public async Task<SignInResponseMessage> GenerateResponseAsync(SignInValidationResult validationResult) { Logger.Info("Creating WS-Federation signin response"); // create subject var outgoingSubject = await CreateSubjectAsync(validationResult); // create token for user var token = CreateSecurityToken(validationResult, outgoingSubject); // return response var rstr = new RequestSecurityTokenResponse { AppliesTo = new EndpointReference(validationResult.RelyingParty.Realm), Context = validationResult.SignInRequestMessage.Context, ReplyTo = validationResult.ReplyUrl, RequestedSecurityToken = new RequestedSecurityToken(token) }; var serializer = new WSFederationSerializer( new WSTrust13RequestSerializer(), new WSTrust13ResponseSerializer()); var responseMessage = new SignInResponseMessage( new Uri(validationResult.ReplyUrl), rstr, serializer, new WSTrustSerializationContext()); return responseMessage; }
/// <summary> /// Sets the appropriate things, such as requested proof token, inside the RSTR /// based on what is inside the proof descriptor instance. /// </summary> /// <param name="response">The RSTR object that this proof descriptor needs to modify.</param> /// <exception cref="ArgumentNullException">When the response is null.</exception> public override void ApplyTo(RSTR response) { if (response == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("response"); } if (_targetEntropy != null) { // // When there is target entropy, then we will send back a computedKeyalgorithm // in the proof token case and send the entropy as response.Entropy. By default, this // class is doing Psha1. // response.RequestedProofToken = new RequestedProofToken(ComputedKeyAlgorithms.Psha1); response.KeySizeInBits = _keySizeInBits; response.Entropy = new Entropy(_targetEntropy, _requestorWrappingCredentials); } else { // // When there is no target entroypy, then we will send back the key either in // binary secret format or in the encrypted key format // response.RequestedProofToken = new RequestedProofToken(_key, _requestorWrappingCredentials); } }
public SignInResponseMessage Generate(SignInRequestMessage request, WindowsPrincipal windowsPrincipal) { Logger.Info("Creating WS-Federation signin response"); // create subject var outgoingSubject = SubjectGenerator.Create(windowsPrincipal, _options); // create token for user var token = CreateSecurityToken(outgoingSubject); // return response var rstr = new RequestSecurityTokenResponse { AppliesTo = new EndpointReference(_options.IdpRealm), Context = request.Context, ReplyTo = _options.IdpReplyUrl, RequestedSecurityToken = new RequestedSecurityToken(token) }; var serializer = new WSFederationSerializer( new WSTrust13RequestSerializer(), new WSTrust13ResponseSerializer()); var mgr = SecurityTokenHandlerCollectionManager.CreateEmptySecurityTokenHandlerCollectionManager(); mgr[SecurityTokenHandlerCollectionManager.Usage.Default] = CreateSupportedSecurityTokenHandler(); var responseMessage = new SignInResponseMessage( new Uri(_options.IdpReplyUrl), rstr, serializer, new WSTrustSerializationContext(mgr)); return responseMessage; }
/// <summary> /// Serializes a RequestSecurityTokenResponse object to the given XmlWriter /// stream. /// </summary> /// <param name="response">RequestSecurityTokenResponse object that needs to be serialized to the writer.</param> /// <param name="writer">XmlWriter into which the object will be serialized</param> /// <param name="context">Current Serialization context.</param> /// <exception cref="ArgumentNullException">The given response or writer or context parameter is null</exception> public override void WriteXml(RequestSecurityTokenResponse response, XmlWriter writer, WSTrustSerializationContext context) { if (response == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("response"); } if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } if (response.IsFinal) { writer.WriteStartElement(WSTrust13Constants.Prefix, WSTrust13Constants.ElementNames.RequestSecurityTokenResponseCollection, WSTrust13Constants.NamespaceURI); } WSTrustSerializationHelper.WriteResponse(response, writer, context, this, WSTrustConstantsAdapter.Trust13); if (response.IsFinal) { writer.WriteEndElement(); } }
/// <summary> /// Deserializes an RSTR and returns a RequestSecurityTokenRespone object. /// </summary> /// <param name="reader">Reader over the RSTR.</param> /// <param name="context">Current Serialization context.</param> /// <returns>RequestSecurityTokenResponse object if deserialization was successful.</returns> /// <exception cref="ArgumentNullException">The given reader or context parameter is null</exception> public override RequestSecurityTokenResponse ReadXml(XmlReader reader, WSTrustSerializationContext context) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } bool isFinal = false; if (reader.IsStartElement(WSTrust13Constants.ElementNames.RequestSecurityTokenResponseCollection, WSTrust13Constants.NamespaceURI)) { reader.ReadStartElement(WSTrust13Constants.ElementNames.RequestSecurityTokenResponseCollection, WSTrust13Constants.NamespaceURI); isFinal = true; } RequestSecurityTokenResponse rstr = WSTrustSerializationHelper.CreateResponse(reader, context, this, WSTrustConstantsAdapter.Trust13); rstr.IsFinal = isFinal; if (isFinal) { reader.ReadEndElement(); } return(rstr); }
/// <summary> /// Override of the base class that Reads a specific child element inside the RSTR. /// </summary> /// <param name="reader">Reader pointing at an element to read inside the RSTR.</param> /// <param name="rstr">The RequestSecurityTokenResponse element that is being populated from the reader.</param> /// <param name="context">Current Serialization context.</param> /// <exception cref="ArgumentNullException">Either reader or rstr or context parameter is null.</exception> /// <exception cref="WSTrustSerializationException">Unable to deserialize the current parameter.</exception> public override void ReadXmlElement(XmlReader reader, RequestSecurityTokenResponse rstr, WSTrustSerializationContext context) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); } if (rstr == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rstr"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } if (reader.IsStartElement(WSTrust13Constants.ElementNames.KeyWrapAlgorithm, WSTrust13Constants.NamespaceURI)) { rstr.KeyWrapAlgorithm = reader.ReadElementContentAsString(); return; } WSTrustSerializationHelper.ReadRSTRXml(reader, rstr, context, WSTrustConstantsAdapter.Trust13); }
/// <summary> /// Writes out the supported elements on the response object. /// </summary> /// <param name="rstr">The response instance</param> /// <param name="writer">The writer to write to</param> /// <param name="context">Current Serialization context.</param> /// <exception cref="ArgumentNullException">Either rstr or writer or context parameter is null.</exception> public override void WriteKnownResponseElement(RequestSecurityTokenResponse rstr, XmlWriter writer, WSTrustSerializationContext context) { if (rstr == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rstr"); } if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } // Write out the exisiting ones WSTrustSerializationHelper.WriteKnownResponseElement(rstr, writer, context, this, WSTrustConstantsAdapter.Trust13); // Specific to WS-Trust 13 if (!string.IsNullOrEmpty(rstr.KeyWrapAlgorithm)) { this.WriteXmlElement(writer, WSTrust13Constants.ElementNames.KeyWrapAlgorithm, rstr.KeyWrapAlgorithm, rstr, context); } }
