static void Main(string[] args) { string idpAddress = "https://idp.contoso.com/SecurityTokenService/Issue.svc/mixed/username"; string fedAddress = "https://sts.contoso.com/adfs/services/trust/13/IssuedTokenMixedSymmetricBasic256"; string svcAddress = "https://internalcrm.contoso.com"; var idpBinding = new UserNameWSTrustBinding() { SecurityMode = SecurityMode.TransportWithMessageCredential }; var fedBinding = new IssuedTokenWSTrustBinding(idpBinding, new EndpointAddress(idpAddress)) { SecurityMode = SecurityMode.TransportWithMessageCredential, //KeyType = SecurityKeyType.SymmetricKey }; var channelFactory = new WSTrustChannelFactory(fedBinding, fedAddress); channelFactory.Credentials.UserName.UserName = "******"; channelFactory.Credentials.UserName.Password = "******"; var request = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointReference(svcAddress), //TokenType = Microsoft.IdentityModel.Tokens.SecurityTokenTypes.Saml2TokenProfile11, //TokenType = SecurityTokenTypes.Saml, }; var token = channelFactory.CreateChannel().Issue(request); //return token; }
private static SecurityToken GetIdentityProviderToken(string tokenType) { var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential); var factory = new WSTrustChannelFactory(binding, ConfigurationManager.AppSettings["usernamemixedEP"].ToString()) { TrustVersion = TrustVersion.WSTrust13 }; factory.Credentials.UserName.Password = ConfigurationManager.AppSettings["password"].ToString(); factory.Credentials.UserName.UserName = ConfigurationManager.AppSettings["username"].ToString(); factory.Credentials.SupportInteractive = false; factory.Credentials.UseIdentityConfiguration = true; var rst = new RequestSecurityToken { RequestType = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue", AppliesTo = new EndpointReference(ConfigurationManager.AppSettings["usernamemixedAppliesTo"].ToString()), KeyType = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey", TokenType = tokenType }; var channel = factory.CreateChannel(); return(channel.Issue(rst)); }
public HttpResponseMessage GetToken(string username, string password) { string relyingPartyId = System.Configuration.ConfigurationManager.AppSettings["AudianceUri"]; string identityServerEndpoint = System.Configuration.ConfigurationManager.AppSettings["SecurityEndPoint"]; var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential); var credentials = new ClientCredentials(); credentials.UserName.UserName = username; credentials.UserName.Password = password; try { var token = WSTrustClient.Issue( new EndpointAddress(identityServerEndpoint), new EndpointAddress(relyingPartyId), binding, credentials) as GenericXmlSecurityToken; return(new HttpResponseMessage() { Content = new StringContent(token.TokenXml.OuterXml, Encoding.UTF8, "application/xml") }); } catch (Exception) { throw new PMSSecurityIdentityException(); } }
public string AuthenticateUser(string username, string password) { var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential) { ClientCredentialType = HttpClientCredentialType.None }; var trustChannelFactory = new WSTrustChannelFactory(binding, new EndpointAddress(stsEndpointAddress)) { TrustVersion = TrustVersion.WSTrust13 }; var channelCredentials = trustChannelFactory.Credentials; channelCredentials.UserName.UserName = username; channelCredentials.UserName.Password = password; channelCredentials.SupportInteractive = false; var tokenClient = (WSTrustChannel)trustChannelFactory.CreateChannel(); var rst = new RequestSecurityToken(RequestTypes.Issue, KeyTypes.Bearer) { AppliesTo = new EndpointReference(relyingPartyAddress), ReplyTo = relyingPartyAddress, TokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" }; // to some token-related stuff (like transformations etc...) }
//https://leastprivilege.com/2010/10/28/wif-adfs-2-and-wcfpart-6-chaining-multiple-token-services/ //https://msdn.microsoft.com/en-us/library/ee517297.aspx public SecurityToken GetToken(string idpEndpoint, string rstsRealm, string userName, string password) { var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential); var factory = new System.ServiceModel.Security.WSTrustChannelFactory(binding, new EndpointAddress(new Uri(idpEndpoint))); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.SupportInteractive = false; factory.Credentials.UserName.UserName = userName; factory.Credentials.UserName.Password = password; var rst = new System.IdentityModel.Protocols.WSTrust.RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new System.IdentityModel.Protocols.WSTrust.EndpointReference(rstsRealm), KeyType = KeyTypes.Bearer, TokenType = "urn:oasis:names:tc:SAML:2.0:assertion" }; var channel = factory.CreateChannel(); var securityToken = channel.Issue(rst); return(securityToken); }
private static GenericXmlSecurityToken GetSecurityToken(Uri spSiteUrl, string username, string password) { var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential) { TrustVersion = TrustVersion.WSTrustFeb2005 }; var address = new EndpointAddress(_stsUrl); using (var factory = new Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannelFactory(binding, address)) { factory.Credentials.UserName.UserName = username; factory.Credentials.UserName.Password = password; var channel = factory.CreateChannel(); var rst = new RequestSecurityToken { RequestType = WSTrustFeb2005Constants.RequestTypes.Issue, KeyType = WSTrustFeb2005Constants.KeyTypes.Bearer, TokenType = Microsoft.IdentityModel.Tokens.SecurityTokenTypes.Saml11TokenProfile11, AppliesTo = new EndpointAddress(spSiteUrl), }; var genericToken = channel.Issue(rst) as GenericXmlSecurityToken; return(genericToken); } }
