public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
            IPrincipal principal = null;
            if (HttpContext.Current != null)
            {
                principal = HttpContext.Current.User;
            }

            if (principal != null)
            {
                // set the identity (for PrimaryIdentity)
                evaluationContext.Properties["Identities"] =
                    new List<IIdentity>() { principal.Identity };

                evaluationContext.Properties["Principal"] = principal;

                var nameClaim = Claim.CreateNameClaim(principal.Identity.Name);
                ClaimSet set;

                if (HttpContext.Current != null)
                {
                    set = new DefaultClaimSet(
                        nameClaim,
                        new Claim(ClaimTypes.Authentication, HttpContext.Current.User.Identity, Rights.Identity));
                }
                else
                {
                    set = new DefaultClaimSet(nameClaim);
                }

                evaluationContext.AddClaimSet(this, set);
            }

            return true;
        }
Пример #2
0
        internal static DefaultClaimSet CreateSystemClaimSet()
        {
            DefaultClaimSet s = new DefaultClaimSet();

            s.Initialize(s, new Claim [] { Claim.System, new Claim(ClaimTypes.System, "System", Rights.PossessProperty) });
            return(s);
        }
 protected override ReadOnlyCollection<IAuthorizationPolicy> ValidateTokenCore(SecurityToken token)
 {
     KerberosRequestorSecurityToken token2 = (KerberosRequestorSecurityToken) token;
     List<IAuthorizationPolicy> list = new List<IAuthorizationPolicy>(1);
     ClaimSet issuance = new DefaultClaimSet(ClaimSet.System, new Claim[] { new Claim(ClaimTypes.Spn, token2.ServicePrincipalName, Rights.PossessProperty) });
     list.Add(new UnconditionalPolicy(System.ServiceModel.Security.SecurityUtils.CreateIdentity(token2.ServicePrincipalName, "Kerberos"), issuance));
     return list.AsReadOnly();
 }
 protected override ReadOnlyCollection<IAuthorizationPolicy> ValidateTokenCore(SecurityToken token)
 {
     KerberosRequestorSecurityToken kerbToken = (KerberosRequestorSecurityToken) token;
     List<IAuthorizationPolicy> policies = new List<IAuthorizationPolicy>(1);
     ClaimSet claimSet = new DefaultClaimSet(ClaimSet.System, new Claim(ClaimTypes.Spn, kerbToken.ServicePrincipalName, Rights.PossessProperty));
     policies.Add(new UnconditionalPolicy(SecurityUtils.CreateIdentity(kerbToken.ServicePrincipalName, SecurityUtils.AuthTypeKerberos), claimSet));
     return policies.AsReadOnly();
 }
        public WspAuthorizationPolicy()
        {
            _id = Guid.NewGuid().ToString();

            _issuerClaimSet = CreateIssuer();

            _trustFabric = OpenTrustFabric();
        }
 protected override ReadOnlyCollection<IAuthorizationPolicy> ValidateTokenCore(SecurityToken token)
 {
     RsaSecurityToken token2 = (RsaSecurityToken) token;
     List<Claim> claims = new List<Claim>(2) {
         new Claim(ClaimTypes.Rsa, token2.Rsa, Rights.Identity),
         Claim.CreateRsaClaim(token2.Rsa)
     };
     DefaultClaimSet issuance = new DefaultClaimSet(ClaimSet.Anonymous, claims);
     return new List<IAuthorizationPolicy>(1) { new UnconditionalPolicy(issuance, token2.ValidTo) }.AsReadOnly();
 }
Пример #7
0
        protected override ReadOnlyCollection<IAuthorizationPolicy> ValidateUserNamePasswordCore(string userName, string password)
        {
            if (!ValidateUserNameFormat(userName))
                throw new SecurityTokenValidationException("Incorrect UserName format");

            ClaimSet claimSet = new DefaultClaimSet(ClaimSet.System, new Claim(ClaimTypes.Name, userName, Rights.PossessProperty));
            List<IIdentity> identities = new List<IIdentity>(1);
            identities.Add(new GenericIdentity(userName));
            List<IAuthorizationPolicy> policies = new List<IAuthorizationPolicy>(1);
            policies.Add(new UnconditionalPolicy(ClaimSet.System, claimSet, DateTime.MaxValue.ToUniversalTime(), identities));
            return policies.AsReadOnly();
        }
        protected override ReadOnlyCollection<IAuthorizationPolicy> ValidateTokenCore(SecurityToken token)
        {
            RsaSecurityToken rsaToken = (RsaSecurityToken)token;
            List<Claim> claims = new List<Claim>(2);
            claims.Add(new Claim(ClaimTypes.Rsa, rsaToken.Rsa, Rights.Identity));
            claims.Add(Claim.CreateRsaClaim(rsaToken.Rsa));

            DefaultClaimSet claimSet = new DefaultClaimSet(ClaimSet.Anonymous, claims);
            List<IAuthorizationPolicy> policies = new List<IAuthorizationPolicy>(1);
            policies.Add(new UnconditionalPolicy(claimSet, rsaToken.ValidTo));
            return policies.AsReadOnly();
        }
Пример #9
0
        /// <summary>
        /// Makes calls to the specified endpoint name in app.config
        /// </summary>
        /// <param name="endpointName">The endpoint to use from app.config</param>
        private static void CallEndpoint(string endpointName)
        {
            Console.WriteLine("\nCalling endpoint {0}\n", endpointName);

