本文整理汇总了C#中System.IdentityModel.Protocols.WSTrust.RequestSecurityToken类的典型用法代码示例。如果您正苦于以下问题:C# RequestSecurityToken类的具体用法?C# RequestSecurityToken怎么用?C# RequestSecurityToken使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
RequestSecurityToken类属于System.IdentityModel.Protocols.WSTrust命名空间,在下文中一共展示了RequestSecurityToken类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C#代码示例。
示例1: GetScope
protected override Scope GetScope(ClaimsPrincipal principal, RequestSecurityToken request)
{
ValidateAppliesTo(request.AppliesTo);
var scope = new Scope(request.AppliesTo.Uri.AbsoluteUri, SecurityTokenServiceConfiguration.SigningCredentials);
if (Uri.IsWellFormedUriString(request.ReplyTo, UriKind.Absolute))
{
if (request.AppliesTo.Uri.Host != new Uri(request.ReplyTo).Host)
scope.ReplyToAddress = request.AppliesTo.Uri.AbsoluteUri;
else
scope.ReplyToAddress = request.ReplyTo;
}
else
{
Uri resultUri = null;
if (Uri.TryCreate(request.AppliesTo.Uri, request.ReplyTo, out resultUri))
scope.ReplyToAddress = resultUri.AbsoluteUri;
else
scope.ReplyToAddress = request.AppliesTo.Uri.ToString();
}
scope.TokenEncryptionRequired = false;
scope.SymmetricKeyEncryptionRequired = false;
return scope;
}示例2: Main
static void Main(string[] args) {
string idpAddress = "https://idp.contoso.com/SecurityTokenService/Issue.svc/mixed/username";
string fedAddress = "https://sts.contoso.com/adfs/services/trust/13/IssuedTokenMixedSymmetricBasic256";
string svcAddress = "https://internalcrm.contoso.com";
var idpBinding = new UserNameWSTrustBinding() {
SecurityMode = SecurityMode.TransportWithMessageCredential
};
var fedBinding = new IssuedTokenWSTrustBinding(idpBinding, new EndpointAddress(idpAddress)) {
SecurityMode = SecurityMode.TransportWithMessageCredential,
//KeyType = SecurityKeyType.SymmetricKey
};
var channelFactory = new WSTrustChannelFactory(fedBinding, fedAddress);
channelFactory.Credentials.UserName.UserName = "[email protected]";
channelFactory.Credentials.UserName.Password = "pw";
var request = new RequestSecurityToken {
RequestType = RequestTypes.Issue,
AppliesTo = new EndpointReference(svcAddress),
//TokenType = Microsoft.IdentityModel.Tokens.SecurityTokenTypes.Saml2TokenProfile11,
//TokenType = SecurityTokenTypes.Saml,
};
var token = channelFactory.CreateChannel().Issue(request);
//return token;
}示例3: GetOutputClaimsIdentity
protected override ClaimsIdentity GetOutputClaimsIdentity(ClaimsPrincipal principal, RequestSecurityToken request, Scope scope)
{
ClaimsIdentity sourceIdentity = principal.Identities.First();
ClaimsIdentity destinationIndentity = new ClaimsIdentity("Sample");
CopyClaim(sourceIdentity, destinationIndentity);
return destinationIndentity;
}示例4: GetOutputClaimsIdentity
protected override ClaimsIdentity GetOutputClaimsIdentity(ClaimsPrincipal principal, RequestSecurityToken request, Scope scope)
{
if (principal == null)
{
throw new InvalidRequestException("The caller's principal is null.");
}
// check github
string ak = principal.FindFirst(Constants.CLAIM_TYPE_GITHUB_AK).Value;
string openid = Utility.GetOpenId(ak);
// check account
ADAccountInfo info = AccountHelper.GetHelper().GetAccount(openid);
if (info == null)
{
throw new InvalidRequestException("wrong github login or not binded, cannot login.");
}
var claims = new[]
{
new Claim(Constants.CLAIM_TYPE_PRIMARY_SID, info.primarysid),
new Claim(System.IdentityModel.Claims.ClaimTypes.Upn, info.upnUpper),
new Claim(System.IdentityModel.Claims.ClaimTypes.Upn, info.upnLower),
