/// <summary> /// Create the communication channel to the SIMS security server. /// Instead of relying on unweildy .config files full of WCF binding information, we will do this longhand as an example. /// </summary> /// <returns>A channel factory configured with WS2007HttpBinding</returns> private WSTrustChannelFactory GetTrustChannelFactory() { // Use WS2007HttpBinding WS2007HttpBinding binding = new WS2007HttpBinding(); // Timeout settings etc binding.CloseTimeout = new TimeSpan(0, 10, 0); binding.OpenTimeout = new TimeSpan(0, 10, 0); binding.SendTimeout = new TimeSpan(0, 10, 0); // Quotas binding.ReaderQuotas.MaxArrayLength = 2147483647; binding.ReaderQuotas.MaxStringContentLength = 2147483647; binding.ReaderQuotas.MaxDepth = int.MaxValue; binding.MaxReceivedMessageSize = int.MaxValue; // SSL security mode binding.Security.Mode = SecurityMode.TransportWithMessageCredential; // The credentials we will pass will be username/password binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName; binding.Security.Message.EstablishSecurityContext = false; binding.Security.Message.NegotiateServiceCredential = true; binding.UseDefaultWebProxy = true; binding.BypassProxyOnLocal = false; EndpointAddress endpointAddress = new EndpointAddress(new Uri(_securityServerAddress)); WSTrustChannelFactory channelFactory = new WSTrustChannelFactory(binding, endpointAddress); return(channelFactory); }
private static SecurityToken GetToken() { string stsEndpoint = "https://win-beju5ai4tp7.pbdev.codit.eu/adfs/services/trust/2005/windowstransport"; // Windows authentication over transport security var factory = new WSTrustChannelFactory( new WindowsWSTrustBinding(SecurityMode.Transport), stsEndpoint); factory.TrustVersion = TrustVersion.WSTrustFeb2005; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointAddress("https://localhost:8732/ClaimsEnumeratorService/"), KeyType = KeyTypes.Symmetric }; var channel = factory.CreateChannel(); SecurityToken tk = channel.Issue(rst); Console.WriteLine(tk.Id); foreach (var key in tk.SecurityKeys) { Console.WriteLine(key.KeySize.ToString()); } Console.WriteLine(tk.ValidFrom); Console.WriteLine(tk.ValidTo); return tk; }
static void Main(String[] arguments) { if (2 != arguments.Length) { ShowUsage(); return; } String userName = arguments[0]; String password = arguments[1]; var serviceAddress = "http://127.0.0.1:450/TimeService.svc"; var factory = new WSTrustChannelFactory("issuer"); factory.Credentials.UserName.UserName = userName; factory.Credentials.UserName.Password = password; var channel = factory.CreateChannel() as WSTrustChannel; var rst = new RequestSecurityToken("http://schemas.microsoft.com/idfx/requesttype/issue"); rst.AppliesTo = new EndpointAddress(serviceAddress); RequestSecurityTokenResponse rstr = null; Console.WriteLine("Before issue"); var token = channel.Issue(rst, out rstr); Console.WriteLine("After issue"); }
private SecurityToken GetActAsToken() { // Retrieve the token that was saved during initial user login BootstrapContext bootstrapContext = ClaimsPrincipal.Current.Identities.First().BootstrapContext as BootstrapContext; // Use the Thinktecture-implementation of the UserNameWSBinding to setup the channel factory to ADFS var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential); var factory = new WSTrustChannelFactory(binding, new EndpointAddress("https://[ADFS]/adfs/services/trust/13/usernamemixed")); // For demo purposes, we're authenticating to ADFS using a user name and password representing the web application // If the web server is domain-joined, you can use Windows Authentication instead factory.Credentials.UserName.UserName = "******"; factory.Credentials.UserName.Password = "******"; factory.TrustVersion = TrustVersion.WSTrust13; // Setup the request details to ask for a token for the backend service, acting as the logged in user var request = new RequestSecurityToken(); request.RequestType = Thinktecture.IdentityModel.Constants.WSTrust13Constants.RequestTypes.Issue; request.AppliesTo = new EndpointReference("https://[BackendService]/Service.svc"); request.ActAs = new SecurityTokenElement(bootstrapContext.SecurityToken); // Create the channel var channel = factory.CreateChannel(); RequestSecurityTokenResponse response = null; SecurityToken delegatedToken = channel.Issue(request, out response); // Return the acquired token return(delegatedToken); }
internal bool Logoff(string userName, string password, SecurityToken sessionToken) { using (WSTrustChannelFactory factory = GetTrustChannelFactory()) { //// Set up credentials if (factory.Credentials == null) { throw new Exception("Credentails are null"); } factory.Credentials.UserName.UserName = userName; factory.Credentials.UserName.Password = password; factory.Credentials.SupportInteractive = false; // Create a "request for token" SOAP message. // We want the security server to Issue us with a token RequestSecurityToken rst = new RequestSecurityToken(RequestTypes.Cancel); // the token we want to cancel rst.CancelTarget = new SecurityTokenElement(sessionToken); // Create the communicaiton channel IWSTrustChannelContract channel = factory.CreateChannel(); // Cancel token // ReSharper disable once UnusedVariable RequestSecurityTokenResponse response = channel.Cancel(rst); return(response.RequestedTokenCancelled); } }
public string AuthenticateUser(string username, string password) { var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential) { ClientCredentialType = HttpClientCredentialType.None }; var trustChannelFactory = new WSTrustChannelFactory(binding, new EndpointAddress(stsEndpointAddress)) { TrustVersion = TrustVersion.WSTrust13 }; var channelCredentials = trustChannelFactory.Credentials; channelCredentials.UserName.UserName = username; channelCredentials.UserName.Password = password; channelCredentials.SupportInteractive = false; var tokenClient = (WSTrustChannel)trustChannelFactory.CreateChannel(); var rst = new RequestSecurityToken(RequestTypes.Issue, KeyTypes.Bearer) { AppliesTo = new EndpointReference(relyingPartyAddress), ReplyTo = relyingPartyAddress, TokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" }; // to some token-related stuff (like transformations etc...) }
private WSTrustChannel CreateWSTrustChannel(string username, string password) { var binding = new WS2007HttpBinding(SecurityMode.Message); binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName; binding.Security.Message.NegotiateServiceCredential = true; binding.Security.Message.EstablishSecurityContext = false; var timeSpan = new TimeSpan(0, 5, 0); binding.SendTimeout = timeSpan; binding.ReceiveTimeout = timeSpan; binding.OpenTimeout = timeSpan; binding.CloseTimeout = timeSpan; EndpointIdentity identity = EndpointIdentity.CreateDnsIdentity(_tokenClientOptions.CertificateDnsIdentity); var address = new EndpointAddress(_tokenClientOptions.TokenServiceUri, identity); var factory = new WSTrustChannelFactory(binding, address); if (factory.Credentials == null) { throw new NullReferenceException(nameof(WSTrustChannelFactory.Credentials)); } factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.PeerOrChainTrust; factory.Credentials.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck; factory.Credentials.SupportInteractive = false; factory.Credentials.UserName.UserName = username; factory.Credentials.UserName.Password = password; return((WSTrustChannel)factory.CreateChannel()); }
