本文整理汇总了C#中RequestSecurityToken类的典型用法代码示例。如果您正苦于以下问题:C# RequestSecurityToken类的具体用法?C# RequestSecurityToken怎么用?C# RequestSecurityToken使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
RequestSecurityToken类属于命名空间,在下文中一共展示了RequestSecurityToken类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C#代码示例。
示例1: GetToken
private static SecurityToken GetToken()
{
string stsEndpoint = "https://win-beju5ai4tp7.pbdev.codit.eu/adfs/services/trust/2005/windowstransport";
// Windows authentication over transport security
var factory = new WSTrustChannelFactory(
new WindowsWSTrustBinding(SecurityMode.Transport),
stsEndpoint);
factory.TrustVersion = TrustVersion.WSTrustFeb2005;
var rst = new RequestSecurityToken
{
RequestType = RequestTypes.Issue,
AppliesTo = new EndpointAddress("https://localhost:8732/ClaimsEnumeratorService/"),
KeyType = KeyTypes.Symmetric
};
var channel = factory.CreateChannel();
SecurityToken tk = channel.Issue(rst);
Console.WriteLine(tk.Id);
foreach (var key in tk.SecurityKeys)
{
Console.WriteLine(key.KeySize.ToString());
}
Console.WriteLine(tk.ValidFrom);
Console.WriteLine(tk.ValidTo);
return tk;
}示例2: Main
static void Main(String[] arguments)
{
if (2 != arguments.Length)
{
ShowUsage();
return;
}
String userName = arguments[0];
String password = arguments[1];
var serviceAddress = "http://127.0.0.1:450/TimeService.svc";
var factory = new WSTrustChannelFactory("issuer");
factory.Credentials.UserName.UserName = userName;
factory.Credentials.UserName.Password = password;
var channel = factory.CreateChannel() as WSTrustChannel;
var rst = new RequestSecurityToken("http://schemas.microsoft.com/idfx/requesttype/issue");
rst.AppliesTo = new EndpointAddress(serviceAddress);
RequestSecurityTokenResponse rstr = null;
Console.WriteLine("Before issue");
var token = channel.Issue(rst, out rstr);
Console.WriteLine("After issue");
}示例3: RequestIdentityToken
private static string RequestIdentityToken()
{
"Requesting identity token".ConsoleYellow();
var factory = new WSTrustChannelFactory(
new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential),
_idpEndpoint);
factory.TrustVersion = TrustVersion.WSTrust13;
factory.Credentials.ClientCertificate.SetCertificate(
StoreLocation.CurrentUser,
StoreName.My,
X509FindType.FindBySubjectDistinguishedName,
"CN=Client");
var rst = new RequestSecurityToken
{
RequestType = RequestTypes.Issue,
KeyType = KeyTypes.Bearer,
AppliesTo = _acsBaseAddress
};
var token = factory.CreateChannel().Issue(rst) as GenericXmlSecurityToken;
return token.TokenXml.OuterXml;
}示例4: GetScope
protected override Scope GetScope(IClaimsPrincipal principal, RequestSecurityToken request)
{
Scope scope = new Scope(request.AppliesTo.Uri.AbsoluteUri, SecurityTokenServiceConfiguration.SigningCredentials);
string encryptingCertificateName = WebConfigurationManager.AppSettings[ApplicationSettingsNames.EncryptingCertificateName];
if (!string.IsNullOrEmpty(encryptingCertificateName))
{
scope.EncryptingCredentials = new X509EncryptingCredentials(CertificateUtilities.GetCertificate(StoreName.My, StoreLocation.LocalMachine, encryptingCertificateName));
}
else
{
scope.TokenEncryptionRequired = false;
}
if (!string.IsNullOrEmpty(request.ReplyTo))
{
scope.ReplyToAddress = request.ReplyTo;
}
else
{
scope.ReplyToAddress = scope.AppliesToAddress;
}
return scope;
}示例5: ValidateUser
public bool ValidateUser(string userId, string password, out SessionSecurityToken sessionToken)
{
// authenticate with WS-Trust endpoint
var factory = new WSTrustChannelFactory(
new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential),
