Пример #1
0
        /// <summary>
        /// Helper function to check if SAML Token was issued by HomeRealmSTS
        /// </summary>
        /// <returns>True on success. False on failure.</returns>
        private static bool IssuedByHomeRealmSTS(ClaimSet myClaimSet)
        {
            // Extract the issuer ClaimSet
            ClaimSet issuerClaimSet = myClaimSet.Issuer;

            // If the Issuer is null, return false.
            if (issuerClaimSet == null)
            {
                return(false);
            }

            // Find all the Thumbprint claims in the issuer ClaimSet
            IEnumerable <Claim> issuerClaims = issuerClaimSet.FindClaims(ClaimTypes.Thumbprint, null);

            // If there are no Thumbprint claims, return false;
            if (issuerClaims == null)
            {
                return(false);
            }

            // Get the enumerator for the set of Thumbprint claims...
            IEnumerator <Claim> issuerClaimsEnum = issuerClaims.GetEnumerator();

            // ...and set issuerClaim to the first such Claim
            Claim issuerClaim = null;

            if (issuerClaimsEnum.MoveNext())
            {
                issuerClaim = issuerClaimsEnum.Current;
            }

            // If there was no Thumbprint claim, return false;
            if (issuerClaim == null)
            {
                return(false);
            }

            // If, despite the above checks, the returned claim is not a Thumbprint claim, return false
            if (issuerClaim.ClaimType != ClaimTypes.Thumbprint)
            {
                return(false);
            }

            // If the returned claim doesn't contain a Resource, return false
            if (issuerClaim.Resource == null)
            {
                return(false);
            }

            // Extract the thmubprint data from the claim
            byte[] issuerThumbprint = (byte[])issuerClaim.Resource;

            // Extract the thumbprint for the HomeRealmSTS.com certificate
            byte[] certThumbprint = FederationUtilities.GetCertificateThumbprint(ServiceConstants.CertStoreName,
                                                                                 ServiceConstants.CertStoreLocation,
                                                                                 ServiceConstants.IssuerDistinguishedName);

            // If the lengths of the two thumbprints are different, return false
            if (issuerThumbprint.Length != certThumbprint.Length)
            {
                return(false);
            }

            // Check the individual bytes of the two thumbprints for equality...
            for (int i = 0; i < issuerThumbprint.Length; i++)
            {
                //... if any byte in the thumbprint from the claim does NOT match the corresponding
                // byte from the thumbprint in the BookStoreSTS.com certificate, return false
                if (issuerThumbprint[i] != certThumbprint[i])
                {
                    return(false);
                }
            }

            // If we get through all the above checks, return true (ClaimSet was issued by HomeRealmSTS.com)
            return(true);
        }
Пример #2
0
 /// <summary>
 /// Sets up the BookStoreSTS by loading relevant Application Settings
 /// </summary>
 public BookStoreSTS()
     : base(ServiceConstants.SecurityTokenServiceName,
            FederationUtilities.GetX509TokenFromCert(ServiceConstants.CertStoreName, ServiceConstants.CertStoreLocation, ServiceConstants.CertDistinguishedName),
            FederationUtilities.GetX509TokenFromCert(ServiceConstants.CertStoreName, ServiceConstants.CertStoreLocation, ServiceConstants.TargetDistinguishedName))
 {
 }
Пример #3
0
 public HomeRealmSTS() :
     base(ServiceConstants.StsName,
          FederationUtilities.GetX509TokenFromCert(ServiceConstants.CertStoreName, ServiceConstants.CertStoreLocation, ServiceConstants.CertDistinguishedName),
          FederationUtilities.GetX509TokenFromCert(ServiceConstants.CertStoreName, ServiceConstants.CertStoreLocation, ServiceConstants.TargetDistinguishedName))
 {
 }