private SecurityToken GetActAsToken() { // Retrieve the token that was saved during initial user login BootstrapContext bootstrapContext = ClaimsPrincipal.Current.Identities.First().BootstrapContext as BootstrapContext; // Use the Thinktecture-implementation of the UserNameWSBinding to setup the channel factory to ADFS var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential); var factory = new WSTrustChannelFactory(binding, new EndpointAddress("https://[ADFS]/adfs/services/trust/13/usernamemixed")); // For demo purposes, we're authenticating to ADFS using a user name and password representing the web application // If the web server is domain-joined, you can use Windows Authentication instead factory.Credentials.UserName.UserName = "******"; factory.Credentials.UserName.Password = "******"; factory.TrustVersion = TrustVersion.WSTrust13; // Setup the request details to ask for a token for the backend service, acting as the logged in user var request = new RequestSecurityToken(); request.RequestType = Thinktecture.IdentityModel.Constants.WSTrust13Constants.RequestTypes.Issue; request.AppliesTo = new EndpointReference("https://[BackendService]/Service.svc"); request.ActAs = new SecurityTokenElement(bootstrapContext.SecurityToken); // Create the channel var channel = factory.CreateChannel(); RequestSecurityTokenResponse response = null; SecurityToken delegatedToken = channel.Issue(request, out response); // Return the acquired token return delegatedToken; }
private static Tuple <string, byte[]> GetToken() { var binding = new WS2007HttpBinding(SecurityMode.Message); binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName; binding.Security.Message.NegotiateServiceCredential = true; binding.Security.Message.EstablishSecurityContext = false; var address = new EndpointAddress(new Uri(@"http://localhost:6000/MySTS"), new DnsEndpointIdentity("MySTS")); WSTrustChannelFactory factory = new WSTrustChannelFactory(binding, address); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; factory.Credentials.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck; factory.Credentials.UserName.UserName = "******"; factory.Credentials.UserName.Password = "******"; // got to be same as user name in our example WSTrustChannel channel = (WSTrustChannel)factory.CreateChannel(); var request = new RequestSecurityToken(System.IdentityModel.Protocols.WSTrust.RequestTypes.Issue) { AppliesTo = new EndpointReference("http://my-server.com") }; RequestSecurityTokenResponse response = null; var token = channel.Issue(request, out response) as GenericXmlSecurityToken; var proofKey = response.RequestedProofToken.ProtectedKey.GetKeyBytes(); return(new Tuple <string, byte[]>(token.TokenXml.OuterXml, proofKey)); }
private WSTrustChannelFactory GetTrustChannelFactory(string securityServerURL) { WS2007HttpBinding binding = new WS2007HttpBinding { CloseTimeout = new TimeSpan(0, 10, 0), OpenTimeout = new TimeSpan(0, 10, 0), SendTimeout = new TimeSpan(0, 10, 0), ReaderQuotas = { MaxArrayLength = 2147483647, MaxStringContentLength = 2147483647, MaxDepth = int.MaxValue }, MaxReceivedMessageSize = int.MaxValue, Security = { Mode = SecurityMode.TransportWithMessageCredential, Message = { ClientCredentialType = MessageCredentialType.UserName, EstablishSecurityContext = false, NegotiateServiceCredential = true } }, UseDefaultWebProxy = true, BypassProxyOnLocal = false }; EndpointAddress endpointAddress = new EndpointAddress(new Uri(securityServerURL)); WSTrustChannelFactory channelFactory = new WSTrustChannelFactory(binding, endpointAddress); return(channelFactory); }
private void AuthInSts(string userName, string userPassword) { ServicePointManager.ServerCertificateValidationCallback = ((sender, certificate, chain, sslPolicyErrors) => true); var rst = new RequestSecurityToken(RequestTypes.Issue); rst.AppliesTo = new EndpointReference("https://RelyingParty/*"); rst.KeyType = KeyTypes.Bearer; using (var trustChannelFactory = new WSTrustChannelFactory("WS2007HttpBinding_IWSTrust13Sync")) { trustChannelFactory.Credentials.UserName.UserName = userName; trustChannelFactory.Credentials.UserName.Password = userPassword; var channel = (WSTrustChannel)trustChannelFactory.CreateChannel(); try { _authToken = channel.Issue(rst); } catch (MessageSecurityException ex) { channel.Abort(); throw new SecurityTokenException(ex.InnerException.Message, ex); } UserIdenity = CreateUserIdentityFromSecurityToken(_authToken); } }
static void Main(string[] args) { string idpAddress = "https://idp.contoso.com/SecurityTokenService/Issue.svc/mixed/username"; string fedAddress = "https://sts.contoso.com/adfs/services/trust/13/IssuedTokenMixedSymmetricBasic256"; string svcAddress = "https://internalcrm.contoso.com"; var idpBinding = new UserNameWSTrustBinding() { SecurityMode = SecurityMode.TransportWithMessageCredential }; var fedBinding = new IssuedTokenWSTrustBinding(idpBinding, new EndpointAddress(idpAddress)) { SecurityMode = SecurityMode.TransportWithMessageCredential, //KeyType = SecurityKeyType.SymmetricKey }; var channelFactory = new WSTrustChannelFactory(fedBinding, fedAddress); channelFactory.Credentials.UserName.UserName = "******"; channelFactory.Credentials.UserName.Password = "******"; var request = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointReference(svcAddress), //TokenType = Microsoft.IdentityModel.Tokens.SecurityTokenTypes.Saml2TokenProfile11, //TokenType = SecurityTokenTypes.Saml, }; var token = channelFactory.CreateChannel().Issue(request); //return token; }
private SecurityToken RequestFederationToken(GenericXmlSecurityToken xmlToken, string appliesTo) { var adfsEndpoint = _configuration.AdfsIntegration.FederationEndpoint; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointReference(appliesTo), KeyType = KeyTypes.Bearer }; var binding = new IssuedTokenWSTrustBinding(); binding.SecurityMode = SecurityMode.TransportWithMessageCredential; var factory = new WSTrustChannelFactory( binding, new EndpointAddress(adfsEndpoint)); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.SupportInteractive = false; var channel = factory.CreateChannelWithIssuedToken(xmlToken); return(channel.Issue(rst)); }