            // Create a client with given client endpoint configuration
            CalculatorClient client = new CalculatorClient(endpointName);

            // Create new credentials class
            SamlClientCredentials samlCC = new SamlClientCredentials();

            // Set the client certificate. This is the cert that will be used to sign the SAML token in the symmetric proof key case
            samlCC.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, "Alice");

            // Set the service certificate. This is the cert that will be used to encrypt the proof key in the symmetric proof key case
            samlCC.ServiceCertificate.SetDefaultCertificate(StoreLocation.CurrentUser, StoreName.TrustedPeople, X509FindType.FindBySubjectName, "localhost");

            // Create some claims to put in the SAML assertion
            IList<Claim> claims = new List<Claim>();
            claims.Add(Claim.CreateNameClaim(samlCC.ClientCertificate.Certificate.Subject));
            ClaimSet claimset = new DefaultClaimSet(claims);
            samlCC.Claims = claimset;

            // set new credentials
            client.ChannelFactory.Endpoint.Behaviors.Remove(typeof(ClientCredentials));
            client.ChannelFactory.Endpoint.Behaviors.Add(samlCC);

            // Call the Add service operation.
            double value1 = 100.00D;
            double value2 = 15.99D;
            double result = client.Add(value1, value2);
            Console.WriteLine("Add({0},{1}) = {2}", value1, value2, result);

            // Call the Subtract service operation.
            value1 = 145.00D;
            value2 = 76.54D;
            result = client.Subtract(value1, value2);
            Console.WriteLine("Subtract({0},{1}) = {2}", value1, value2, result);

            // Call the Multiply service operation.
            value1 = 9.00D;
            value2 = 81.25D;
            result = client.Multiply(value1, value2);
            Console.WriteLine("Multiply({0},{1}) = {2}", value1, value2, result);

            // Call the Divide service operation.
            value1 = 22.00D;
            value2 = 7.00D;
            result = client.Divide(value1, value2);
            Console.WriteLine("Divide({0},{1}) = {2}", value1, value2, result);

            client.Close();
        }
        protected override ReadOnlyCollection<IAuthorizationPolicy> ValidateTokenCore(SecurityToken token)
        {
            CreditCardToken creditCardToken = token as CreditCardToken;

            if (creditCardToken.CardInfo.ExpirationDate < DateTime.UtcNow)
                throw new SecurityTokenValidationException("The credit card has expired");
            if (!IsCardNumberAndExpirationValid(creditCardToken.CardInfo))
                throw new SecurityTokenValidationException("Unknown or invalid credit card");

            // the credit card token has only 1 claim - the card number. The issuer for the claim is the
            // credit card issuer

            DefaultClaimSet cardIssuerClaimSet = new DefaultClaimSet(new Claim(ClaimTypes.Name, creditCardToken.CardInfo.CardIssuer, Rights.PossessProperty));
            DefaultClaimSet cardClaimSet = new DefaultClaimSet(cardIssuerClaimSet, new Claim(Constants.CreditCardNumberClaim, creditCardToken.CardInfo.CardNumber, Rights.PossessProperty));
            List<IAuthorizationPolicy> policies = new List<IAuthorizationPolicy>(1);
            policies.Add(new CreditCardTokenAuthorizationPolicy(cardClaimSet));
            return policies.AsReadOnly();
        }
        protected override ReadOnlyCollection<IAuthorizationPolicy> ValidateTokenCore( System.IdentityModel.Tokens.SecurityToken token )
        {
            var securityToken = token as SecurityToken;

            if ( securityToken != null )
            {
                // Note that we cannot authenticate the token w/o a password, so it must be retrieved from somewhere
                if ( securityToken.ValidateToken( _passwordProvider.RetrievePassword( "User1" ) ) != true )
                    throw new SecurityTokenValidationException( "Token validation failed" );

                // Add claims about user here
                var userClaimSet = new DefaultClaimSet( new Claim( ClaimTypes.Name, securityToken.Info.Username, Rights.PossessProperty ) );

                var policies = new List<IAuthorizationPolicy>( 1 ) { new SecurityTokenAuthorizationPolicy( userClaimSet ) };
                return policies.AsReadOnly();
            }

            return null;
        }
Пример #12
0
			ValidateTokenCore(SecurityToken token)
		{
			UserNameSecurityToken userNameToken = token as UserNameSecurityToken;

			// Validate the information contained in the username token. For demonstration 
			// purposes, this code just checks that the user name matches the password.
			if (userNameToken.UserName != userNameToken.Password)
			{
				throw new SecurityTokenValidationException("Invalid user name or password");
			}

			// Create just one Claim instance for the username token - the name of the user.
			DefaultClaimSet userNameClaimSet = new DefaultClaimSet(
				ClaimSet.System,
				new Claim(ClaimTypes.Name, userNameToken.UserName, Rights.PossessProperty));
			List<IAuthorizationPolicy> policies = new List<IAuthorizationPolicy>(1);
			policies.Add(new MyAuthorizationPolicy(userNameClaimSet));
			return policies.AsReadOnly();
		}
Пример #13
0
 public ClaimListFilter(DefaultClaimSet source, string claimType)
 {
     claim_type  = claimType;
     this.source = source;
 }