static void Main(string[] args) { string idpAddress = "https://idp.contoso.com/SecurityTokenService/Issue.svc/mixed/username"; string fedAddress = "https://sts.contoso.com/adfs/services/trust/13/IssuedTokenMixedSymmetricBasic256"; string svcAddress = "https://internalcrm.contoso.com"; var idpBinding = new UserNameWSTrustBinding() { SecurityMode = SecurityMode.TransportWithMessageCredential }; var fedBinding = new IssuedTokenWSTrustBinding(idpBinding, new EndpointAddress(idpAddress)) { SecurityMode = SecurityMode.TransportWithMessageCredential, //KeyType = SecurityKeyType.SymmetricKey }; var channelFactory = new WSTrustChannelFactory(fedBinding, fedAddress); channelFactory.Credentials.UserName.UserName = "******"; channelFactory.Credentials.UserName.Password = "******"; var request = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointReference(svcAddress), //TokenType = Microsoft.IdentityModel.Tokens.SecurityTokenTypes.Saml2TokenProfile11, //TokenType = SecurityTokenTypes.Saml, }; var token = channelFactory.CreateChannel().Issue(request); //return token; }
private SecurityToken GetActAsToken() { // Retrieve the token that was saved during initial user login BootstrapContext bootstrapContext = ClaimsPrincipal.Current.Identities.First().BootstrapContext as BootstrapContext; // Use the Thinktecture-implementation of the UserNameWSBinding to setup the channel factory to ADFS var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential); var factory = new WSTrustChannelFactory(binding, new EndpointAddress("https://[ADFS]/adfs/services/trust/13/usernamemixed")); // For demo purposes, we're authenticating to ADFS using a user name and password representing the web application // If the web server is domain-joined, you can use Windows Authentication instead factory.Credentials.UserName.UserName = "******"; factory.Credentials.UserName.Password = "******"; factory.TrustVersion = TrustVersion.WSTrust13; // Setup the request details to ask for a token for the backend service, acting as the logged in user var request = new RequestSecurityToken(); request.RequestType = Thinktecture.IdentityModel.Constants.WSTrust13Constants.RequestTypes.Issue; request.AppliesTo = new EndpointReference("https://[BackendService]/Service.svc"); request.ActAs = new SecurityTokenElement(bootstrapContext.SecurityToken); // Create the channel var channel = factory.CreateChannel(); RequestSecurityTokenResponse response = null; SecurityToken delegatedToken = channel.Issue(request, out response); // Return the acquired token return delegatedToken; }
private static SecurityToken GetToken() { string stsEndpoint = "https://win-beju5ai4tp7.pbdev.codit.eu/adfs/services/trust/2005/windowstransport"; // Windows authentication over transport security var factory = new WSTrustChannelFactory( new WindowsWSTrustBinding(SecurityMode.Transport), stsEndpoint); factory.TrustVersion = TrustVersion.WSTrustFeb2005; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointAddress("https://localhost:8732/ClaimsEnumeratorService/"), KeyType = KeyTypes.Symmetric }; var channel = factory.CreateChannel(); SecurityToken tk = channel.Issue(rst); Console.WriteLine(tk.Id); foreach (var key in tk.SecurityKeys) { Console.WriteLine(key.KeySize.ToString()); } Console.WriteLine(tk.ValidFrom); Console.WriteLine(tk.ValidTo); return tk; }
/// <summary> /// /// </summary> /// <param name="requestMessage"></param> /// <param name="config"></param> /// <param name="withRefreshToken"></param> /// <returns></returns> public static AccessTokenResponse ProcessAccessTokenRequest(AccessTokenRequest requestMessage, SecurityTokenServiceConfiguration config, Boolean withRefreshToken) { ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true; // Call issuer to create token WSTrustChannelFactory factory = new WSTrustChannelFactory("issuer"); // TODO: factory.Credentials.UserName.UserName = requestMessage.Name ?? requestMessage.ClientId; // TODO: factory.Credentials.UserName.Password = requestMessage.Password ?? requestMessage.ClientSecret; WSTrustChannel issuer = factory.CreateChannel() as WSTrustChannel; RequestSecurityToken rst = new RequestSecurityToken(WSTrust13Constants.RequestTypes.Issue); rst.AppliesTo = new EndpointAddress("https://wrap.client"); rst.KeyType = WSTrust13Constants.KeyTypes.Bearer; RequestSecurityTokenResponse response = null; issuer.Issue(rst, out response); WSTrustSerializationContext context = new WSTrustSerializationContext( config.SecurityTokenHandlerCollectionManager, config.CreateAggregateTokenResolver(), config.IssuerTokenResolver); // Create response var token = response.RequestedSecurityToken.SecurityToken; if (null == token) { using (XmlReader reader = new XmlNodeReader(response.RequestedSecurityToken.SecurityTokenXml)) { token = FederatedAuthentication.ServiceConfiguration.SecurityTokenHandlers.ReadToken(reader); } token = ConvertToSimpleWebToken(token, response); } // Write token return WriteToken(token, withRefreshToken); }
static void Main(String[] arguments) { if (2 != arguments.Length) { ShowUsage(); return; } String userName = arguments[0]; String password = arguments[1]; var serviceAddress = "http://127.0.0.1:450/TimeService.svc"; var factory = new WSTrustChannelFactory("issuer"); factory.Credentials.UserName.UserName = userName; factory.Credentials.UserName.Password = password; var channel = factory.CreateChannel() as WSTrustChannel; var rst = new RequestSecurityToken("http://schemas.microsoft.com/idfx/requesttype/issue"); rst.AppliesTo = new EndpointAddress(serviceAddress); RequestSecurityTokenResponse rstr = null; Console.WriteLine("Before issue"); var token = channel.Issue(rst, out rstr); Console.WriteLine("After issue"); }
private static string GetWindowsToken(string windowsAuthSiteEndPoint, string realm) { var identityProviderEndpoint = new EndpointAddress(new Uri(windowsAuthSiteEndPoint + TenantApiUri.WindowsAuthSite)); var identityProviderBinding = new WS2007HttpBinding(SecurityMode.Transport); identityProviderBinding.Security.Message.EstablishSecurityContext = false; identityProviderBinding.Security.Message.ClientCredentialType = MessageCredentialType.None; identityProviderBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows; var trustChannelFactory = new WSTrustChannelFactory(identityProviderBinding, identityProviderEndpoint) { TrustVersion = TrustVersion.WSTrust13, }; trustChannelFactory.Credentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication() { CertificateValidationMode = X509CertificateValidationMode.None }; var channel = trustChannelFactory.CreateChannel(); var rst = new RequestSecurityToken(RequestTypes.Issue) { AppliesTo = new EndpointReference(realm), KeyType = KeyTypes.Bearer, }; RequestSecurityTokenResponse rstr = null; SecurityToken token = null; token = channel.Issue(rst, out rstr); var tokenString = (token as GenericXmlSecurityToken).TokenXml.InnerText; var jwtString = Encoding.UTF8.GetString(Convert.FromBase64String(tokenString)); return jwtString; }