public SecurityToken GetToken() { // Need this because the server has a self-signed certificate that doesn't pass validation ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, errors) => true; var factory = new WSTrustChannelFactory( new UserNameWsTrustBinding(), StsWsTrustEndpoint) { TrustVersion = TrustVersion.WSTrust13 }; factory.Credentials.UserName.UserName = UserName; factory.Credentials.UserName.Password = Password; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, KeyType = KeyTypes.Bearer, TokenType = "urn:ietf:params:oauth:token-type:jwt", AppliesTo = new EndpointReference(Realm) }; var genericToken = factory.CreateChannel().Issue(rst) as GenericXmlSecurityToken; var tokenXml = genericToken.TokenXml.OuterXml; var handler = new JwtSecurityTokenHandler(); var token = handler.ReadToken(new XmlTextReader(new StringReader(tokenXml))); TokenHelpers.TokenHelpers.Print(tokenXml); Print(token); SetPrincipal((JwtSecurityToken)token); TokenHelpers.TokenHelpers.PrintCurrentPrincipal(); return(token); }
private SecurityToken CreateChannelAndFetchToken(WSTrustChannelFactory trustChannelFactory, out RequestSecurityTokenResponse rstr) { trustChannelFactory.TrustVersion = TrustVersion.WSTrust13; trustChannelFactory.Credentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Impersonation; SecurityToken result = null; RequestSecurityToken rst = new RequestSecurityToken { RequestType = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue", KeyType = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer", AppliesTo = new EndpointReference(this.serviceUri.AbsoluteUri) }; WSTrustChannel wSTrustChannel = (WSTrustChannel)trustChannelFactory.CreateChannel(); try { result = wSTrustChannel.Issue(rst, out rstr); if (wSTrustChannel.State == CommunicationState.Opened || wSTrustChannel.State == CommunicationState.Opening) { wSTrustChannel.Close(TimeSpan.FromSeconds(5.0)); } } finally { if (wSTrustChannel.State != CommunicationState.Closed) { wSTrustChannel.Abort(); } } return(result); }
private static string GetWindowsToken(string windowsAuthSiteEndPoint, string realm) { var identityProviderEndpoint = new EndpointAddress(new Uri(windowsAuthSiteEndPoint + TenantApiUri.WindowsAuthSite)); var identityProviderBinding = new WS2007HttpBinding(SecurityMode.Transport); identityProviderBinding.Security.Message.EstablishSecurityContext = false; identityProviderBinding.Security.Message.ClientCredentialType = MessageCredentialType.None; identityProviderBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows; var trustChannelFactory = new WSTrustChannelFactory(identityProviderBinding, identityProviderEndpoint) { TrustVersion = TrustVersion.WSTrust13, }; trustChannelFactory.Credentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication() { CertificateValidationMode = X509CertificateValidationMode.None }; var channel = trustChannelFactory.CreateChannel(); var rst = new RequestSecurityToken(RequestTypes.Issue) { AppliesTo = new EndpointReference(realm), KeyType = KeyTypes.Bearer, }; RequestSecurityTokenResponse rstr = null; SecurityToken token = null; token = channel.Issue(rst, out rstr); var tokenString = (token as GenericXmlSecurityToken).TokenXml.InnerText; var jwtString = Encoding.UTF8.GetString(Convert.FromBase64String(tokenString)); return jwtString; }
private static void IncreaseTimeout(WSTrustChannelFactory trustChannelFactory) { trustChannelFactory.Endpoint.Binding.ReceiveTimeout = TimeSpan.FromMinutes(10); trustChannelFactory.Endpoint.Binding.SendTimeout = TimeSpan.FromMinutes(10); trustChannelFactory.Endpoint.Binding.OpenTimeout = TimeSpan.FromMinutes(10); trustChannelFactory.Endpoint.Binding.CloseTimeout = TimeSpan.FromMinutes(10); }
private static SecurityToken GetIdentityProviderToken(string tokenType) { var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential); var factory = new WSTrustChannelFactory(binding, ConfigurationManager.AppSettings["usernamemixedEP"].ToString()) { TrustVersion = TrustVersion.WSTrust13 }; factory.Credentials.UserName.Password = ConfigurationManager.AppSettings["password"].ToString(); factory.Credentials.UserName.UserName = ConfigurationManager.AppSettings["username"].ToString(); factory.Credentials.SupportInteractive = false; factory.Credentials.UseIdentityConfiguration = true; var rst = new RequestSecurityToken { RequestType = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue", AppliesTo = new EndpointReference(ConfigurationManager.AppSettings["usernamemixedAppliesTo"].ToString()), KeyType = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey", TokenType = tokenType }; var channel = factory.CreateChannel(); return(channel.Issue(rst)); }
private WSTrustChannel CreateChannel() { var stsBinding = CreateStsBinding(); UpdateStsSettingsFromEnvironment(); var trustChannelFactory = new WSTrustChannelFactory(stsBinding, ServiceSettings.StsAddress) { TrustVersion = TrustVersion .WSTrust13 }; IncreaseTimeout(trustChannelFactory); trustChannelFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; if (UserName.IsNullOrWhiteSpace()) { trustChannelFactory.Credentials.Windows.ClientCredential = Credential; } else { trustChannelFactory.Credentials.UserName.UserName = UserName; trustChannelFactory.Credentials.UserName.Password = Password; } trustChannelFactory.Endpoint.Behaviors.Add(new MustUnderstandBehavior(false)); var channel = (WSTrustChannel)trustChannelFactory.CreateChannel(); return(channel); }
/// <summary> /// /// </summary> /// <param name="requestMessage"></param> /// <param name="config"></param> /// <param name="withRefreshToken"></param> /// <returns></returns> public static AccessTokenResponse ProcessAccessTokenRequest(AccessTokenRequest requestMessage, SecurityTokenServiceConfiguration config, Boolean withRefreshToken) { ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true; // Call issuer to create token WSTrustChannelFactory factory = new WSTrustChannelFactory("issuer"); // TODO: factory.Credentials.UserName.UserName = requestMessage.Name ?? requestMessage.ClientId; // TODO: factory.Credentials.UserName.Password = requestMessage.Password ?? requestMessage.ClientSecret; WSTrustChannel issuer = factory.CreateChannel() as WSTrustChannel; RequestSecurityToken rst = new RequestSecurityToken(WSTrust13Constants.RequestTypes.Issue); rst.AppliesTo = new EndpointAddress("https://wrap.client"); rst.KeyType = WSTrust13Constants.KeyTypes.Bearer; RequestSecurityTokenResponse response = null; issuer.Issue(rst, out response); WSTrustSerializationContext context = new WSTrustSerializationContext( config.SecurityTokenHandlerCollectionManager, config.CreateAggregateTokenResolver(), config.IssuerTokenResolver); // Create response var token = response.RequestedSecurityToken.SecurityToken; if (null == token) { using (XmlReader reader = new XmlNodeReader(response.RequestedSecurityToken.SecurityTokenXml)) { token = FederatedAuthentication.ServiceConfiguration.SecurityTokenHandlers.ReadToken(reader); } token = ConvertToSimpleWebToken(token, response); } // Write token return WriteToken(token, withRefreshToken); }