/// <summary> /// Override of the base class that Reads a specific child element inside the RSTR. /// </summary> /// <param name="reader">Reader pointing at an element to read inside the RSTR.</param> /// <param name="rstr">The RequestSecurityTokenResponse element that is being populated from the reader.</param> /// <param name="context">Current Serialization context.</param> /// <exception cref="ArgumentNullException">Either reader or rstr or context parameter is null.</exception> /// <exception cref="WSTrustSerializationException">Unable to deserialize the current parameter.</exception> public override void ReadXmlElement(XmlReader reader, RequestSecurityTokenResponse rstr, WSTrustSerializationContext context) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); } if (rstr == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rstr"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } if (reader.IsStartElement(WSTrust13Constants.ElementNames.KeyWrapAlgorithm, WSTrust13Constants.NamespaceURI)) { rstr.KeyWrapAlgorithm = reader.ReadElementContentAsString(); return; } WSTrustSerializationHelper.ReadRSTRXml(reader, rstr, context, WSTrustConstantsAdapter.Trust13); }
/// <summary> /// Validates the RequestSecurityTokenResponse object that has been deserialized. /// </summary> /// <param name="requestSecurityTokenResponse">The RequestSecurityTokenResponse object to Validate.</param> /// <exception cref="InvalidOperationException">An Response for an IssueRequest does not contain the RequestedSecurityToken.</exception> public virtual void Validate(RequestSecurityTokenResponse requestSecurityTokenResponse) { if (requestSecurityTokenResponse == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rstr"); } }
/// <summary> /// Validates the RequestSecurityTokenResponse object that has been deserialized. /// </summary> /// <param name="requestSecurityTokenResponse">The RequestSecurityTokenResponse object to Validate.</param> /// <exception cref="InvalidOperationException">An Response for an IssueRequest does not contain the RequestedSecurityToken.</exception> public virtual void Validate(RequestSecurityTokenResponse requestSecurityTokenResponse) { if (requestSecurityTokenResponse == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rstr"); } }
/// <summary> /// Requests a token desribed by an RST. /// </summary> /// <param name="stsAddress">The STS address.</param> /// <param name="binding">The binding.</param> /// <param name="credentials">The credentials.</param> /// <param name="rst">The RST.</param> /// <param name="rstr">The RSTR.</param> /// <returns>A SecurityToken</returns> public static SecurityToken Issue(EndpointAddress stsAddress, Binding binding, ClientCredentials credentials, RequestSecurityToken rst, out RequestSecurityTokenResponse rstr) { var channel = CreateWSTrustChannel( stsAddress, binding, credentials); var token = channel.Issue(rst, out rstr); return token; }
private static SecurityToken IssueTokenWithUserNamePassword(string username, string password, string issuerUri, string appliesTo, out RequestSecurityTokenResponse RSTR, string keyType = KeyTypes.Bearer) { if (String.IsNullOrWhiteSpace(issuerUri)) throw new ArgumentNullException("issuerUri"); if (String.IsNullOrWhiteSpace(appliesTo)) throw new ArgumentNullException("appliesTo"); Binding binding = null; var WsHttpBinding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential); // Avoid the WS-SecureConversation piece WsHttpBinding.Security.Message.EstablishSecurityContext = false; WsHttpBinding.Security.Message.NegotiateServiceCredential = false; WsHttpBinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName; // Set our binding variable binding = WsHttpBinding; // Define the STS endpoint EndpointAddress endpoint = new EndpointAddress(new Uri(issuerUri)); var factory = new WSTrustChannelFactory(binding, endpoint) { TrustVersion = TrustVersion.WSTrust13 }; // Here is where we set the credentials (goes into the SOAP security header) factory.Credentials.SupportInteractive = false; // Avoid that CardSpace popup... factory.Credentials.UserName.UserName = username; factory.Credentials.UserName.Password = password; SecurityTokenElement OnBehalfOfElement = new SecurityTokenElement(new UserNameSecurityToken("pbell", "2Federate")); SecurityTokenElement ActAsElement = new SecurityTokenElement(new UserNameSecurityToken("mpavlich", "2Federate")); // Now we define the Request for Security Token (RST) RequestSecurityToken RST = new RequestSecurityToken() { //identifiy who this token is for AppliesTo = new EndpointReference(appliesTo), //identify what type of request this is (Issue or Validate) RequestType = RequestTypes.Issue, //set the keytype (symmetric, asymmetric (pub key) or bearer) KeyType = keyType }; // Create the WS-Trust channel IWSTrustChannelContract channel = factory.CreateChannel(); // Send the Issue RST request SecurityToken token = channel.Issue(RST, out RSTR); return token; }
public string Serialize(RequestSecurityTokenResponse securityTokenResponse) { XmlWriterSettings xmlWriterSettings = new XmlWriterSettings(); xmlWriterSettings.OmitXmlDeclaration = true; using (MemoryStream memoryStream = new MemoryStream()) using (XmlWriter xmlWriter = XmlWriter.Create(memoryStream, xmlWriterSettings)) { WSTrust13ResponseSerializer serializer = new WSTrust13ResponseSerializer(); WSTrustSerializationContext context = new WSTrustSerializationContext(); serializer.WriteXml(securityTokenResponse, xmlWriter, context); xmlWriter.Flush(); var encoding = new System.Text.UTF8Encoding(false); return encoding.GetString(memoryStream.ToArray()); } }
/// <summary> /// Writes out the supported elements on the response object. /// </summary> /// <param name="rstr">The response instance</param> /// <param name="writer">The writer to write to</param> /// <param name="context">Current Serialization context.</param> /// <exception cref="ArgumentNullException">Either rstr or writer or context parameter is null.</exception> public override void WriteKnownResponseElement(RequestSecurityTokenResponse rstr, XmlWriter writer, WSTrustSerializationContext context) { if (rstr == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rstr"); } if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } WSTrustSerializationHelper.WriteKnownResponseElement(rstr, writer, context, this, WSTrustConstantsAdapter.TrustFeb2005); }
/// <summary> /// Override of the base class that Reads a specific child element inside the RSTR. /// </summary> /// <param name="reader">Reader pointing at an element to read inside the RSTR.</param> /// <param name="rstr">The RequestSecurityTokenResponse element that is being populated from the reader.</param> /// <param name="context">Current Serialization context.</param> /// <exception cref="ArgumentNullException">Either reader or rstr or context parameter is null.</exception> /// <exception cref="WSTrustSerializationException">Unable to deserialize the current parameter.</exception> public override void ReadXmlElement(XmlReader reader, RequestSecurityTokenResponse rstr, WSTrustSerializationContext context) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); } if (rstr == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rstr"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } WSTrustSerializationHelper.ReadRSTRXml(reader, rstr, context, WSTrustConstantsAdapter.TrustFeb2005); }
