public ListenerLoop()
{
// Start re-populating signing keys. If the code-cached keys are out of date, it may take a few seconds to freshen.
SigningKeys.UpdateKeyCache();
// Tracing setup
var currentDomain = AppDomain.CurrentDomain;
currentDomain.UnhandledException += BaseExceptionHandler;
Trace.UseGlobalLock = false;
Trace.AutoFlush = false;
Trace.Listeners.Add(LocalTrace.Instance);
Trace.TraceInformation("WrapperRoleListener coming up");
Trace.TraceInformation("Old connection limit was " + ServicePointManager.DefaultConnectionLimit);
ServicePointManager.DefaultConnectionLimit = Parallelism;
Trace.TraceInformation("New connection limit is " + ServicePointManager.DefaultConnectionLimit);
ServicePointManager.ReusePort = true;
ServicePointManager.EnableDnsRoundRobin = true; // can load balance with DNS
ServicePointManager.SetTcpKeepAlive(false, 0, 0);
_handler = new MainRequestHandler(new AadSecurityCheck());
}
static void Main(string[] args)
{
var raw = File.ReadAllText(@"C:\Temp\security.json");
var config = JsonTool.Defrost <SecurityConfig>(raw);
Console.WriteLine("Cache is populating.");
SigningKeys.RefreshKeys(config.KeyDiscoveryUrl, TimeSpan.FromHours(1));
var testToken = "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik4tbEMwbi05REFMcXdodUhZbkhRNjNHZUNYYyIsImtpZCI6Ik4tbEMwbi05REFMcXdodUhZbkhRNjNHZUNYYyJ9.eyJhdWQiOiIyODY4YTdiNS1lYTY0LTQ1NTEtOWY4NC1jOTUxMTk5YmFjMTQiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC80ZDEzMzgwZi1iMmRjLTQwMWUtYWRlOC0wM2E2NzgwMWM2NzYvIiwiaWF0IjoxNTUyOTE2MDU0LCJuYmYiOjE1NTI5MTYwNTQsImV4cCI6MTU1MjkxOTk1NCwiYWlvIjoiNDJKZ1lIajR4U3JTYWJaMndhVnpHM2N0NFg0NENRQT0iLCJhcHBpZCI6IjI4NjhhN2I1LWVhNjQtNDU1MS05Zjg0LWM5NTExOTliYWMxNCIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0LzRkMTMzODBmLWIyZGMtNDAxZS1hZGU4LTAzYTY3ODAxYzY3Ni8iLCJvaWQiOiI1MDhkYmEyMi0zYTJjLTQzMGQtODY3OC04YjA2MDk4Mjk3NGQiLCJzdWIiOiI1MDhkYmEyMi0zYTJjLTQzMGQtODY3OC04YjA2MDk4Mjk3NGQiLCJ0aWQiOiI0ZDEzMzgwZi1iMmRjLTQwMWUtYWRlOC0wM2E2NzgwMWM2NzYiLCJ1dGkiOiItdHdkamhGMHlVdWhhVkxwOERYQkFBIiwidmVyIjoiMS4wIn0.Y1eO8SXXHIRgQ3urJG93lLepBlxxmdWc1B7Nx8FSKeCU18saJa145wbQ2kwVzlCrzb5N7siKUU7UIeuKgjJWCJh7F-j0XWZcvgpk2YU5RsuHsdLU2HrEpXfnoKNpWPhsi864RvI7P7unQI761Jj1PTZ49-oslotgD76fHfzSEbFbWNaPb5SN1cAKdgRkIsAn9XA4bgQqPMZ4zTkoWpC37tSkHlxT3NhpWq6MLHnvvLIqssu89u5FhfHal-MXsPymb7fdzdoF14sMv7WLU_p5r_H9Gcryt2VVmdhV5GAAyt9Y7lE4HdXFCidHOFA06vdkB1Yu9rdBcO2jzqhGzDXDFg";
var subject = new AadSecurityCheck(config);
var outcome = subject.Validate(testToken);
switch (outcome)
{
case SecurityOutcome.Fail:
Console.WriteLine("Validation failed");
break;
case SecurityOutcome.Pass:
Console.WriteLine("Validated OK!");
break;
}
Console.ReadLine();
}
static void Main(string[] args)
{
var raw = File.ReadAllText(@"C:\Temp\security.json");
var config = JsonTool.Defrost <SecurityConfig>(raw);
Console.WriteLine("Cache is populating.");
SigningKeys.RefreshKeys(config.KeyDiscoveryUrl, TimeSpan.FromHours(1));
var testToken = "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik4tbEMwbi05REFMcXdodUhZbkhRNjNHZUNYYyIsImtpZCI6Ik4tbEMwbi05REFMcXdodUhZbkhRNjNHZUNYYyJ9.eyJhdWQiOiI4NWRjZTY2Mi1lYTdmLTRmNTEtODEzNy1hM2QzYzRjNWNlMzEiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9kMjA3MjkxNi1hMWRmLTQzZTgtYWNiMC1iZjVjN2M2MWE1NjAvIiwiaWF0IjoxNTUzMDAyMDY4LCJuYmYiOjE1NTMwMDIwNjgsImV4cCI6MTU1MzAwNTk2OCwiYWlvIjoiNDJKZ1lIalBJWFR0U0lPeXdKcnoveVhldkpQYkNBQT0iLCJhcHBpZCI6Ijg1ZGNlNjYyLWVhN2YtNGY1MS04MTM3LWEzZDNjNGM1Y2UzMSIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0L2QyMDcyOTE2LWExZGYtNDNlOC1hY2IwLWJmNWM3YzYxYTU2MC8iLCJvaWQiOiI3OWQwMTRlYi1lYzRkLTQxMmYtYTc1OS