public bool ValidateUser(string userId, string password, out SessionSecurityToken sessionToken) { // authenticate with WS-Trust endpoint var factory = new WSTrustChannelFactory( new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress("https://localhost/ActiveSTS/SecurityTokenService.svc")); factory.Credentials.SupportInteractive = false; factory.Credentials.UserName.UserName = userId; factory.Credentials.UserName.Password = password; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointAddress("https://localhost/stsclient/"), KeyType = KeyTypes.Bearer, TokenType = Microsoft.IdentityModel.Tokens.SecurityTokenTypes.Saml11TokenProfile11, }; var channel = factory.CreateChannel(); var genericToken = channel.Issue(rst) as System.IdentityModel.Tokens.GenericXmlSecurityToken; // parse token var handlers = FederatedAuthentication.ServiceConfiguration.SecurityTokenHandlers; var token = handlers.ReadToken(new XmlTextReader(new StringReader(genericToken.TokenXml.OuterXml))); var identity = handlers.ValidateToken(token).First(); // create session token sessionToken = new SessionSecurityToken(ClaimsPrincipal.CreateFromIdentity(identity)); return true; }
private static string RequestIdentityToken() { "Requesting identity token".ConsoleYellow(); var factory = new WSTrustChannelFactory( new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential), _idpEndpoint); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.ClientCertificate.SetCertificate( StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectDistinguishedName, "CN=Client"); var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, KeyType = KeyTypes.Bearer, AppliesTo = _acsBaseAddress }; var token = factory.CreateChannel().Issue(rst) as GenericXmlSecurityToken; return token.TokenXml.OuterXml; }
private static RequestSecurityTokenResponse RequestToken(RequestSecurityToken rst) { var factory = new WSTrustChannelFactory( new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(idp)); factory.Credentials.ClientCertificate.Certificate = X509Certificates.GetCertificateFromStore("CN=Client"); RequestSecurityTokenResponse rstr; var token = factory.CreateChannel().Issue(rst, out rstr); return rstr; }
public static IWSTrustChannelContract CreateMixedUserNameClient(string userName, string password, string endpointAddress) { var factory = new WSTrustChannelFactory( new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(endpointAddress)); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.UserName.UserName = userName; factory.Credentials.UserName.Password = password; return factory.CreateChannel(); }
private static IWSTrustChannelContract CreateWSTrustChannel(EndpointAddress stsAddress, Binding binding, ClientCredentials credentials) { var factory = new WSTrustChannelFactory( binding, stsAddress); var creds = factory.Endpoint.Behaviors.Find<ClientCredentials>(); factory.Endpoint.Behaviors.Remove(creds); factory.Endpoint.Behaviors.Add(credentials); return factory.CreateChannel(); }
public static SecurityToken GetIssuedToken(Uri audience, X509Certificate2 clientCertificate, X509Certificate2 stsCertificate, Uri endpoint, SecurityToken bootstrapSecurityToken) { WSTrustChannelFactory trustChannelFactory = new WSTrustChannelFactory(SecureTokenServiceBindings.GetIssuedTokenBindingNonSSL(), new EndpointAddress(endpoint, EndpointIdentity.CreateDnsIdentity("DANID A/S - DanID Test"))); trustChannelFactory.Credentials.ServiceCertificate.DefaultCertificate = stsCertificate; trustChannelFactory.Credentials.ClientCertificate.Certificate = clientCertificate; trustChannelFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; trustChannelFactory.Endpoint.Contract.ProtectionLevel = ProtectionLevel.Sign; trustChannelFactory.TrustVersion = TrustVersion.WSTrust13; var channel = (WSTrustChannel)trustChannelFactory.CreateChannel(); var rst = RequestSecurityToken(bootstrapSecurityToken, clientCertificate, audience, new List<RequestClaim>()); var response = channel.Issue(rst); return response; }
public static IWSTrustChannelContract CreateMixedCertificateClient(string subjectName, string endpointAddress) { var factory = new WSTrustChannelFactory( new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(endpointAddress)); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.ClientCertificate.SetCertificate( StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectDistinguishedName, subjectName); return factory.CreateChannel(); }
public static IWSTrustChannelContract CreateMixedCertificateClient(string subjectName, string endpointAddress) { var factory = new WSTrustChannelFactory( new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(endpointAddress)); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.ClientCertificate.SetCertificate( StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectDistinguishedName, subjectName); return(factory.CreateChannel()); }
private static IWSTrustChannelContract CreateStsChannel(string username, string password, EndpointAddress stsEndpointAddress) { var factory = new WSTrustChannelFactory( new IdentifyUsernameEndpointBinding(), stsEndpointAddress); factory.TrustVersion = TrustVersion.WSTrust13; if (factory.Credentials != null) { factory.Credentials.UserName.UserName = username; factory.Credentials.UserName.Password = password; } return(factory.CreateChannel()); }
public static void tokenTest() { string relyingPartyId = "https://party.mycomp.com"; WSTrustChannelFactory factory = null; try { // use a UserName Trust Binding for username authentication factory = new WSTrustChannelFactory( new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress("https://adfs.mycomp.com/adfs/services/trust/13/usernamemixed")); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.UserName.UserName = "******"; factory.Credentials.UserName.Password = "******"; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointReference(relyingPartyId), KeyType = KeyTypes.Bearer }; IWSTrustChannelContract channel = factory.CreateChannel(); GenericXmlSecurityToken genericToken = channel.Issue(rst) as GenericXmlSecurityToken; //MessageSecurityException -> PW falsch var _handler = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection(); var tokenString = genericToken.ToTokenXmlString(); var samlToken2 = _handler.ReadToken(new XmlTextReader(new StringReader(tokenString))); ValidateSamlToken(samlToken2); X509Certificate2 certificate = null; X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadOnly); certificate = store.Certificates.Find(X509FindType.FindByThumbprint, "thumb", false)[0]; var jwt = ConvertSamlToJwt(samlToken2, "https://party.mycomp.com", certificate); } finally { if (factory != null) { try { factory.Close(); } catch (CommunicationObjectFaultedException) { factory.Abort(); } } } }
