/// <summary>
/// Begins the async call of the Issue request.
/// </summary>
/// <param name="principal">The <see cref="ClaimsPrincipal"/> to issue a token for.</param>
/// <param name="request">The security token request which includes request message as well as other client
/// related information such as authorization context.</param>
/// <param name="callback">The async call back.</param>
/// <param name="state">The state object.</param>
/// <returns>The async result.</returns>
public virtual IAsyncResult BeginIssue(ClaimsPrincipal principal, RST request, AsyncCallback callback, object state)
{
if (request == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("request");
}
_principal = principal;
_request = request;
//
// Step 1: Validate the rst: check if this STS is capable of handling this
// rst
//
ValidateRequest(request);
//
//
FederatedAsyncState asyncState = new FederatedAsyncState(request, principal, new TypedAsyncResult <RSTR>(callback, state));
BeginGetScope(principal, request, OnGetScopeComplete, asyncState);
return(asyncState.Result);
}
/// <summary>
/// Copy constructor.
/// </summary>
/// <param name="federatedAsyncState">The input FederatedAsyncState instance.</param>
/// <exception cref="ArgumentNullException">The input 'FederatedAsyncState' is null.</exception>
public FederatedAsyncState(FederatedAsyncState federatedAsyncState)
{
if (null == federatedAsyncState)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("FederatedAsyncState");
}
_request = federatedAsyncState.Request;
_claimsPrincipal = federatedAsyncState.ClaimsPrincipal;
_securityTokenHandler = federatedAsyncState.SecurityTokenHandler;
_result = federatedAsyncState.Result;
}
/// <summary>
/// Copy constructor.
/// </summary>
/// <param name="federatedAsyncState">The input FederatedAsyncState instance.</param>
/// <exception cref="ArgumentNullException">The input 'FederatedAsyncState' is null.</exception>
public FederatedAsyncState(FederatedAsyncState federatedAsyncState)
{
if (null == federatedAsyncState)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("FederatedAsyncState");
}
_request = federatedAsyncState.Request;
_claimsPrincipal = federatedAsyncState.ClaimsPrincipal;
_securityTokenHandler = federatedAsyncState.SecurityTokenHandler;
_result = federatedAsyncState.Result;
}
/// <summary>
/// The callback that is invoked on the completion of the BeginGetOutputSubjects call.
/// </summary>
/// <param name="result">The async result.</param>
/// <exception cref="ArgumentNullException">When the given async result is null.</exception>
void OnGetOutputClaimsIdentityComplete(IAsyncResult result)
{
if (null == result)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("result");
}
FederatedAsyncState state = result.AsyncState as FederatedAsyncState;
if (state == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID2001)));
}
SecurityTokenHandler securityTokenHandler = state.SecurityTokenHandler;
if (securityTokenHandler == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID2016)));
}
Exception unhandledException = null;
RST request = state.Request;
RSTR response = null;
TypedAsyncResult <RSTR> typedResult = state.Result as TypedAsyncResult <RSTR>;
if (typedResult == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID2004, typeof(TypedAsyncResult <RSTR>), state.Result.GetType())));
}
try
{
//
// get token descriptor
//
if (_tokenDescriptor == null)
{
throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID2003));
}
// Step 7: Retrieve the output claims to be included in the issued-token
_tokenDescriptor.Subject = EndGetOutputClaimsIdentity(result);
//
// Use the retrieved securityTokenHandler to create and setup the issued token information on the tokenDescriptor
// (actual issued token, AttachedReference and UnattachedReference)
// TokenType is preserved from the request if possible
if (!string.IsNullOrEmpty(request.TokenType))
{
_tokenDescriptor.TokenType = request.TokenType;
}
else
{
string[] identifiers = securityTokenHandler.GetTokenTypeIdentifiers();
if (identifiers == null || identifiers.Length == 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID4264, request.TokenType)));
}
_tokenDescriptor.TokenType = identifiers[0];
}
_tokenDescriptor.Token = securityTokenHandler.CreateToken(_tokenDescriptor);
_tokenDescriptor.AttachedReference = securityTokenHandler.CreateSecurityTokenReference(_tokenDescriptor.Token, true);
_tokenDescriptor.UnattachedReference = securityTokenHandler.CreateSecurityTokenReference(_tokenDescriptor.Token, false);
// 9. Create the RSTR
response = GetResponse(request, _tokenDescriptor);
}
#pragma warning suppress 56500
catch (Exception e)
{
if (System.Runtime.Fx.IsFatal(e))
{
throw;
}
unhandledException = e;
}
typedResult.Complete(response, typedResult.CompletedSynchronously, unhandledException);
}
/// <summary>
/// This routine processes the stored data about the target resource
/// for who the Issued token is for.
