internal async Task <WsTrustResponse> GetWsTrustResponseAsync(
UserAuthType userAuthType,
string cloudAudienceUrn,
WsTrustEndpoint endpoint,
string username,
SecureString securePassword)
{
string wsTrustRequestMessage = userAuthType == UserAuthType.IntegratedAuth
? endpoint.BuildTokenRequestMessageWindowsIntegratedAuth(cloudAudienceUrn)
: endpoint.BuildTokenRequestMessageUsernamePassword(
cloudAudienceUrn,
username,
new string(securePassword.PasswordToCharArray()));
try
{
WsTrustResponse wsTrustResponse = await _serviceBundle.WsTrustWebRequestManager.GetWsTrustResponseAsync(
endpoint, wsTrustRequestMessage, _requestContext).ConfigureAwait(false);
_requestContext.Logger.Info($"Token of type '{wsTrustResponse.TokenType}' acquired from WS-Trust endpoint. ");
return(wsTrustResponse);
}
catch (Exception ex)
{
throw new MsalClientException(
MsalError.ParsingWsTrustResponseFailed,
ex.Message,
ex);
}
}
internal async Task <WsTrustResponse> GetWsTrustResponseAsync(
UserAuthType userAuthType,
string cloudAudienceUrn,
WsTrustEndpoint endpoint,
string username,
SecureString securePassword)
{
string wsTrustRequestMessage = userAuthType == UserAuthType.IntegratedAuth
? endpoint.BuildTokenRequestMessageWindowsIntegratedAuth(cloudAudienceUrn)
: endpoint.BuildTokenRequestMessageUsernamePassword(
cloudAudienceUrn,
username,
new string(securePassword.PasswordToCharArray()));
try
{
WsTrustResponse wsTrustResponse = await _serviceBundle.WsTrustWebRequestManager.GetWsTrustResponseAsync(
endpoint, wsTrustRequestMessage, _requestContext).ConfigureAwait(false);
_requestContext.Logger.Info($"Token of type '{wsTrustResponse.TokenType}' acquired from WS-Trust endpoint. ");
return(wsTrustResponse);
}
catch (Exception ex)
{
throw new MsalClientException(
MsalError.ParsingWsTrustResponseFailed,
"There was an error parsing WS-Trust response from the endpoint. This may occur if there is an issue with your ADFS configuration."
+ " See https://aka.ms/msal-net-iwa-troubleshooting for more details. Error Message: " + ex.Message,
ex);
}
}
internal async Task <WsTrustResponse> GetWsTrustResponseAsync(
UserAuthType userAuthType,
string cloudAudienceUrn,
WsTrustEndpoint endpoint,
IUsernameInput usernameInput)
{
// TODO: need to clean up the casting to UsernamePasswordInput as well as removing the PasswordToCharArray
// since we're putting the strings onto the managed heap anyway.