/// <summary> /// Creates a security token for the service layer. /// </summary> /// <returns></returns> private static SecurityToken CreateSecurityToken(TimeSpan?lifeTime, string user, string password) { var factory = new WSTrustChannelFactory( new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(WsTrustAddress)) { TrustVersion = TrustVersion.WSTrust13 }; if (factory.Credentials == null) { throw new Exception(ErrBadFactory); } // the identity authorized to 'act as' the current principal factory.Credentials.UserName.UserName = user; factory.Credentials.UserName.Password = password; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, KeyType = KeyTypes.Bearer, AppliesTo = new EndpointReference(ServiceHostAddress), //ActAs = new SecurityTokenElement(bootstrap) //may want to look at using actas in the future. }; if (lifeTime != null) { Log.Debug("Token lifetime config value found. Setting service token lifetime to {0}", lifeTime); rst.Lifetime = new Lifetime(null, DateTime.Now.Add(lifeTime.Value)); } try { Log.Debug("Creating channel to sts to request ActAs Token. Address:{0}", WsTrustAddress); IWSTrustChannelContract channel = factory.CreateChannel(); Log.Debug("Asking STS to issue ActAs Token. Address:{0}", WsTrustAddress); //ask the STS to issue a token for the service SecurityToken delegationToken = channel.Issue(rst); return(delegationToken); } catch (Exception ex) { string msg = "Cannot create service security token."; Log.Error("{0} Ex:{1}", msg, ex.GetBaseException().Message); throw new Exception(msg); } }
/// <summary> /// Issues the token /// Mostly copied from Service References /// </summary> private GenericXmlSecurityToken IssueToken() { _logger.WriteDebug("Issue Token"); var issuerEndpoint = FindIssuerEndpoint(); var requestSecurityToken = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointReference(_infoShareWSAppliesTo.Value.AbsoluteUri), KeyType = System.IdentityModel.Protocols.WSTrust.KeyTypes.Symmetric }; using (var factory = new WSTrustChannelFactory((WS2007HttpBinding)issuerEndpoint.Binding, issuerEndpoint.Address)) { ApplyCredentials(factory.Credentials); ApplyTimeout(factory.Endpoint, _connectionParameters.IssueTimeout); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.SupportInteractive = false; WSTrustChannel channel = null; try { _logger.WriteDebug($"Issue Token for AppliesTo[{requestSecurityToken.AppliesTo.Uri}]"); channel = (WSTrustChannel)factory.CreateChannel(); RequestSecurityTokenResponse requestSecurityTokenResponse; return(channel.Issue(requestSecurityToken, out requestSecurityTokenResponse) as GenericXmlSecurityToken); } catch { // Fallback to 10.0.X and 11.0.X configuration using relying party per url like /InfoShareWS/API25/Application.svc requestSecurityToken.AppliesTo = new EndpointReference(_serviceUriByServiceName[Application25].AbsoluteUri); _logger.WriteDebug($"Issue Token for AppliesTo[{requestSecurityToken.AppliesTo.Uri}] as fallback on 10.0.x/11.0.x"); RequestSecurityTokenResponse requestSecurityTokenResponse; return(channel.Issue(requestSecurityToken, out requestSecurityTokenResponse) as GenericXmlSecurityToken); } finally { if (channel != null) { channel.Abort(); } factory.Abort(); } } }
private SecurityToken GetSecurityTokenDirectFromLocalSts() { if (trustChannelFactory == null) { var endpointidentifier = EndpointIdentity.CreateDnsIdentity(ConfigurationManager.AppSettings["LocalHostStsServiceCertficateName"]); var epa = new Uri(ConfigurationManager.AppSettings["UriIdpStsAddress"]); var address = new EndpointAddress(epa, endpointidentifier, new AddressHeaderCollection()); var binding = new WS2007HttpBinding { Security = { Mode = SecurityMode.Message, Message = { ClientCredentialType = MessageCredentialType.UserName, EstablishSecurityContext = false, NegotiateServiceCredential = true } } }; var channelFactory = new WSTrustChannelFactory(binding, address) { TrustVersion = TrustVersion.WSTrust13 }; if (channelFactory.Credentials != null) { channelFactory.Credentials.UserName.UserName = "******"; //single space as local sts not using channelFactory.Credentials.UserName.Password = "******"; //single space as local sts not using channelFactory.Credentials.Windows.ClientCredential = CredentialCache.DefaultNetworkCredentials; } trustChannelFactory = channelFactory; } var rst = new RequestSecurityToken(RequestTypes.Issue) { AppliesTo = new System.IdentityModel.Protocols.WSTrust.EndpointReference(ConfigurationManager.AppSettings["UriRpAppliesTo"]) }; var channel = (WSTrustChannel)trustChannelFactory.CreateChannel(); RequestSecurityTokenResponse rstr; var token = channel.Issue(rst, out rstr); return(token); }
/// <summary> /// Gets the membership token. /// </summary> /// <param name="authSiteEndPoint">The auth site end point.</param> /// <param name="userName">Name of the user.</param> /// <param name="password">The password.</param> /// <param name="certificateValidation">The certificate validation is enabled by default. users can disable this manually.</param> /// <returns>string token from the membership site</returns> private static string GetMembershipTokenHelper(string authSiteEndPoint, string userName, string password, CertificateValidation certificateValidation = CertificateValidation.Enable) { var identityProviderEndpoint = new EndpointAddress(new Uri(authSiteEndPoint + "/wstrust/issue/usernamemixed")); var identityProviderBinding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential); identityProviderBinding.Security.Message.EstablishSecurityContext = false; identityProviderBinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName; identityProviderBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None; var trustChannelFactory = new WSTrustChannelFactory(identityProviderBinding, identityProviderEndpoint) { TrustVersion = TrustVersion.WSTrust13, }; ////This line is only if we're using self-signed certs in the installation if (certificateValidation == CertificateValidation.Disable) { trustChannelFactory.Credentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication() { CertificateValidationMode = X509CertificateValidationMode.None }; } trustChannelFactory.Credentials.SupportInteractive = false; trustChannelFactory.Credentials.UserName.UserName = userName; trustChannelFactory.Credentials.UserName.Password = password; var channel = trustChannelFactory.CreateChannel(); var rst = new RequestSecurityToken(RequestTypes.Issue) { AppliesTo = new EndpointReference("http://azureservices/TenantSite"), TokenType = "urn:ietf:params:oauth:token-type:jwt", KeyType = KeyTypes.Bearer, }; RequestSecurityTokenResponse rstr = null; SecurityToken token = null; token = channel.Issue(rst, out rstr); var tokenString = (token as GenericXmlSecurityToken).TokenXml.InnerText; var jwtString = Encoding.UTF8.GetString(Convert.FromBase64String(tokenString)); return(jwtString); }