/// <summary> /// Writes out the supported elements on the response object. /// </summary> /// <param name="rstr">The response instance</param> /// <param name="writer">The writer to write to</param> /// <param name="context">Current Serialization context.</param> /// <exception cref="ArgumentNullException">Either rstr or writer or context parameter is null.</exception> public override void WriteKnownResponseElement(RequestSecurityTokenResponse rstr, XmlWriter writer, WSTrustSerializationContext context) { if (rstr == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rstr"); } if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } WSTrustSerializationHelper.WriteKnownResponseElement(rstr, writer, context, this, WSTrustConstantsAdapter.TrustFeb2005); }
/// <summary> /// Override of the base class that Reads a specific child element inside the RSTR. /// </summary> /// <param name="reader">Reader pointing at an element to read inside the RSTR.</param> /// <param name="rstr">The RequestSecurityTokenResponse element that is being populated from the reader.</param> /// <param name="context">Current Serialization context.</param> /// <exception cref="ArgumentNullException">Either reader or rstr or context parameter is null.</exception> /// <exception cref="WSTrustSerializationException">Unable to deserialize the current parameter.</exception> public override void ReadXmlElement(XmlReader reader, RequestSecurityTokenResponse rstr, WSTrustSerializationContext context) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); } if (rstr == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rstr"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } WSTrustSerializationHelper.ReadRSTRXml(reader, rstr, context, WSTrustConstantsAdapter.TrustFeb2005); }
public async Task<SignInResponseMessage> GenerateAsync(SignInRequestMessage request, WindowsPrincipal windowsPrincipal) { Logger.Info("Creating WS-Federation signin response"); // create subject var outgoingSubject = SubjectGenerator.Create(windowsPrincipal, _options); // call custom claims tranformation logic var context = new CustomClaimsProviderContext { WindowsPrincipal = windowsPrincipal, OutgoingSubject = outgoingSubject }; await _options.CustomClaimsProvider.TransformAsync(context); // create token for user var token = CreateSecurityToken(context.OutgoingSubject); // return response var rstr = new RequestSecurityTokenResponse { AppliesTo = new EndpointReference(_options.IdpRealm), Context = request.Context, ReplyTo = _options.IdpReplyUrl, RequestedSecurityToken = new RequestedSecurityToken(token) }; var serializer = new WSFederationSerializer( new WSTrust13RequestSerializer(), new WSTrust13ResponseSerializer()); var mgr = SecurityTokenHandlerCollectionManager.CreateEmptySecurityTokenHandlerCollectionManager(); mgr[SecurityTokenHandlerCollectionManager.Usage.Default] = CreateSupportedSecurityTokenHandler(); var responseMessage = new SignInResponseMessage( new Uri(_options.IdpReplyUrl), rstr, serializer, new WSTrustSerializationContext(mgr)); return responseMessage; }
private static SecurityToken IssueLocalSecurityToken(SecurityToken foreignToken, string RP_Endpoint, string appliesTo, out RequestSecurityTokenResponse RSTR, string keyType = KeyTypes.Bearer) { if (String.IsNullOrWhiteSpace(RP_Endpoint)) throw new ArgumentNullException("RP_Endpoint"); Binding binding = null; // Authenticate with a SAML Bearer token var WsHttpBinding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); WsHttpBinding.Security.Message.EstablishSecurityContext = false; WsHttpBinding.Security.Message.NegotiateServiceCredential = false; WsHttpBinding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey; binding = WsHttpBinding; // Define the STS endpoint EndpointAddress endpoint = new EndpointAddress(new Uri(RP_Endpoint)); var factory = new WSTrustChannelFactory(binding, endpoint) { TrustVersion = TrustVersion.WSTrust13 }; factory.Credentials.SupportInteractive = false; // avoid that Cardspace dialog // Now we define the Request for Security Token (RST) RequestSecurityToken RST = new RequestSecurityToken() { //identifiy which local token we want AppliesTo = new EndpointReference(appliesTo), //identify what type of request this is (Issue or Validate) RequestType = RequestTypes.Issue, //set what kind of token we want returned (appliesTo will override this) TokenType = tokenType, //set the keytype (symmetric, asymmetric (pub key) or bearer - null = Sender Vouches) KeyType = null }; //create the channel (using the SAML token received from the WSC) IWSTrustChannelContract channel = factory.CreateChannelWithIssuedToken(foreignToken); //send the token issuance command SecurityToken token = channel.Issue(RST, out RSTR); return token; }
/// <summary> /// Initializes an instance of <see cref="WSTrustResponseBodyWriter"/> /// </summary> /// <param name="requestSecurityTokenResponse">The Response object that can write the body contents.</param> /// <param name="serializer">Serializer to use for serializing the RSTR.</param> /// <param name="context">The <see cref="WSTrustSerializationContext"/> of this request.</param> /// <exception cref="ArgumentNullException">serializer parameter is null.</exception> public WSTrustResponseBodyWriter(RSTR requestSecurityTokenResponse, WSTrustResponseSerializer serializer, WSTrustSerializationContext context) : base( true ) { if ( serializer == null ) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "serializer" ); } if ( requestSecurityTokenResponse == null ) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("requestSecurityTokenResponse"); } if ( context == null ) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "context" ); } _serializer = serializer; _rstr = requestSecurityTokenResponse; _context = context; }
/// <summary> /// Initializes an instance of <see cref="WSTrustResponseBodyWriter"/> /// </summary> /// <param name="requestSecurityTokenResponse">The Response object that can write the body contents.</param> /// <param name="serializer">Serializer to use for serializing the RSTR.</param> /// <param name="context">The <see cref="WSTrustSerializationContext"/> of this request.</param> /// <exception cref="ArgumentNullException">serializer parameter is null.</exception> public WSTrustResponseBodyWriter(RSTR requestSecurityTokenResponse, WSTrustResponseSerializer serializer, WSTrustSerializationContext context) : base(true) { if (serializer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("serializer"); } if (requestSecurityTokenResponse == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("requestSecurityTokenResponse"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } _serializer = serializer; _rstr = requestSecurityTokenResponse; _context = context; }