private static SecurityToken GetRSTSToken(SecurityToken token, string tokenType) { var binding = new IssuedTokenWSTrustBinding(); binding.SecurityMode = SecurityMode.TransportWithMessageCredential; var issuredTokenEP = ConfigurationManager.AppSettings["issuedtokenEP"].ToString(); if (issuredTokenEP.ToLower().EndsWith("issuedtokenmixedasymmetricbasic256sha256") || issuredTokenEP.ToLower().EndsWith("issuedtokenmixedsymmetricbasic256sha256")) { binding.AlgorithmSuite = SecurityAlgorithmSuite.Basic256Sha256; } var factory = new WSTrustChannelFactory(binding, issuredTokenEP); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.SupportInteractive = false; factory.Credentials.UseIdentityConfiguration = true; var rst = new RequestSecurityToken { RequestType = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue", AppliesTo = new EndpointReference(ConfigurationManager.AppSettings["issuedtokenAppliesTo"].ToString()), KeyType = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer", TokenType = tokenType, }; var channel = factory.CreateChannelWithIssuedToken(token); return(channel.Issue(rst)); }
/// <summary> /// Creates a security token for the service layer. /// </summary> /// <returns></returns> public static SecurityToken CreateSecurityToken(string stsEndpointAddress, string username, string password, string relyingParty) { var factory = new WSTrustChannelFactory( new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(stsEndpointAddress)) { TrustVersion = TrustVersion.WSTrust13 }; if (factory.Credentials == null) { throw new Exception("Bad Factory"); } factory.Credentials.UserName.UserName = username; factory.Credentials.UserName.Password = password; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, KeyType = KeyTypes.Bearer, AppliesTo = new EndpointReference(relyingParty) }; return(factory.CreateChannel().Issue(rst)); }
private static string GetWindowsTokenHelper(string windowsAuthSiteEndPoint) { var identityProviderEndpoint = new EndpointAddress(new Uri(windowsAuthSiteEndPoint + "/wstrust/issue/windowstransport")); var identityProviderBinding = new WS2007HttpBinding(SecurityMode.Transport); identityProviderBinding.Security.Message.EstablishSecurityContext = false; identityProviderBinding.Security.Message.ClientCredentialType = MessageCredentialType.None; identityProviderBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows; var trustChannelFactory = new WSTrustChannelFactory(identityProviderBinding, identityProviderEndpoint) { TrustVersion = TrustVersion.WSTrust13, }; trustChannelFactory.Credentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication() { CertificateValidationMode = X509CertificateValidationMode.None }; var channel = trustChannelFactory.CreateChannel(); var rst = new RequestSecurityToken(RequestTypes.Issue) { AppliesTo = new EndpointReference("http://azureservices/AdminSite"), KeyType = KeyTypes.Bearer, }; RequestSecurityTokenResponse rstr = null; SecurityToken token = null; token = channel.Issue(rst, out rstr); var tokenString = (token as GenericXmlSecurityToken).TokenXml.InnerText; var jwtString = Encoding.UTF8.GetString(Convert.FromBase64String(tokenString)); return(jwtString); }
/// <summary> /// Authenticates with WCF services using user name/password /// and receives a token for further communication with the services. /// </summary> /// <param name="user">User name</param> /// <param name="password">Password</param> public static ClaimsPrincipal Authenticate(string user, string password) { try { var factory = new WSTrustChannelFactory("sts message"); factory.Credentials.UserName.UserName = user; factory.Credentials.UserName.Password = password; // TODO: re-enable certificate validation after using a trusted certificate factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; var channel = factory.CreateChannel(); IssuedToken = channel.Issue(new RequestSecurityToken(RequestTypes.Issue, KeyTypes.Bearer) { AppliesTo = new EndpointReference(AudienceUri) }); var identities = GetIdentitiesFromSamlToken(IssuedToken, AudienceUri, true); return(new ClaimsPrincipal(identities)); } catch (MessageSecurityException) { ErrorList currentErrors = new ErrorList(App.Services.GetService <ResourceManager>()); currentErrors.AddError(ErrorType.Security, Messages.InvalidCredentials); currentErrors.Abort(currentErrors.ErrorsText); } return(null); }
private static string GetIdentityToken() { "Requesting identity token".ConsoleYellow(); var factory = new WSTrustChannelFactory( new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), _idpEndpoint); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.UserName.UserName = "******"; factory.Credentials.UserName.Password = "******"; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, KeyType = KeyTypes.Bearer, /* TokenType = Microsoft.IdentityModel.Tokens.SecurityTokenTypes.Saml2TokenProfile11, */ AppliesTo = new EndpointReference(Constants.Realm) }; var token = factory.CreateChannel().Issue(rst) as GenericXmlSecurityToken; return(token.TokenXml.OuterXml); }
private SecurityToken GetActAsToken(BootstrapContext context) { string stsAddress = "https://identity.thinktecture.com/idsrvsample/issue/wstrust/mixed/username"; string realm = FederatedAuthentication.FederationConfiguration.WsFederationConfiguration.Realm; var factory = new WSTrustChannelFactory( new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(stsAddress)); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.UserName.UserName = "******"; factory.Credentials.UserName.Password = "******"; var rst = new RequestSecurityToken { AppliesTo = new EndpointReference(realm), RequestType = RequestTypes.Issue, KeyType = KeyTypes.Bearer, ActAs = new SecurityTokenElement(context.SecurityToken) }; var channel = factory.CreateChannel(); var delegationToken = channel.Issue(rst); return(delegationToken); }
public static SecurityToken GetToken(SecurityToken dobstsToken, string endpointUri, string spRealm) { // WSTrust call over SSL with credentails sent in the message. var binding = new IssuedTokenWSTrustBinding(); binding.SecurityMode = SecurityMode.TransportWithMessageCredential; var factory = new WSTrustChannelFactory( binding, endpointUri); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.SupportInteractive = false; // Request Bearer Token so no keys or encryption required. var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointAddress(spRealm), KeyType = KeyTypes.Bearer }; // Make the request with the DobstsToken. factory.ConfigureChannelFactory(); var channel = factory.CreateChannelWithIssuedToken(dobstsToken); return channel.Issue(rst) as GenericXmlSecurityToken; }