public SecurityToken GetSecurityToken() { //service identifier whitin the ADFS server where I want to access, must be configured as RP in ADFS //this is the same value we configure on server side for the parameter audienceUris EndpointReference serviceAddress = new EndpointReference(@"http://testWCFService.gianlucb.local"); //who gives me the token string stsAddress; //ignores certificates error ServicePointManager.ServerCertificateValidationCallback = (x, y, z, w) => true; //USERNAME stsAddress = @"https://sts.gianlucb.local/adfs/services/trust/13/usernamemixed"; WS2007HttpBinding stsBinding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential); stsBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Ntlm; stsBinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName; stsBinding.Security.Message.EstablishSecurityContext = false; WSTrustChannelFactory trustChannelFactory = new WSTrustChannelFactory(stsBinding, stsAddress); trustChannelFactory.Credentials.SupportInteractive = false; trustChannelFactory.Credentials.UserName.Password = "******"; trustChannelFactory.Credentials.UserName.UserName = "******"; //--------------------- //connection WSTrustChannel channel = (WSTrustChannel)trustChannelFactory.CreateChannel(); RequestSecurityToken rst = new RequestSecurityToken(RequestTypes.Issue); rst.AppliesTo = serviceAddress; rst.KeyType = KeyTypes.Symmetric; RequestSecurityTokenResponse rstr = null; SecurityToken token = channel.Issue(rst, out rstr); var xmlSecurityToken = token as GenericXmlSecurityToken; Trace.WriteLine("Received the token:"); Trace.WriteLine(xmlSecurityToken.TokenXml.InnerXml); return(token); }
public SecurityToken GetToken() { // Need this because the server has a self-signed certificate that doesn't pass validation ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, errors) => true; var factory = new WSTrustChannelFactory( new UserNameWsTrustBinding(), StsWsTrustEndpoint) { TrustVersion = TrustVersion.WSTrust13 }; factory.Credentials.UserName.UserName = UserName; factory.Credentials.UserName.Password = Password; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, KeyType = KeyTypes.Bearer, TokenType = "urn:oasis:names:tc:SAML:2.0:assertion", AppliesTo = new EndpointReference(Realm) }; var genericToken = factory.CreateChannel().Issue(rst) as GenericXmlSecurityToken; var tokenXml = genericToken.TokenXml.OuterXml; var tokenHandlers = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection(); var config = tokenHandlers.Configuration; config.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Realm)); config.CertificateValidator = X509CertificateValidator.None; var registry = new ConfigurationBasedIssuerNameRegistry(); registry.AddTrustedIssuer("CB317A2E635B47310D50A67C7B40081F7B4BD280", "http://platformservices.spikesco.com/devsts"); config.IssuerNameRegistry = registry; var token = tokenHandlers.ReadToken(new XmlTextReader(new StringReader(tokenXml))); var identity = tokenHandlers.ValidateToken(token); Thread.CurrentPrincipal = new ClaimsPrincipal(identity); TokenHelpers.TokenHelpers.Print(tokenXml); TokenHelpers.TokenHelpers.PrintCurrentPrincipal(); return(token); }
private static string GetADFSToken(string windowsAuthSiteEndPoint, string userName, string Password) { try { var identityProviderEndpoint = new EndpointAddress(new Uri(windowsAuthSiteEndPoint + "/adfs/services/trust/13/usernamemixed")); var identityProviderBinding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential); identityProviderBinding.Security.Message.EstablishSecurityContext = false; identityProviderBinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName; identityProviderBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None; var trustChannelFactory = new WSTrustChannelFactory(identityProviderBinding, identityProviderEndpoint) { TrustVersion = TrustVersion.WSTrust13, }; trustChannelFactory.Credentials.SupportInteractive = false; trustChannelFactory.Credentials.UserName.UserName = userName; trustChannelFactory.Credentials.UserName.Password = Password; var channel = trustChannelFactory.CreateChannel(); var rst = new RequestSecurityToken(RequestTypes.Issue) { AppliesTo = new EndpointReference("http://azureservices/TenantSite"), TokenType = "urn:ietf:params:oauth:token-type:jwt", KeyType = KeyTypes.Bearer, }; RequestSecurityTokenResponse rstr = null; SecurityToken token = null; token = channel.Issue(rst, out rstr); var tokenString = (token as GenericXmlSecurityToken).TokenXml.InnerText; var jwtString = Encoding.UTF8.GetString(Convert.FromBase64String(tokenString)); return jwtString; } catch (Exception ex) { using (EventLog eventLog = new EventLog("Application")) { eventLog.Source = "Application"; eventLog.WriteEntry("ADFS HealthCheck: " + (object)ex, EventLogEntryType.Error, 1111, (short)1); } return ex.ToString(); } }
private static SecurityToken RequestIdentityToken() { "Requesting identity token".ConsoleYellow(); var factory = new WSTrustChannelFactory( new WindowsWSTrustBinding(SecurityMode.Transport), _idpEndpoint); factory.TrustVersion = TrustVersion.WSTrust13; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, KeyType = KeyTypes.Symmetric, AppliesTo = new EndpointAddress("https://" + Constants.WebHost + "/webservicesecurity/") }; return factory.CreateChannel().Issue(rst); }
private static SecurityToken RequestToken() { var factory = new WSTrustChannelFactory( new WindowsWSTrustBinding(SecurityMode.Transport), new EndpointAddress("https://adfs.leastprivilege.vm/adfs/services/trust/13/windowstransport")); factory.TrustVersion = TrustVersion.WSTrust13; var channel = factory.CreateChannel(); var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, KeyType = KeyTypes.Bearer, AppliesTo = new EndpointReference("https://adfs.leastprivilege.vm/adfsapp/") }; return channel.Issue(rst); }
/// <summary> /// Issues the token /// Mostly copied from Service References /// </summary> public void IssueToken() { var requestSecurityToken = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointReference(uris["Application25"].AbsoluteUri), KeyType = System.IdentityModel.Protocols.WSTrust.KeyTypes.Symmetric, }; requestSecurityToken.TokenType = SamlSecurityTokenHandler.Assertion; //This should have worked directly but I don't know why it doesn't. //using (var factory = new WSTrustChannelFactory(this.issuerServiceEndpoint)) using (var factory = new WSTrustChannelFactory((WS2007HttpBinding)this.issuerServiceEndpoint.Binding, this.issuerServiceEndpoint.Address)) { ApplyCredentials(factory.Credentials); //Apply the connection timeout to the token issue process ApplyTimeout(factory.Endpoint, IssueTimeout); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.SupportInteractive = false; WSTrustChannel channel = null; try { channel = (WSTrustChannel)factory.CreateChannel(); RequestSecurityTokenResponse requestSecurityTokenResponse; this.issuedToken = channel.Issue(requestSecurityToken, out requestSecurityTokenResponse) as GenericXmlSecurityToken; } catch (Exception ex) { throw; } finally { if (channel != null) { channel.Abort(); } factory.Abort(); } } }
/// <summary> /// Requests a security token from the ADFS server /// </summary> /// <param name="username">The username</param> /// <param name="password">The password</param> /// <param name="endpoint">The ADFS endpoint</param> /// <returns></returns> public GenericXmlSecurityToken RequestToken(string username, SecureString password, string endpoint) { WSTrustChannelFactory factory = new WSTrustChannelFactory( new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(adfsUserNameMixedEndpoint)); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.UserName.UserName = username; factory.Credentials.UserName.Password = new System.Net.NetworkCredential(string.Empty, password).Password; RequestSecurityToken token = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointReference(endpoint), KeyType = KeyTypes.Bearer }; IWSTrustChannelContract channel = factory.CreateChannel(); return(channel.Issue(token) as GenericXmlSecurityToken); }
