public void MatchesKeyIdentifierClause () { UniqueId id = new UniqueId (); X509SecurityToken t = new X509SecurityToken (cert, id.ToString ()); LocalIdKeyIdentifierClause l = new LocalIdKeyIdentifierClause (id.ToString ()); Assert.IsTrue (t.MatchesKeyIdentifierClause (l), "#1-1"); l = new LocalIdKeyIdentifierClause ("#" + id.ToString ()); Assert.IsFalse (t.MatchesKeyIdentifierClause (l), "#1-2"); X509ThumbprintKeyIdentifierClause h = new X509ThumbprintKeyIdentifierClause (cert); Assert.IsTrue (t.MatchesKeyIdentifierClause (h), "#2-1"); h = new X509ThumbprintKeyIdentifierClause (cert2); Assert.IsFalse (t.MatchesKeyIdentifierClause (h), "#2-2"); X509IssuerSerialKeyIdentifierClause i = new X509IssuerSerialKeyIdentifierClause (cert); Assert.IsTrue (t.MatchesKeyIdentifierClause (i), "#3-1"); i = new X509IssuerSerialKeyIdentifierClause (cert2); Assert.IsFalse (t.MatchesKeyIdentifierClause (i), "#3-2"); X509RawDataKeyIdentifierClause s = new X509RawDataKeyIdentifierClause (cert); Assert.IsTrue (t.MatchesKeyIdentifierClause (s), "#4-1"); s = new X509RawDataKeyIdentifierClause (cert2); Assert.IsFalse (t.MatchesKeyIdentifierClause (s), "#4-2"); }
/// <summary> /// Inherited from <see cref="SecurityTokenResolver"/>. /// </summary> protected override bool TryResolveSecurityKeyCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityKey key) { if (keyIdentifierClause == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("keyIdentifierClause"); } key = null; X509RawDataKeyIdentifierClause rawDataClause = keyIdentifierClause as X509RawDataKeyIdentifierClause; if (rawDataClause != null) { key = rawDataClause.CreateKey(); return(true); } RsaKeyIdentifierClause rsaClause = keyIdentifierClause as RsaKeyIdentifierClause; if (rsaClause != null) { key = rsaClause.CreateKey(); return(true); } if (_wrappedTokenResolver.TryResolveSecurityKey(keyIdentifierClause, out key)) { return(true); } return(false); }
public override bool MatchesKeyIdentifierClause(SecurityKeyIdentifierClause keyIdentifierClause) { this.ThrowIfDisposed(); X509SubjectKeyIdentifierClause clause = keyIdentifierClause as X509SubjectKeyIdentifierClause; if (clause != null) { return(clause.Matches(this.certificate)); } X509ThumbprintKeyIdentifierClause clause2 = keyIdentifierClause as X509ThumbprintKeyIdentifierClause; if (clause2 != null) { return(clause2.Matches(this.certificate)); } X509IssuerSerialKeyIdentifierClause clause3 = keyIdentifierClause as X509IssuerSerialKeyIdentifierClause; if (clause3 != null) { return(clause3.Matches(this.certificate)); } X509RawDataKeyIdentifierClause clause4 = keyIdentifierClause as X509RawDataKeyIdentifierClause; if (clause4 != null) { return(clause4.Matches(this.certificate)); } return(base.MatchesKeyIdentifierClause(keyIdentifierClause)); }
public override bool MatchesKeyIdentifierClause(SecurityKeyIdentifierClause keyIdentifierClause) { ThrowIfDisposed(); X509SubjectKeyIdentifierClause subjectKeyIdentifierClause = keyIdentifierClause as X509SubjectKeyIdentifierClause; if (subjectKeyIdentifierClause != null) { return(subjectKeyIdentifierClause.Matches(certificate)); } X509ThumbprintKeyIdentifierClause thumbprintKeyIdentifierClause = keyIdentifierClause as X509ThumbprintKeyIdentifierClause; if (thumbprintKeyIdentifierClause != null) { return(thumbprintKeyIdentifierClause.Matches(certificate)); } X509IssuerSerialKeyIdentifierClause issuerKeyIdentifierClause = keyIdentifierClause as X509IssuerSerialKeyIdentifierClause; if (issuerKeyIdentifierClause != null) { return(issuerKeyIdentifierClause.Matches(certificate)); } X509RawDataKeyIdentifierClause rawCertKeyIdentifierClause = keyIdentifierClause as X509RawDataKeyIdentifierClause; if (rawCertKeyIdentifierClause != null) { return(rawCertKeyIdentifierClause.Matches(certificate)); } return(base.MatchesKeyIdentifierClause(keyIdentifierClause)); }