/// <summary> /// Sets the appropriate things, such as requested security token, inside the RSTR /// based on what is inside this token descriptor instance. /// </summary> /// <param name="response">The RSTR object that this security token descriptor needs to modify.</param> /// <exception cref="ArgumentNullException">When response is null.</exception> public virtual void ApplyTo(RSTR response) { if (response == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("response"); } if (tokenType != null) { response.TokenType = tokenType; } if (token != null) { response.RequestedSecurityToken = new RequestedSecurityToken(token); } if (attachedReference != null) { response.RequestedAttachedReference = attachedReference; } if (unattachedReference != null) { response.RequestedUnattachedReference = unattachedReference; } if (lifetime != null) { response.Lifetime = lifetime; } if (proofDescriptor != null) { proofDescriptor.ApplyTo(response); } }
/// <summary> /// Sets the appropriate things, such as requested security token, inside the RSTR /// based on what is inside this token descriptor instance. /// </summary> /// <param name="response">The RSTR object that this security token descriptor needs to modify.</param> /// <exception cref="ArgumentNullException">When response is null.</exception> public virtual void ApplyTo(RSTR response) { if (response == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("response"); } if (tokenType != null) { response.TokenType = tokenType; } if (token != null) { response.RequestedSecurityToken = new RequestedSecurityToken(token); } if (attachedReference != null) { response.RequestedAttachedReference = attachedReference; } if (unattachedReference != null) { response.RequestedUnattachedReference = unattachedReference; } if (lifetime != null) { response.Lifetime = lifetime; } if (proofDescriptor != null) { proofDescriptor.ApplyTo(response); } }
/// <summary> /// Creates the RSTR and finally read the information from TokenDescriptor and apply /// those to the RSTR. /// </summary> /// <param name="request">The RST from the request.</param> /// <param name="tokenDescriptor">The token descriptor which contains the information for the issued token.</param> /// <returns>The RSTR for the response, null if the token descriptor is null.</returns> protected virtual RSTR GetResponse(RST request, SecurityTokenDescriptor tokenDescriptor) { if (tokenDescriptor != null) { RSTR rstr = new RSTR(request); tokenDescriptor.ApplyTo(rstr); // Set the replyTo address of the relying party (if any) in the outgoing RSTR from the generated // token descriptor (STD) based on the table below: // // RST.ReplyTo STD.ReplyToAddress RSTR.ReplyTo // =========== ==================== ============ // Set Not Set Not Set // Set Set Set to STD.ReplyToAddress // Not Set Not Set Not Set // Not Set Set Not Set // if (request.ReplyTo != null) { rstr.ReplyTo = tokenDescriptor.ReplyToAddress; } // // Set the appliesTo address (if any) in the outgoing RSTR from the generated token descriptor. // if (!string.IsNullOrEmpty(tokenDescriptor.AppliesToAddress)) { rstr.AppliesTo = new EndpointReference(tokenDescriptor.AppliesToAddress); } return(rstr); } else { return(null); } }
public virtual void ApplyTo (RequestSecurityTokenResponse response) { throw new NotImplementedException (); }
/// <summary> /// Serializes a RequestSecurityTokenResponse object to the given XmlWriter /// stream. /// </summary> /// <param name="response">RequestSecurityTokenResponse object that needs to be serialized to the writer.</param> /// <param name="writer">XmlWriter into which the object will be serialized</param> /// <param name="context">Current Serialization context.</param> /// <exception cref="ArgumentNullException">The given response or writer or context parameter is null</exception> public override void WriteXml(RequestSecurityTokenResponse response, XmlWriter writer, WSTrustSerializationContext context) { if (response == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("response"); } if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } if (response.IsFinal) { writer.WriteStartElement(WSTrust13Constants.Prefix, WSTrust13Constants.ElementNames.RequestSecurityTokenResponseCollection, WSTrust13Constants.NamespaceURI); } WSTrustSerializationHelper.WriteResponse(response, writer, context, this, WSTrustConstantsAdapter.Trust13); if (response.IsFinal) { writer.WriteEndElement(); } }
/// <summary> /// Override of the Base class method that writes a specific RSTR parameter to the outgoing stream. /// </summary> /// <param name="writer">Writer to which the RSTR is serialized</param> /// <param name="elementName">The Local name of the element to be written.</param> /// <param name="elementValue">The value of the element.</param> /// <param name="rstr">The entire RSTR object that is being serialized.</param> /// <param name="context">Current Serialization context.</param> /// <exception cref="ArgumentNullException">Either writer or rstr or context is null.</exception> /// <exception cref="ArgumentException">elementName is null or an empty string.</exception> public override void WriteXmlElement(XmlWriter writer, string elementName, object elementValue, RequestSecurityTokenResponse rstr, WSTrustSerializationContext context) { if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if (string.IsNullOrEmpty(elementName)) { throw DiagnosticUtility.ThrowHelperArgumentNullOrEmptyString("elementName"); } if (rstr == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rstr"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } WSTrustSerializationHelper.WriteRSTRXml(writer, elementName, elementValue, context, WSTrustConstantsAdapter.TrustFeb2005); }
/// <summary> /// When overriden in the derived class serializes the given RequestSecurityTokenResponse into the XmlWriter /// </summary> /// <param name="response">RequestSecurityTokenRespone object to be serializes</param> /// <param name="writer">XML writer to serialize into</param> /// <param name="context">Current Serialization context.</param> public abstract void WriteXml(RequestSecurityTokenResponse response, XmlWriter writer, WSTrustSerializationContext context);
/// <summary> /// Creates the RSTR and finally read the information from TokenDescriptor and apply /// those to the RSTR. /// </summary> /// <param name="request">The RST from the request.</param> /// <param name="tokenDescriptor">The token descriptor which contains the information for the issued token.</param> /// <returns>The RSTR for the response, null if the token descriptor is null.</returns> protected virtual RSTR GetResponse(RST request, SecurityTokenDescriptor tokenDescriptor) { if (tokenDescriptor != null) { RSTR rstr = new RSTR(request); tokenDescriptor.ApplyTo(rstr); // Set the replyTo address of the relying party (if any) in the outgoing RSTR from the generated // token descriptor (STD) based on the table below: // // RST.ReplyTo STD.ReplyToAddress RSTR.ReplyTo // =========== ==================== ============ // Set Not Set Not Set // Set Set Set to STD.ReplyToAddress // Not Set Not Set Not Set // Not Set Set Not Set // if (request.ReplyTo != null) { rstr.ReplyTo = tokenDescriptor.ReplyToAddress; } // // Set the appliesTo address (if any) in the outgoing RSTR from the generated token descriptor. // if (!string.IsNullOrEmpty(tokenDescriptor.AppliesToAddress)) { rstr.AppliesTo = new EndpointReference(tokenDescriptor.AppliesToAddress); } return rstr; } else { return null; } }