private static SecurityToken RequestSamlToken() { var factory = new WSTrustChannelFactory( new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(adfsEndpoint)); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.UserName.UserName = username; factory.Credentials.UserName.Password = password; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, KeyType = KeyTypes.Bearer, AppliesTo = new EndpointReference(realm) }; return(factory.CreateChannel().Issue(rst)); }
private static SecurityToken RequestSymmetricEncryptedToken(X509Certificate2 decryptionCert) { var factory = new WSTrustChannelFactory( new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(idp)); factory.Credentials.ClientCertificate.Certificate = X509Certificates.GetCertificateFromStore("CN=Client"); var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointAddress(encryptedRP), KeyType = KeyTypes.Symmetric }; var genericToken = factory.CreateChannel().Issue(rst) as GenericXmlSecurityToken; var token = genericToken.ToSecurityToken(decryptionCert); return(token); }
private static string GetIdentityToken() { "Requesting identity token".ConsoleYellow(); var factory = new WSTrustChannelFactory( new WindowsWSTrustBinding(SecurityMode.Transport), _idpEndpoint); factory.TrustVersion = TrustVersion.WSTrust13; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, KeyType = KeyTypes.Bearer, /* TokenType = Microsoft.IdentityModel.Tokens.SecurityTokenTypes.Saml2TokenProfile11, */ AppliesTo = new EndpointAddress(Constants.Realm) }; var token = factory.CreateChannel().Issue(rst) as GenericXmlSecurityToken; return token.TokenXml.OuterXml; }
/// <summary> /// Returns Generic XML Security Token from ADFS to generated FedAuth /// </summary> /// <param name="kerberosMixed">ADFS Endpoint for Kerberos Mixed Authentication</param> /// <param name="relyingPartyIdentifier">Identifier of the ADFS relying party that we're hitting</param> /// <returns></returns> private GenericXmlSecurityToken RequestToken(Uri kerberosMixed, string relyingPartyIdentifier) { GenericXmlSecurityToken genericToken = null; using (var factory = new WSTrustChannelFactory(new KerberosWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(kerberosMixed))) { factory.TrustVersion = TrustVersion.WSTrust13; var requestSecurityToken = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointReference(relyingPartyIdentifier), KeyType = KeyTypes.Bearer }; IWSTrustChannelContract channel = factory.CreateChannel(); genericToken = channel.Issue(requestSecurityToken) as GenericXmlSecurityToken; factory.Close(); } return(genericToken); }
private static SecurityToken RequestBearerClearTextToken() { var factory = new WSTrustChannelFactory( new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(idp)); factory.Credentials.ClientCertificate.Certificate = X509Certificates.GetCertificateFromStore("CN=Client"); var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointAddress(clearTextRP), KeyType = KeyTypes.Bearer, }; var genericToken = factory.CreateChannel().Issue(rst) as GenericXmlSecurityToken; var token = genericToken.ToSecurityToken(); return token; }
private static string GetSTSToken(Uri requestUri, string endPoint, string realm) { var binding = new WS2007HttpBinding(SecurityMode.Transport); var factory = new WSTrustChannelFactory(binding, endPoint) { TrustVersion = TrustVersion.WSTrust13 }; var endPointReference = new EndpointReference(realm); var requestToken = new RequestSecurityToken { RequestType = RequestTypes.Issue, KeyType = KeyTypes.Bearer, AppliesTo = endPointReference }; var channel = factory.CreateChannel(); var responseToken = channel.Issue(requestToken) as GenericXmlSecurityToken; return(responseToken?.TokenXml.OuterXml); }
private static IWSTrustChannelContract GenerateStsCertificateClientChannel(X509Certificate2 clientCertificate) { var stsAddress = new EndpointAddress(new Uri(ConfigVariables.StsEndpoint), EndpointIdentity.CreateDnsIdentity(ConfigVariables.StsCertificateAlias)); var binding = new MutualCertificateWithMessageSecurityBinding(null); var factory = new WSTrustChannelFactory(binding, stsAddress); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.ClientCertificate.Certificate = clientCertificate; var certificate = CertificateLoader.LoadCertificate( ConfigVariables.StsCertificateStoreName, ConfigVariables.StsCertificateStoreLocation, ConfigVariables.StsCertificateThumbprint); factory.Credentials.ServiceCertificate.ScopedCertificates.Add(stsAddress.Uri, certificate); factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; // Disable revocation checking (do not use in production) // Should be uncommented if you intent to call DemoService locally. //factory.Credentials.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck; factory.Endpoint.Contract.ProtectionLevel = ProtectionLevel.Sign; return(factory.CreateChannel()); }
private static SecurityToken RequestSecurityToken() { "Requesting identity token".ConsoleYellow(); var factory = new WSTrustChannelFactory(new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), _idsrvAddress); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.UserName.UserName = "******"; factory.Credentials.UserName.Password = "******"; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, KeyType = KeyTypes.Bearer, AppliesTo = new EndpointReference(_serviceAddress.AbsoluteUri + "/bearer") }; return(factory.CreateChannel().Issue(rst)); }
public GenericXmlSecurityToken RequestToken(string issuer, string appliesTo, RecordsManagerCredentials credentials) { var binding = (issuer.ToLower().StartsWith("https")) ? this.GetHttpsBinding() : this.GetHttpBinding(); var address = new EndpointAddress(issuer); var factory = new WSTrustChannelFactory(binding, address); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.Windows.ClientCredential = credentials.GetCredential(); var channel = factory.CreateChannel(); var rst = new RequestSecurityToken(RequestTypes.Issue) { AppliesTo = new EndpointAddress(appliesTo) }; RequestSecurityTokenResponse rstr = null; return channel.Issue(rst, out rstr) as GenericXmlSecurityToken; }
protected virtual async Task <TokenResponse> IssueTokenForRstAsync(WSTrustChannelFactory factory, RequestSecurityToken rst) { var channel = factory.CreateChannel(); var taskCompletionSource = new TaskCompletionSource <TokenResponse>(); channel.BeginIssue(rst, asyncResult => { try { RequestSecurityTokenResponse rstr2; var token = channel.EndIssue(asyncResult, out rstr2); taskCompletionSource.SetResult(new TokenResponse(token, rstr2)); } catch (Exception ex) { taskCompletionSource.SetException(ex); } }, null); return(await taskCompletionSource.Task.ConfigureAwait(false)); }