public bool ValidateUser(string userId, string password, out SessionSecurityToken sessionToken) { // authenticate with WS-Trust endpoint var factory = new WSTrustChannelFactory( new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress("https://localhost/ActiveSTS/SecurityTokenService.svc")); factory.Credentials.SupportInteractive = false; factory.Credentials.UserName.UserName = userId; factory.Credentials.UserName.Password = password; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointAddress("https://localhost/stsclient/"), KeyType = KeyTypes.Bearer, TokenType = Microsoft.IdentityModel.Tokens.SecurityTokenTypes.Saml11TokenProfile11, }; var channel = factory.CreateChannel(); var genericToken = channel.Issue(rst) as System.IdentityModel.Tokens.GenericXmlSecurityToken; // parse token var handlers = FederatedAuthentication.ServiceConfiguration.SecurityTokenHandlers; var token = handlers.ReadToken(new XmlTextReader(new StringReader(genericToken.TokenXml.OuterXml))); var identity = handlers.ValidateToken(token).First(); // create session token sessionToken = new SessionSecurityToken(ClaimsPrincipal.CreateFromIdentity(identity)); return true; }
private static string RequestIdentityToken() { "Requesting identity token".ConsoleYellow(); var factory = new WSTrustChannelFactory( new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential), _idpEndpoint); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.ClientCertificate.SetCertificate( StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectDistinguishedName, "CN=Client"); var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, KeyType = KeyTypes.Bearer, AppliesTo = _acsBaseAddress }; var token = factory.CreateChannel().Issue(rst) as GenericXmlSecurityToken; return token.TokenXml.OuterXml; }
/// <summary> /// The get saml token from adfs. /// </summary> /// <param name="domain"> /// The domain. /// </param> /// <param name="username"> /// The username. /// </param> /// <param name="password"> /// The password. /// </param> /// <returns> /// The System.String. /// </returns> private static string GetSamlTokenFromAdfs(string domain, string username, string password) { "Requesting identity token".ConsoleYellow(); var factory = new WSTrustChannelFactory( new WindowsWSTrustBinding(SecurityMode.TransportWithMessageCredential), _idpEndpoint); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.Windows.ClientCredential.Domain = domain; factory.Credentials.Windows.ClientCredential.UserName = username; factory.Credentials.Windows.ClientCredential.Password = password; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, KeyType = KeyTypes.Bearer, TokenType = TokenTypes.Saml2TokenProfile11, AppliesTo = new EndpointReference(_acsUrl) }; var token = factory.CreateChannel().Issue(rst) as GenericXmlSecurityToken; return(token.TokenXml.OuterXml); }
private static string GetTokenFromAdfs20() { var binding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential); binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName; binding.Security.Message.NegotiateServiceCredential = true; binding.Security.Message.EstablishSecurityContext = false; var address = new EndpointAddress( new Uri(@"https://yourserver.com/adfs/services/trust/13/usernamemixed")); WSTrustChannelFactory factory = new WSTrustChannelFactory(binding, address); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.UserName.UserName = "******"; factory.Credentials.UserName.Password = "******"; WSTrustChannel channel = (WSTrustChannel)factory.CreateChannel(); var request = new RequestSecurityToken(System.IdentityModel.Protocols.WSTrust.RequestTypes.Issue) { AppliesTo = new EndpointReference("https://relyingparty"), KeyType = KeyTypes.Bearer }; RequestSecurityTokenResponse response = null; var token = channel.Issue(request, out response) as GenericXmlSecurityToken; return(token.TokenXml.OuterXml); }
public SecurityToken Login(string userName, string password, string schoolId, string tenantId, string applicationServerUrl, string securityServerUrl) { SecurityToken identityToken; using (WSTrustChannelFactory factory = GetTrustChannelFactory(securityServerUrl)) { if (factory.Credentials == null) { throw new Exception("Credentails are null"); } factory.Credentials.UserName.UserName = userName; factory.Credentials.UserName.Password = password; factory.Credentials.SupportInteractive = false; var rst = new RequestSecurityToken( RequestTypes.Issue, KeyTypes.Bearer) { AppliesTo = new EndpointReference(applicationServerUrl) }; IWSTrustChannelContract channel = factory.CreateChannel(); RequestSecurityTokenResponse response; identityToken = channel.Issue(rst, out response); } using (WSTrustChannelFactory factory = GetTrustChannelFactory(securityServerUrl)) { if (factory.Credentials == null) { throw new Exception("Credentails are null"); } factory.Credentials.UserName.UserName = userName; factory.Credentials.UserName.Password = password; factory.Credentials.SupportInteractive = false; factory.Credentials.UseIdentityConfiguration = true; factory.CreateChannelWithIssuedToken(identityToken); var channel = factory.CreateChannel(); var rst = new RequestSecurityToken( RequestTypes.Issue, KeyTypes.Bearer) { AdditionalContext = new AdditionalContext() }; rst.AdditionalContext.Items.Add(new ContextItem(new Uri(SimsLoginContextSchoolClaimUrl), schoolId)); rst.AdditionalContext.Items.Add(new ContextItem(new Uri(SimsLoginContextTenantClaimUrl), tenantId)); rst.AppliesTo = new EndpointReference(applicationServerUrl); rst.ActAs = new SecurityTokenElement(identityToken); RequestSecurityTokenResponse response; return(channel.Issue(rst, out response)); } }
protected virtual TokenResponse IssueTokenForRst(WSTrustChannelFactory factory, RequestSecurityToken rst) { var channel = factory.CreateChannel(); RequestSecurityTokenResponse rstr; var token = channel.Issue(rst, out rstr); return(new TokenResponse(token, rstr)); }
private TokenResponse GetSecurityTokenResponse(string realm, string username, string password) { Log.Debug(string.Format("Requesting token for {0} at {1} from {2}", username, realm, _usernameMixedEndpoint)); WSTrustChannelFactory factory = CreateUsernameWSTrustChannelFactory(username, password); var rst = CreateRst(realm); return(IssueTokenForRst(factory, rst)); }
public async Task <TokenResponse> GetTokenResponseForCurrentProcessIdentityAsync(string realm) { Log.Debug(string.Format("Requesting token for current process identity at {0} from {1}", realm, _usernameMixedEndpoint)); WSTrustChannelFactory factory = CreateWindowsTransportWSTrustChannelFactory(); var rst = CreateRst(realm); return(await IssueTokenForRstAsync(factory, rst).ConfigureAwait(false)); }
public async Task <TokenResponse> GetSecurityTokenResponseAsync(string realm, string username, string password) { Log.Debug(string.Format("Requesting token for {0} at {1} from {2}", username, realm, _usernameMixedEndpoint)); WSTrustChannelFactory factory = CreateUsernameWSTrustChannelFactory(username, password); var rst = CreateRst(realm); return(await IssueTokenForRstAsync(factory, rst).ConfigureAwait(false)); }
