protected override SecureString GetRstsTokenInternal()
        {
            if (_disposed)
            {
                throw new ObjectDisposedException("CertificateAuthenticator");
            }

            string providerScope = "rsts:sts:primaryproviderid:certificate";

            if (!string.IsNullOrEmpty(_provider))
            {
                providerScope = ResolveProviderToScope(_provider);
            }

            var request = new RestRequest("oauth2/token", RestSharp.Method.POST)
                          .AddHeader("Accept", "application/json")
                          .AddHeader("Content-type", "application/json")
                          .AddJsonBody(new
            {
                grant_type = "client_credentials",
                scope      = providerScope
            });

            RstsClient.ClientCertificates = new X509Certificate2Collection()
            {
                _clientCertificate.Certificate
            };
            var response = RstsClient.Execute(request);

            if (response.ResponseStatus != ResponseStatus.Completed)
            {
                throw new SafeguardDotNetException($"Unable to connect to RSTS service {RstsClient.BaseUrl}, Error: " +
                                                   response.ErrorMessage);
            }
            if (!response.IsSuccessful)
            {
                throw new SafeguardDotNetException(
                          $"Error using client_credentials grant_type with {_clientCertificate}" +
                          $", Error: {response.StatusCode} {response.Content}", response.StatusCode, response.Content);
            }
            var jObject = JObject.Parse(response.Content);

            return(jObject.GetValue("access_token")?.ToString().ToSecureString());
        }
示例#2
0
        protected override SecureString GetRstsTokenInternal()
        {
            if (_disposed)
            {
                throw new ObjectDisposedException("PasswordAuthenticator");
            }
            if (_providerScope == null)
            {
                ResolveProviderToScope();
            }
            var request = new RestRequest("oauth2/token", RestSharp.Method.POST)
                          .AddHeader("Accept", "application/json")
                          .AddHeader("Content-type", "application/json")
                          .AddJsonBody(new
            {
                grant_type = "password",
                username   = _username,
                // SecureString handling here basically negates the use of a secure string anyway, but when calling a Web API
                // I'm not sure there is anything you can do about it.
                password = _password.ToInsecureString(),
                scope    = _providerScope
            });
            var response = RstsClient.Execute(request);

            if (response.ResponseStatus != ResponseStatus.Completed)
            {
                throw new SafeguardDotNetException($"Unable to connect to RSTS service {RstsClient.BaseUrl}, Error: " +
                                                   response.ErrorMessage);
            }
            if (!response.IsSuccessful)
            {
                throw new SafeguardDotNetException(
                          $"Error using password grant_type with scope {_providerScope}, Error: " +
                          $"{response.StatusCode} {response.Content}", response.StatusCode, response.Content);
            }
            var jObject = JObject.Parse(response.Content);

            return(jObject.GetValue("access_token").ToString().ToSecureString());
        }
        protected override SecureString GetRstsTokenInternal()
        {
            if (_disposed)
            {
                throw new ObjectDisposedException("CertificateAuthenticator");
            }

            var request = new RestRequest("oauth2/token", RestSharp.Method.POST)
                          .AddHeader("Accept", "application/json")
                          .AddHeader("Content-type", "application/json")
                          .AddJsonBody(new
            {
                grant_type = "client_credentials",
                scope      = "rsts:sts:primaryproviderid:certificate"
            });
            var userCert = !string.IsNullOrEmpty(_certificateThumbprint)
                ? CertificateUtilities.GetClientCertificateFromStore(_certificateThumbprint)
                : CertificateUtilities.GetClientCertificateFromFile(_certificatePath, _certificatePassword);

            RstsClient.ClientCertificates = new X509Certificate2Collection()
            {
                userCert
            };
            var response = RstsClient.Execute(request);

            if (response.ResponseStatus != ResponseStatus.Completed)
            {
                throw new SafeguardDotNetException($"Unable to connect to RSTS service {RstsClient.BaseUrl}, Error: " +
                                                   response.ErrorMessage);
            }
            if (!response.IsSuccessful)
            {
                throw new SafeguardDotNetException("Error using client_credentials grant_type with " +
                                                   $"{(string.IsNullOrEmpty(_certificatePath) ? $"thumbprint={_certificateThumbprint}" : $"file={_certificatePath}")}" +
                                                   $", Error: {response.StatusCode} {response.Content}", response.Content);
            }
示例#4
0
        private void ResolveProviderToScope()
        {
            try
            {
                IRestResponse response;
                try
                {
                    var request = new RestRequest("UserLogin/LoginController", RestSharp.Method.POST)
                                  .AddHeader("Accept", "application/json")
                                  .AddHeader("Content-type", "application/x-www-form-urlencoded")
                                  .AddParameter("response_type", "token", ParameterType.QueryString)
                                  .AddParameter("redirect_uri", "urn:InstalledApplication", ParameterType.QueryString)
                                  .AddParameter("loginRequestStep", 1, ParameterType.QueryString)
                                  .AddJsonBody("RelayState=");
                    response = RstsClient.Execute(request);
                }
                catch (WebException)
                {
                    Log.Debug("Caught exception with POST to find identity provider scopes, trying GET");
                    var request = new RestRequest("UserLogin/LoginController", RestSharp.Method.GET)
                                  .AddHeader("Accept", "application/json")
                                  .AddHeader("Content-type", "application/x-www-form-urlencoded")
                                  .AddParameter("response_type", "token", ParameterType.QueryString)
                                  .AddParameter("redirect_uri", "urn:InstalledApplication", ParameterType.QueryString)
                                  .AddParameter("loginRequestStep", 1, ParameterType.QueryString);
                    response = RstsClient.Execute(request);
                }

                if (response.ResponseStatus != ResponseStatus.Completed)
                {
                    throw new SafeguardDotNetException(
                              "Unable to connect to RSTS to find identity provider scopes, Error: " +
                              response.ErrorMessage);
                }
                if (!response.IsSuccessful)
                {
                    throw new SafeguardDotNetException(
                              "Error requesting identity provider scopes from RSTS, Error: " +
                              $"{response.StatusCode} {response.Content}", response.StatusCode, response.Content);
                }
                var jObject     = JObject.Parse(response.Content);
                var jProviders  = (JArray)jObject["Providers"];
                var knownScopes = jProviders.Select(s => s["Id"]).Values <string>().ToArray();
                var scope       = knownScopes.FirstOrDefault(s => s.EqualsNoCase(_provider));
                if (scope != null)
                {
                    _providerScope = $"rsts:sts:primaryproviderid:{scope}";
                }
                else
                {
                    scope = knownScopes.FirstOrDefault(s => s.ContainsNoCase(_provider));
                    if (_providerScope != null)
                    {
                        _providerScope = $"rsts:sts:primaryproviderid:{scope}";
                    }
                    else
                    {
                        throw new SafeguardDotNetException(
                                  $"Unable to find scope matching '{_provider}' in [{string.Join(",", knownScopes)}]");
                    }
                }
            }
            catch (SafeguardDotNetException)
            {
                throw;
            }
            catch (Exception ex)
            {
                throw new SafeguardDotNetException("Unable to connect to determine identity provider", ex);
            }
        }