Exemplo n.º 1
0
        public SimpleWebToken ValidateToken(string token)
        {
            if (token == null)
                throw new HttpException(401, "SWT not found");

            var swt = new SimpleWebToken(token);
            var securityKey = Convert.FromBase64String(this.SharedKeyBase64);

            if (securityKey == null)
                throw new HttpException(401, "Missing shared key");

            if (!IsHMACValid(swt.RawToken, securityKey))
                throw new HttpException(401, "Invalid signature");

                if (swt.IsExpired)
                    throw new HttpException(401, "Token expired");

            if (this.AllowedAudiences != null && this.AllowedAudiences.Count > 0)
            {
                var swtAudienceUri = default(Uri);
                if (!Uri.TryCreate(swt.Audience, UriKind.RelativeOrAbsolute, out swtAudienceUri))
                    throw new HttpException(401, "Invalid audience");

                if (!this.AllowedAudiences.Any(uri => uri == swtAudienceUri))
                    throw new HttpException(401, "Audience not found");
            }

            if (!string.IsNullOrEmpty(this.AllowedIssuer))
            {
                if (!this.AllowedIssuer.Equals(swt.Issuer, StringComparison.Ordinal))
                    throw new HttpException(401, "Invalid issuer");    
            }

            return swt;
        }
        public static IPrincipalInitializer GetInitializerFromToken(SimpleWebToken token)
        {
            IPrincipalInitializer initializer = null;
            var identityProviderClaim = token.Claims[IdentityProviderClaimType];
            if(!String.IsNullOrEmpty(identityProviderClaim)) {
                switch (identityProviderClaim) {
                    case MSFTFederation: initializer = new MicrosoftADFSPrincipalInitializer(); break;
                    default: initializer = new PrincipalInitializer(); break; // if all else fails, return the default PrincipalInitializer
                }
            }

            return initializer;
        }
Exemplo n.º 3
0
        protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            if (String.IsNullOrEmpty(_sharedKeyBase64))
                throw new ApplicationException("You need to pass in your shared symmetric token signing key.");

            // Validate the existence of the Authorization header
            string authHeader = String.Empty;
            try
            {
                authHeader = request.Headers.GetValues("Authorization").First();
            }
            catch (InvalidOperationException)
            {
                throw new HttpException(400, "Missing Authorization header");
            }

            // Validate the Authorization header
            string header = "OAuth ";
            string token = string.Empty;
            if (string.CompareOrdinal(authHeader, 0, header, 0, header.Length) == 0)
            {
                token = authHeader.Remove(0, header.Length);
            }
            else
            {
                throw new HttpException(401, "The authorization header was invalid");
            }
            // Validate the token
            var validator = new SimpleWebTokenValidator
            {
                SharedKeyBase64 = _sharedKeyBase64
            };

            // Validate the token, throws HttpResponseExceptions if validation fails
            var swt = validator.ValidateToken(token);

            var swtToken = new SimpleWebToken(token);

            // Determine the identity provider and use a principal initializer accordingly
            IPrincipalInitializer principalInitalizer = PrincipalInitializerFactory.GetInitializerFromToken(swtToken);
            principalInitalizer.InitializeCurrentPrincipalFromToken(swtToken);

            return base.SendAsync(request, cancellationToken);
        }
        public virtual void InitializeCurrentPrincipalFromToken(SimpleWebToken swtToken)
        {
            ClaimsIdentity identity = new ClaimsIdentity("Federation");
            foreach (var pair in swtToken.Claims)
            {
                if (!IsReservedKeyName(pair.Key) && !string.IsNullOrEmpty(pair.Value))
                {
                    identity.AddClaim(new Claim(pair.Key, pair.Value, ClaimValueTypes.String, swtToken.Issuer));
                    if (pair.Key == AcsNameClaimType)
                    {
                        // add a default name claim from the Name identifier claim. 
                        identity.AddClaim(new Claim(DefaultNameClaimType, pair.Value, ClaimValueTypes.String, swtToken.Issuer));
                    }
                }
            }

            var principal = new ClaimsPrincipal(new List<ClaimsIdentity> { identity });
            Thread.CurrentPrincipal = principal;
        }
        public override void InitializeCurrentPrincipalFromToken(SimpleWebToken swtToken)
        {
            ClaimsIdentity identity = new ClaimsIdentity("Federation");
            string firstName = String.Empty;
            string lastName = String.Empty;
            foreach (var pair in swtToken.Claims)
            {
                if (!IsReservedKeyName(pair.Key) && !string.IsNullOrEmpty(pair.Value))
                {
                    // Add the claim
                    identity.AddClaim(new Claim(pair.Key, pair.Value, ClaimValueTypes.Email, swtToken.Issuer));

                    // The email address is unique, set it as the "Name" identitifier accessible at User.Identity.Name
                    if (pair.Key == EmailAddressClaimType)
                        identity.AddClaim(new Claim(DefaultNameClaimType, pair.Value, ClaimValueTypes.String, swtToken.Issuer));
                }
            }

            var principal = new ClaimsPrincipal(identity);
            Thread.CurrentPrincipal = principal;
        }