public HttpResponseMessage GetToken(string username, string password)
{
string relyingPartyId = System.Configuration.ConfigurationManager.AppSettings["AudianceUri"];
string identityServerEndpoint = System.Configuration.ConfigurationManager.AppSettings["SecurityEndPoint"];
var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential);
var credentials = new ClientCredentials();
credentials.UserName.UserName = username;
credentials.UserName.Password = password;
try
{
var token = WSTrustClient.Issue(
new EndpointAddress(identityServerEndpoint),
new EndpointAddress(relyingPartyId),
binding,
credentials) as GenericXmlSecurityToken;
return(new HttpResponseMessage()
{
Content = new StringContent(token.TokenXml.OuterXml, Encoding.UTF8, "application/xml")
});
}
catch (Exception)
{
throw new PMSSecurityIdentityException();
}
}
public GenericXmlSecurityToken GetIssuedToken(RequestSecurityToken rst)
{
EndpointAddress endpointAddress = new EndpointAddress(STSAddress, EndpointIdentity.CreateDnsIdentity(DnsIdentityForServiceCertificates));
WSTrustClient trustClient = WSTrustClientFactory.GetWSTrustClient(clientCertifikat, serviceCertifikat, endpointAddress);
GenericXmlSecurityToken token = (GenericXmlSecurityToken)trustClient.Issue(rst);
trustClient.Close();
return(token);
}
/// <summary>
/// Returns a client thats configured for OIOWS-Trust
/// </summary>
/// <param name="clientCertificate"></param>
/// <param name="securityTokenServiceCertificate"></param>
/// <param name="endpointAddress"></param>
/// <returns></returns>
public static WSTrustClient GetWSTrustClient(X509Certificate2 clientCertificate, X509Certificate2 securityTokenServiceCertificate, EndpointAddress endpointAddress)
{
var clientCredentials = new ClientCredentials();
clientCredentials.ClientCertificate.Certificate = clientCertificate;
WSTrustClient trustClient = new WSTrustClient(new SecurityTokenServiceBinding(), endpointAddress, TrustVersion.WSTrust13, clientCredentials);
trustClient.Endpoint.Contract.ProtectionLevel = ProtectionLevel.Sign;
trustClient.ClientCredentials.ServiceCertificate.DefaultCertificate = securityTokenServiceCertificate;
return trustClient;
}
/// <summary>
/// Returns a client thats configured for OIOWS-Trust
/// </summary>
/// <param name="clientCertificate"></param>
/// <param name="securityTokenServiceCertificate"></param>
/// <param name="endpointAddress"></param>
/// <returns></returns>
public static WSTrustClient GetWSTrustClient(X509Certificate2 clientCertificate, X509Certificate2 securityTokenServiceCertificate, EndpointAddress endpointAddress)
{
var clientCredentials = new ClientCredentials();
clientCredentials.ClientCertificate.Certificate = clientCertificate;
WSTrustClient trustClient = new WSTrustClient(new SecurityTokenServiceBinding(), endpointAddress, TrustVersion.WSTrust13, clientCredentials);
trustClient.Endpoint.Contract.ProtectionLevel = ProtectionLevel.Sign;
trustClient.ClientCredentials.ServiceCertificate.DefaultCertificate = securityTokenServiceCertificate;
return(trustClient);
}
public GenericXmlSecurityToken AuthenticateUserName(string userName, string password, string appliesTo)
{
var credentials = new ClientCredentials();
credentials.UserName.UserName = userName;
credentials.UserName.Password = password;
return(WSTrustClient.Issue(
new EndpointAddress(_configuration.AdfsIntegration.UserNameAuthenticationEndpoint),
new EndpointAddress(appliesTo),
new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential),
credentials) as GenericXmlSecurityToken);
}
private static SecurityToken RequestToken()
{
var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential);
var credentials = new ClientCredentials();
credentials.UserName.UserName = "******";
credentials.UserName.Password = "******";
return(WSTrustClient.Issue(
new EndpointAddress(_idsrvEndpoint),
new EndpointAddress(_realm),
binding,
credentials));
}
public ClaimsPrincipal Validate(string userName, string password)
{
var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential);
var credentials = new ClientCredentials();
credentials.UserName.UserName = userName;
credentials.UserName.Password = password;
GenericXmlSecurityToken genericToken;
try
{
genericToken = WSTrustClient.Issue(
new EndpointAddress(_address),
new EndpointAddress(_realm),
binding,
credentials) as GenericXmlSecurityToken;
}
catch (MessageSecurityException ex)
{
Tracing.Error("WSTrustResourceOwnerCredentialValidation failed: " + ex.ToString());
return(null);
}
var config = new SecurityTokenHandlerConfiguration();
config.AudienceRestriction.AllowedAudienceUris.Add(new Uri(_realm));
config.CertificateValidationMode = X509CertificateValidationMode.None;
config.CertificateValidator = X509CertificateValidator.None;
var registry = new ConfigurationBasedIssuerNameRegistry();
registry.AddTrustedIssuer(_issuerThumbprint, _address);
config.IssuerNameRegistry = registry;
var handler = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection(config);
ClaimsPrincipal principal;
var token = genericToken.ToSecurityToken();
principal = new ClaimsPrincipal(handler.ValidateToken(token));
Tracing.Information("Successfully requested token for user via WS-Trust");
return(FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager.Authenticate("ResourceOwnerPasswordValidation", principal));
}
private static string RequestSamlToken()
{
string idpAddress = "https://roadie/stsce/users/issue.svc/mixed/username";
var credentials = new ClientCredentials();
credentials.UserName.UserName = "******";
credentials.UserName.Password = "******";
var token = WSTrustClient.Issue(
new EndpointAddress(idpAddress),
new EndpointAddress("http://websample"),
new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential),
credentials);
return((token as GenericXmlSecurityToken).TokenXml.OuterXml);
}
