public static void tokenTest() { string relyingPartyId = "https://shadfs.sanfordhealth.org/adfs/ls/ldpinitiatedsignon.aspx"; WSTrustChannelFactory factory = null; try { // use a UserName Trust Binding for username authentication factory = new WSTrustChannelFactory( new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress("https://secure.genomenext.net/app/services/trust/13/usernamemixed")); /////I'll change this endpoint this later//////// factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.UserName.UserName = "******"; factory.Credentials.UserName.Password = "******"; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointReference(relyingPartyId), KeyType = KeyTypes.Bearer }; IWSTrustChannelContract channel = factory.CreateChannel(); GenericXmlSecurityToken genericToken = channel.Issue(rst) as GenericXmlSecurityToken; //MessageSecurityException -> PW falsch var _handler = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection(); var tokenString = genericToken.ToTokenXmlString(); var samlToken2 = _handler.ReadToken(new XmlTextReader(new StringReader(tokenString))); ValidateSamlToken(samlToken2); X509Certificate2 certificate = null; X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadOnly); certificate = store.Certificates.Find(X509FindType.FindByThumbprint, "thumb", false)[0]; // var jwt = ConvertSamlToJwt(samlToken2, "https://party.mycomp.com", certificate); } finally { if (factory != null) { try { factory.Close(); } catch (CommunicationObjectFaultedException) { factory.Abort(); } } }
/// <summary> /// Issues the token /// Mostly copied from Service References /// </summary> private GenericXmlSecurityToken IssueToken() { _logger.WriteDebug("Issue Token"); var issuerEndpoint = FindIssuerEndpoint(); var requestSecurityToken = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointReference(_infoShareWSAppliesTo.Value.AbsoluteUri), KeyType = System.IdentityModel.Protocols.WSTrust.KeyTypes.Symmetric }; using (var factory = new WSTrustChannelFactory((WS2007HttpBinding)issuerEndpoint.Binding, issuerEndpoint.Address)) { ApplyCredentials(factory.Credentials); ApplyTimeout(factory.Endpoint, _connectionParameters.IssueTimeout); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.SupportInteractive = false; WSTrustChannel channel = null; try { _logger.WriteDebug($"Issue Token for AppliesTo[{requestSecurityToken.AppliesTo.Uri}]"); channel = (WSTrustChannel)factory.CreateChannel(); RequestSecurityTokenResponse requestSecurityTokenResponse; return(channel.Issue(requestSecurityToken, out requestSecurityTokenResponse) as GenericXmlSecurityToken); } catch { // Fallback to 10.0.X and 11.0.X configuration using relying party per url like /InfoShareWS/API25/Application.svc requestSecurityToken.AppliesTo = new EndpointReference(_serviceUriByServiceName[Application25].AbsoluteUri); _logger.WriteDebug($"Issue Token for AppliesTo[{requestSecurityToken.AppliesTo.Uri}] as fallback on 10.0.x/11.0.x"); RequestSecurityTokenResponse requestSecurityTokenResponse; return(channel.Issue(requestSecurityToken, out requestSecurityTokenResponse) as GenericXmlSecurityToken); } finally { if (channel != null) { channel.Abort(); } factory.Abort(); } } }
/// <summary> /// Issues the token /// Mostly copied from Service References /// </summary> public void IssueToken() { var requestSecurityToken = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointReference(uris["Application25"].AbsoluteUri), KeyType = System.IdentityModel.Protocols.WSTrust.KeyTypes.Symmetric, }; requestSecurityToken.TokenType = SamlSecurityTokenHandler.Assertion; //This should have worked directly but I don't know why it doesn't. //using (var factory = new WSTrustChannelFactory(this.issuerServiceEndpoint)) using (var factory = new WSTrustChannelFactory((WS2007HttpBinding)this.issuerServiceEndpoint.Binding, this.issuerServiceEndpoint.Address)) { ApplyCredentials(factory.Credentials); //Apply the connection timeout to the token issue process ApplyTimeout(factory.Endpoint, IssueTimeout); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.SupportInteractive = false; WSTrustChannel channel = null; try { channel = (WSTrustChannel)factory.CreateChannel(); RequestSecurityTokenResponse requestSecurityTokenResponse; this.issuedToken = channel.Issue(requestSecurityToken, out requestSecurityTokenResponse) as GenericXmlSecurityToken; } catch (Exception ex) { throw; } finally { if (channel != null) { channel.Abort(); } factory.Abort(); } } }
