private static GenericXmlSecurityToken GetSecurityToken(Uri spSiteUrl, string username, string password) { var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential) { TrustVersion = TrustVersion.WSTrustFeb2005 }; var address = new EndpointAddress(_stsUrl); using (var factory = new Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannelFactory(binding, address)) { factory.Credentials.UserName.UserName = username; factory.Credentials.UserName.Password = password; var channel = factory.CreateChannel(); var rst = new RequestSecurityToken { RequestType = WSTrustFeb2005Constants.RequestTypes.Issue, KeyType = WSTrustFeb2005Constants.KeyTypes.Bearer, TokenType = Microsoft.IdentityModel.Tokens.SecurityTokenTypes.Saml11TokenProfile11, AppliesTo = new EndpointAddress(spSiteUrl), }; var genericToken = channel.Issue(rst) as GenericXmlSecurityToken; return(genericToken); } }
public static SecurityToken GetToken(string username, string password, string tokenIssuer, string appliesTo, out RequestSecurityTokenResponse rsts) { WS2007HttpBinding binding = new WS2007HttpBinding(); binding.Security.Message.EstablishSecurityContext = false; binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None; binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName; binding.Security.Mode = SecurityMode.TransportWithMessageCredential; var tokenIssuerUrlFormat = "https://{0}/adfs/services/trust/13/usernamemixed"; var tokenIssuerUrl = string.Format(tokenIssuerUrlFormat, tokenIssuer); WSTrustChannelFactory trustChannelFactory = new WSTrustChannelFactory(binding, new EndpointAddress(tokenIssuerUrl)); trustChannelFactory.TrustVersion = TrustVersion.WSTrust13; trustChannelFactory.Credentials.UserName.UserName = username; trustChannelFactory.Credentials.UserName.Password = password; trustChannelFactory.ConfigureChannelFactory(); // Create issuance issuance and get security token RequestSecurityToken requestToken = new RequestSecurityToken(WSTrust13Constants.RequestTypes.Issue); requestToken.AppliesTo = new EndpointAddress(appliesTo); WSTrustChannel tokenClient = (WSTrustChannel) trustChannelFactory.CreateChannel(); SecurityToken token = tokenClient.Issue(requestToken, out rsts); return token; }
public static SecurityToken getToken(sts.Token token) { var textmessageEncoding = new TextMessageEncodingBindingElement(); textmessageEncoding.WriteEncoding = Encoding.UTF8; textmessageEncoding.MessageVersion = MessageVersion.Soap12WSAddressing10; var messageSecurity = new AsymmetricSecurityBindingElement(); messageSecurity.AllowSerializedSigningTokenOnReply = true; messageSecurity.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10; messageSecurity.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10; //messageSecurity.EnableUnsecuredResponse = true; messageSecurity.IncludeTimestamp = false; messageSecurity.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic128Rsa15; messageSecurity.SecurityHeaderLayout = SecurityHeaderLayout.Lax; messageSecurity.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; messageSecurity.LocalClientSettings.DetectReplays = false; messageSecurity.LocalServiceSettings.DetectReplays = false; var x509SecurityParamter = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.RawDataKeyIdentifier, SecurityTokenInclusionMode.AlwaysToInitiator); messageSecurity.RecipientTokenParameters = x509SecurityParamter; messageSecurity.RecipientTokenParameters.RequireDerivedKeys = false; var initiator = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.RawDataKeyIdentifier, SecurityTokenInclusionMode.AlwaysToRecipient); initiator.RequireDerivedKeys = false; messageSecurity.InitiatorTokenParameters = initiator; var binding = new CustomBinding(messageSecurity, textmessageEncoding, new StrippingChannelBindingElement(), new HttpTransportBindingElement()); Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannelFactory trustChannelFactory = new Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannelFactory(binding, new EndpointAddress(new Uri("http://login.staging.rapidsoft.ru:80/auth/sts"), EndpointIdentity.CreateDnsIdentity("test"))); trustChannelFactory.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindByIssuerName, "test"); trustChannelFactory.Credentials.ServiceCertificate.SetDefaultCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindByIssuerName, "test"); trustChannelFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; trustChannelFactory.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindByIssuerName, "test"); trustChannelFactory.Endpoint.Contract.ProtectionLevel = ProtectionLevel.None; trustChannelFactory.TrustVersion = System.ServiceModel.Security.TrustVersion.WSTrust13; Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel channel = (Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel)trustChannelFactory.CreateChannel(); RequestSecurityToken rst = new RequestSecurityToken(RequestTypes.Issue); rst.OnBehalfOf = new Microsoft.IdentityModel.Tokens.SecurityTokenElement(token, new Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection()); rst.KeyType = WSTrust13Constants.KeyTypes.Asymmetric; RequestSecurityTokenResponse rstr = null; SecurityToken SecurityToken = channel.Issue(rst, out rstr); return(SecurityToken); }
