/// <summary>
/// Reads the 'wresult' and returns the embeded security token.
/// </summary>
/// <returns>the 'SecurityToken'.</returns>
public virtual string GetToken()
{
if (Wresult == null)
{
IdentityModelEventSource.Logger.WriteWarning(string.Format(CultureInfo.InvariantCulture, LogMessages.IDX10000, "wresult"));
return(null);
}
using (StringReader sr = new StringReader(Wresult))
{
XmlReader xmlReader = XmlReader.Create(sr);
xmlReader.MoveToContent();
WSTrustResponseSerializer serializer = new WSTrust13ResponseSerializer();
if (serializer.CanRead(xmlReader))
{
RequestSecurityTokenResponse response = serializer.ReadXml(xmlReader, new WSTrustSerializationContext());
return(response.RequestedSecurityToken.SecurityTokenXml.OuterXml);
}
serializer = new WSTrustFeb2005ResponseSerializer();
if (serializer.CanRead(xmlReader))
{
RequestSecurityTokenResponse response = serializer.ReadXml(xmlReader, new WSTrustSerializationContext());
return(response.RequestedSecurityToken.SecurityTokenXml.OuterXml);
}
}
return(null);
}
/// <summary>
/// Reads the 'wresult' and returns the embeded security token.
/// </summary>
/// <returns>the 'SecurityToken'.</returns>
public virtual string GetToken()
{
if (Wresult == null)
{
return(null);
}
using (StringReader sr = new StringReader(Wresult))
{
XmlReader xmlReader = XmlReader.Create(sr);
xmlReader.MoveToContent();
WSTrustResponseSerializer serializer = new WSTrust13ResponseSerializer();
if (serializer.CanRead(xmlReader))
{
RequestSecurityTokenResponse response = serializer.ReadXml(xmlReader, new WSTrustSerializationContext());
return(response.RequestedSecurityToken.SecurityTokenXml.OuterXml);
}
serializer = new WSTrustFeb2005ResponseSerializer();
if (serializer.CanRead(xmlReader))
{
RequestSecurityTokenResponse response = serializer.ReadXml(xmlReader, new WSTrustSerializationContext());
return(response.RequestedSecurityToken.SecurityTokenXml.OuterXml);
}
}
return(null);
}
private string SerializeResponse(RequestSecurityTokenResponse response)
{
var serializer = new WSTrust13ResponseSerializer();
var context = new WSTrustSerializationContext(FederatedAuthentication.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlerCollectionManager);
var sb = new StringBuilder(128);
using (var writer = XmlWriter.Create(new StringWriter(sb)))
{
serializer.WriteXml(response, writer, context);
return(sb.ToString());
}
}
private string SerializeResponse(RequestSecurityTokenResponse response)
{
var serializer = new WSTrust13ResponseSerializer();
WSTrustSerializationContext context = new WSTrustSerializationContext();
StringBuilder sb = new StringBuilder(128);
using (var writer = new XmlTextWriter(new StringWriter(sb)))
{
serializer.WriteXml(response, writer, context);
return(sb.ToString());
}
}
public string Serialize(RequestSecurityTokenResponse securityTokenResponse)
{
XmlWriterSettings xmlWriterSettings = new XmlWriterSettings();
xmlWriterSettings.OmitXmlDeclaration = true;
using (MemoryStream memoryStream = new MemoryStream())
using (XmlWriter xmlWriter = XmlWriter.Create(memoryStream, xmlWriterSettings))
{
WSTrust13ResponseSerializer serializer = new WSTrust13ResponseSerializer();
WSTrustSerializationContext context = new WSTrustSerializationContext();
serializer.WriteXml(securityTokenResponse, xmlWriter, context);
xmlWriter.Flush();
var encoding = new System.Text.UTF8Encoding(false);
return(encoding.GetString(memoryStream.ToArray()));
}
}
/// <summary>
/// Checks the authentication.