/// <summary> /// Build a new RequestSecurityToken structure without actually sending it. /// </summary> /// <param name="bootstrapSecurityToken">The token to include in ActAs</param> /// <param name="clientCertificate">The instance certificate. Must have a private key.</param> /// <param name="RelyingPartyAdress">Address/uri of the provider service which is going to receive the token in the end</param> /// <param name="requestClaims">Any additional claims to add to the request</param> /// <returns></returns> public static RequestSecurityToken RequestSecurityToken(SecurityToken bootstrapSecurityToken, X509Certificate2 clientCertificate, Uri RelyingPartyAdress, IEnumerable<RequestClaim> requestClaims) { var requestSecurityToken = new RequestSecurityToken(WSTrust13Constants.RequestTypes.Issue); requestSecurityToken.AppliesTo = new EndpointAddress(RelyingPartyAdress); requestSecurityToken.TokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"; requestSecurityToken.KeyType = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey"; requestSecurityToken.ActAs = new SecurityTokenElement(bootstrapSecurityToken); SecurityKeyIdentifierClause clause = new X509RawDataKeyIdentifierClause(clientCertificate); requestSecurityToken.UseKey = new UseKey(new SecurityKeyIdentifier(clause), new X509SecurityToken(clientCertificate)); foreach (RequestClaim claim in requestClaims) { requestSecurityToken.Claims.Add(claim); } return requestSecurityToken; }
/// <summary> /// Generate a sample MetadataBase. /// </summary> /// <remarks> /// In a production system this would be generated from the STS configuration. /// </remarks> public static MetadataBase GetFederationMetadata() { string endpointId = "http://localhost:61754/"; EntityDescriptor metadata = new EntityDescriptor(); metadata.EntityId = new EntityId(endpointId); // Define the signing key string signingCertificateName = WebConfigurationManager.AppSettings["SigningCertificateName"]; X509Certificate2 cert = CertificateUtil.GetCertificate(StoreName.My, StoreLocation.LocalMachine, signingCertificateName); metadata.SigningCredentials = new X509SigningCredentials(cert); // Create role descriptor for security token service SecurityTokenServiceDescriptor stsRole = new SecurityTokenServiceDescriptor(); stsRole.ProtocolsSupported.Add(new Uri(WSFederationMetadataConstants.Namespace)); metadata.RoleDescriptors.Add(stsRole); // Add a contact name ContactPerson person = new ContactPerson(ContactType.Administrative); person.GivenName = "contactName"; stsRole.Contacts.Add(person); // Include key identifier for signing key in metadata SecurityKeyIdentifierClause clause = new X509RawDataKeyIdentifierClause(cert); SecurityKeyIdentifier ski = new SecurityKeyIdentifier(clause); KeyDescriptor signingKey = new KeyDescriptor(ski); signingKey.Use = KeyType.Signing; stsRole.Keys.Add(signingKey); // Add endpoints string activeSTSUrl = "http://localhost:61754/"; EndpointAddress endpointAddress = new EndpointAddress(new Uri(activeSTSUrl), null, null, GetMetadataReader(activeSTSUrl), null); stsRole.SecurityTokenServiceEndpoints.Add(endpointAddress); // Add a collection of offered claims // NOTE: In this sample, these claims must match the claims actually generated in CustomSecurityTokenService.GetOutputClaimsIdentity. // In a production system, there would be some common data store that both use stsRole.ClaimTypesOffered.Add(new DisplayClaim(ClaimTypes.Name, "Name", "The name of the subject.")); stsRole.ClaimTypesOffered.Add(new DisplayClaim(ClaimTypes.Role, "Role", "The role of the subject.")); // Add a special claim for the QuoteService stsRole.ClaimTypesOffered.Add(new DisplayClaim(QuotationClassClaimType, "QuotationClass", "Class of quotation desired.")); return metadata; }