new EndpointAddress("https://localhost/ActiveSTS/SecurityTokenService.svc"));
factory.Credentials.SupportInteractive = false;
factory.Credentials.UserName.UserName = userId;
factory.Credentials.UserName.Password = password;
var rst = new RequestSecurityToken
{
RequestType = RequestTypes.Issue,
AppliesTo = new EndpointAddress("https://localhost/stsclient/"),
KeyType = KeyTypes.Bearer,
TokenType = Microsoft.IdentityModel.Tokens.SecurityTokenTypes.Saml11TokenProfile11,
};
var channel = factory.CreateChannel();
var genericToken = channel.Issue(rst) as System.IdentityModel.Tokens.GenericXmlSecurityToken;
// parse token
var handlers = FederatedAuthentication.ServiceConfiguration.SecurityTokenHandlers;
var token = handlers.ReadToken(new XmlTextReader(new StringReader(genericToken.TokenXml.OuterXml)));
var identity = handlers.ValidateToken(token).First();
// create session token
sessionToken = new SessionSecurityToken(ClaimsPrincipal.CreateFromIdentity(identity));
return true;
}示例6: GetScope
/// <summary>
/// Returns the configuration for the token issuance request.
/// </summary>
/// <param name="principal">The caller's principal.</param>
/// <param name="request">The incoming request security token.</param>
/// <returns>The scope information to be used for the token issuance.</returns>
protected override Scope GetScope(IClaimsPrincipal principal, RequestSecurityToken request)
{
// Verify the request, i.e. the requesting realm. The reply address does not need to be
// checked since it is being hardcoded within this security token service and does not
// depend on the request hence.
var appliesTo = request.AppliesTo.Uri.AbsoluteUri;
if(appliesTo != "http://www.silkveil.net/")
{
throw new SecurityException(string.Format(CultureInfo.CurrentUICulture,
"The uri '{0}' is not supported.", appliesTo));
}
// Create the scope.
var scope = new Scope(
request.AppliesTo.Uri.OriginalString,
this.SecurityTokenServiceConfiguration.SigningCredentials,
new X509EncryptingCredentials(new CertificateManager().GetEncryptingCertificate()));
// Get the navigation service.
var navigationService = this._container.Resolve<INavigationService>();
// Set the reply to address.
scope.ReplyToAddress = navigationService.GetUIPath();
// Return the scope to the caller.
return scope;
}示例7: ProcessAccessTokenRequest
/// <summary>
///
/// </summary>
/// <param name="requestMessage"></param>
/// <param name="config"></param>
/// <param name="withRefreshToken"></param>
/// <returns></returns>
public static AccessTokenResponse ProcessAccessTokenRequest(AccessTokenRequest requestMessage, SecurityTokenServiceConfiguration config, Boolean withRefreshToken)
{
ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true;
// Call issuer to create token
WSTrustChannelFactory factory = new WSTrustChannelFactory("issuer");
// TODO: factory.Credentials.UserName.UserName = requestMessage.Name ?? requestMessage.ClientId;
// TODO: factory.Credentials.UserName.Password = requestMessage.Password ?? requestMessage.ClientSecret;
WSTrustChannel issuer = factory.CreateChannel() as WSTrustChannel;
RequestSecurityToken rst = new RequestSecurityToken(WSTrust13Constants.RequestTypes.Issue);
rst.AppliesTo = new EndpointAddress("https://wrap.client");
rst.KeyType = WSTrust13Constants.KeyTypes.Bearer;
RequestSecurityTokenResponse response = null;
issuer.Issue(rst, out response);
WSTrustSerializationContext context = new WSTrustSerializationContext(
config.SecurityTokenHandlerCollectionManager,
config.CreateAggregateTokenResolver(),
config.IssuerTokenResolver);
// Create response