private static SecurityToken GetSamlToken(string realm, string stsEndpoint, ClientCredentials clientCredentials) { using (var factory = new WSTrustChannelFactory( new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(new Uri(stsEndpoint)))) { factory.Credentials.UserName.UserName = clientCredentials.UserName.UserName; factory.Credentials.UserName.Password = clientCredentials.UserName.Password; factory.TrustVersion = TrustVersion.WSTrust13; WSTrustChannel channel = null; try { var rst = new RequestSecurityToken { RequestType = WSTrust13Constants.RequestTypes.Issue, AppliesTo = new EndpointAddress(realm), KeyType = KeyTypes.Bearer, }; channel = (WSTrustChannel)factory.CreateChannel(); RequestSecurityTokenResponse response; var token = channel.Issue(rst, out response); return(token); } finally { if (channel != null) { channel.Abort(); } factory.Abort(); } } }
private static SecurityToken GetSAMLTokenWithKerberosCredentials(string kerberosEndpoint = null, string servicePrincipalName = null, string relyingPartyIdentifier = null, RequestSecurityToken rst = null) { var stsEndpoint = kerberosEndpoint ?? ConfigurationManager.AppSettings["kerberosEndpoint"]; var spnIdentity = servicePrincipalName ?? ConfigurationManager.AppSettings["servicePrincipalName"]; string serviceEndpoint = relyingPartyIdentifier ?? ConfigurationManager.AppSettings["relyingPartyIdentifier"]; using (var factory = new WSTrustChannelFactory(GetWindowsWSTrustBinding(), new EndpointAddress(new Uri(stsEndpoint), EndpointIdentity.CreateSpnIdentity(spnIdentity), new AddressHeaderCollection()))) { factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; factory.TrustVersion = TrustVersion.WSTrust13; WSTrustChannel channel = null; try { if (rst == null) { rst = BuildRequestSecurityToken(); } channel = (WSTrustChannel)factory.CreateChannel(); return channel.Issue(rst); } finally { if (channel != null) { channel.Abort(); } factory.Abort(); } } }
private static SecurityToken GetSAMLTokenWithUserNameCredentials(string user, string password, string usernamePasswordEndpoint = null, string relyingParty = null, RequestSecurityToken rst = null) { Uri stsEndpoint = new Uri(usernamePasswordEndpoint ?? ConfigurationManager.AppSettings["usernamePasswordEndpoint"]); EndpointAddress endpointAddress; if (stsEndpoint.Host.Contains("localhost")) { endpointAddress = new EndpointAddress(stsEndpoint, new DnsEndpointIdentity("SelfSTS"), new AddressHeaderCollection()); } else { endpointAddress = new EndpointAddress(stsEndpoint); } Binding binding = stsEndpoint.Scheme == "https" ? GetUserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential) : GetUserNameWSTrustBinding(SecurityMode.Message); using (var factory = new WSTrustChannelFactory(binding, endpointAddress)) { factory.Credentials.UserName.UserName = user; factory.Credentials.UserName.Password = password; factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; factory.TrustVersion = TrustVersion.WSTrust13; WSTrustChannel channel = null; try { if (rst == null) { rst = BuildRequestSecurityToken(); } channel = (WSTrustChannel)factory.CreateChannel(); return channel.Issue(rst); } finally { if (channel != null) { channel.Abort(); } factory.Abort(); } } }
void ICommunicationObject.Abort() { _factory.Abort(); }
/// <summary> /// Uses the WSTrustChannel to retrieve an issued token from the STS. /// </summary> /// <returns>The SecurityToken issued by the STS.</returns> private static SecurityToken GetIssuedToken() { // // Note that the default trust version used by the WSTrustChannel // is the trust version found on any security binding element in the // WSTrustChannelFactory's binding. // // However, set the TrustVersion property directly on the WSTrustChannelFactory // to be explicit. // WSTrustChannelFactory trustChannelFactory = new WSTrustChannelFactory(GetSecurityTokenServiceBinding(), new EndpointAddress(STSAddress)); trustChannelFactory.TrustVersion = TrustVersion.WSTrust13; WSTrustChannel channel = null; try { // // Instantiate the RST object used for the issue request // to the STS. // // To use the February 2005 spec: // // RequestSecurityToken rst = new RequestSecurityToken( WSTrustFeb2005Constants.RequestTypes.Issue ); // RequestSecurityToken rst = new RequestSecurityToken(WSTrust13Constants.RequestTypes.Issue); rst.AppliesTo = new EndpointAddress(ServiceAddress); // Set client entropy, protect with STS's cert. // It is not necessary to encrypt the entropy as the message body is encrypted. // This sample shows how to encrypt the entropy for scenarios where it is required. rst.Entropy = new Entropy(CreateEntropy(), new X509EncryptingCredentials(STSCertificate)); // Set key type to symmetric. rst.KeyType = KeyTypes.Symmetric; // Set key size for the symmetric proof key. rst.KeySizeInBits = 256; // // Sends the RST message to the STS and extracts the // issued security token in accordance with the WS-Trust // specification. // channel = (WSTrustChannel)trustChannelFactory.CreateChannel(); SecurityToken token = channel.Issue(rst); ((IChannel)channel).Close(); channel = null; trustChannelFactory.Close(); trustChannelFactory = null; return(token); } finally { if (channel != null) { ((IChannel)channel).Abort(); } if (trustChannelFactory != null) { trustChannelFactory.Abort(); } } }