public virtual string AuthenticateUser(string username, string password, string stsEndpoint, string relyingPartyAddress) { if (string.IsNullOrEmpty(stsEndpoint) || string.IsNullOrEmpty(relyingPartyAddress) || string.IsNullOrEmpty(username) || string.IsNullOrEmpty(password)) { throw new NullReferenceException( "AuthenticationTokenFactory received a null/empty argument for: username || password || stsEndpoint || relyingPartyAddress "); } var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential) { ClientCredentialType = HttpClientCredentialType.None }; var trustChannelFactory = new WSTrustChannelFactory(binding, new EndpointAddress(stsEndpoint)) { TrustVersion = TrustVersion.WSTrust13 }; var channelCredentials = trustChannelFactory.Credentials; channelCredentials.UserName.UserName = username; channelCredentials.UserName.Password = password; channelCredentials.SupportInteractive = false; var tokenClient = (WSTrustChannel)trustChannelFactory.CreateChannel(); var rst = new RequestSecurityToken(WSTrust13Constants.RequestTypes.Issue, WSTrust13Constants.KeyTypes.Bearer) { AppliesTo = new System.ServiceModel.EndpointAddress(relyingPartyAddress), ReplyTo = relyingPartyAddress, TokenType = "urn:ietf:params:oauth:token-type:jwt" }; var token = tokenClient.Issue(rst); var innerXml = ((GenericXmlSecurityToken)token).TokenXml.InnerXml; byte[] data = Convert.FromBase64String(innerXml); string decodedString = Encoding.UTF8.GetString(data); return(decodedString); }
private static SecurityToken ConvertToToken(string xml) { WS2007FederationHttpBinding binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential, false); Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannelFactory factory = new Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannelFactory(binding, new EndpointAddress("https://null-EndPoint")); factory.TrustVersion = TrustVersion.WSTrustFeb2005; Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel trustChannel = (Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel)factory.CreateChannel(); RequestSecurityTokenResponse response = trustChannel.WSTrustResponseSerializer.CreateInstance(); response.RequestedSecurityToken = new RequestedSecurityToken(LoadXml(xml).DocumentElement); response.IsFinal = true; RequestSecurityToken requestToken = new RequestSecurityToken(WSTrustFeb2005Constants.RequestTypes.Issue); requestToken.KeyType = WSTrustFeb2005Constants.KeyTypes.Symmetric; return(trustChannel.GetTokenFromResponse(requestToken, response)); }
static string _signingCertificateCommonName = "ADFS Signing - adfs.example.local"; // Put the common name of the ADFS Token Signing Certificate here. static void Main(string[] args) { Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannelFactory factory = null; try { _relyingPartyIdentifier = _relyingPartyIdentifier.EndsWith("/") ? _relyingPartyIdentifier : _relyingPartyIdentifier + "/"; _adfsServerAddress = _adfsServerAddress.EndsWith("/") ? _adfsServerAddress : _adfsServerAddress + "/"; factory = new Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannelFactory(new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(_adfsServerAddress + "adfs/services/trust/13/usernamemixed")); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.UserName.UserName = _username; factory.Credentials.UserName.Password = _password; var rst = new Microsoft.IdentityModel.Protocols.WSTrust.RequestSecurityToken { RequestType = WSTrust13Constants.RequestTypes.Issue, AppliesTo = new EndpointAddress(_relyingPartyIdentifier), KeyType = WSTrust13Constants.KeyTypes.Bearer }; var channel = factory.CreateChannel(); var genericToken = channel.Issue(rst) as GenericXmlSecurityToken; var handler = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection(); var tokenString = genericToken.TokenXml.OuterXml; var samlToken = handler.ReadToken(new XmlTextReader(new StringReader(tokenString))); ValidateSamlToken(samlToken); } finally { if (factory != null) { try { factory.Close(); } catch (CommunicationObjectFaultedException) { factory.Abort(); } } } }