string wsTrustRequestMessage = userAuthType == UserAuthType.IntegratedAuth
? endpoint.BuildTokenRequestMessageWindowsIntegratedAuth(cloudAudienceUrn)
: endpoint.BuildTokenRequestMessageUsernamePassword(
cloudAudienceUrn,
usernameInput.UserName,
new string(((UsernamePasswordInput)usernameInput).PasswordToCharArray()));
try
{
WsTrustResponse wsTrustResponse = await _serviceBundle.WsTrustWebRequestManager.GetWsTrustResponseAsync(
endpoint, wsTrustRequestMessage, _requestContext).ConfigureAwait(false);
_requestContext.Logger.Info($"Token of type '{wsTrustResponse.TokenType}' acquired from WS-Trust endpoint");
return(wsTrustResponse);
}
catch (Exception ex)
{
throw MsalExceptionFactory.GetClientException(
CoreErrorCodes.ParsingWsTrustResponseFailed,
ex.Message,
ex);
}
}
/// <inheritdoc/>
public async Task <WsTrustResponse> GetWsTrustResponseAsync(
WsTrustEndpoint wsTrustEndpoint,
string wsTrustRequest,
RequestContext requestContext)
{
var headers = new Dictionary <string, string>
{
{ "SOAPAction", (wsTrustEndpoint.Version == WsTrustVersion.WsTrust2005) ? XmlNamespace.Issue2005.ToString() : XmlNamespace.Issue.ToString() }
};
var body = new StringContent(
wsTrustRequest,
Encoding.UTF8, "application/soap+xml");
HttpResponse resp = await _httpManager.SendPostForceResponseAsync(wsTrustEndpoint.Uri,
headers,
body,
requestContext.Logger,
cancellationToken : requestContext.UserCancellationToken).ConfigureAwait(false);
if (resp.StatusCode != System.Net.HttpStatusCode.OK)
{
string errorMessage = null;
try
{
errorMessage = WsTrustResponse.ReadErrorResponse(XDocument.Parse(resp.Body, LoadOptions.None), requestContext);
}
catch (System.Xml.XmlException)
{
errorMessage = resp.Body;
}
string message = string.Format(
CultureInfo.CurrentCulture,
MsalErrorMessage.FederatedServiceReturnedErrorTemplate,
wsTrustEndpoint.Uri,
errorMessage);
throw MsalServiceExceptionFactory.FromHttpResponse(
MsalError.FederatedServiceReturnedError,
message,
resp);
}
try
{
return(WsTrustResponse.CreateFromResponse(resp.Body, wsTrustEndpoint.Version));
}
catch (System.Xml.XmlException ex)
{
string message = string.Format(
CultureInfo.CurrentCulture,
MsalErrorMessage.ParsingWsTrustResponseFailedErrorTemplate,
wsTrustEndpoint.Uri,
resp.Body);
throw new MsalClientException(
MsalError.ParsingWsTrustResponseFailed, message, ex);
}
}
/// <inheritdoc/>
public async Task <WsTrustResponse> GetWsTrustResponseAsync(
WsTrustEndpoint wsTrustEndpoint,
string wsTrustRequest,
RequestContext requestContext)
{
var headers = new Dictionary <string, string>
{
{ "ContentType", "application/soap+xml" },
{ "SOAPAction", (wsTrustEndpoint.Version == WsTrustVersion.WsTrust2005) ? XmlNamespace.Issue2005.ToString() : XmlNamespace.Issue.ToString() }
};
var body = new StringContent(
wsTrustRequest,
Encoding.UTF8, headers["ContentType"]);
IHttpWebResponse resp = await _httpManager.SendPostForceResponseAsync(wsTrustEndpoint.Uri, headers, body, requestContext).ConfigureAwait(false);
if (resp.StatusCode != System.Net.HttpStatusCode.OK)
{
string errorMessage = null;
try
{
errorMessage = WsTrustResponse.ReadErrorResponse(XDocument.Parse(resp.Body, LoadOptions.None), requestContext);
}
catch (System.Xml.XmlException)
{
errorMessage = resp.Body;
}
throw MsalExceptionFactory.GetServiceException(
CoreErrorCodes.FederatedServiceReturnedError,
string.Format(
CultureInfo.CurrentCulture,
CoreErrorMessages.FederatedServiceReturnedErrorTemplate,
wsTrustEndpoint.Uri,
errorMessage),
new ExceptionDetail()
{
StatusCode = (int)resp.StatusCode,
ResponseBody = resp.Body,
HttpResponseHeaders = resp.Headers
});
}
try
{