var token = response.RequestedSecurityToken.SecurityToken;
if (null == token)
{
using (XmlReader reader = new XmlNodeReader(response.RequestedSecurityToken.SecurityTokenXml))
{
token = FederatedAuthentication.ServiceConfiguration.SecurityTokenHandlers.ReadToken(reader);
}
token = ConvertToSimpleWebToken(token, response);
}
// Write token
return WriteToken(token, withRefreshToken);
}示例8: GetScope
protected override Scope GetScope(IClaimsPrincipal principal, RequestSecurityToken request)
{
this.scopeModel = this.ValidateAppliesTo(request.AppliesTo);
var scope = new Scope(request.AppliesTo.Uri.OriginalString, SecurityTokenServiceConfiguration.SigningCredentials);
scope.TokenEncryptionRequired = false;
string replyTo;
if (!string.IsNullOrEmpty(request.ReplyTo))
{
replyTo = request.ReplyTo;
}
else if (this.scopeModel.Url != null)
{
replyTo = this.scopeModel.Url.ToString();
}
else
{
replyTo = scope.AppliesToAddress;
}
scope.ReplyToAddress = replyTo;
return scope;
}示例9: GetToken
public static SecurityToken GetToken(SecurityToken dobstsToken, string endpointUri, string spRealm)
{
// WSTrust call over SSL with credentails sent in the message.
var binding = new IssuedTokenWSTrustBinding();
binding.SecurityMode = SecurityMode.TransportWithMessageCredential;
var factory = new WSTrustChannelFactory(
binding,
endpointUri);
factory.TrustVersion = TrustVersion.WSTrust13;
factory.Credentials.SupportInteractive = false;
// Request Bearer Token so no keys or encryption required.
var rst = new RequestSecurityToken
{
RequestType = RequestTypes.Issue,
AppliesTo = new EndpointAddress(spRealm),
KeyType = KeyTypes.Bearer
};
// Make the request with the DobstsToken.
factory.ConfigureChannelFactory();
var channel = factory.CreateChannelWithIssuedToken(dobstsToken);
return channel.Issue(rst) as GenericXmlSecurityToken;
}示例10: GetScope
/// <summary>
/// Analyzes the token request
/// </summary>
/// <param name="principal">The principal.</param>
/// <param name="request">The request.</param>
/// <returns>A PolicyScope that describes the relying party and policy options</returns>
protected override Scope GetScope(IClaimsPrincipal principal, RequestSecurityToken rst)
{
if (rst.AppliesTo == null)
{
Tracing.Error(string.Format("token request from {0} - but no realm specified.",
principal.Identity.Name));
throw new MissingAppliesToException();
}
Tracing.Information(string.Format("Starting token request from {0} for {1}",
principal.Identity.Name,
rst.AppliesTo.Uri.AbsoluteUri));
Tracing.Information("Authentication method: " + principal.Identities.First().GetClaimValue(ClaimTypes.AuthenticationMethod));
// analyze request
var request = new Request(GlobalConfiguration);
var details = request.Analyze(rst, principal);
// validate against policy
request.Validate(details);
// create scope
var scope = new RequestDetailsScope(
details,
SecurityTokenServiceConfiguration.SigningCredentials,
GlobalConfiguration.RequireEncryption);
return scope;
}示例11: GetScope
protected override Scope GetScope(IClaimsPrincipal principal, RequestSecurityToken request)
{
throw new NotImplementedException();
var scope = new Scope();
return scope;
}示例12: GetScope
protected override Scope GetScope(IClaimsPrincipal principal, RequestSecurityToken request)
{
ValidateAppliesTo(request.AppliesTo);
Scope scope = new Scope(request.AppliesTo.Uri.OriginalString,
SecurityTokenServiceConfiguration.SigningCredentials);
var settings = ServiceLocator.Current.GetInstance<IEncryptionSettings>();
if (settings.Encrypt)
{
// Important note on setting the encrypting credentials.