private SecurityToken GetActAsToken() { // Retrieve the token that was saved during initial user login BootstrapContext bootstrapContext = ClaimsPrincipal.Current.Identities.First().BootstrapContext as BootstrapContext; // Use the Thinktecture-implementation of the UserNameWSBinding to setup the channel factory to ADFS var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential); var factory = new WSTrustChannelFactory(binding, new EndpointAddress("https://[ADFS]/adfs/services/trust/13/usernamemixed")); // For demo purposes, we're authenticating to ADFS using a user name and password representing the web application // If the web server is domain-joined, you can use Windows Authentication instead factory.Credentials.UserName.UserName = "******"; factory.Credentials.UserName.Password = "******"; factory.TrustVersion = TrustVersion.WSTrust13; // Setup the request details to ask for a token for the backend service, acting as the logged in user var request = new RequestSecurityToken(); request.RequestType = Thinktecture.IdentityModel.Constants.WSTrust13Constants.RequestTypes.Issue; request.AppliesTo = new EndpointReference("https://[BackendService]/Service.svc"); request.ActAs = new SecurityTokenElement(bootstrapContext.SecurityToken); // Create the channel var channel = factory.CreateChannel(); RequestSecurityTokenResponse response = null; SecurityToken delegatedToken = channel.Issue(request, out response); // Return the acquired token return(delegatedToken); }
private static SecurityToken RequestToken() { var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential); var credentials = new ClientCredentials(); credentials.UserName.UserName = "******"; credentials.UserName.Password = "******"; return(WSTrustClient.Issue( new EndpointAddress(_idsrvEndpoint), new EndpointAddress(_realm), binding, credentials)); }
public ClaimsPrincipal Validate(string userName, string password) { var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential); var credentials = new ClientCredentials(); credentials.UserName.UserName = userName; credentials.UserName.Password = password; GenericXmlSecurityToken genericToken; try { genericToken = WSTrustClient.Issue( new EndpointAddress(_address), new EndpointAddress(_realm), binding, credentials) as GenericXmlSecurityToken; } catch (MessageSecurityException ex) { Tracing.Error("WSTrustResourceOwnerCredentialValidation failed: " + ex.ToString()); return(null); } var config = new SecurityTokenHandlerConfiguration(); config.AudienceRestriction.AllowedAudienceUris.Add(new Uri(_realm)); config.CertificateValidationMode = X509CertificateValidationMode.None; config.CertificateValidator = X509CertificateValidator.None; var registry = new ConfigurationBasedIssuerNameRegistry(); registry.AddTrustedIssuer(_issuerThumbprint, _address); config.IssuerNameRegistry = registry; var handler = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection(config); ClaimsPrincipal principal; var token = genericToken.ToSecurityToken(); principal = new ClaimsPrincipal(handler.ValidateToken(token)); Tracing.Information("Successfully requested token for user via WS-Trust"); return(FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager.Authenticate("ResourceOwnerPasswordValidation", principal)); }
protected virtual WSTrustChannelFactory CreateUsernameWSTrustChannelFactory(string serviceUsername, string servicePassword) { var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential); if (ProxyAddress != null) { binding.ProxyAddress = ProxyAddress; } var factory = new WSTrustChannelFactory(binding, _usernameMixedEndpoint) { TrustVersion = TrustVersion.WSTrust13 }; factory.Credentials.UserName.UserName = serviceUsername; factory.Credentials.UserName.Password = servicePassword; return(factory); }
public virtual string AuthenticateUser(string username, string password, string stsEndpoint, string relyingPartyAddress) { if (string.IsNullOrEmpty(stsEndpoint) || string.IsNullOrEmpty(relyingPartyAddress) || string.IsNullOrEmpty(username) || string.IsNullOrEmpty(password)) { throw new NullReferenceException( "AuthenticationTokenFactory received a null/empty argument for: username || password || stsEndpoint || relyingPartyAddress "); } var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential) { ClientCredentialType = HttpClientCredentialType.None }; var trustChannelFactory = new WSTrustChannelFactory(binding, new EndpointAddress(stsEndpoint)) { TrustVersion = TrustVersion.WSTrust13 }; var channelCredentials = trustChannelFactory.Credentials; channelCredentials.UserName.UserName = username; channelCredentials.UserName.Password = password; channelCredentials.SupportInteractive = false; var tokenClient = (WSTrustChannel)trustChannelFactory.CreateChannel(); var rst = new RequestSecurityToken(WSTrust13Constants.RequestTypes.Issue, WSTrust13Constants.KeyTypes.Bearer) { AppliesTo = new System.ServiceModel.EndpointAddress(relyingPartyAddress), ReplyTo = relyingPartyAddress, TokenType = "urn:ietf:params:oauth:token-type:jwt" }; var token = tokenClient.Issue(rst); var innerXml = ((GenericXmlSecurityToken)token).TokenXml.InnerXml; byte[] data = Convert.FromBase64String(innerXml); string decodedString = Encoding.UTF8.GetString(data); return(decodedString); }