public static IEnumerable <Claim> Validate(string user, string password) { string serviceTokenUrl = ConfigurationManager.AppSettings["ADFS_ServiceTokenUrl_usernamemixed"]; string relyingPartyURL = ConfigurationManager.AppSettings["ADFS_RelyingPartyURL"]; WSTrustChannelFactory factory = new WSTrustChannelFactory( WSTrust13Bindings.UsernameMixed, new EndpointAddress(serviceTokenUrl)); factory.TrustVersion = TrustVersion.WSTrust13; RequestSecurityToken rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, KeyType = KeyTypes.Bearer, TokenType = "urn:oasis:names:tc:SAML:2.0:assertion", AppliesTo = new EndpointReference(relyingPartyURL) }; factory.Credentials.UserName.UserName = user; // "YOUR_USER_NAME"; factory.Credentials.UserName.Password = password; // "***********"; RequestSecurityTokenResponse rstrr = null; SecurityToken issuedToken = factory.CreateChannel().Issue(rst, out rstrr); // Validate the token and get the claims RequestSecurityTokenResponse r = factory.CreateChannel().Validate(rst); // ?? var genericToken = issuedToken as GenericXmlSecurityToken; FederationConfiguration f = new FederationConfiguration(true); var handlers = f.IdentityConfiguration.SecurityTokenHandlerCollectionManager.SecurityTokenHandlerCollections.First(); var cToken = handlers.ReadToken(new XmlTextReader(new StringReader(genericToken.TokenXml.OuterXml))); var identity = handlers.ValidateToken(cToken).First(); var userIdenity = new ClaimsPrincipal(identity); Console.WriteLine(userIdenity.Identity.Name); Console.WriteLine(userIdenity.Identity.IsAuthenticated); foreach (Claim claim in userIdenity.Claims) { Console.WriteLine("----------------------------------------------"); Console.WriteLine("Type =" + claim.Type); Console.WriteLine("Value =" + claim.Value); Console.WriteLine("ValueType =" + claim.ValueType); Console.WriteLine("Issuer =" + claim.Issuer); Console.WriteLine("OriginalIssuer =" + claim.OriginalIssuer); Console.WriteLine("Properties =" + claim.Properties); Console.WriteLine("Subject =" + claim.Subject); } return(userIdenity.Claims); }
public static void tokenTest() { string relyingPartyId = "https://shadfs.sanfordhealth.org/adfs/ls/ldpinitiatedsignon.aspx"; WSTrustChannelFactory factory = null; try { // use a UserName Trust Binding for username authentication factory = new WSTrustChannelFactory( new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress("https://secure.genomenext.net/app/services/trust/13/usernamemixed")); /////I'll change this endpoint this later//////// factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.UserName.UserName = "******"; factory.Credentials.UserName.Password = "******"; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointReference(relyingPartyId), KeyType = KeyTypes.Bearer }; IWSTrustChannelContract channel = factory.CreateChannel(); GenericXmlSecurityToken genericToken = channel.Issue(rst) as GenericXmlSecurityToken; //MessageSecurityException -> PW falsch var _handler = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection(); var tokenString = genericToken.ToTokenXmlString(); var samlToken2 = _handler.ReadToken(new XmlTextReader(new StringReader(tokenString))); ValidateSamlToken(samlToken2); X509Certificate2 certificate = null; X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadOnly); certificate = store.Certificates.Find(X509FindType.FindByThumbprint, "thumb", false)[0]; // var jwt = ConvertSamlToJwt(samlToken2, "https://party.mycomp.com", certificate); } finally { if (factory != null) { try { factory.Close(); } catch (CommunicationObjectFaultedException) { factory.Abort(); } } }
/// <summary> /// Requester et security token fra AD FS 2.0 sts'en via /// user name authentication /// Token'et kan derpå vedhæftes et kald til en service. /// Der kan angives /// et optionelt ActAs security token. Hvis dette token angives /// vil kaldet til STS'en blive et ActAs kald /// </summary> public static SecurityToken RequestSecurityTokenWithWindowsAuth( EndpointAddress stsAddress, EndpointAddress serviceAddress, string userName = null, string password = null) { // Windows binding og ws-trust 1.3 var stsBinding = new WindowsWSTrustBinding { SecurityMode = SecurityMode.Message, TrustVersion = TrustVersion.WSTrust13 }; // Lav channel factory var channelFactory = new WSTrustChannelFactory( stsBinding, stsAddress); if (channelFactory.Credentials == null) { throw new ApplicationException("ChannelFactory credentials cannot be null"); } if (!string.IsNullOrEmpty(userName)) { // Sæt client credentials til en lokal bruger channelFactory.Credentials.Windows.ClientCredential.UserName = userName; channelFactory.Credentials.Windows.ClientCredential.Password = password; channelFactory.Credentials.UseIdentityConfiguration = true; } // Lav channel og brug act as hvis der er et act as token med var channel = (WSTrustChannel)channelFactory.CreateChannel(); try { // Lav RST med symmetric keys og saml 1.1 token var requestSecurityToken = new RequestSecurityToken(RequestTypes.Issue) { AppliesTo = new EndpointReference(serviceAddress.ToString()), TokenType = SecurityTokenTypes.Saml11TokenProfile11, KeyType = KeyTypes.Symmetric }; // Send request (RST) og modtag response (RSTR) var securityToken = channel.Issue(requestSecurityToken); return(securityToken); } finally { CloseChannel(channel); } }
private static RequestSecurityTokenResponse RequestToken(RequestSecurityToken rst) { var factory = new WSTrustChannelFactory( new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(idp)); factory.Credentials.ClientCertificate.Certificate = X509Certificates.GetCertificateFromStore("CN=Client"); RequestSecurityTokenResponse rstr; var token = factory.CreateChannel().Issue(rst, out rstr); return rstr; }
private static IWSTrustChannelContract CreateWSTrustChannel(EndpointAddress stsAddress, Binding binding, ClientCredentials credentials) { var factory = new WSTrustChannelFactory( binding, stsAddress); var creds = factory.Endpoint.Behaviors.Find<ClientCredentials>(); factory.Endpoint.Behaviors.Remove(creds); factory.Endpoint.Behaviors.Add(credentials); return factory.CreateChannel(); }
public TokenClient(string configName) { if (string.IsNullOrEmpty(configName)) { throw new ArgumentNullException("configName"); } _factory = new WSTrustChannelFactory(configName) { TrustVersion = TrustVersion.WSTrust13 }; }
public static IWSTrustChannelContract CreateMixedUserNameClient(string userName, string password, string endpointAddress) { var factory = new WSTrustChannelFactory( new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(endpointAddress)); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.UserName.UserName = userName; factory.Credentials.UserName.Password = password; return factory.CreateChannel(); }