public override bool MatchesKeyIdentifierClause( SecurityKeyIdentifierClause keyIdentifierClause) { LocalIdKeyIdentifierClause l = keyIdentifierClause as LocalIdKeyIdentifierClause; if (l != null) { return(l.LocalId == Id); } X509ThumbprintKeyIdentifierClause t = keyIdentifierClause as X509ThumbprintKeyIdentifierClause; if (t != null) { return(t.Matches(cert)); } X509IssuerSerialKeyIdentifierClause i = keyIdentifierClause as X509IssuerSerialKeyIdentifierClause; if (i != null) { return(i.Matches(cert)); } X509SubjectKeyIdentifierClause s = keyIdentifierClause as X509SubjectKeyIdentifierClause; if (s != null) { return(s.Matches(cert)); } X509RawDataKeyIdentifierClause r = keyIdentifierClause as X509RawDataKeyIdentifierClause; if (r != null) { return(r.Matches(cert)); } return(false); }
public override void WriteKeyIdentifierClauseCore(XmlDictionaryWriter writer, SecurityKeyIdentifierClause keyIdentifierClause) { X509RawDataKeyIdentifierClause x509Clause = keyIdentifierClause as X509RawDataKeyIdentifierClause; if (x509Clause != null) { writer.WriteStartElement(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509Data, NamespaceUri); writer.WriteStartElement(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509Certificate, NamespaceUri); byte[] certBytes = x509Clause.GetX509RawData(); writer.WriteBase64(certBytes, 0, certBytes.Length); writer.WriteEndElement(); writer.WriteEndElement(); } X509IssuerSerialKeyIdentifierClause issuerSerialClause = keyIdentifierClause as X509IssuerSerialKeyIdentifierClause; if (issuerSerialClause != null) { writer.WriteStartElement(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509Data, XD.XmlSignatureDictionary.Namespace); writer.WriteStartElement(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509IssuerSerial, XD.XmlSignatureDictionary.Namespace); writer.WriteElementString(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509IssuerName, XD.XmlSignatureDictionary.Namespace, issuerSerialClause.IssuerName); writer.WriteElementString(XD.XmlSignatureDictionary.Prefix.Value, XD.XmlSignatureDictionary.X509SerialNumber, XD.XmlSignatureDictionary.Namespace, issuerSerialClause.IssuerSerialNumber); writer.WriteEndElement(); writer.WriteEndElement(); return; } X509SubjectKeyIdentifierClause skiClause = keyIdentifierClause as X509SubjectKeyIdentifierClause; if (skiClause != null) { writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace); writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509SKI, XmlSignatureConstants.Namespace); byte[] ski = skiClause.GetX509SubjectKeyIdentifier(); writer.WriteBase64(ski, 0, ski.Length); writer.WriteEndElement(); writer.WriteEndElement(); return; } }
public override SecurityKeyIdentifierClause ReadKeyIdentifierClauseCore(XmlDictionaryReader reader) { SecurityKeyIdentifierClause ski = null; reader.ReadStartElement(XD.XmlSignatureDictionary.X509Data, NamespaceUri); while (reader.IsStartElement()) { if (ski == null && reader.IsStartElement(XD.XmlSignatureDictionary.X509Certificate, NamespaceUri)) { X509Certificate2 certificate = null; if (!SecurityUtils.TryCreateX509CertificateFromRawData(reader.ReadElementContentAsBase64(), out certificate)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityMessageSerializationException(SR.GetString(SR.InvalidX509RawData))); } ski = new X509RawDataKeyIdentifierClause(certificate); } else if (ski == null && reader.IsStartElement(XmlSignatureStrings.X509Ski, NamespaceUri.ToString())) { ski = new X509SubjectKeyIdentifierClause(reader.ReadElementContentAsBase64()); } else