public bool Evaluate(EvaluationContext evaluationContext, ref object state) { IPrincipal principal = null; if (HttpContext.Current != null) { principal = HttpContext.Current.User; } if (principal != null) { // set the identity (for PrimaryIdentity) evaluationContext.Properties["Identities"] = new List<IIdentity>() { principal.Identity }; evaluationContext.Properties["Principal"] = principal; var nameClaim = Claim.CreateNameClaim(principal.Identity.Name); ClaimSet set; if (HttpContext.Current != null) { set = new DefaultClaimSet( nameClaim, new Claim(ClaimTypes.Authentication, HttpContext.Current.User.Identity, Rights.Identity)); } else { set = new DefaultClaimSet(nameClaim); } evaluationContext.AddClaimSet(this, set); } return true; }
internal static DefaultClaimSet CreateSystemClaimSet() { DefaultClaimSet s = new DefaultClaimSet(); s.Initialize(s, new Claim [] { Claim.System, new Claim(ClaimTypes.System, "System", Rights.PossessProperty) }); return(s); }
protected override ReadOnlyCollection<IAuthorizationPolicy> ValidateTokenCore(SecurityToken token) { KerberosRequestorSecurityToken token2 = (KerberosRequestorSecurityToken) token; List<IAuthorizationPolicy> list = new List<IAuthorizationPolicy>(1); ClaimSet issuance = new DefaultClaimSet(ClaimSet.System, new Claim[] { new Claim(ClaimTypes.Spn, token2.ServicePrincipalName, Rights.PossessProperty) }); list.Add(new UnconditionalPolicy(System.ServiceModel.Security.SecurityUtils.CreateIdentity(token2.ServicePrincipalName, "Kerberos"), issuance)); return list.AsReadOnly(); }
protected override ReadOnlyCollection<IAuthorizationPolicy> ValidateTokenCore(SecurityToken token) { KerberosRequestorSecurityToken kerbToken = (KerberosRequestorSecurityToken) token; List<IAuthorizationPolicy> policies = new List<IAuthorizationPolicy>(1); ClaimSet claimSet = new DefaultClaimSet(ClaimSet.System, new Claim(ClaimTypes.Spn, kerbToken.ServicePrincipalName, Rights.PossessProperty)); policies.Add(new UnconditionalPolicy(SecurityUtils.CreateIdentity(kerbToken.ServicePrincipalName, SecurityUtils.AuthTypeKerberos), claimSet)); return policies.AsReadOnly(); }
public WspAuthorizationPolicy() { _id = Guid.NewGuid().ToString(); _issuerClaimSet = CreateIssuer(); _trustFabric = OpenTrustFabric(); }
protected override ReadOnlyCollection<IAuthorizationPolicy> ValidateTokenCore(SecurityToken token) { RsaSecurityToken token2 = (RsaSecurityToken) token; List<Claim> claims = new List<Claim>(2) { new Claim(ClaimTypes.Rsa, token2.Rsa, Rights.Identity), Claim.CreateRsaClaim(token2.Rsa) }; DefaultClaimSet issuance = new DefaultClaimSet(ClaimSet.Anonymous, claims); return new List<IAuthorizationPolicy>(1) { new UnconditionalPolicy(issuance, token2.ValidTo) }.AsReadOnly(); }
protected override ReadOnlyCollection<IAuthorizationPolicy> ValidateUserNamePasswordCore(string userName, string password) { if (!ValidateUserNameFormat(userName)) throw new SecurityTokenValidationException("Incorrect UserName format"); ClaimSet claimSet = new DefaultClaimSet(ClaimSet.System, new Claim(ClaimTypes.Name, userName, Rights.PossessProperty)); List<IIdentity> identities = new List<IIdentity>(1); identities.Add(new GenericIdentity(userName)); List<IAuthorizationPolicy> policies = new List<IAuthorizationPolicy>(1); policies.Add(new UnconditionalPolicy(ClaimSet.System, claimSet, DateTime.MaxValue.ToUniversalTime(), identities)); return policies.AsReadOnly(); }
protected override ReadOnlyCollection<IAuthorizationPolicy> ValidateTokenCore(SecurityToken token) { RsaSecurityToken rsaToken = (RsaSecurityToken)token; List<Claim> claims = new List<Claim>(2); claims.Add(new Claim(ClaimTypes.Rsa, rsaToken.Rsa, Rights.Identity)); claims.Add(Claim.CreateRsaClaim(rsaToken.Rsa)); DefaultClaimSet claimSet = new DefaultClaimSet(ClaimSet.Anonymous, claims); List<IAuthorizationPolicy> policies = new List<IAuthorizationPolicy>(1); policies.Add(new UnconditionalPolicy(claimSet, rsaToken.ValidTo)); return policies.AsReadOnly(); }