private static SecurityToken ConvertToToken(string xml) { WS2007FederationHttpBinding binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential, false); WSTrustChannelFactory factory = new WSTrustChannelFactory(binding, new EndpointAddress("https://null-EndPoint")); factory.TrustVersion = TrustVersion.WSTrustFeb2005; WSTrustChannel trustChannel = (WSTrustChannel)factory.CreateChannel(); RequestSecurityTokenResponse response = trustChannel.WSTrustResponseSerializer.CreateInstance(); response.RequestedSecurityToken = new RequestedSecurityToken(LoadXml(xml).DocumentElement); response.IsFinal = true; RequestSecurityToken requestToken = new RequestSecurityToken(WSTrustFeb2005Constants.RequestTypes.Issue); requestToken.KeyType = WSTrustFeb2005Constants.KeyTypes.Symmetric; return(trustChannel.GetTokenFromResponse(requestToken, response)); }
private static SecurityToken GetStsToken(int tokenLifeTimeMinutes) { WS2007HttpBinding binding = new WS2007HttpBinding(); binding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate; binding.Security.Mode = SecurityMode.TransportWithMessageCredential; binding.Security.Message.EstablishSecurityContext = false; binding.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Basic256Sha256; string endPoint = "S007SecurityTokenServiceEndpointV3"; var factory = new WSTrustChannelFactory(endPoint); factory.Credentials.ClientCertificate.Certificate = GetClientCertificateFromKeystore(); // Instantiate and invoke the client to get the security token factory.Credentials.SupportInteractive = false; var appliesTo = ConfigurationManager.AppSettings["appliesTo"]; var rst = new RequestSecurityToken { Claims = { new RequestClaim("http://vanguard.ebusiness.gov.au/2008/06/identity/claims/credentialtype", false) , new RequestClaim("http://vanguard.ebusiness.gov.au/2008/06/identity/claims/abn", false) }, AppliesTo = new EndpointReference(appliesTo), Lifetime = new Lifetime(DateTime.UtcNow, DateTime.UtcNow.AddMinutes(tokenLifeTimeMinutes)), RequestType = RequestTypes.Issue, KeyType = KeyTypes.Symmetric, KeySizeInBits = 256, TokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" }; // Instantiate and invoke the client to get the security token var client = (WSTrustChannel)factory.CreateChannel(); SecurityToken response = client.Issue(rst); return(response); }
private static string GetIdentityToken() { "Requesting identity token".ConsoleYellow(); var factory = new WSTrustChannelFactory( new WindowsWSTrustBinding(SecurityMode.Transport), _idpEndpoint); factory.TrustVersion = TrustVersion.WSTrust13; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, KeyType = KeyTypes.Bearer, TokenType = TokenTypes.Saml2TokenProfile11, AppliesTo = new EndpointReference(Constants.Realm) }; var token = factory.CreateChannel().Issue(rst) as GenericXmlSecurityToken; return(token.TokenXml.OuterXml); }
public static SecurityToken GetToken(string endpointUri, string username, string password, string realm) { // use WSTrust and SSL Transport Mode with security credentials being sent with the message. var endpoint = new EndpointAddress(endpointUri); var factory = new WSTrustChannelFactory(new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), endpoint); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.UserName.UserName = username; factory.Credentials.UserName.Password = password; // Symmetric key request. var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointAddress(realm), KeyType = KeyTypes.Symmetric }; // Token will be encrypted with ADFS Token Signing cert. var channel = factory.CreateChannel(); return channel.Issue(rst); }
private static SecurityToken GetSamlToken(string realm, string stsEndpoint, ClientCredentials clientCredentials) { using (var factory = new WSTrustChannelFactory( new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(new Uri(stsEndpoint)))) { factory.Credentials.UserName.UserName = clientCredentials.UserName.UserName; factory.Credentials.UserName.Password = clientCredentials.UserName.Password; factory.TrustVersion = TrustVersion.WSTrust13; WSTrustChannel channel = null; try { var rst = new RequestSecurityToken { RequestType = WSTrust13Constants.RequestTypes.Issue, AppliesTo = new EndpointAddress(realm), KeyType = KeyTypes.Bearer, }; channel = (WSTrustChannel)factory.CreateChannel(); RequestSecurityTokenResponse response; var token = channel.Issue(rst, out response); return(token); } finally { if (channel != null) { channel.Abort(); } factory.Abort(); } } }
public string GetTenantToken(string authSiteEndPoint, string userName, string password, bool validateCertificate, string realm) { var identityProviderEndpoint = new EndpointAddress(new Uri(authSiteEndPoint + TenantApiUri.AspNetAuthSite)); var identityProviderBinding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential); identityProviderBinding.Security.Message.EstablishSecurityContext = false; identityProviderBinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName; identityProviderBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None; var trustChannelFactory = new WSTrustChannelFactory(identityProviderBinding, identityProviderEndpoint) { TrustVersion = TrustVersion.WSTrust13, }; if (!validateCertificate) { trustChannelFactory.Credentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication() { CertificateValidationMode = X509CertificateValidationMode.None }; } trustChannelFactory.Credentials.SupportInteractive = false; trustChannelFactory.Credentials.UserName.UserName = userName; trustChannelFactory.Credentials.UserName.Password = password; var channel = trustChannelFactory.CreateChannel(); var rst = new RequestSecurityToken(RequestTypes.Issue) { AppliesTo = new EndpointReference(realm), TokenType = "urn:ietf:params:oauth:token-type:jwt", KeyType = KeyTypes.Bearer, }; RequestSecurityTokenResponse rstr = null; SecurityToken token = null; token = channel.Issue(rst, out rstr); var tokenString = (token as GenericXmlSecurityToken).TokenXml.InnerText; var jwtString = Encoding.UTF8.GetString(Convert.FromBase64String(tokenString)); return jwtString; }
public GenericXmlSecurityToken RequestToken(string issuer, string appliesTo, RecordsManagerCredentials credentials) { var binding = (issuer.ToLower().StartsWith("https")) ? this.GetHttpsBinding() : this.GetHttpBinding(); var address = new EndpointAddress(issuer); var factory = new WSTrustChannelFactory(binding, address); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.Windows.ClientCredential = credentials.GetCredential(); var channel = factory.CreateChannel(); var rst = new RequestSecurityToken(RequestTypes.Issue) { AppliesTo = new EndpointAddress(appliesTo) }; RequestSecurityTokenResponse rstr = null; return(channel.Issue(rst, out rstr) as GenericXmlSecurityToken); }