if ((ski == null) && reader.IsStartElement(XD.XmlSignatureDictionary.X509IssuerSerial, XD.XmlSignatureDictionary.Namespace)) { reader.ReadStartElement(XD.XmlSignatureDictionary.X509IssuerSerial, XD.XmlSignatureDictionary.Namespace); reader.ReadStartElement(XD.XmlSignatureDictionary.X509IssuerName, XD.XmlSignatureDictionary.Namespace); string issuerName = reader.ReadContentAsString(); reader.ReadEndElement(); reader.ReadStartElement(XD.XmlSignatureDictionary.X509SerialNumber, XD.XmlSignatureDictionary.Namespace); string serialNumber = reader.ReadContentAsString(); reader.ReadEndElement(); reader.ReadEndElement(); ski = new X509IssuerSerialKeyIdentifierClause(issuerName, serialNumber); } else { reader.Skip(); } } reader.ReadEndElement(); return(ski); }
public ActionResult FederationMetadata() { var endpoint = Request.Url.Scheme + "://" + Request.Url.Host + ":" + Request.Url.Port; var entityDescriptor = new EntityDescriptor(new EntityId(ConfigurationManager.AppSettings["stsName"])) { SigningCredentials = CertificateFactory.GetSigningCredentials() }; var roleDescriptor = new SecurityTokenServiceDescriptor(); roleDescriptor.Contacts.Add(new ContactPerson(ContactType.Administrative)); var clause = new X509RawDataKeyIdentifierClause(CertificateFactory.GetCertificate()); var securityKeyIdentifier = new SecurityKeyIdentifier(clause); var signingKey = new KeyDescriptor(securityKeyIdentifier) {Use = KeyType.Signing}; roleDescriptor.Keys.Add(signingKey); var endpointAddress = new System.IdentityModel.Protocols.WSTrust.EndpointReference(endpoint + "/Security/Authorize"); roleDescriptor.PassiveRequestorEndpoints.Add(endpointAddress); roleDescriptor.SecurityTokenServiceEndpoints.Add(endpointAddress); roleDescriptor.ProtocolsSupported.Add(new Uri("http://docs.oasis-open.org/wsfed/federation/200706")); entityDescriptor.RoleDescriptors.Add(roleDescriptor); var serializer = new MetadataSerializer(); var settings = new XmlWriterSettings {Encoding = Encoding.UTF8}; var memoryStream = new MemoryStream(); var writer = XmlWriter.Create(memoryStream, settings); serializer.WriteMetadata(writer,entityDescriptor); writer.Flush(); var content = Content(Encoding.UTF8.GetString(memoryStream.GetBuffer()), "text/xml"); writer.Dispose(); return content; }
/// <summary> /// Inherited from <see cref="SecurityTokenResolver"/>. /// </summary> protected override bool TryResolveTokenCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityToken token) { if (keyIdentifierClause == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("keyIdentifierClause"); } token = null; // // Try raw X509 // X509RawDataKeyIdentifierClause rawDataClause = keyIdentifierClause as X509RawDataKeyIdentifierClause; if (rawDataClause != null) { token = new X509SecurityToken(new X509Certificate2(rawDataClause.GetX509RawData())); return(true); } // // Try RSA // RsaKeyIdentifierClause rsaClause = keyIdentifierClause as RsaKeyIdentifierClause; if (rsaClause != null) { token = new RsaSecurityToken(rsaClause.Rsa); return(true); } if (_wrappedTokenResolver.TryResolveToken(keyIdentifierClause, out token)) { return(true); } return(false); }
private static SecurityKeyIdentifierClause ReadX509Certificate(XmlReader reader) { reader.ReadStartElement("X509Certificate", SignedXml.XmlDsigNamespaceUrl); var clause = new X509RawDataKeyIdentifierClause( ((XmlDictionaryReader)reader).ReadContentAsBase64()); reader.ReadEndElement(); return clause; }
