public async Task <IActionResult> Post(string token)
{
var client = Util.GetRestPkiClient(restPkiConfig);
// Get an instance of the Authentication class
var auth = new Authentication(client);
// Call the CompleteWithWebPki() method with the token, which finalizes the authentication process. The call yields a
// ValidationResults which denotes whether the authentication was successful or not.
var vr = await auth.CompleteWithWebPkiAsync(token);
var userCert = auth.GetCertificate();
// Check the authentication result
if (!vr.IsValid)
{
return(BadRequest(new ValidationErrorModel(vr)));
}
// At this point, you have assurance that the certificate is valid according to the TrustArbitrator you
// selected when starting the authentication and that the user is indeed the certificate's subject. Now,
// you'd typically query your database for a user that matches one of the certificate's fields, such as
// userCert.EmailAddress or userCert.PkiBrazil.CPF (the actual field to be used as key depends on your
// application's business logic) and set the user ID on the authentication framework your app uses.
// For demonstration purposes, we'll just show some of the user's certificate information.
var response = new AuthenticationPostResponse()
{
Certificate = new CertificateModel(userCert)
};
return(Ok(response));
}
public IHttpActionResult Post(AuthenticationPostRequest request)
{
// As before, we instantiate a FileSystemNonceStore class and use that to
// instantiate a PKCertificateAuthentication
var nonceStore = Util.GetNonceStore();
var certAuth = new PKCertificateAuthentication(nonceStore);
// Call the Complete() method, which is the last of the two server-side steps. It receives:
// - The nonce which was signed using the user's certificate
// - The user's certificate encoding
// - The nonce signature
// - A TrustArbitrator to be used to determine trust in the certificate (for more information see http://pki.lacunasoftware.com/Help/html/e7724d78-9835-4f06-b58c-939b721f6e7b.htm)
// The call yields:
// - A ValidationResults which denotes whether the authentication was successful or not
// - The user's decoded certificate
PKCertificate certificate;
var vr = certAuth.Complete(request.Nonce, request.Certificate, request.Signature, Util.GetTrustArbitrator(), out certificate);
// NOTE: By changing the TrustArbitrator above, you can accept only certificates from a certain PKI,
// for instance, ICP-Brasil (TrustArbitrators.PkiBrazil). For more information, see
// http://pki.lacunasoftware.com/Help/html/e7724d78-9835-4f06-b58c-939b721f6e7b.htm
//
// The value above (TrustArbitrators.Windows) specifies that the root certification authorities in the
// Windows certificate store are to be used as trust arbitrators.
// Check the authentication result
if (!vr.IsValid)
{
return(new ResponseMessageResult(Request.CreateResponse(HttpStatusCode.BadRequest, new ValidationErrorModel(vr))));
}
var response = new AuthenticationPostResponse()
{
Certificate = new CertificateModel(certificate)
};
return(Ok(response));
}