public GenericXmlSecurityToken RequestToken(string username, string password, string relyingPartyId) { var factory = new WSTrustChannelFactory( new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(this.ADFSUserNameMixedEndpoint)); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.UserName.UserName = username; factory.Credentials.UserName.Password = password; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointReference(relyingPartyId), KeyType = KeyTypes.Bearer }; IWSTrustChannelContract channel = factory.CreateChannel(); GenericXmlSecurityToken genericToken = channel.Issue(rst) as GenericXmlSecurityToken; return genericToken; }
/// <summary> /// Returns Generic XML Security Token from ADFS to generated FedAuth /// </summary> /// <param name="serialNumber">Serial Number of Certificate from CurrentUSer > My Certificate</param> /// <param name="certificateMixed">ADFS Endpoint for Certificate Mixed Authentication</param> /// <param name="relyingPartyIdentifier">Identifier of the ADFS relying party that we're hitting</param> /// <returns></returns> private GenericXmlSecurityToken RequestToken(string serialNumber, Uri certificateMixed, string relyingPartyIdentifier) { GenericXmlSecurityToken genericToken = null; using (var factory = new WSTrustChannelFactory(new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(certificateMixed))) { factory.TrustVersion = TrustVersion.WSTrust13; // Hookup the user and password factory.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySerialNumber, serialNumber); var requestSecurityToken = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointReference(relyingPartyIdentifier), KeyType = KeyTypes.Bearer }; IWSTrustChannelContract channel = factory.CreateChannel(); genericToken = channel.Issue(requestSecurityToken) as GenericXmlSecurityToken; factory.Close(); } return genericToken; }
/// <summary> /// Returns Generic XML Security Token from ADFS to generated FedAuth /// </summary> /// <param name="serialNumber">Serial Number of Certificate from CurrentUSer > My Certificate</param> /// <param name="certificateMixed">ADFS Endpoint for Certificate Mixed Authentication</param> /// <param name="relyingPartyIdentifier">Identifier of the ADFS relying party that we're hitting</param> /// <returns></returns> private GenericXmlSecurityToken RequestToken(string serialNumber, Uri certificateMixed, string relyingPartyIdentifier) { GenericXmlSecurityToken genericToken = null; using (var factory = new WSTrustChannelFactory(new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(certificateMixed))) { factory.TrustVersion = TrustVersion.WSTrust13; // Hookup the user and password factory.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySerialNumber, serialNumber); var requestSecurityToken = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointReference(relyingPartyIdentifier), KeyType = KeyTypes.Bearer }; IWSTrustChannelContract channel = factory.CreateChannel(); genericToken = channel.Issue(requestSecurityToken) as GenericXmlSecurityToken; factory.Close(); } return(genericToken); }
private static string GetSamlToken() { "Requesting identity token".ConsoleYellow(); var factory = new WSTrustChannelFactory( new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), Constants.IdSrv.WSTrustEndpoint); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.UserName.UserName = "******"; factory.Credentials.UserName.Password = "******"; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, KeyType = KeyTypes.Bearer, TokenType = TokenTypes.Saml2TokenProfile11, AppliesTo = new EndpointReference(Constants.Realm) }; var token = factory.CreateChannel().Issue(rst) as GenericXmlSecurityToken; return token.TokenXml.OuterXml; }
private GenericXmlSecurityToken RequestToken(string userName, string passWord, Uri userNameMixed, string relyingPartyIdentifier) { GenericXmlSecurityToken genericToken = null; using (var factory = new WSTrustChannelFactory(new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(userNameMixed))) { factory.TrustVersion = TrustVersion.WSTrust13; // Hookup the user and password factory.Credentials.UserName.UserName = userName; factory.Credentials.UserName.Password = passWord; var requestSecurityToken = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointReference(relyingPartyIdentifier), KeyType = KeyTypes.Bearer }; IWSTrustChannelContract channel = factory.CreateChannel(); genericToken = channel.Issue(requestSecurityToken) as GenericXmlSecurityToken; factory.Close(); } return genericToken; }
private static string GetIdentityToken() { "Requesting identity token".ConsoleYellow(); var factory = new WSTrustChannelFactory( new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), _idpEndpoint); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.UserName.UserName = "******"; factory.Credentials.UserName.Password = "******"; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, KeyType = KeyTypes.Bearer, AppliesTo = new EndpointReference(_acsBaseAddress.AbsoluteUri) }; var token = factory.CreateChannel().Issue(rst) as GenericXmlSecurityToken; return token.TokenXml.OuterXml; }
public string Authenticate(string username, string password) { // Need this because the server has a self-signed certificate that doesn't pass validation ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, errors) => true; var factory = new WSTrustChannelFactory( new UserNameWsTrustBinding(), StsWsTrustEndpoint) { TrustVersion = TrustVersion.WSTrust13 }; factory.Credentials.UserName.UserName = username; factory.Credentials.UserName.Password = password; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, KeyType = KeyTypes.Bearer, TokenType = "urn:ietf:params:oauth:token-type:jwt", AppliesTo = new EndpointReference(Realm) }; var securityToken = factory.CreateChannel().Issue(rst); var genericToken = securityToken as GenericXmlSecurityToken; var tokenXml = genericToken.TokenXml.OuterXml; var handler = new JwtSecurityTokenHandler(); var token = handler.ReadToken(new XmlTextReader(new StringReader(tokenXml))); var jwtToken = (JwtSecurityToken)token; SetPrincipal(jwtToken); var tokenStr = handler.WriteToken(jwtToken); tokenStr += jwtToken.EncodedSignature; return(tokenStr); }
private static string GetIdentityToken() { "Requesting identity token".ConsoleYellow(); var factory = new WSTrustChannelFactory( new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), _idpEndpoint); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.UserName.UserName = "******"; factory.Credentials.UserName.Password = "******"; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, KeyType = KeyTypes.Bearer, TokenType = Microsoft.IdentityModel.Tokens.SecurityTokenTypes.Saml2TokenProfile11, AppliesTo = new EndpointAddress(Constants.Realm) }; var token = factory.CreateChannel().Issue(rst) as GenericXmlSecurityToken; return(token.TokenXml.OuterXml); }