/// <summary> /// Makes calls to the specified endpoint name in app.config /// </summary> /// <param name="endpointName">The endpoint to use from app.config</param> private static void CallEndpoint(string endpointName) { Console.WriteLine("\nCalling endpoint {0}\n", endpointName); // Create a client with given client endpoint configuration CalculatorClient client = new CalculatorClient(endpointName); // Create new credentials class SamlClientCredentials samlCC = new SamlClientCredentials(); // Set the client certificate. This is the cert that will be used to sign the SAML token in the symmetric proof key case samlCC.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, "Alice"); // Set the service certificate. This is the cert that will be used to encrypt the proof key in the symmetric proof key case samlCC.ServiceCertificate.SetDefaultCertificate(StoreLocation.CurrentUser, StoreName.TrustedPeople, X509FindType.FindBySubjectName, "localhost"); // Create some claims to put in the SAML assertion IList<Claim> claims = new List<Claim>(); claims.Add(Claim.CreateNameClaim(samlCC.ClientCertificate.Certificate.Subject)); ClaimSet claimset = new DefaultClaimSet(claims); samlCC.Claims = claimset; // set new credentials client.ChannelFactory.Endpoint.Behaviors.Remove(typeof(ClientCredentials)); client.ChannelFactory.Endpoint.Behaviors.Add(samlCC); // Call the Add service operation. double value1 = 100.00D; double value2 = 15.99D; double result = client.Add(value1, value2); Console.WriteLine("Add({0},{1}) = {2}", value1, value2, result); // Call the Subtract service operation. value1 = 145.00D; value2 = 76.54D; result = client.Subtract(value1, value2); Console.WriteLine("Subtract({0},{1}) = {2}", value1, value2, result); // Call the Multiply service operation. value1 = 9.00D; value2 = 81.25D; result = client.Multiply(value1, value2); Console.WriteLine("Multiply({0},{1}) = {2}", value1, value2, result); // Call the Divide service operation. value1 = 22.00D; value2 = 7.00D; result = client.Divide(value1, value2); Console.WriteLine("Divide({0},{1}) = {2}", value1, value2, result); client.Close(); }
protected override ReadOnlyCollection<IAuthorizationPolicy> ValidateTokenCore(SecurityToken token) { CreditCardToken creditCardToken = token as CreditCardToken; if (creditCardToken.CardInfo.ExpirationDate < DateTime.UtcNow) throw new SecurityTokenValidationException("The credit card has expired"); if (!IsCardNumberAndExpirationValid(creditCardToken.CardInfo)) throw new SecurityTokenValidationException("Unknown or invalid credit card"); // the credit card token has only 1 claim - the card number. The issuer for the claim is the // credit card issuer DefaultClaimSet cardIssuerClaimSet = new DefaultClaimSet(new Claim(ClaimTypes.Name, creditCardToken.CardInfo.CardIssuer, Rights.PossessProperty)); DefaultClaimSet cardClaimSet = new DefaultClaimSet(cardIssuerClaimSet, new Claim(Constants.CreditCardNumberClaim, creditCardToken.CardInfo.CardNumber, Rights.PossessProperty)); List<IAuthorizationPolicy> policies = new List<IAuthorizationPolicy>(1); policies.Add(new CreditCardTokenAuthorizationPolicy(cardClaimSet)); return policies.AsReadOnly(); }
protected override ReadOnlyCollection<IAuthorizationPolicy> ValidateTokenCore( System.IdentityModel.Tokens.SecurityToken token ) { var securityToken = token as SecurityToken; if ( securityToken != null ) { // Note that we cannot authenticate the token w/o a password, so it must be retrieved from somewhere if ( securityToken.ValidateToken( _passwordProvider.RetrievePassword( "User1" ) ) != true ) throw new SecurityTokenValidationException( "Token validation failed" ); // Add claims about user here var userClaimSet = new DefaultClaimSet( new Claim( ClaimTypes.Name, securityToken.Info.Username, Rights.PossessProperty ) ); var policies = new List<IAuthorizationPolicy>( 1 ) { new SecurityTokenAuthorizationPolicy( userClaimSet ) }; return policies.AsReadOnly(); } return null; }
ValidateTokenCore(SecurityToken token) { UserNameSecurityToken userNameToken = token as UserNameSecurityToken; // Validate the information contained in the username token. For demonstration // purposes, this code just checks that the user name matches the password. if (userNameToken.UserName != userNameToken.Password) { throw new SecurityTokenValidationException("Invalid user name or password"); } // Create just one Claim instance for the username token - the name of the user. DefaultClaimSet userNameClaimSet = new DefaultClaimSet( ClaimSet.System, new Claim(ClaimTypes.Name, userNameToken.UserName, Rights.PossessProperty)); List<IAuthorizationPolicy> policies = new List<IAuthorizationPolicy>(1); policies.Add(new MyAuthorizationPolicy(userNameClaimSet)); return policies.AsReadOnly(); }
public ClaimListFilter(DefaultClaimSet source, string claimType) { claim_type = claimType; this.source = source; }