public static void ReadRSTRXml(XmlReader reader, RequestSecurityTokenResponse rstr, WSTrustSerializationContext context, WSTrustConstantsAdapter trustConstants) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); } if (rstr == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rstr"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } if (trustConstants == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("trustConstants"); } if (reader.IsStartElement(trustConstants.Elements.Entropy, trustConstants.NamespaceURI)) { if (!reader.IsEmptyElement) { reader.ReadStartElement(trustConstants.Elements.Entropy, trustConstants.NamespaceURI); ProtectedKey protectedKey = ReadProtectedKey(reader, context, trustConstants); if (protectedKey == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3026))); } rstr.Entropy = new Entropy(protectedKey); reader.ReadEndElement(); } if (rstr.Entropy == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3026))); } return; } if (reader.IsStartElement(trustConstants.Elements.KeySize, trustConstants.NamespaceURI)) { if (!reader.IsEmptyElement) { rstr.KeySizeInBits = Convert.ToInt32(reader.ReadElementContentAsString(), CultureInfo.InvariantCulture); } if (rstr.KeySizeInBits == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3154))); } return; } if (reader.IsStartElement(trustConstants.Elements.RequestType, trustConstants.NamespaceURI)) { rstr.RequestType = WSTrustSerializationHelper.ReadRequestType(reader, trustConstants); return; } if (reader.IsStartElement(trustConstants.Elements.Lifetime, trustConstants.NamespaceURI)) { rstr.Lifetime = WSTrustSerializationHelper.ReadLifetime(reader, trustConstants); return; } if (reader.IsStartElement(trustConstants.Elements.RequestedSecurityToken, trustConstants.NamespaceURI)) { if (!reader.IsEmptyElement) { rstr.RequestedSecurityToken = new RequestedSecurityToken(WSTrustSerializationHelper.ReadInnerXml(reader)); } if (rstr.RequestedSecurityToken == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3158))); } return; } if (reader.IsStartElement(WSPolicyConstants.ElementNames.AppliesTo, WSPolicyConstants.NamespaceURI)) { rstr.AppliesTo = WSTrustSerializationHelper.ReadAppliesTo(reader, trustConstants); return; } if (reader.IsStartElement(trustConstants.Elements.RequestedProofToken, trustConstants.NamespaceURI)) { if (!reader.IsEmptyElement) { reader.ReadStartElement(); if ((reader.LocalName == trustConstants.Elements.ComputedKey) && (reader.NamespaceURI == trustConstants.NamespaceURI)) { rstr.RequestedProofToken = new RequestedProofToken(ReadComputedKeyAlgorithm(reader, trustConstants)); } else { ProtectedKey protectedKey = ReadProtectedKey(reader, context, trustConstants); if (protectedKey == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3025))); } rstr.RequestedProofToken = new RequestedProofToken(protectedKey); } reader.ReadEndElement(); } if (rstr.RequestedProofToken == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3025))); } return; } if (reader.IsStartElement(trustConstants.Elements.RequestedAttachedReference, trustConstants.NamespaceURI)) { if (!reader.IsEmptyElement) { reader.ReadStartElement(); rstr.RequestedAttachedReference = context.SecurityTokenHandlers.ReadKeyIdentifierClause(reader); reader.ReadEndElement(); } if (rstr.RequestedAttachedReference == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3159))); } return; } if (reader.IsStartElement(trustConstants.Elements.RequestedUnattachedReference, trustConstants.NamespaceURI)) { if (!reader.IsEmptyElement) { reader.ReadStartElement(); rstr.RequestedUnattachedReference = context.SecurityTokenHandlers.ReadKeyIdentifierClause(reader); reader.ReadEndElement(); } if (rstr.RequestedUnattachedReference == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3160))); } return; } if (reader.IsStartElement(trustConstants.Elements.TokenType, trustConstants.NamespaceURI)) { rstr.TokenType = reader.ReadElementContentAsString(); if (!UriUtil.CanCreateValidUri(rstr.TokenType, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.TokenType, trustConstants.NamespaceURI, rstr.TokenType))); } return; } if (reader.IsStartElement(trustConstants.Elements.KeyType, trustConstants.NamespaceURI)) { rstr.KeyType = WSTrustSerializationHelper.ReadKeyType(reader, trustConstants); return; } if (reader.IsStartElement(trustConstants.Elements.AuthenticationType, trustConstants.NamespaceURI)) { rstr.AuthenticationType = reader.ReadElementContentAsString(trustConstants.Elements.AuthenticationType, trustConstants.NamespaceURI); if (!UriUtil.CanCreateValidUri(rstr.AuthenticationType, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.AuthenticationType, trustConstants.NamespaceURI, rstr.AuthenticationType))); } return; } if (reader.IsStartElement(trustConstants.Elements.EncryptionAlgorithm, trustConstants.NamespaceURI)) { rstr.EncryptionAlgorithm = reader.ReadElementContentAsString(trustConstants.Elements.EncryptionAlgorithm, trustConstants.NamespaceURI); if (!UriUtil.CanCreateValidUri(rstr.EncryptionAlgorithm, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.EncryptionAlgorithm, trustConstants.NamespaceURI, rstr.EncryptionAlgorithm))); } return; } if (reader.IsStartElement(trustConstants.Elements.CanonicalizationAlgorithm, trustConstants.NamespaceURI)) { rstr.CanonicalizationAlgorithm = reader.ReadElementContentAsString(trustConstants.Elements.CanonicalizationAlgorithm, trustConstants.NamespaceURI); if (!UriUtil.CanCreateValidUri(rstr.CanonicalizationAlgorithm, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.CanonicalizationAlgorithm, trustConstants.NamespaceURI, rstr.CanonicalizationAlgorithm))); } return; } if (reader.IsStartElement(trustConstants.Elements.SignatureAlgorithm, trustConstants.NamespaceURI)) { rstr.SignatureAlgorithm = reader.ReadElementContentAsString(trustConstants.Elements.SignatureAlgorithm, trustConstants.NamespaceURI); if (!UriUtil.CanCreateValidUri(rstr.SignatureAlgorithm, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.SignatureAlgorithm, trustConstants.NamespaceURI, rstr.SignatureAlgorithm))); } return; } if (reader.IsStartElement(trustConstants.Elements.SignWith, trustConstants.NamespaceURI)) { rstr.SignWith = reader.ReadElementContentAsString(); if (!UriUtil.CanCreateValidUri(rstr.SignWith, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.SignWith, trustConstants.NamespaceURI, rstr.SignWith))); } return; } if (reader.IsStartElement(trustConstants.Elements.EncryptWith, trustConstants.NamespaceURI)) { rstr.EncryptWith = reader.ReadElementContentAsString(); if (!UriUtil.CanCreateValidUri(rstr.EncryptWith, UriKind.Absolute)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3135, trustConstants.Elements.EncryptWith, trustConstants.NamespaceURI, rstr.EncryptWith))); } return; } if (reader.IsStartElement(trustConstants.Elements.BinaryExchange, trustConstants.NamespaceURI)) { rstr.BinaryExchange = WSTrustSerializationHelper.ReadBinaryExchange(reader, trustConstants); return; } if (reader.IsStartElement(trustConstants.Elements.Status, trustConstants.NamespaceURI)) { rstr.Status = WSTrustSerializationHelper.ReadStatus(reader, trustConstants); return; } if (reader.IsStartElement(trustConstants.Elements.RequestedTokenCancelled, trustConstants.NamespaceURI)) { rstr.RequestedTokenCancelled = true; reader.ReadStartElement(); return; } throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new WSTrustSerializationException(SR.GetString(SR.ID3007, reader.LocalName, reader.NamespaceURI))); }