/// </summary>
/// <param name="claimsPrincipal">The claims principal.</param>
public void CheckAuthentication( IClaimsPrincipal claimsPrincipal )
{
var bootStrapToken = ( from ident in claimsPrincipal.Identities
where ident.BootstrapToken != null && ident.BootstrapToken is SamlSecurityToken
select ident.BootstrapToken ).FirstOrDefault ();
var responseSerializer = new WSTrust13ResponseSerializer ();
var requestSecurityTokenResponse = new RequestSecurityTokenResponse
{
AppliesTo = new EndpointAddress ( "https://localhost/Rem.Web" ),
Context = "passive",
Lifetime = new Lifetime ( bootStrapToken.ValidFrom, bootStrapToken.ValidTo ),
RequestedSecurityToken = new RequestedSecurityToken ( bootStrapToken ),
TokenType = Saml2SecurityTokenHandler.TokenProfile11ValueType,
RequestType = WSTrust13Constants.RequestTypes.Issue,
KeyType = WSTrust13Constants.KeyTypes.Bearer
};
string content;
using ( var swriter = new StringWriter () )
{
using ( var xmlWriter = XmlWriter.Create ( swriter ) )
{
responseSerializer.WriteXml (
requestSecurityTokenResponse,
xmlWriter,
new WSTrustSerializationContext () );
xmlWriter.Flush ();
swriter.Flush ();
var xmlString = swriter.ToString ().Replace ( "<?xml version=\"1.0\" encoding=\"utf-16\"?>", "" );
content = string.Format (
"wa=wsignin1.0&wresult={0}&wctx=rm%3D0%26id%3Dpassive%26ru%3D%252fRem.Web%252f",
HttpContext.Current.Server.UrlEncode ( xmlString ) );
}
}
var currentHttpRequest = HttpContext.Current.Request;
var cookieContainer = new CookieContainer ();
//foreach (string cookieName in currentHttpRequest.Cookies)
//{
// var httpcookie = currentHttpRequest.Cookies[cookieName];
// var cookie = new Cookie(cookieName, httpcookie.Value, httpcookie.Path, httpcookie.Domain ?? "localhost");
// cookieContainer.Add(cookie);
//}
var appSettingsConfiguration = new AppSettingsConfiguration ();
var remWebApplicationAddress = appSettingsConfiguration.GetProperty ( "RemWebApplicationAddress" );
var request = ( HttpWebRequest )WebRequest.CreateDefault ( new Uri ( remWebApplicationAddress ) );
request.Method = currentHttpRequest.HttpMethod;
request.CookieContainer = cookieContainer;
request.ContentType = currentHttpRequest.ContentType;
request.Accept = string.Empty;
foreach ( var acceptType in currentHttpRequest.AcceptTypes )
{
request.Accept += acceptType;
if ( acceptType != currentHttpRequest.AcceptTypes.Last () )
{
request.Accept += ", ";
}
}
request.ContentLength = content.Length;
request.Referer = currentHttpRequest.UrlReferrer.AbsoluteUri.Replace ( "Rem.Mvc", "Rem.Web" );
request.AllowAutoRedirect = false;
using ( var streamWriter = new StreamWriter ( request.GetRequestStream () ) )
{
streamWriter.Write ( content );
}
try
{
var response = ( HttpWebResponse )request.GetResponse ();
while ( response.StatusCode == HttpStatusCode.Found )
{
response.Close ();
var location = response.Headers["Location"];
if ( !location.StartsWith ( "http" ) )
{
location = string.Format ( "{0}://{1}", request.RequestUri.Scheme, request.RequestUri.Host ) + location;
}
request = GetNewRequest ( location, cookieContainer );
response = ( HttpWebResponse )request.GetResponse ();
}
if ( response.StatusCode != HttpStatusCode.OK )
{
throw new Exception ( "Failed authentication." );
}
var cookieStringBuilder = new StringBuilder ();
foreach ( Cookie cookie in cookieContainer.GetCookies ( new Uri ( "https://localhost" ) ) )
{
if ( cookie.Name.StartsWith ( "FedAuth" ) )
{
HttpContext.Current.Response.Cookies.Add ( new HttpCookie ( "Server" + cookie.Name, cookie.Value ) );
cookieStringBuilder.Append ( cookie.Value );
}
if ( cookie.Name == "ASP.NET_SessionId" )
{
HttpContext.Current.Response.Cookies.Add ( new HttpCookie ( cookie.Name, cookie.Value ) );
}
}
}
catch ( Exception e )
{
throw;
}
}
/// <summary>
/// Checks the authentication.