private GenericXmlSecurityToken RequestToken(string userName, string passWord, Uri userNameMixed, string relyingPartyIdentifier) { GenericXmlSecurityToken genericToken = null; using (var factory = new WSTrustChannelFactory(new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(userNameMixed))) { factory.TrustVersion = TrustVersion.WSTrust13; // Hookup the user and password factory.Credentials.UserName.UserName = userName; factory.Credentials.UserName.Password = passWord; var requestSecurityToken = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointReference(relyingPartyIdentifier), KeyType = KeyTypes.Bearer }; IWSTrustChannelContract channel = factory.CreateChannel(); genericToken = channel.Issue(requestSecurityToken) as GenericXmlSecurityToken; factory.Close(); } return(genericToken); }
private static string GetIdentityToken() { "Requesting identity token".ConsoleYellow(); var factory = new WSTrustChannelFactory( new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), _idpEndpoint); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.UserName.UserName = "******"; factory.Credentials.UserName.Password = "******"; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, KeyType = KeyTypes.Bearer, AppliesTo = new EndpointReference(_acsBaseAddress.AbsoluteUri) }; var token = factory.CreateChannel().Issue(rst) as GenericXmlSecurityToken; return(token.TokenXml.OuterXml); }
private static string GetToken() { var binding = new WS2007HttpBinding(SecurityMode.Message); binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName; binding.Security.Message.NegotiateServiceCredential = true; binding.Security.Message.EstablishSecurityContext = false; var address = new EndpointAddress(new Uri(@"http://localhost:6000/MySTS"), new DnsEndpointIdentity("MySTS")); WSTrustChannelFactory factory = new WSTrustChannelFactory(binding, address); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; factory.Credentials.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck; factory.Credentials.UserName.UserName = "******"; factory.Credentials.UserName.Password = "******"; // got to be same as user name in our example WSTrustChannel channel = (WSTrustChannel)factory.CreateChannel(); var request = new RequestSecurityToken(System.IdentityModel.Protocols.WSTrust.RequestTypes.Issue) { AppliesTo = new EndpointReference("http://my-server.com") }; RequestSecurityTokenResponse response = null; var token = channel.Issue(request, out response) as GenericXmlSecurityToken; // Proof key var proofKey = Convert.ToBase64String(response.RequestedProofToken.ProtectedKey.GetKeyBytes()); return(token.TokenXml.OuterXml); }
public bool Logoff(string userName, string password, SecurityToken sessionToken, string securityServerURL) { using (WSTrustChannelFactory factory = GetTrustChannelFactory(securityServerURL)) { if (factory.Credentials == null) { throw new Exception("Credentails are null"); } factory.Credentials.UserName.UserName = userName; factory.Credentials.UserName.Password = password; factory.Credentials.SupportInteractive = false; RequestSecurityToken rst = new RequestSecurityToken(RequestTypes.Cancel) { CancelTarget = new SecurityTokenElement(sessionToken) }; IWSTrustChannelContract channel = factory.CreateChannel(); RequestSecurityTokenResponse response = channel.Cancel(rst); return(response.RequestedTokenCancelled); } }
private static SecurityToken RequestSamlToken() { var factory = new WSTrustChannelFactory( new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(adfsEndpoint)); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.UserName.UserName = username; factory.Credentials.UserName.Password = password; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, KeyType = KeyTypes.Bearer, AppliesTo = new EndpointReference(realm) }; return factory.CreateChannel().Issue(rst); }
private WSTrustChannel CreateChannel() { var stsBinding = CreateStsBinding(); UpdateStsSettingsFromEnvironment(); var trustChannelFactory = new WSTrustChannelFactory(stsBinding, ServiceSettings.StsAddress) { TrustVersion = TrustVersion .WSTrust13 }; IncreaseTimeout(trustChannelFactory); trustChannelFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; if (UserName.IsNullOrWhiteSpace()) trustChannelFactory.Credentials.Windows.ClientCredential = Credential; else { trustChannelFactory.Credentials.UserName.UserName = UserName; trustChannelFactory.Credentials.UserName.Password = Password; } trustChannelFactory.Endpoint.Behaviors.Add(new MustUnderstandBehavior(false)); var channel = (WSTrustChannel)trustChannelFactory.CreateChannel(); return channel; }
private SecurityToken GetActAsToken(BootstrapContext context) { string stsAddress = "https://identity.thinktecture.com/idsrvsample/issue/wstrust/mixed/username"; string realm = FederatedAuthentication.FederationConfiguration.WsFederationConfiguration.Realm; var factory = new WSTrustChannelFactory( new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(stsAddress)); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.UserName.UserName = "******"; factory.Credentials.UserName.Password = "******"; var rst = new RequestSecurityToken { AppliesTo = new EndpointReference(realm), RequestType = RequestTypes.Issue, KeyType = KeyTypes.Bearer, ActAs = new SecurityTokenElement(context.SecurityToken) }; var channel = factory.CreateChannel(); var delegationToken = channel.Issue(rst); return delegationToken; }
private static SecurityToken IssueTokenWithUserNamePassword(string username, string password, string issuerUri, string appliesTo, out RequestSecurityTokenResponse RSTR, string keyType = KeyTypes.Bearer) { if (String.IsNullOrWhiteSpace(issuerUri)) throw new ArgumentNullException("issuerUri"); if (String.IsNullOrWhiteSpace(appliesTo)) throw new ArgumentNullException("appliesTo"); Binding binding = null; var WsHttpBinding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential); // Avoid the WS-SecureConversation piece WsHttpBinding.Security.Message.EstablishSecurityContext = false; WsHttpBinding.Security.Message.NegotiateServiceCredential = false; WsHttpBinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName; // Set our binding variable binding = WsHttpBinding; // Define the STS endpoint EndpointAddress endpoint = new EndpointAddress(new Uri(issuerUri)); var factory = new WSTrustChannelFactory(binding, endpoint) { TrustVersion = TrustVersion.WSTrust13 }; // Here is where we set the credentials (goes into the SOAP security header) factory.Credentials.SupportInteractive = false; // Avoid that CardSpace popup... factory.Credentials.UserName.UserName = username; factory.Credentials.UserName.Password = password; SecurityTokenElement OnBehalfOfElement = new SecurityTokenElement(new UserNameSecurityToken("pbell", "2Federate")); SecurityTokenElement ActAsElement = new SecurityTokenElement(new UserNameSecurityToken("mpavlich", "2Federate")); // Now we define the Request for Security Token (RST) RequestSecurityToken RST = new RequestSecurityToken() { //identifiy who this token is for AppliesTo = new EndpointReference(appliesTo), //identify what type of request this is (Issue or Validate) RequestType = RequestTypes.Issue, //set the keytype (symmetric, asymmetric (pub key) or bearer) KeyType = keyType }; // Create the WS-Trust channel IWSTrustChannelContract channel = factory.CreateChannel(); // Send the Issue RST request SecurityToken token = channel.Issue(RST, out RSTR); return token; }