private static string GetServiceEndpoint(Uri issuerUri) { string passportEnvironment = DeviceIdManager.DiscoverEnvironment(issuerUri); string federationMetadataUrl = string.Format(CultureInfo.InvariantCulture, FederationMetadataUrlFormat, string.IsNullOrEmpty(passportEnvironment) ? null : "-" + passportEnvironment); XmlDocument doc = CallOnlineSoapServices(federationMetadataUrl, "GET", null); XmlNamespaceManager namespaceManager = new XmlNamespaceManager(doc.NameTable); namespaceManager.AddNamespace("fed", "http://docs.oasis-open.org/wsfed/federation/200706"); namespaceManager.AddNamespace("wsa", "http://www.w3.org/2005/08/addressing"); namespaceManager.AddNamespace("xsi", "http://www.w3.org/2001/XMLSchema-instance"); namespaceManager.AddNamespace("core", "urn:oasis:names:tc:SAML:2.0:metadata"); return(SelectNode(doc, namespaceManager, @"//core:EntityDescriptor/core:RoleDescriptor[@xsi:type='fed:ApplicationServiceType']/fed:ApplicationServiceEndpoint/wsa:EndpointReference/wsa:Address").InnerText.Trim()); }
/// <summary> /// This shows the method to retrieve the security ticket for the Microsoft account user or OrgId user /// without using any certificate for authentication. /// </summary> /// <param name="credentials">User credentials that should be used to connect to the server</param> /// <param name="appliesTo">Indicates the AppliesTo that is required for the token</param> /// <param name="policy">Policy that should be used when communicating with the server</param> /// <param name="issuerUri">URL for the current token issuer</param> public static SecurityToken Authenticate(ClientCredentials credentials, string appliesTo, string policy, Uri issuerUri) { string serviceUrl = issuerUri.ToString(); // if serviceUrl starts with "https://login.live.com", it means Microsoft account authentication is needed otherwise OSDP authentication. if (!String.IsNullOrEmpty(serviceUrl) && serviceUrl.StartsWith("https://login.live.com")) { serviceUrl = GetServiceEndpoint(issuerUri); //Authenticate the device ClientCredentials deviceCredentials = DeviceIdManager.LoadOrRegisterDevice(issuerUri); string deviceToken = IssueDeviceToken(serviceUrl, deviceCredentials); //Use the device token to authenticate the user return(Issue(serviceUrl, credentials, appliesTo, policy, Guid.NewGuid(), deviceToken)); } // Default to OSDP authentication. return(Issue(serviceUrl, credentials, appliesTo, policy, Guid.NewGuid(), null)); }