return(WsTrustResponse.CreateFromResponse(resp.Body, wsTrustEndpoint.Version));
}
catch (System.Xml.XmlException ex)
{
throw MsalExceptionFactory.GetClientException(
CoreErrorCodes.ParsingWsTrustResponseFailed, CoreErrorCodes.ParsingWsTrustResponseFailed, ex);
}
}
public async Task <WsTrustResponse> PerformWsTrustMexExchangeAsync(
string federationMetadataUrl, string cloudAudienceUrn, UserAuthType userAuthType, string username, SecureString password, string federationMetadataFilename)
{
MexDocument mexDocument;
try
{
mexDocument = await _serviceBundle.WsTrustWebRequestManager.GetMexDocumentAsync(
federationMetadataUrl,
_requestContext,
federationMetadataFilename).ConfigureAwait(false);
}
catch (XmlException ex)
{
throw new MsalClientException(
MsalError.ParsingWsMetadataExchangeFailed,
MsalErrorMessage.ParsingMetadataDocumentFailed,
ex);
}
WsTrustEndpoint wsTrustEndpoint = userAuthType == UserAuthType.IntegratedAuth
? mexDocument.GetWsTrustWindowsTransportEndpoint()
: mexDocument.GetWsTrustUsernamePasswordEndpoint();
if (wsTrustEndpoint == null)
{
throw new MsalClientException(
MsalError.WsTrustEndpointNotFoundInMetadataDocument,
MsalErrorMessage.WsTrustEndpointNotFoundInMetadataDocument);
}
_requestContext.Logger.InfoPii(
string.Format(CultureInfo.InvariantCulture, "WS-Trust endpoint '{0}' being used from MEX at '{1}'", wsTrustEndpoint.Uri, federationMetadataUrl),
"Fetched and parsed MEX. ");
WsTrustResponse wsTrustResponse = await GetWsTrustResponseAsync(
userAuthType,
cloudAudienceUrn,
wsTrustEndpoint,
username,
password).ConfigureAwait(false);
_requestContext.Logger.Info($"Token of type '{wsTrustResponse.TokenType}' acquired from WS-Trust endpoint. ");
return(wsTrustResponse);
}
internal static WsTrustResponse CreateFromResponseDocument(XDocument responseDocument, WsTrustVersion version)
{
Dictionary <string, string> tokenResponseDictionary = new Dictionary <string, string>();
XNamespace t = XmlNamespace.Trust;
if (version == WsTrustVersion.WsTrust2005)
{
t = XmlNamespace.Trust2005;
}
bool parseResponse = true;
if (version == WsTrustVersion.WsTrust13)
{
XElement requestSecurityTokenResponseCollection =
responseDocument.Descendants(t + "RequestSecurityTokenResponseCollection").FirstOrDefault();
if (requestSecurityTokenResponseCollection == null)
{
parseResponse = false;
}
}
if (!parseResponse)
{
return(null);
}
IEnumerable <XElement> tokenResponses =
responseDocument.Descendants(t + "RequestSecurityTokenResponse");
foreach (var tokenResponse in tokenResponses)
{
XElement tokenTypeElement = tokenResponse.Elements(t + "TokenType").FirstOrDefault();
if (tokenTypeElement == null)
{
continue;
}
XElement requestedSecurityToken =
tokenResponse.Elements(t + "RequestedSecurityToken").FirstOrDefault();
if (requestedSecurityToken == null)
{
continue;
}
var token = new System.Text.StringBuilder();
foreach (var node in requestedSecurityToken.Nodes())
{
// Since we moved from XDocument.Load(..., LoadOptions.None) to Load(..., LoadOptions.PreserveWhitespace),
// requestedSecurityToken can contain multiple nodes, and the first node is possibly just whitespaces e.g. "\n ",
// so we concatenate all the sub-nodes to include everything
token.Append(node.ToString(SaveOptions.DisableFormatting));
}
tokenResponseDictionary.Add(tokenTypeElement.Value, token.ToString());
}
if (tokenResponseDictionary.Count == 0)
{
return(null);
}
string tokenType = tokenResponseDictionary.ContainsKey(Saml1Assertion)
? Saml1Assertion
: tokenResponseDictionary.Keys.First();
WsTrustResponse wsTrustResponse = new WsTrustResponse
{
TokenType = tokenType,
Token = tokenResponseDictionary[tokenType]
};
return(wsTrustResponse);
}