/// </summary>
/// <param name="claimsPrincipal">The claims principal.</param>
public void CheckAuthentication(IClaimsPrincipal claimsPrincipal)
{
var bootStrapToken = (from ident in claimsPrincipal.Identities
where ident.BootstrapToken != null && ident.BootstrapToken is SamlSecurityToken
select ident.BootstrapToken).FirstOrDefault();
var responseSerializer = new WSTrust13ResponseSerializer();
var requestSecurityTokenResponse = new RequestSecurityTokenResponse
{
AppliesTo = new EndpointAddress("https://localhost/Rem.Web"),
Context = "passive",
Lifetime = new Lifetime(bootStrapToken.ValidFrom, bootStrapToken.ValidTo),
RequestedSecurityToken = new RequestedSecurityToken(bootStrapToken),
TokenType = Saml2SecurityTokenHandler.TokenProfile11ValueType,
RequestType = WSTrust13Constants.RequestTypes.Issue,
KeyType = WSTrust13Constants.KeyTypes.Bearer
};
string content;
using (var swriter = new StringWriter())
{
using (var xmlWriter = XmlWriter.Create(swriter))
{
responseSerializer.WriteXml(
requestSecurityTokenResponse,
xmlWriter,
new WSTrustSerializationContext());
xmlWriter.Flush();
swriter.Flush();
var xmlString = swriter.ToString().Replace("<?xml version=\"1.0\" encoding=\"utf-16\"?>", "");
content = string.Format(
"wa=wsignin1.0&wresult={0}&wctx=rm%3D0%26id%3Dpassive%26ru%3D%252fRem.Web%252f",
HttpContext.Current.Server.UrlEncode(xmlString));
}
}
var currentHttpRequest = HttpContext.Current.Request;
var cookieContainer = new CookieContainer();
//foreach (string cookieName in currentHttpRequest.Cookies)
//{
// var httpcookie = currentHttpRequest.Cookies[cookieName];
// var cookie = new Cookie(cookieName, httpcookie.Value, httpcookie.Path, httpcookie.Domain ?? "localhost");
// cookieContainer.Add(cookie);
//}
var appSettingsConfiguration = new AppSettingsConfiguration();
var remWebApplicationAddress = appSettingsConfiguration.GetProperty("RemWebApplicationAddress");
var request = ( HttpWebRequest )WebRequest.CreateDefault(new Uri(remWebApplicationAddress));
request.Method = currentHttpRequest.HttpMethod;
request.CookieContainer = cookieContainer;
request.ContentType = currentHttpRequest.ContentType;
request.Accept = string.Empty;
foreach (var acceptType in currentHttpRequest.AcceptTypes)
{
request.Accept += acceptType;
if (acceptType != currentHttpRequest.AcceptTypes.Last())
{
request.Accept += ", ";
}
}
request.ContentLength = content.Length;
request.Referer = currentHttpRequest.UrlReferrer.AbsoluteUri.Replace("Rem.Mvc", "Rem.Web");
request.AllowAutoRedirect = false;
using (var streamWriter = new StreamWriter(request.GetRequestStream()))
{
streamWriter.Write(content);
}
try
{
var response = ( HttpWebResponse )request.GetResponse();
while (response.StatusCode == HttpStatusCode.Found)
{
response.Close();
var location = response.Headers["Location"];
if (!location.StartsWith("http"))
{
location = string.Format("{0}://{1}", request.RequestUri.Scheme, request.RequestUri.Host) + location;
}
request = GetNewRequest(location, cookieContainer);
response = ( HttpWebResponse )request.GetResponse();
}
if (response.StatusCode != HttpStatusCode.OK)
{
throw new Exception("Failed authentication.");
}
var cookieStringBuilder = new StringBuilder();
foreach (Cookie cookie in cookieContainer.GetCookies(new Uri("https://localhost")))
{
if (cookie.Name.StartsWith("FedAuth"))
{
HttpContext.Current.Response.Cookies.Add(new HttpCookie("Server" + cookie.Name, cookie.Value));
cookieStringBuilder.Append(cookie.Value);
}
if (cookie.Name == "ASP.NET_SessionId")
{
HttpContext.Current.Response.Cookies.Add(new HttpCookie(cookie.Name, cookie.Value));
}
}
}
catch (Exception e)