// In a production deployment, you would need to select a certificate that is specific to the RP that is requesting the token.
// You can examine the 'request' to obtain information to determine the certificate to use.
scope.EncryptingCredentials = new X509EncryptingCredentials(settings.Certificate);
}
else
{
// If there is no encryption certificate specified, the STS will not perform encryption.
// This will succeed for tokens that are created without keys (BearerTokens) or asymmetric keys.
scope.TokenEncryptionRequired = false;
}
// Set the ReplyTo address for the WS-Federation passive protocol (wreply). This is the address to which responses will be directed.
// In this template, we have chosen to set this to the AppliesToAddress.
scope.ReplyToAddress = scope.AppliesToAddress;
return scope;
}示例13: GetResponse
/// <summary>
/// Creates the token response and invokes the logging callbacks.
/// </summary>
/// <param name="request">The request.</param>
/// <param name="tokenDescriptor">The token descriptor.</param>
/// <returns>A RequestSecurityTokenResponse</returns>
protected override RequestSecurityTokenResponse GetResponse(RequestSecurityToken request, SecurityTokenDescriptor tokenDescriptor)
{
var response = base.GetResponse(request, tokenDescriptor);
// see if token is encrypted
EncryptedSecurityToken encryptedToken = tokenDescriptor.Token as EncryptedSecurityToken;
SecurityToken token;
if (encryptedToken != null)
{
// if so, use inner token
token = encryptedToken.Token;
}
else
{
// if not, use the token directly
token = tokenDescriptor.Token;
}
var sb = new StringBuilder(128);
FederatedAuthentication.ServiceConfiguration.SecurityTokenHandlers.WriteToken(XmlWriter.Create(new StringWriter(sb)), token);
try
{
// do logging callback
OnTrace(
XElement.Parse(SerializeRequest(request)),
XElement.Parse(SerializeResponse(response)),
XElement.Parse(sb.ToString()));
}
catch
{ }
return response;
}示例14: GetScope
/// <summary>
/// This method returns the configuration for the token issuance request. The configuration
/// is represented by the Scope class. In our case, we are only capable of issuing a token for a
/// single RP identity represented by the EncryptingCertificateName.
/// </summary>
/// <param name="principal">The caller's principal.</param>
/// <param name="request">The incoming RST.</param>
/// <returns>The scope information to be used for the token issuance.</returns>
protected override Scope GetScope(IClaimsPrincipal principal, RequestSecurityToken request)
{
ValidateAppliesTo(request.AppliesTo);
//
// Note: The signing certificate used by default has a Distinguished name of "CN=STSTestCert",
// and is located in the Personal certificate store of the Local Computer. Before going into production,
// ensure that you change this certificate to a valid CA-issued certificate as appropriate.
//
Scope scope = new Scope(request.AppliesTo.Uri.OriginalString, SecurityTokenServiceConfiguration.SigningCredentials);
if (!string.IsNullOrEmpty(_encryptingCertificateName))
{
// Important note on setting the encrypting credentials.
// In a production deployment, you would need to select a certificate that is specific to the RP that is requesting the token.
// You can examine the 'request' to obtain information to determine the certificate to use.
scope.EncryptingCredentials = new X509EncryptingCredentials(CertificateUtil.GetCertificate(StoreName.My, StoreLocation.LocalMachine, _encryptingCertificateName));
}
else
{
// If there is no encryption certificate specified, the STS will not perform encryption.
// This will succeed for tokens that are created without keys (BearerTokens) or asymmetric keys.
scope.TokenEncryptionRequired = false;
}
// Set the ReplyTo address for the WS-Federation passive protocol (wreply). This is the address to which responses will be directed.
// In this template, we have chosen to set this to the AppliesToAddress.
scope.ReplyToAddress = scope.AppliesToAddress;
return scope;
}示例15: Validate_NoRealm
public void Validate_NoRealm()
{
var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue };
var details = request.Analyze(rst, _alice);
// unknown realm
request.Validate();
}