private string SerializeResponse(RequestSecurityTokenResponse response) { var serializer = new WSTrust13ResponseSerializer(); var context = new WSTrustSerializationContext( FederatedAuthentication.FederationConfiguration.IdentityConfiguration .SecurityTokenHandlerCollectionManager); var sb = new StringBuilder(128); using (var writer = XmlWriter.Create(new StringWriter(sb))) { serializer.WriteXml(response, writer, context); return sb.ToString(); } }
/// <summary> /// The callback that is invoked on the completion of the BeginGetOutputSubjects call. /// </summary> /// <param name="result">The async result.</param> /// <exception cref="ArgumentNullException">When the given async result is null.</exception> void OnGetOutputClaimsIdentityComplete(IAsyncResult result) { if (null == result) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("result"); } FederatedAsyncState state = result.AsyncState as FederatedAsyncState; if (state == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID2001))); } SecurityTokenHandler securityTokenHandler = state.SecurityTokenHandler; if (securityTokenHandler == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID2016))); } Exception unhandledException = null; RST request = state.Request; RSTR response = null; TypedAsyncResult <RSTR> typedResult = state.Result as TypedAsyncResult <RSTR>; if (typedResult == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID2004, typeof(TypedAsyncResult <RSTR>), state.Result.GetType()))); } try { // // get token descriptor // if (_tokenDescriptor == null) { throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID2003)); } // Step 7: Retrieve the output claims to be included in the issued-token _tokenDescriptor.Subject = EndGetOutputClaimsIdentity(result); // // Use the retrieved securityTokenHandler to create and setup the issued token information on the tokenDescriptor // (actual issued token, AttachedReference and UnattachedReference) // TokenType is preserved from the request if possible if (!string.IsNullOrEmpty(request.TokenType)) { _tokenDescriptor.TokenType = request.TokenType; } else { string[] identifiers = securityTokenHandler.GetTokenTypeIdentifiers(); if (identifiers == null || identifiers.Length == 0) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID4264, request.TokenType))); } _tokenDescriptor.TokenType = identifiers[0]; } _tokenDescriptor.Token = securityTokenHandler.CreateToken(_tokenDescriptor); _tokenDescriptor.AttachedReference = securityTokenHandler.CreateSecurityTokenReference(_tokenDescriptor.Token, true); _tokenDescriptor.UnattachedReference = securityTokenHandler.CreateSecurityTokenReference(_tokenDescriptor.Token, false); // 9. Create the RSTR response = GetResponse(request, _tokenDescriptor); } #pragma warning suppress 56500 catch (Exception e) { if (System.Runtime.Fx.IsFatal(e)) { throw; } unhandledException = e; } typedResult.Complete(response, typedResult.CompletedSynchronously, unhandledException); }
/// <summary> /// Issues a Security Token. /// </summary> /// <param name="principal">The identity of the token requestor.</param> /// <param name="request">The request.</param> /// <returns>The response.</returns> public virtual RSTR Issue(ClaimsPrincipal principal, RST request) { if (request == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("request"); } _principal = principal; _request = request; // 1. Do request validation ValidateRequest(request); // 2. Get the scope and populate into tokenDescriptor Scope scope = GetScope(principal, request); if (scope == null) { throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID2013)); } this.Scope = scope; // Create the security token descriptor now that we have a scope. this.SecurityTokenDescriptor = CreateSecurityTokenDescriptor(request, scope); if (this.SecurityTokenDescriptor == null) { throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID2003)); } if (this.SecurityTokenDescriptor.SigningCredentials == null) { throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID2079)); } // // If TokenEncryptionRequired is set to true, then we must encrypt the token. // if (this.Scope.TokenEncryptionRequired && this.SecurityTokenDescriptor.EncryptingCredentials == null) { throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID4184)); } // 3. Get the token-handler SecurityTokenHandler securityTokenHandler = GetSecurityTokenHandler(request.TokenType); if (securityTokenHandler == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.ID4010, request.TokenType))); } // 4. Get the issuer name and populate into tokenDescriptor _tokenDescriptor.TokenIssuerName = GetValidIssuerName(); // 5. Get the token lifetime and populate into tokenDescriptor _tokenDescriptor.Lifetime = GetTokenLifetime(request.Lifetime); // 6. Get the proof token and populate into tokenDescriptor _tokenDescriptor.Proof = GetProofToken(request, scope); // 7. Get the subjects and populate into tokenDescriptor _tokenDescriptor.Subject = GetOutputClaimsIdentity(principal, request, scope); // use the securityTokenHandler from Step 3 to create and setup the issued token information on the tokenDescriptor // (actual issued token, AttachedReference and UnattachedReference) // TokenType is preserved from the request if possible if (!string.IsNullOrEmpty(request.TokenType)) { _tokenDescriptor.TokenType = request.TokenType; } else { string[] identifiers = securityTokenHandler.GetTokenTypeIdentifiers(); if (identifiers == null || identifiers.Length == 0) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID4264, request.TokenType))); } _tokenDescriptor.TokenType = identifiers[0]; } _tokenDescriptor.Token = securityTokenHandler.CreateToken(_tokenDescriptor); _tokenDescriptor.AttachedReference = securityTokenHandler.CreateSecurityTokenReference(_tokenDescriptor.Token, true); _tokenDescriptor.UnattachedReference = securityTokenHandler.CreateSecurityTokenReference(_tokenDescriptor.Token, false); // 9. Create the RSTR RSTR rstr = GetResponse(request, _tokenDescriptor); return(rstr); }
/// <summary> /// Sets the appropriate things, such as requested proof token, inside the RSTR /// based on what is inside the proof descriptor instance. /// </summary> /// <param name="response">The RSTR object that this proof descriptor needs to modify.</param> /// <exception cref="ArgumentNullException">When the response is null.</exception> public override void ApplyTo(RSTR response) { if (response == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("response"); } if (_targetEntropy != null) { // // When there is target entropy, then we will send back a computedKeyalgorithm // in the proof token case and send the entropy as response.Entropy. By default, this // class is doing Psha1. // response.RequestedProofToken = new RequestedProofToken(ComputedKeyAlgorithms.Psha1); response.KeySizeInBits = _keySizeInBits; response.Entropy = new Entropy(_targetEntropy, _requestorWrappingCredentials); } else { // // When there is no target entroypy, then we will send back the key either in // binary secret format or in the encrypted key format // response.RequestedProofToken = new RequestedProofToken(_key, _requestorWrappingCredentials); } }
