/// <summary>
/// Makes a WSTrust call to the STS to obtain a <see cref="SecurityToken"/> first checking if the token is available in the cache.
/// </summary>
/// <returns>A <see cref="GenericXmlSecurityToken"/>.</returns>
protected override SecurityToken GetTokenCore(TimeSpan timeout)
{
WsTrustRequest request = CreateWsTrustRequest();
WsTrustResponse trustResponse = GetCachedResponse(request);
if (trustResponse is null)
{
using (var memeoryStream = new MemoryStream())
{
var writer = XmlDictionaryWriter.CreateTextWriter(memeoryStream, Encoding.UTF8);
var serializer = new WsTrustSerializer();
serializer.WriteRequest(writer, _requestSerializationContext.TrustVersion, request);
writer.Flush();
var reader = XmlDictionaryReader.CreateTextReader(memeoryStream.ToArray(), XmlDictionaryReaderQuotas.Max);
IRequestChannel channel = ChannelFactory.CreateChannel();
Message reply = channel.Request(Message.CreateMessage(MessageVersion.Soap12WSAddressing10, _requestSerializationContext.TrustActions.IssueRequest, reader));
SecurityUtils.ThrowIfNegotiationFault(reply, channel.RemoteAddress);
trustResponse = serializer.ReadResponse(reply.GetReaderAtBodyContents());
CacheSecurityTokenResponse(request, trustResponse);
}
}
// Create GenericXmlSecurityToken
// Assumes that token is first and Saml2SecurityToken.
using (var stream = new MemoryStream())
{
RequestSecurityTokenResponse response = trustResponse.RequestSecurityTokenResponseCollection[0];
// Get attached and unattached references
GenericXmlSecurityKeyIdentifierClause internalSecurityKeyIdentifierClause = null;
if (response.AttachedReference != null)
{
internalSecurityKeyIdentifierClause = GetSecurityKeyIdentifierForTokenReference(response.AttachedReference);
}
GenericXmlSecurityKeyIdentifierClause externalSecurityKeyIdentifierClause = null;
if (response.UnattachedReference != null)
{
externalSecurityKeyIdentifierClause = GetSecurityKeyIdentifierForTokenReference(response.UnattachedReference);
}
// Get proof token
IdentityModel.Tokens.SecurityToken proofToken = GetProofToken(request, response);
// Get lifetime
DateTime created = response.Lifetime?.Created ?? DateTime.UtcNow;
DateTime expires = response.Lifetime?.Expires ?? created.AddDays(1);
return(new GenericXmlSecurityToken(response.RequestedSecurityToken.TokenElement,
proofToken,
created,
expires,
internalSecurityKeyIdentifierClause,
externalSecurityKeyIdentifierClause,
null));
}
}
private SecurityToken CreateGenericXmlSecurityToken(WsTrustRequest request, WsTrustResponse trustResponse)
{
// Create GenericXmlSecurityToken
// Assumes that token is first and Saml2SecurityToken.
RequestSecurityTokenResponse response = trustResponse.RequestSecurityTokenResponseCollection[0];
// Get attached and unattached references
GenericXmlSecurityKeyIdentifierClause internalSecurityKeyIdentifierClause = null;
if (response.AttachedReference != null)
{
internalSecurityKeyIdentifierClause = GetSecurityKeyIdentifierForTokenReference(response.AttachedReference);
}
GenericXmlSecurityKeyIdentifierClause externalSecurityKeyIdentifierClause = null;
if (response.UnattachedReference != null)
{
externalSecurityKeyIdentifierClause = GetSecurityKeyIdentifierForTokenReference(response.UnattachedReference);
}
// Get proof token
IdentityModel.Tokens.SecurityToken proofToken = GetProofToken(request, response);
// Get lifetime
DateTime created = response.Lifetime?.Created ?? DateTime.UtcNow;
DateTime expires = response.Lifetime?.Expires ?? created.AddDays(1);
return(new GenericXmlSecurityToken(response.RequestedSecurityToken.TokenElement,
proofToken,
created,
expires,
internalSecurityKeyIdentifierClause,
externalSecurityKeyIdentifierClause,
null));
}
