public AcsNamespace(AcsNamespaceDescription namespaceDesc)
{
Guard.NotNull(() => namespaceDesc, namespaceDesc);
this.namespaceDesc = namespaceDesc;
this.commands = new List <ICommand>();
}
public AcsNamespace(AcsNamespaceDescription namespaceDesc)
{
Guard.NotNull(() => namespaceDesc, namespaceDesc);
this.namespaceDesc = namespaceDesc;
this.commands = new List<ICommand>();
}
public static bool CheckRuleGroupHasRules(AcsNamespaceDescription namespaceDesc, string relyingParty, string ruleGroup, int ruleCount)
{
var acs = new ServiceManagementWrapper(namespaceDesc.Namespace, namespaceDesc.UserName, namespaceDesc.Password);
var rules = acs.RetrieveRules(ruleGroup);
return (rules != null) && (rules.Count() == ruleCount);
}
public static bool CheckServiceIdentityExists(AcsNamespaceDescription namespaceDesc, string serviceIdentityName)
{
var acs = new ServiceManagementWrapper(namespaceDesc.Namespace, namespaceDesc.UserName, namespaceDesc.Password);
var serviceIdentities = acs.RetrieveServiceIdentities();
return serviceIdentities.Any(serviceIdentity => serviceIdentity.Name == serviceIdentityName);
}
public static bool CheckRuleGroupHasRule(AcsNamespaceDescription namespaceDesc, string relyingParty, string ruleGroup, string ruleDescription)
{
var acs = new ServiceManagementWrapper(namespaceDesc.Namespace, namespaceDesc.UserName, namespaceDesc.Password);
var rules = acs.RetrieveRules(ruleGroup);
return rules.Any(rule => rule.Description.Equals(ruleDescription));
}
public static bool CheckRelyingPartyExists(AcsNamespaceDescription namespaceDesc, string relyingPartyName)
{
var acs = new ServiceManagementWrapper(namespaceDesc.Namespace, namespaceDesc.UserName, namespaceDesc.Password);
var relyingParties = acs.RetrieveRelyingParties();
return relyingParties.Any(relyingParty => relyingParty.Name == relyingPartyName);
}
public static bool CheckIdentityProviderExists(AcsNamespaceDescription namespaceDesc, string idpDisplayName)
{
var acs = new ServiceManagementWrapper(namespaceDesc.Namespace, namespaceDesc.UserName, namespaceDesc.Password);
var identityProviders = acs.RetrieveIdentityProviders();
return identityProviders.Any(provider => provider.DisplayName == idpDisplayName);
}
public static bool CheckRuleGroupExists(AcsNamespaceDescription namespaceDesc, string relyingParty, string ruleGroup)
{
var acs = new ServiceManagementWrapper(namespaceDesc.Namespace, namespaceDesc.UserName, namespaceDesc.Password);
var relyingParties = acs.RetrieveRelyingParties();
return relyingParties.Where(rp => rp.Name == relyingParty).Select(
rp => rp.RelyingPartyRuleGroups.Any(rg => rg.RuleGroup.Name == ruleGroup)).FirstOrDefault();
}
public static bool CheckRelyingPartyHasKeys(AcsNamespaceDescription namespaceDesc, string relyingParty, int keyCount)
{
var acs = new ServiceManagementWrapper(namespaceDesc.Namespace, namespaceDesc.UserName, namespaceDesc.Password);
var client = acs.CreateManagementServiceClient();
var count = client.RelyingPartyKeys.Where(k => k.RelyingParty.Name.Equals(relyingParty)).Count();
return count == keyCount;
}
static void Main(string[] args)
{
var namespaceDesc = new AcsNamespaceDescription(
ConfigurationManager.AppSettings["acsNamespace"],
ConfigurationManager.AppSettings["acsUserName"],
ConfigurationManager.AppSettings["acsPassword"]);
var encryptionCert = new X509Certificate(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert.cer"));
var signingCertBytes = ReadBytesFromPfxFile(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert_xyz.pfx"));
var temp = new X509Certificate2(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testCert_xyz.pfx"), "xyz");
var startDate = temp.NotBefore.ToUniversalTime();
var endDate = temp.NotAfter.ToUniversalTime();
var acsNamespace = new AcsNamespace(namespaceDesc);
acsNamespace
.AddGoogleIdentityProvider()
.AddYahooIdentityProvider()
.AddServiceIdentity(
si => si
.Name("Vandelay Industries")
.Password("Passw0rd!"))
.AddRelyingParty(
rp => rp
.Name("MyCoolWebsite")
.RealmAddress("http://mycoolwebsite.com/")
.ReplyAddress("http://mycoolwebsite.com/")
.AllowGoogleIdentityProvider()
.AllowWindowsLiveIdentityProvider()
.SamlToken()
.TokenLifetime(120)
.SigningCertificate(sc => sc.Bytes(signingCertBytes).Password("xyz").StartDate(startDate).EndDate(endDate))
.EncryptionCertificate(encryptionCert.GetRawCertData())
.RemoveRelatedRuleGroups()
.AddRuleGroup(rg => rg
.Name("Rule Group for MyCoolWebsite Relying Party")
.AddRule(
rule => rule
.Description("Google Passthrough")
.IfInputClaimIssuer().Is("Google")
.AndInputClaimType().IsOfType(ClaimTypes.Email)
.AndInputClaimValue().IsAny()
.ThenOutputClaimType().ShouldBe(ClaimTypes.Name)
.AndOutputClaimValue().ShouldPassthroughFirstInputClaimValue())
.AddRule(
rule => rule
.Description("Yahoo! Passthrough")
.IfInputClaimIssuer().Is("Yahoo!")
.AndInputClaimType().IsAny()
.AndInputClaimValue().IsAny()
.ThenOutputClaimType().ShouldPassthroughFirstInputClaimType()
.AndOutputClaimValue().ShouldPassthroughFirstInputClaimValue())
.AddRule(
rule => rule
.Description("Windows Live ID rule")
.IfInputClaimIssuer().Is("Windows Live ID")
.AndInputClaimType().IsOfType(ClaimTypes.Email)
.AndInputClaimValue().Is("*****@*****.**")
.ThenOutputClaimType().ShouldBe(ClaimTypes.NameIdentifier)
.AndOutputClaimValue().ShouldBe("John Doe"))
.AddRule(
rule => rule
.Description("ACS rule")
.IfInputClaimIssuer().IsAcs()
.AndInputClaimType().IsAny()
.AndInputClaimValue().IsAny()
.ThenOutputClaimType().ShouldPassthroughFirstInputClaimType()
.AndOutputClaimValue().ShouldPassthroughFirstInputClaimValue())));
acsNamespace.SaveChanges(logInfo => Console.WriteLine(logInfo.Message));
Console.ReadKey();
}