private static SecurityToken ConvertToToken(string xml) { WS2007FederationHttpBinding binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential, false); Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannelFactory factory = new Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannelFactory(binding, new EndpointAddress("https://null-EndPoint")); factory.TrustVersion = TrustVersion.WSTrustFeb2005; Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel trustChannel = (Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel)factory.CreateChannel(); RequestSecurityTokenResponse response = trustChannel.WSTrustResponseSerializer.CreateInstance(); response.RequestedSecurityToken = new RequestedSecurityToken(LoadXml(xml).DocumentElement); response.IsFinal = true; RequestSecurityToken requestToken = new RequestSecurityToken(WSTrustFeb2005Constants.RequestTypes.Issue); requestToken.KeyType = WSTrustFeb2005Constants.KeyTypes.Symmetric; return trustChannel.GetTokenFromResponse(requestToken, response); }
public static string GetAuthenticationCookie(string IdProviderUrl, string RP_Uri, string RP_Realm, string UserName, string Password, string Domain) { //----------------------------------------------------------------------------- // Pass the Windows auth credential to the endpoint of the Identity Provider (ADFS) //----------------------------------------------------------------------------- var binding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential); binding.Security.Message.EstablishSecurityContext = false; var endpoint = new EndpointAddress(IdProviderUrl + "/adfs/services/trust/13/windowsmixed"); RequestSecurityTokenResponse rstr; using (var factory = new Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannelFactory(binding, endpoint)) { factory.Credentials.Windows.ClientCredential = new NetworkCredential(UserName, Password, Domain); factory.TrustVersion = System.ServiceModel.Security.TrustVersion.WSTrust13; var rst = new RequestSecurityToken(); rst.AppliesTo = new EndpointAddress(RP_Realm); rst.KeyType = WSTrust13Constants.KeyTypes.Bearer; rst.RequestType = WSTrust13Constants.RequestTypes.Issue; var channel = (Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel)factory.CreateChannel(); channel.Issue(rst, out rstr); } //----------------------------------------------------------------------------- // Send the security token acquired from the Identity Provider (ADFS) // to Replying Party (SharePoint) // And acquire authorization cookie from SharePoint Server. //----------------------------------------------------------------------------- using (var output = new StringWriterUtf8(new StringBuilder())) { using (var xmlwr = XmlWriter.Create(output)) { WSTrust13ResponseSerializer rs = new WSTrust13ResponseSerializer(); rs.WriteXml(rstr, xmlwr, new WSTrustSerializationContext()); } var str = string.Format("wa=wsignin1.0&wctx={0}&wresult={1}", HttpUtility.UrlEncode(RP_Uri + "/_layouts/15/Authenticate.aspx?Source=%2F"), HttpUtility.UrlEncode(output.ToString())); var req = (HttpWebRequest)HttpWebRequest.Create(RP_Uri + "/_trust/"); req.Method = "POST"; req.ContentType = "application/x-www-form-urlencoded"; req.CookieContainer = new CookieContainer(); req.AllowAutoRedirect = false; using (var res = req.GetRequestStream()) { byte[] postData = Encoding.UTF8.GetBytes(str); res.Write(postData, 0, postData.Length); } using (var res = (HttpWebResponse)req.GetResponse()) { return(res.Cookies["FedAuth"].Value); } } }
protected override void ProcessRecord() { base.ProcessRecord(); WriteVerbose("Process record"); string connectionPassword; string connectionUsername; switch (this.ParameterSetName) { case "Securestring": { connectionPassword = password; connectionUsername = securePassword.ToUnsecureString(); break; } case "Credentials": { connectionPassword = credentials.Password.ToUnsecureString(); connectionUsername = credentials.UserName; break; } default: { connectionPassword = password; connectionUsername = username; break; } } string serverUrl = string.Format("{0}://{1}{2}", requestProtocol, adfsServer, adfsRequestUrl); try { var factory = new WSTrustChannelFactory(new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(serverUrl)) { TrustVersion = TrustVersion.WSTrust13 }; factory.Credentials.UserName.UserName = connectionUsername; factory.Credentials.UserName.Password = connectionPassword; var rst = new RequestSecurityToken { RequestType = WSTrust13Constants.RequestTypes.Issue, AppliesTo = new EndpointAddress(adfsAudience), KeyType = WSTrust13Constants.KeyTypes.Bearer }; var channel = factory.CreateChannel(); var genericToken = channel.Issue(rst) as GenericXmlSecurityToken; if (outputFormat.ToLower() == "xmltoken") { WriteObject(genericToken.TokenXml.OuterXml); } else if (outputFormat.ToLower() == "samltoken") { var tokenHandler = System.IdentityModel.Tokens.SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection(); var tokenString = genericToken.TokenXml.OuterXml; WriteObject(tokenHandler.ReadToken(new XmlTextReader(new StringReader(tokenString)))); } else { XmlDocument xmlDocument = new XmlDocument(); xmlDocument.LoadXml(genericToken.TokenXml.OuterXml); WriteObject(xmlDocument); } } catch (Exception ex) { WriteError(new ErrorRecord(new SecurityException(ex.Message), "100", ErrorCategory.AuthenticationError, null)); } }