public override SecurityKeyIdentifierClause ReadKeyIdentifierClauseCore( XmlDictionaryReader reader ) { SecurityKeyIdentifierClause ski = null; reader.ReadStartElement( XD.XmlSignatureDictionary.X509Data, NamespaceUri ); while ( reader.IsStartElement() ) { if ( ski == null && reader.IsStartElement( XD.XmlSignatureDictionary.X509Certificate, NamespaceUri ) ) { X509Certificate2 certificate = null; if ( !SecurityUtils.TryCreateX509CertificateFromRawData( reader.ReadElementContentAsBase64(), out certificate ) ) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new SecurityMessageSerializationException( SR.GetString( SR.InvalidX509RawData ) ) ); } ski = new X509RawDataKeyIdentifierClause( certificate ); } else if ( ski == null && reader.IsStartElement( XmlSignatureStrings.X509Ski, NamespaceUri.ToString() ) ) { ski = new X509SubjectKeyIdentifierClause( reader.ReadElementContentAsBase64() ); } else if ( ( ski == null ) && reader.IsStartElement( XD.XmlSignatureDictionary.X509IssuerSerial, XD.XmlSignatureDictionary.Namespace ) ) { reader.ReadStartElement( XD.XmlSignatureDictionary.X509IssuerSerial, XD.XmlSignatureDictionary.Namespace ); reader.ReadStartElement( XD.XmlSignatureDictionary.X509IssuerName, XD.XmlSignatureDictionary.Namespace ); string issuerName = reader.ReadContentAsString(); reader.ReadEndElement(); reader.ReadStartElement( XD.XmlSignatureDictionary.X509SerialNumber, XD.XmlSignatureDictionary.Namespace ); string serialNumber = reader.ReadContentAsString(); reader.ReadEndElement(); reader.ReadEndElement(); ski = new X509IssuerSerialKeyIdentifierClause( issuerName, serialNumber ); } else { reader.Skip(); } } reader.ReadEndElement(); return ski; }
/// <summary> /// Resolves the given SecurityKeyIdentifierClause to a SecurityToken. /// </summary> /// <param name="keyIdentifierClause">SecurityKeyIdentifierClause to resolve.</param> /// <param name="token">The resolved SecurityToken.</param> /// <returns>True if successfully resolved.</returns> /// <exception cref="ArgumentNullException">The input argument 'keyIdentifierClause' is null.</exception> protected override bool TryResolveTokenCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityToken token) { if (keyIdentifierClause == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("keyIdentifierClause"); } token = null; X509Store store = null; X509Certificate2Collection certs = null; try { store = new X509Store(this.storeName, this.storeLocation); store.Open(OpenFlags.ReadOnly); certs = store.Certificates; foreach (X509Certificate2 cert in certs) { X509ThumbprintKeyIdentifierClause thumbprintKeyIdentifierClause = keyIdentifierClause as X509ThumbprintKeyIdentifierClause; if (thumbprintKeyIdentifierClause != null && thumbprintKeyIdentifierClause.Matches(cert)) { token = new X509SecurityToken(cert); return(true); } X509IssuerSerialKeyIdentifierClause issuerSerialKeyIdentifierClause = keyIdentifierClause as X509IssuerSerialKeyIdentifierClause; if (issuerSerialKeyIdentifierClause != null && issuerSerialKeyIdentifierClause.Matches(cert)) { token = new X509SecurityToken(cert); return(true); } X509SubjectKeyIdentifierClause subjectKeyIdentifierClause = keyIdentifierClause as X509SubjectKeyIdentifierClause; if (subjectKeyIdentifierClause != null && subjectKeyIdentifierClause.Matches(cert)) { token = new X509SecurityToken(cert); return(true); } X509RawDataKeyIdentifierClause rawDataKeyIdentifierClause = keyIdentifierClause as X509RawDataKeyIdentifierClause; if (rawDataKeyIdentifierClause != null && rawDataKeyIdentifierClause.Matches(cert)) { token = new X509SecurityToken(cert); return(true); } } } finally { if (certs != null) { for (int i = 0; i < certs.Count; i++) { certs[i].Reset(); } } if (store != null) { store.Close(); } } return(false); }