{
throw;
}
}
private string SerializeResponse(RequestSecurityTokenResponse response)
{
var serializer = new WSTrust13ResponseSerializer();
var context = new WSTrustSerializationContext(FederatedAuthentication.ServiceConfiguration.SecurityTokenHandlerCollectionManager);
var sb = new StringBuilder(128);
using (var writer = XmlWriter.Create(new StringWriter(sb)))
{
serializer.WriteXml(response, writer, context);
return sb.ToString();
}
}
public static string GetAuthenticationCookie(string IdProviderUrl, string RP_Uri, string RP_Realm, string UserName, string Password, string Domain)
{
//-----------------------------------------------------------------------------
// Pass the Windows auth credential to the endpoint of the Identity Provider (ADFS)
//-----------------------------------------------------------------------------
var binding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential);
binding.Security.Message.EstablishSecurityContext = false;
var endpoint = new EndpointAddress(IdProviderUrl + "/adfs/services/trust/13/windowsmixed");
RequestSecurityTokenResponse rstr;
using (var factory = new Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannelFactory(binding, endpoint))
{
factory.Credentials.Windows.ClientCredential =
new NetworkCredential(UserName, Password, Domain);
factory.TrustVersion = System.ServiceModel.Security.TrustVersion.WSTrust13;
var rst = new RequestSecurityToken();
rst.AppliesTo = new EndpointAddress(RP_Realm);
rst.KeyType = WSTrust13Constants.KeyTypes.Bearer;
rst.RequestType = WSTrust13Constants.RequestTypes.Issue;
var channel = (Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel)factory.CreateChannel();
channel.Issue(rst, out rstr);
}
//-----------------------------------------------------------------------------
// Send the security token acquired from the Identity Provider (ADFS)
// to Replying Party (SharePoint)
// And acquire authorization cookie from SharePoint Server.
//-----------------------------------------------------------------------------
using (var output = new StringWriterUtf8(new StringBuilder()))
{
using (var xmlwr = XmlWriter.Create(output))
{
WSTrust13ResponseSerializer rs = new WSTrust13ResponseSerializer();
rs.WriteXml(rstr, xmlwr, new WSTrustSerializationContext());
}
var str = string.Format("wa=wsignin1.0&wctx={0}&wresult={1}",
HttpUtility.UrlEncode(RP_Uri + "/_layouts/15/Authenticate.aspx?Source=%2F"),
HttpUtility.UrlEncode(output.ToString()));
var req = (HttpWebRequest)HttpWebRequest.Create(RP_Uri + "/_trust/");
req.Method = "POST";
req.ContentType = "application/x-www-form-urlencoded";
req.CookieContainer = new CookieContainer();
req.AllowAutoRedirect = false;
using (var res = req.GetRequestStream())
{
byte[] postData = Encoding.UTF8.GetBytes(str);
res.Write(postData, 0, postData.Length);
}
using (var res = (HttpWebResponse)req.GetResponse())
{
return(res.Cookies["FedAuth"].Value);
}
}
}
public static CookieContainer GetCookies(Uri serviceUri, WebProxy webproxy = null, Uri loginUri = null, string stsHost = null)
{
FedAuthSupport.STSWrapper sTSWrapper = new FedAuthSupport.STSWrapper(serviceUri, stsHost);
string text = null;
HttpWebRequest httpWebRequest = FedAuthSupport.CreateBaseWebRequest("GET", serviceUri, webproxy, sTSWrapper);
using (WebResponse response = httpWebRequest.GetResponse())
{
string text2 = response.Headers["Location"];
if (text2 != null)
{
if (text2.Contains("wctx"))
{
Uri uri = new Uri(text2);
NameValueCollection nameValueCollection = HttpUtility.ParseQueryString(uri.Query);
text = nameValueCollection["wctx"];
}
else
{
loginUri = new Uri(serviceUri, text2);
