(rp => rp.Name == RelyingPartyName).ToList().FirstOrDefault(); var relyingPartyId = relyingParty.Id; var serviceIdentity = client.ServiceIdentities.Where(si => si.Name == clientId).ToList().FirstOrDefault(); if (serviceIdentity == null) { throw new OAuthMessageException(Resources.ID3751); } var nameIdentifier = delegatedIdentity.NameIdentifier; var identityProvider = delegatedIdentity.IdentityProvider; var serviceIdentityId = serviceIdentity.Id; var delegation = client.Delegations.Where(d => d.ServiceIdentityId == serviceIdentityId && d.RelyingPartyId == relyingPartyId && d.IdentityProvider == identityProvider && d.NameIdentifier == nameIdentifier && d.Permissions == scope).ToList().FirstOrDefault(); return delegation != null; }
/// <summary> /// Gets the authorization code. /// </summary> /// <param name="clientId">The client id.</param> /// <param name="delegatedIdentity">The delegated identity.</param> /// <param name="scope">The scope.</param> /// <returns> /// The authorization code. /// </returns> public string GetAuthorizationCode(string clientId, AuthorizationServerIdentity delegatedIdentity, string scope) { var client = CreateManagementServiceClient(); var relyingParty = client.RelyingParties.Where(rp => rp.Name == RelyingPartyName).ToList().FirstOrDefault(); var relyingPartyId = relyingParty.Id; var serviceIdentity = client.ServiceIdentities.Where(si => si.Name == clientId).ToList().FirstOrDefault(); if (serviceIdentity == null) { throw new OAuthMessageException(Resources.ID3751); } var nameIdentifier = delegatedIdentity.NameIdentifier; var identityProvider = delegatedIdentity.IdentityProvider; var serviceIdentityId = serviceIdentity.Id; var delegation = client.Delegations.Where(d => d.ServiceIdentityId == serviceIdentityId && d.RelyingPartyId == relyingPartyId && d.IdentityProvider == identityProvider && d.NameIdentifier == nameIdentifier && d.Permissions == scope).ToList().FirstOrDefault(); if (delegation == null) { delegation = new Delegation() { NameIdentifier = delegatedIdentity.NameIdentifier, IdentityProvider = delegatedIdentity.IdentityProvider, RelyingPartyId = relyingPartyId, ServiceIdentityId = serviceIdentity.Id, Permissions = scope }; client.AddToDelegations(delegation); client.SaveChanges(); } return delegation.AuthorizationCode; }
public ActionResult Callback() { string input; using (var reader = new StreamReader(Request.InputStream)) { input = reader.ReadToEnd(); } string locationBase = string.Format("{0}/auth/broker/end", Request.Url.GetComponents(UriComponents.SchemeAndServer, UriFormat.Unescaped)); var inputInQueryStringUri = new Uri(locationBase + "?" + input); NameValueCollection tokenValues = inputInQueryStringUri.ParseQueryString(); string tokenData = tokenValues["wresult"]; //Validate SWT token var tokenSerializer = new WSTrustFeb2005ResponseSerializer(); RequestSecurityTokenResponse requestSecrityTokenResponse = tokenSerializer.ReadXml(new XmlTextReader(new StringReader(tokenData)), new WSTrustSerializationContext()); var simpleWebTokenHandler = new SimpleWebTokenHandler("https://" + _registrationService.ServiceNamespace + ".accesscontrol.windows.net/", _swtSigningKey); var securityToken = simpleWebTokenHandler.ReadToken(requestSecrityTokenResponse.RequestedSecurityToken.SecurityTokenXml.InnerText) as SimpleWebToken; simpleWebTokenHandler.ValidateToken(securityToken, _acsRealm); //Create delegation in ACS var authServerIdentifier = securityToken.Claims.FirstOrDefault(c => c.ClaimType == ClaimTypes.NameIdentifier); var authServerIdentity = new AuthorizationServerIdentity { NameIdentifier = authServerIdentifier.Value, IdentityProvider = authServerIdentifier.Issuer }; //todo: Check if we can add some claims (role claims) to the scope string code = _registrationService.GetAuthorizationCode(_clientId, authServerIdentity, "scope"); //todo: use OAuth parameter names in the return URL //return the token string location = string.Format("{0}?acsToken={1}", locationBase, code); Response.StatusCode = (int)HttpStatusCode.Redirect; Response.Headers.Add("Location", location); Response.End(); return null; }