/// <summary> /// When overridden in the derived class reads a child element inside RSTR. /// </summary> /// <param name="reader">Reader pointing at an element to read inside the RSTR.</param> /// <param name="requestSecurityTokenResponse">The RequestSecurityTokenResponse element that is being populated from the reader.</param> /// <param name="context">Current Serialization context.</param> public abstract void ReadXmlElement(XmlReader reader, RequestSecurityTokenResponse requestSecurityTokenResponse, WSTrustSerializationContext context);
public static void WriteResponse(RequestSecurityTokenResponse response, XmlWriter writer, WSTrustSerializationContext context, WSTrustResponseSerializer responseSerializer, WSTrustConstantsAdapter trustConstants) { if (response == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("response"); } if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } if (responseSerializer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("responseSerializer"); } if (trustConstants == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("trustConstants"); } responseSerializer.Validate(response); // Step 1: Write RSTR start element writer.WriteStartElement(trustConstants.Prefix, trustConstants.Elements.RequestSecurityTokenResponse, trustConstants.NamespaceURI); // Step 2: Write known RSTR attributes, i.e. Context if (!string.IsNullOrEmpty(response.Context)) { writer.WriteAttributeString(trustConstants.Attributes.Context, response.Context); } // Step 3: Write known RSTR elements responseSerializer.WriteKnownResponseElement(response, writer, context); // Step 4: Write custom RSTR elements foreach (KeyValuePair<string, object> messageParam in response.Properties) { responseSerializer.WriteXmlElement(writer, messageParam.Key, messageParam.Value, response, context); } // Step 5: Write RSTR end element to close it writer.WriteEndElement(); }
/// <summary> /// Override of the Base class method that writes a specific RSTR parameter to the outgoing stream. /// </summary> /// <param name="writer">Writer to which the RSTR is serialized</param> /// <param name="elementName">The Local name of the element to be written.</param> /// <param name="elementValue">The value of the element.</param> /// <param name="rstr">The entire RSTR object that is being serialized.</param> /// <param name="context">Current Serialization context.</param> /// <exception cref="ArgumentNullException">Either writer or rstr or context is null.</exception> /// <exception cref="ArgumentException">elementName is null or an empty string.</exception> public override void WriteXmlElement(XmlWriter writer, string elementName, object elementValue, RequestSecurityTokenResponse rstr, WSTrustSerializationContext context) { if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if (string.IsNullOrEmpty(elementName)) { throw DiagnosticUtility.ThrowHelperArgumentNullOrEmptyString("elementName"); } if (rstr == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rstr"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } WSTrustSerializationHelper.WriteRSTRXml(writer, elementName, elementValue, context, WSTrustConstantsAdapter.TrustFeb2005); }
private static XmlElement ExtractTokenXml(RequestSecurityTokenResponse rstr) { if (rstr.RequestedSecurityToken.SecurityToken != null) { var xmlString = rstr.RequestedSecurityToken.SecurityToken.ToTokenXmlString(); return XElement.Parse(xmlString).ToXmlElement(); } if (rstr.RequestedSecurityToken.SecurityTokenXml != null) { return rstr.RequestedSecurityToken.SecurityTokenXml; } return null; }
public abstract void ApplyTo (RequestSecurityTokenResponse response);
/// <summary> /// When overriden in the derived class serializes the given RequestSecurityTokenResponse into the XmlWriter /// </summary> /// <param name="response">RequestSecurityTokenRespone object to be serializes</param> /// <param name="writer">XML writer to serialize into</param> /// <param name="context">Current Serialization context.</param> public abstract void WriteXml(RequestSecurityTokenResponse response, XmlWriter writer, WSTrustSerializationContext context);
internal static SecurityToken ComputeProofKey(RequestSecurityToken rst, RequestSecurityTokenResponse rstr) { if (rstr.Entropy == null) { throw new NotSupportedException("RSTR entropy is null"); } if (rst.Entropy == null) { throw new NotSupportedException("RST entropy is null"); } int? keySizeInBits = rst.KeySizeInBits; int num = keySizeInBits.HasValue ? keySizeInBits.GetValueOrDefault() : 0x400; if (rstr.KeySizeInBits.HasValue) { num = rstr.KeySizeInBits.Value; } return new BinarySecretSecurityToken( KeyGenerator.ComputeCombinedKey( rst.Entropy.GetKeyBytes(), rstr.Entropy.GetKeyBytes(), num)); }
/// <summary> /// Override of the Base class method that writes a specific RSTR parameter to the outgoing stream. /// </summary> /// <param name="writer">Writer to which the RSTR is serialized</param> /// <param name="elementName">The Local name of the element to be written.</param> /// <param name="elementValue">The value of the element.</param> /// <param name="rstr">The entire RSTR object that is being serialized.</param> /// <param name="context">Current Serialization context.</param> /// <exception cref="ArgumentNullException">Either writer or rstr or context is null.</exception> /// <exception cref="ArgumentException">elementName is null or an empty string.</exception> public override void WriteXmlElement(XmlWriter writer, string elementName, object elementValue, RequestSecurityTokenResponse rstr, WSTrustSerializationContext context) { if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if (string.IsNullOrEmpty(elementName)) { throw DiagnosticUtility.ThrowHelperArgumentNullOrEmptyString("elementName"); } if (rstr == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rstr"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } if (StringComparer.Ordinal.Equals(elementName, WSTrust13Constants.ElementNames.KeyWrapAlgorithm)) { writer.WriteElementString(WSTrust13Constants.Prefix, WSTrust13Constants.ElementNames.KeyWrapAlgorithm, WSTrust13Constants.NamespaceURI, (string)elementValue); return; } WSTrustSerializationHelper.WriteRSTRXml(writer, elementName, elementValue, context, WSTrustConstantsAdapter.Trust13); }
/// <summary> /// When overridden in the derived class reads a child element inside RSTR. /// </summary> /// <param name="reader">Reader pointing at an element to read inside the RSTR.</param> /// <param name="requestSecurityTokenResponse">The RequestSecurityTokenResponse element that is being populated from the reader.</param> /// <param name="context">Current Serialization context.</param> public abstract void ReadXmlElement(XmlReader reader, RequestSecurityTokenResponse requestSecurityTokenResponse, WSTrustSerializationContext context);