1mM2YxYmJkZjlkNGEiLCJzdWIiOiI3OWQwMTRlYi1lYzRkLTQxMmYtYTc1OS1mM2YxYmJkZjlkNGEiLCJ0aWQiOiJkMjA3MjkxNi1hMWRmLTQzZTgtYWNiMC1iZjVjN2M2MWE1NjAiLCJ1dGkiOiI3NDZHV1NIbmswTzNTWE5UdHViTUFBIiwidmVyIjoiMS4wIn0.OVSVmTBpdOKSfQIIrJ3Xom8QCHTjR7KRbiAqTIFk9E3o2JlU1jRjoJNhfVmDpVzIXELjqNA0QI9zdh4U_QBGBLMT_p8YRdcGNoZlm5ouVQcVzrR5dxfWw5aF0AbunOGnIfwomvrHj2S92eU2uzEzuChGiNAnI-WcaJrN3Fet0gvyqskn1VjAkGBqVrj5AasbhqPt4Dd-OukFsV9l-u3TdpWeSqCnGCzlbBCeUvErsKiOLcCenarcGen7zJZ9COegytzza5l_cxcO2LYFNRCnCrGk9vyNW8ZCsHqLMjm14A09QKoO6nCJpWlna9WFWvaIDsEXC_ow976ZTe2QwGqaBA";
var subject = new AadSecurityCheck(config);
var outcome = subject.Validate(testToken);
switch (outcome)
{
case SecurityOutcome.Fail:
Console.WriteLine("Validation failed");
break;
case SecurityOutcome.Pass:
Console.WriteLine("Validated OK!");
break;
}
Console.ReadLine();
}
/// <summary>
/// Read authentication headers and check them against an AAD server.
/// </summary>
public SecurityOutcome Validate(IContext ctx)
{
try {
var token = ctx.Request.Headers.Get("Authorization") ?? ctx.Request.Headers.Get("WWW-Authenticate");
if (string.IsNullOrWhiteSpace(token))
{
return(SecurityOutcome.Fail);
}
token = token.Replace("Bearer ", "");
if (string.IsNullOrWhiteSpace(token))
{
return(SecurityOutcome.Fail);
}
// Set-up the validator...
using (var signingTokens = SigningKeys.AllAvailableKeys())
{
var validationParams = new TokenValidationParameters
{
ValidAudience = Audience,
ValidIssuer = Issuer,
IssuerSigningTokens = signingTokens
};
var x = new JwtSecurityTokenHandler();
x.ValidateToken(token, validationParams, out var y);
return((y == null) ? SecurityOutcome.Fail : SecurityOutcome.Pass);
}
}
catch (Exception ex)
{
Console.WriteLine(ex);
return(SecurityOutcome.Fail);
}
}
private void Validate()
{
if (Binding == 0)
{
throw new ConfigurationErrorsException("Missing binding configuration on Idp " + EntityId.Id + ".");
}
if (!SigningKeys.Any())
{
throw new ConfigurationErrorsException("Missing signing certificate configuration on Idp " + EntityId.Id + ".");
}
if (SingleSignOnServiceUrl == null)
{
throw new ConfigurationErrorsException("Missing assertion consumer service url configuration on Idp " + EntityId.Id + ".");
}
}
/// <summary>
/// Handle setup from the C++ side
/// </summary>
/// <param name="basePath">base path for the .Net binary</param>
/// <param name="output">error message, if any</param>
private static void WakeupCallback(string basePath, out string output)
{
BaseDirectory = Path.GetDirectoryName(basePath);
output = null;
// Do the wake up, similar to the ListenerLoop class
try
{
// Start re-populating signing keys. If the code-cached keys are out of date, it may take a few seconds to freshen.
SigningKeys.UpdateKeyCache();
// Set up the internal trace
Trace.UseGlobalLock = false;
Trace.AutoFlush = false;
Trace.Listeners.Clear();
Trace.Listeners.Add(LocalTrace.Instance);
ThreadPool.SetMaxThreads(ListenerLoop.Parallelism, ListenerLoop.Parallelism);
ThreadPool.SetMinThreads(1, 1);
// Load the config file
var configurationMap = new ExeConfigurationFileMap {
ExeConfigFilename = basePath + ".config"
}; // this will load the app.config file.
MainRequestHandler.ExplicitConfiguration = ConfigurationManager.OpenMappedExeConfiguration(configurationMap, ConfigurationUserLevel.None);
// Check to see if HTTPS is bound in IIS
if (GetBindings(BaseDirectory).Contains("https"))
{
MainRequestHandler.HttpsAvailable = true;
}
// Load the wrapper
_core = new MainRequestHandler(new AadSecurityCheck());
}
catch (Exception ex)
{
RecPrintException(ex);
output = basePath + "\r\n" + ex;
}
}