public static SecurityToken GetIssuedToken(Uri audience, X509Certificate2 clientCertificate, X509Certificate2 stsCertificate, Uri endpoint, SecurityToken bootstrapSecurityToken) { WSTrustChannelFactory trustChannelFactory = new WSTrustChannelFactory(SecureTokenServiceBindings.GetIssuedTokenBindingNonSSL(), new EndpointAddress(endpoint, EndpointIdentity.CreateDnsIdentity("DANID A/S - DanID Test"))); trustChannelFactory.Credentials.ServiceCertificate.DefaultCertificate = stsCertificate; trustChannelFactory.Credentials.ClientCertificate.Certificate = clientCertificate; trustChannelFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; trustChannelFactory.Endpoint.Contract.ProtectionLevel = ProtectionLevel.Sign; trustChannelFactory.TrustVersion = TrustVersion.WSTrust13; var channel = (WSTrustChannel)trustChannelFactory.CreateChannel(); var rst = RequestSecurityToken(bootstrapSecurityToken, clientCertificate, audience, new List<RequestClaim>()); var response = channel.Issue(rst); return response; }
public static IWSTrustChannelContract CreateMixedCertificateClient(string subjectName, string endpointAddress) { var factory = new WSTrustChannelFactory( new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(endpointAddress)); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.ClientCertificate.SetCertificate( StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectDistinguishedName, subjectName); return factory.CreateChannel(); }
private static string GetADFSToken(string windowsAuthSiteEndPoint, string userName, string Password) { try { var identityProviderEndpoint = new EndpointAddress(new Uri(windowsAuthSiteEndPoint + "/adfs/services/trust/13/usernamemixed")); var identityProviderBinding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential); identityProviderBinding.Security.Message.EstablishSecurityContext = false; identityProviderBinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName; identityProviderBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None; var trustChannelFactory = new WSTrustChannelFactory(identityProviderBinding, identityProviderEndpoint) { TrustVersion = TrustVersion.WSTrust13, }; trustChannelFactory.Credentials.SupportInteractive = false; trustChannelFactory.Credentials.UserName.UserName = userName; trustChannelFactory.Credentials.UserName.Password = Password; var channel = trustChannelFactory.CreateChannel(); var rst = new RequestSecurityToken(RequestTypes.Issue) { AppliesTo = new EndpointReference("http://azureservices/TenantSite"), TokenType = "urn:ietf:params:oauth:token-type:jwt", KeyType = KeyTypes.Bearer, }; RequestSecurityTokenResponse rstr = null; SecurityToken token = null; token = channel.Issue(rst, out rstr); var tokenString = (token as GenericXmlSecurityToken).TokenXml.InnerText; var jwtString = Encoding.UTF8.GetString(Convert.FromBase64String(tokenString)); return jwtString; } catch (Exception ex) { using (EventLog eventLog = new EventLog("Application")) { eventLog.Source = "Application"; eventLog.WriteEntry("ADFS HealthCheck: " + (object)ex, EventLogEntryType.Error, 1111, (short)1); } return ex.ToString(); } }
private static SecurityToken RequestIdentityToken() { "Requesting identity token".ConsoleYellow(); var factory = new WSTrustChannelFactory( new WindowsWSTrustBinding(SecurityMode.Transport), _idpEndpoint); factory.TrustVersion = TrustVersion.WSTrust13; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, KeyType = KeyTypes.Symmetric, AppliesTo = new EndpointAddress("https://" + Constants.WebHost + "/webservicesecurity/") }; return factory.CreateChannel().Issue(rst); }
private static SecurityToken RequestToken() { var factory = new WSTrustChannelFactory( new WindowsWSTrustBinding(SecurityMode.Transport), new EndpointAddress("https://adfs.leastprivilege.vm/adfs/services/trust/13/windowstransport")); factory.TrustVersion = TrustVersion.WSTrust13; var channel = factory.CreateChannel(); var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, KeyType = KeyTypes.Bearer, AppliesTo = new EndpointReference("https://adfs.leastprivilege.vm/adfsapp/") }; return channel.Issue(rst); }
private static SecurityToken RequestSymmetricEncryptedToken(X509Certificate2 decryptionCert) { var factory = new WSTrustChannelFactory( new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(idp)); factory.Credentials.ClientCertificate.Certificate = X509Certificates.GetCertificateFromStore("CN=Client"); var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointAddress(encryptedRP), KeyType = KeyTypes.Symmetric }; var genericToken = factory.CreateChannel().Issue(rst) as GenericXmlSecurityToken; var token = genericToken.ToSecurityToken(decryptionCert); return token; }
private static SecurityToken RequestSamlToken() { var factory = new WSTrustChannelFactory( new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(adfsEndpoint)); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.UserName.UserName = username; factory.Credentials.UserName.Password = password; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, KeyType = KeyTypes.Bearer, AppliesTo = new EndpointReference(realm) }; return factory.CreateChannel().Issue(rst); }
private static string GetIdentityToken() { "Requesting identity token".ConsoleYellow(); var factory = new WSTrustChannelFactory( new WindowsWSTrustBinding(SecurityMode.Transport), _idpEndpoint); factory.TrustVersion = TrustVersion.WSTrust13; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, KeyType = KeyTypes.Bearer, /* TokenType = Microsoft.IdentityModel.Tokens.SecurityTokenTypes.Saml2TokenProfile11, */ AppliesTo = new EndpointAddress(Constants.Realm) }; var token = factory.CreateChannel().Issue(rst) as GenericXmlSecurityToken; return token.TokenXml.OuterXml; }
public GenericXmlSecurityToken RequestToken(string issuer, string appliesTo, RecordsManagerCredentials credentials) { var binding = (issuer.ToLower().StartsWith("https")) ? this.GetHttpsBinding() : this.GetHttpBinding(); var address = new EndpointAddress(issuer); var factory = new WSTrustChannelFactory(binding, address); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.Windows.ClientCredential = credentials.GetCredential(); var channel = factory.CreateChannel(); var rst = new RequestSecurityToken(RequestTypes.Issue) { AppliesTo = new EndpointAddress(appliesTo) }; RequestSecurityTokenResponse rstr = null; return channel.Issue(rst, out rstr) as GenericXmlSecurityToken; }
private static SecurityToken IssueLocalSecurityToken(SecurityToken foreignToken, string RP_Endpoint, string appliesTo, out RequestSecurityTokenResponse RSTR, string keyType = KeyTypes.Bearer) { if (String.IsNullOrWhiteSpace(RP_Endpoint)) throw new ArgumentNullException("RP_Endpoint"); Binding binding = null; // Authenticate with a SAML Bearer token var WsHttpBinding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); WsHttpBinding.Security.Message.EstablishSecurityContext = false; WsHttpBinding.Security.Message.NegotiateServiceCredential = false; WsHttpBinding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey; binding = WsHttpBinding; // Define the STS endpoint EndpointAddress endpoint = new EndpointAddress(new Uri(RP_Endpoint)); var factory = new WSTrustChannelFactory(binding, endpoint) { TrustVersion = TrustVersion.WSTrust13 }; factory.Credentials.SupportInteractive = false; // avoid that Cardspace dialog // Now we define the Request for Security Token (RST) RequestSecurityToken RST = new RequestSecurityToken() { //identifiy which local token we want AppliesTo = new EndpointReference(appliesTo), //identify what type of request this is (Issue or Validate) RequestType = RequestTypes.Issue, //set what kind of token we want returned (appliesTo will override this) TokenType = tokenType, //set the keytype (symmetric, asymmetric (pub key) or bearer - null = Sender Vouches) KeyType = null }; //create the channel (using the SAML token received from the WSC) IWSTrustChannelContract channel = factory.CreateChannelWithIssuedToken(foreignToken); //send the token issuance command SecurityToken token = channel.Issue(RST, out RSTR); return token; }