/// <summary> /// Override of the Base class method that writes a specific RSTR parameter to the outgoing stream. /// </summary> /// <param name="writer">Writer to which the RSTR is serialized</param> /// <param name="elementName">The Local name of the element to be written.</param> /// <param name="elementValue">The value of the element.</param> /// <param name="rstr">The entire RSTR object that is being serialized.</param> /// <param name="context">Current Serialization context.</param> /// <exception cref="ArgumentNullException">Either writer or rstr or context is null.</exception> /// <exception cref="ArgumentException">elementName is null or an empty string.</exception> public override void WriteXmlElement(XmlWriter writer, string elementName, object elementValue, RequestSecurityTokenResponse rstr, WSTrustSerializationContext context) { if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if (string.IsNullOrEmpty(elementName)) { throw DiagnosticUtility.ThrowHelperArgumentNullOrEmptyString("elementName"); } if (rstr == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rstr"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } if (StringComparer.Ordinal.Equals(elementName, WSTrust13Constants.ElementNames.KeyWrapAlgorithm)) { writer.WriteElementString(WSTrust13Constants.Prefix, WSTrust13Constants.ElementNames.KeyWrapAlgorithm, WSTrust13Constants.NamespaceURI, (string)elementValue); return; } WSTrustSerializationHelper.WriteRSTRXml(writer, elementName, elementValue, context, WSTrustConstantsAdapter.Trust13); }
/// <summary> /// When overridden in the derived class writes a specific RSTR parameter to the outgoing stream. /// </summary> /// <param name="writer">Writer to which the RSTR is serialized</param> /// <param name="elementName">The Local name of the element to be written.</param> /// <param name="elementValue">The value of the element.</param> /// <param name="requestSecurityTokenResponse">The entire RSTR object that is being serialized.</param> /// <param name="context">Current Serialization context.</param> public abstract void WriteXmlElement(XmlWriter writer, string elementName, object elementValue, RequestSecurityTokenResponse requestSecurityTokenResponse, WSTrustSerializationContext context);
public static void WriteKnownResponseElement(RequestSecurityTokenResponse rstr, XmlWriter writer, WSTrustSerializationContext context, WSTrustResponseSerializer responseSerializer, WSTrustConstantsAdapter trustConstants) { if (rstr == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rstr"); } if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } if (responseSerializer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("responseSerializer"); } if (trustConstants == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("trustConstants"); } if (rstr.Entropy != null) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.Entropy, rstr.Entropy, rstr, context); } if (rstr.KeySizeInBits.HasValue) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.KeySize, rstr.KeySizeInBits, rstr, context); } if (rstr.Lifetime != null) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.Lifetime, rstr.Lifetime, rstr, context); } if (rstr.AppliesTo != null) { responseSerializer.WriteXmlElement(writer, WSPolicyConstants.ElementNames.AppliesTo, rstr.AppliesTo, rstr, context); } if (rstr.RequestedSecurityToken != null) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.RequestedSecurityToken, rstr.RequestedSecurityToken, rstr, context); } if (rstr.RequestedProofToken != null) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.RequestedProofToken, rstr.RequestedProofToken, rstr, context); } if (rstr.RequestedAttachedReference != null) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.RequestedAttachedReference, rstr.RequestedAttachedReference, rstr, context); } if (rstr.RequestedUnattachedReference != null) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.RequestedUnattachedReference, rstr.RequestedUnattachedReference, rstr, context); } if (!string.IsNullOrEmpty(rstr.SignWith)) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.SignWith, rstr.SignWith, rstr, context); } if (!string.IsNullOrEmpty(rstr.EncryptWith)) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.EncryptWith, rstr.EncryptWith, rstr, context); } if (!string.IsNullOrEmpty(rstr.TokenType)) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.TokenType, rstr.TokenType, rstr, context); } if (!string.IsNullOrEmpty(rstr.RequestType)) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.RequestType, rstr.RequestType, rstr, context); } if (!string.IsNullOrEmpty(rstr.KeyType)) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.KeyType, rstr.KeyType, rstr, context); } if (!string.IsNullOrEmpty(rstr.AuthenticationType)) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.AuthenticationType, rstr.AuthenticationType, rstr, context); } if (!string.IsNullOrEmpty(rstr.EncryptionAlgorithm)) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.EncryptionAlgorithm, rstr.EncryptionAlgorithm, rstr, context); } if (!string.IsNullOrEmpty(rstr.CanonicalizationAlgorithm)) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.CanonicalizationAlgorithm, rstr.CanonicalizationAlgorithm, rstr, context); } if (!string.IsNullOrEmpty(rstr.SignatureAlgorithm)) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.SignatureAlgorithm, rstr.SignatureAlgorithm, rstr, context); } if (rstr.BinaryExchange != null) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.BinaryExchange, rstr.BinaryExchange, rstr, context); } if (rstr.Status != null) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.Status, rstr.Status, rstr, context); } if (rstr.RequestedTokenCancelled) { responseSerializer.WriteXmlElement(writer, trustConstants.Elements.RequestedTokenCancelled, rstr.RequestedTokenCancelled, rstr, context); } }
/// <summary> /// Writes out the supported elements on the response object. /// </summary> /// <param name="rstr">The response instance</param> /// <param name="writer">The writer to write to</param> /// <param name="context">Current Serialization context.</param> /// <exception cref="ArgumentNullException">Either rstr or writer or context parameter is null.</exception> public override void WriteKnownResponseElement(RequestSecurityTokenResponse rstr, XmlWriter writer, WSTrustSerializationContext context) { if (rstr == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rstr"); } if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if (context == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); } // Write out the exisiting ones WSTrustSerializationHelper.WriteKnownResponseElement(rstr, writer, context, this, WSTrustConstantsAdapter.Trust13); // Specific to WS-Trust 13 if (!string.IsNullOrEmpty(rstr.KeyWrapAlgorithm)) { this.WriteXmlElement(writer, WSTrust13Constants.ElementNames.KeyWrapAlgorithm, rstr.KeyWrapAlgorithm, rstr, context); } }
/// <summary> /// When overridden in the derived class writes a specific RSTR parameter to the outgoing stream. /// </summary> /// <param name="writer">Writer to which the RSTR is serialized</param> /// <param name="elementName">The Local name of the element to be written.</param> /// <param name="elementValue">The value of the element.</param> /// <param name="requestSecurityTokenResponse">The entire RSTR object that is being serialized.</param> /// <param name="context">Current Serialization context.</param> public abstract void WriteXmlElement(XmlWriter writer, string elementName, object elementValue, RequestSecurityTokenResponse requestSecurityTokenResponse, WSTrustSerializationContext context);