/// </summary>
/// <param name="result">The async result.</param>
/// <exception cref="ArgumentNullException">When the given async result is null.</exception>
void OnGetScopeComplete(IAsyncResult result)
{
if (null == result)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("result");
}
FederatedAsyncState state = result.AsyncState as FederatedAsyncState;
if (state == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID2001)));
}
Exception unhandledException = null;
TypedAsyncResult <RSTR> typedResult = state.Result as TypedAsyncResult <RSTR>;
if (typedResult == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID2004, typeof(TypedAsyncResult <RSTR>), state.Result.GetType())));
}
RST request = state.Request;
try
{
//
// 2. Retrieve the scope information
//
Scope scope = EndGetScope(result);
if (scope == null)
{
throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID2013));
}
this.Scope = scope;
//
// Create a security token descriptor
//
this.SecurityTokenDescriptor = CreateSecurityTokenDescriptor(request, this.Scope);
if (this.SecurityTokenDescriptor == null)
{
throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID2003));
}
if (this.SecurityTokenDescriptor.SigningCredentials == null)
{
throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID2079));
}
//
// If TokenEncryptionRequired is set to true, then we must encrypt the token.
//
if (this.Scope.TokenEncryptionRequired && this.SecurityTokenDescriptor.EncryptingCredentials == null)
{
throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID4184));
}
//
// Step 3: Retrieve the token handler to use for creating token and store it in the state
//
SecurityTokenHandler securityTokenHandler = GetSecurityTokenHandler(request == null ? null : request.TokenType);
if (securityTokenHandler == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.ID4010, request == null ? String.Empty : request.TokenType)));
}
state.SecurityTokenHandler = securityTokenHandler;
//
// Step 4: Logical issuer name
//
_tokenDescriptor.TokenIssuerName = GetValidIssuerName();
//
// Step 5: Establish token lifetime
//
_tokenDescriptor.Lifetime = GetTokenLifetime(request == null ? null : request.Lifetime);
//
// Step 6: Compute the proof key
//
_tokenDescriptor.Proof = GetProofToken(request, this.Scope);
//
// Start the async call for generating the output subjects.
//
BeginGetOutputClaimsIdentity(state.ClaimsPrincipal, state.Request, scope, OnGetOutputClaimsIdentityComplete, state);
}
#pragma warning suppress 56500
catch (Exception e)
{
if (System.Runtime.Fx.IsFatal(e))
{
throw;
}
unhandledException = e;
}
if (unhandledException != null)
{
//
// Complete the request in failure
//
typedResult.Complete(null, result.CompletedSynchronously, unhandledException);
}
}
/// <summary>
/// Begins the async call of the Issue request.
/// </summary>
/// <param name="principal">The <see cref="ClaimsPrincipal"/> to issue a token for.</param>
/// <param name="request">The security token request which includes request message as well as other client
/// related information such as authorization context.</param>
/// <param name="callback">The async call back.</param>
/// <param name="state">The state object.</param>
/// <returns>The async result.</returns>
public virtual IAsyncResult BeginIssue(ClaimsPrincipal principal, RST request, AsyncCallback callback, object state)
{
if (request == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("request");
}
_principal = principal;
_request = request;
//
// Step 1: Validate the rst: check if this STS is capable of handling this
// rst
//
ValidateRequest(request);
//
//
FederatedAsyncState asyncState = new FederatedAsyncState(request, principal, new TypedAsyncResult<RSTR>(callback, state));
BeginGetScope(principal, request, OnGetScopeComplete, asyncState);
return asyncState.Result;
}