/// <summary> /// Serialize a SecurityKeyIdentifierClause to the given XmlWriter. /// </summary> /// <param name="writer">XmlWriter to which the SecurityKeyIdentifierClause is serialized.</param> /// <param name="securityKeyIdentifierClause">SecurityKeyIdentifierClause to serialize.</param> /// <exception cref="ArgumentNullException">The input parameter 'reader' or 'securityKeyIdentifierClause' is null.</exception> /// <exception cref="ArgumentException">The parameter 'securityKeyIdentifierClause' is not a supported clause type.</exception> public override void WriteKeyIdentifierClause(XmlWriter writer, SecurityKeyIdentifierClause securityKeyIdentifierClause) { if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if (securityKeyIdentifierClause == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("securityKeyIdentifierClause"); } X509IssuerSerialKeyIdentifierClause issuerSerialClause = securityKeyIdentifierClause as X509IssuerSerialKeyIdentifierClause; if (issuerSerialClause != null) { writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace); writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509IssuerSerial, XmlSignatureConstants.Namespace); writer.WriteElementString(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509IssuerName, XmlSignatureConstants.Namespace, issuerSerialClause.IssuerName); writer.WriteElementString(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509SerialNumber, XmlSignatureConstants.Namespace, issuerSerialClause.IssuerSerialNumber); writer.WriteEndElement(); writer.WriteEndElement(); return; } X509SubjectKeyIdentifierClause skiClause = securityKeyIdentifierClause as X509SubjectKeyIdentifierClause; if (skiClause != null) { writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace); writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509SKI, XmlSignatureConstants.Namespace); byte[] ski = skiClause.GetX509SubjectKeyIdentifier(); writer.WriteBase64(ski, 0, ski.Length); writer.WriteEndElement(); writer.WriteEndElement(); return; } #if INCLUDE_CERT_CHAIN X509ChainRawDataKeyIdentifierClause x509ChainDataClause = securityKeyIdentifierClause as X509ChainRawDataKeyIdentifierClause; if (x509ChainDataClause != null) { writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace); for (int i = 0; i < x509ChainDataClause.CertificateCount; i++) { writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Certificate, XmlSignatureConstants.Namespace); byte[] rawData = x509ChainDataClause.GetX509RawData(i); writer.WriteBase64(rawData, 0, rawData.Length); writer.WriteEndElement(); } writer.WriteEndElement(); return; } #endif X509RawDataKeyIdentifierClause rawDataClause = securityKeyIdentifierClause as X509RawDataKeyIdentifierClause; if (rawDataClause != null) { writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Data, XmlSignatureConstants.Namespace); writer.WriteStartElement(XmlSignatureConstants.Prefix, XmlSignatureConstants.Elements.X509Certificate, XmlSignatureConstants.Namespace); byte[] rawData = rawDataClause.GetX509RawData(); writer.WriteBase64(rawData, 0, rawData.Length); writer.WriteEndElement(); writer.WriteEndElement(); return; } throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("securityKeyIdentifierClause", SR.GetString(SR.ID4259, securityKeyIdentifierClause.GetType())); }
static ClaimsPrincipal ValidateTokenWithX509SecurityToken(X509RawDataKeyIdentifierClause x509DataClause, string token) { var validatingCertificate = new X509Certificate2(x509DataClause.GetX509RawData()); var tokenHandler = new JwtSecurityTokenHandler(); var x509SecurityToken = new X509SecurityToken(validatingCertificate); var validationParameters = new TokenValidationParameters() { AllowedAudience = "http://www.example.com", SigningToken = x509SecurityToken, ValidIssuer = "self", }; ClaimsPrincipal claimsPrincipal = tokenHandler.ValidateToken(new JwtSecurityToken(token), validationParameters); return claimsPrincipal; }