public GenericXmlSecurityToken RequestToken(string username, string password, string relyingPartyId) { var factory = new WSTrustChannelFactory( new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(this.ADFSUserNameMixedEndpoint)); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.UserName.UserName = username; factory.Credentials.UserName.Password = password; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointReference(relyingPartyId), KeyType = KeyTypes.Bearer }; IWSTrustChannelContract channel = factory.CreateChannel(); GenericXmlSecurityToken genericToken = channel.Issue(rst) as GenericXmlSecurityToken; return genericToken; }
public static SecurityToken GetToken(string endpointUri, string username, string password, string realm) { // use WSTrust and SSL Transport Mode with security credentials being sent with the message. var endpoint = new EndpointAddress(endpointUri); var factory = new WSTrustChannelFactory(new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), endpoint); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.UserName.UserName = username; factory.Credentials.UserName.Password = password; // Symmetric key request. var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointAddress(realm), KeyType = KeyTypes.Symmetric }; // Token will be encrypted with ADFS Token Signing cert. var channel = factory.CreateChannel(); return channel.Issue(rst); }
public string GetTenantToken(string authSiteEndPoint, string userName, string password, bool validateCertificate, string realm) { var identityProviderEndpoint = new EndpointAddress(new Uri(authSiteEndPoint + TenantApiUri.AspNetAuthSite)); var identityProviderBinding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential); identityProviderBinding.Security.Message.EstablishSecurityContext = false; identityProviderBinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName; identityProviderBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None; var trustChannelFactory = new WSTrustChannelFactory(identityProviderBinding, identityProviderEndpoint) { TrustVersion = TrustVersion.WSTrust13, }; if (!validateCertificate) { trustChannelFactory.Credentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication() { CertificateValidationMode = X509CertificateValidationMode.None }; } trustChannelFactory.Credentials.SupportInteractive = false; trustChannelFactory.Credentials.UserName.UserName = userName; trustChannelFactory.Credentials.UserName.Password = password; var channel = trustChannelFactory.CreateChannel(); var rst = new RequestSecurityToken(RequestTypes.Issue) { AppliesTo = new EndpointReference(realm), TokenType = "urn:ietf:params:oauth:token-type:jwt", KeyType = KeyTypes.Bearer, }; RequestSecurityTokenResponse rstr = null; SecurityToken token = null; token = channel.Issue(rst, out rstr); var tokenString = (token as GenericXmlSecurityToken).TokenXml.InnerText; var jwtString = Encoding.UTF8.GetString(Convert.FromBase64String(tokenString)); return jwtString; }
private static string GetSamlToken() { "Requesting identity token".ConsoleYellow(); var factory = new WSTrustChannelFactory( new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), Constants.IdSrv.WSTrustEndpoint); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.UserName.UserName = "******"; factory.Credentials.UserName.Password = "******"; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, KeyType = KeyTypes.Bearer, TokenType = TokenTypes.Saml2TokenProfile11, AppliesTo = new EndpointReference(Constants.Realm) }; var token = factory.CreateChannel().Issue(rst) as GenericXmlSecurityToken; return token.TokenXml.OuterXml; }
private static string GetIdentityToken() { "Requesting identity token".ConsoleYellow(); var factory = new WSTrustChannelFactory( new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), _idpEndpoint); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.UserName.UserName = "******"; factory.Credentials.UserName.Password = "******"; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, KeyType = KeyTypes.Bearer, AppliesTo = new EndpointReference(_acsBaseAddress.AbsoluteUri) }; var token = factory.CreateChannel().Issue(rst) as GenericXmlSecurityToken; return token.TokenXml.OuterXml; }
/// <summary> /// Returns Generic XML Security Token from ADFS to generated FedAuth /// </summary> /// <param name="serialNumber">Serial Number of Certificate from CurrentUSer > My Certificate</param> /// <param name="certificateMixed">ADFS Endpoint for Certificate Mixed Authentication</param> /// <param name="relyingPartyIdentifier">Identifier of the ADFS relying party that we're hitting</param> /// <returns></returns> private GenericXmlSecurityToken RequestToken(string serialNumber, Uri certificateMixed, string relyingPartyIdentifier) { GenericXmlSecurityToken genericToken = null; using (var factory = new WSTrustChannelFactory(new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(certificateMixed))) { factory.TrustVersion = TrustVersion.WSTrust13; // Hookup the user and password factory.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySerialNumber, serialNumber); var requestSecurityToken = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointReference(relyingPartyIdentifier), KeyType = KeyTypes.Bearer }; IWSTrustChannelContract channel = factory.CreateChannel(); genericToken = channel.Issue(requestSecurityToken) as GenericXmlSecurityToken; factory.Close(); } return genericToken; }
private GenericXmlSecurityToken RequestToken(string userName, string passWord, Uri userNameMixed, string relyingPartyIdentifier) { GenericXmlSecurityToken genericToken = null; using (var factory = new WSTrustChannelFactory(new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(userNameMixed))) { factory.TrustVersion = TrustVersion.WSTrust13; // Hookup the user and password factory.Credentials.UserName.UserName = userName; factory.Credentials.UserName.Password = passWord; var requestSecurityToken = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointReference(relyingPartyIdentifier), KeyType = KeyTypes.Bearer }; IWSTrustChannelContract channel = factory.CreateChannel(); genericToken = channel.Issue(requestSecurityToken) as GenericXmlSecurityToken; factory.Close(); } return genericToken; }