}
}
}
if (loginUri == null)
{
loginUri = serviceUri;
}
StringBuilder stringBuilder = new StringBuilder();
XmlTextWriter writer = new XmlTextWriter(new StringWriter(stringBuilder));
WSTrust13ResponseSerializer wSTrust13ResponseSerializer = new WSTrust13ResponseSerializer();
wSTrust13ResponseSerializer.WriteXml(sTSWrapper.TokenResponse, writer, new WSTrustSerializationContext());
string xml = stringBuilder.ToString();
HttpWebRequest httpWebRequest2 = FedAuthSupport.CreateBaseWebRequest("POST", loginUri, webproxy, sTSWrapper);
XmlDocument xmlDocument = new XmlDocument();
xmlDocument.LoadXml(xml);
XmlNamespaceManager xmlNamespaceManager = new XmlNamespaceManager(xmlDocument.NameTable);
xmlNamespaceManager.AddNamespace("trust", "http://docs.oasis-open.org/ws-sx/ws-trust/200512");
XmlNode xmlNode = xmlDocument.SelectSingleNode("//trust:RequestSecurityTokenResponse", xmlNamespaceManager);
if (xmlNode == null)
{
throw new InvalidDataException("No RequestSecurityTokenResponse found in ADFS query.");
}
string s;
if (!string.IsNullOrWhiteSpace(text))
{
s = string.Format("wa=wsignin1.0&wctx={0}&wresult={1}", HttpUtility.UrlEncode(text), HttpUtility.UrlEncode(xmlNode.OuterXml));
}
else
{
s = string.Format("wa=wsignin1.0&wresult={1}", HttpUtility.UrlEncode(xmlNode.OuterXml));
}
byte[] bytes = Encoding.ASCII.GetBytes(s);
using (Stream requestStream = httpWebRequest2.GetRequestStream())
{
requestStream.Write(bytes, 0, bytes.Length);
}
CookieContainer result;
using (HttpWebResponse httpWebResponse = httpWebRequest2.GetResponse() as HttpWebResponse)
{
if (httpWebResponse != null)
{
if (httpWebResponse.Cookies != null && httpWebResponse.Cookies.Count > 0)
{
CookieContainer cookieContainer = new CookieContainer();
cookieContainer.Add(serviceUri, httpWebResponse.Cookies);
result = cookieContainer;
return(result);
}
if (httpWebResponse.Headers.AllKeys.Contains("Set-Cookie"))
{
CookieContainer cookieContainer = new CookieContainer();
string[] array = httpWebResponse.Headers["Set-Cookie"].Split(new char[]
{
','
});
string[] array2 = array;
for (int i = 0; i < array2.Length; i++)
{
string text3 = array2[i];
string[] array3 = text3.Split(new char[]
{
';'
});
int num = array3[0].IndexOf('=');
if (num > 0)
{
Uri uri2 = serviceUri;
string name = array3[0].Substring(0, num);
string value = array3[0].Substring(num + 1);
for (int j = 1; j < array3.Length; j++)
{
string[] array4 = array3[j].Split(new char[]
{
'='
});
if (array4[0].Trim().Equals("domain"))
{
uri2 = new Uri(uri2.Scheme + "://" + array4[1].Trim());
}
}
Cookie cookie = new Cookie(name, value);
cookieContainer.Add(uri2, cookie);
}
}
if (cookieContainer.Count > 0)
{
result = cookieContainer;
return(result);
}
}
}
result = null;
}
return(result);
}
// Move to utility class
string RstrToString(RequestSecurityTokenResponse token)
{
WSTrust13ResponseSerializer ser = new WSTrust13ResponseSerializer();
WSTrustSerializationContext context = new WSTrustSerializationContext();
StringBuilder stringBuilder = new StringBuilder();
XmlWriter xr = XmlWriter.Create(new StringWriter(stringBuilder), new XmlWriterSettings { OmitXmlDeclaration = true });
ser.WriteXml(token, xr, context);
xr.Flush();
return stringBuilder.ToString();
}
private string SerializeResponse(RequestSecurityTokenResponse response)
{
var serializer = new WSTrust13ResponseSerializer();
WSTrustSerializationContext context = new WSTrustSerializationContext();
StringBuilder sb = new StringBuilder(128);
using (var writer = new XmlTextWriter(new StringWriter(sb)))
{
serializer.WriteXml(response, writer, context);
return sb.ToString();
}
}