new Claim(System.IdentityModel.Claims.ClaimTypes.Name, info.name),
};
var id = new ClaimsIdentity(claims);
return id;
}示例5: GetScope
/// <summary>
/// Analyzes the token request
/// </summary>
/// <param name="principal">The principal.</param>
/// <param name="request">The request.</param>
/// <returns>A PolicyScope that describes the relying party and policy options</returns>
protected override Scope GetScope(ClaimsPrincipal principal, RequestSecurityToken rst)
{
if (rst.AppliesTo == null)
{
Tracing.Error(string.Format("token request from {0} - but no realm specified.",
principal.Identity.Name));
throw new Exception();
//throw new MissingAppliesToException();
}
Tracing.Information(string.Format("Starting token request from {0} for {1}",
principal.Identity.Name,
rst.AppliesTo.Uri.AbsoluteUri));
Tracing.Information("Authentication method: " + principal.Identities.First().FindFirst(ClaimTypes.AuthenticationMethod).Value);
// analyze request
var request = new Request(GlobalConfiguration);
var details = request.Analyze(rst, principal);
// validate against policy
request.Validate(details);
// create scope
var scope = new RequestDetailsScope(
details,
SecurityTokenServiceConfiguration.SigningCredentials,
GlobalConfiguration.RequireEncryption);
return scope;
}示例6: GetToken
public string GetToken(string idpEndpoint, string rstsRealm)
{
var binding = new WindowsWSTrustBinding(SecurityMode.TransportWithMessageCredential);
var factory = new System.ServiceModel.Security.WSTrustChannelFactory(binding, new EndpointAddress(new Uri(idpEndpoint)));
factory.TrustVersion = TrustVersion.WSTrust13;
factory.Credentials.SupportInteractive = false;
var rst = new System.IdentityModel.Protocols.WSTrust.RequestSecurityToken
{
RequestType = RequestTypes.Issue,
AppliesTo = new System.IdentityModel.Protocols.WSTrust.EndpointReference(rstsRealm),
KeyType = KeyTypes.Bearer,
TokenType = "urn:oasis:names:tc:SAML:1.0:assertion" // "urn:oasis:names:tc:SAML:2.0:assertion"
};
var channel = factory.CreateChannel();
RequestSecurityTokenResponse response = null;
try {
var securityToken = channel.Issue(rst, out response);
return Serialize(response);
}catch
{
var x = response;
}
return null;
}示例7: GetScope
protected override Scope GetScope(ClaimsPrincipal principal, RequestSecurityToken request)
{
ValidateAppliesTo(request.AppliesTo);
var scope = new Scope(request.AppliesTo.Uri.OriginalString, SecurityTokenServiceConfiguration.SigningCredentials);
if (!string.IsNullOrEmpty(ConfigurationManager.AppSettings["EncryptionCertificate"]))
{
// Important note on setting the encrypting credentials.
// In a production deployment, you would need to select a certificate that is specific to the RP that is requesting the token.
// You can examine the 'request' to obtain information to determine the certificate to use.
var encryptingCertificate = GetCertificate(ConfigurationManager.AppSettings["EncryptionCertificate"]);
var encryptingCredentials = new X509EncryptingCredentials(encryptingCertificate);
scope.EncryptingCredentials = encryptingCredentials;
}
else
{
// If there is no encryption certificate specified, the STS will not perform encryption.
// This will succeed for tokens that are created without keys (BearerTokens) or asymmetric keys.
scope.TokenEncryptionRequired = false;
}
scope.ReplyToAddress = request.ReplyTo;
return scope;
}示例8: GetOutputClaimsIdentity
protected override ClaimsIdentity GetOutputClaimsIdentity(ClaimsPrincipal principal, RequestSecurityToken request, Scope scope)
{
if (null == principal)
{
throw new ArgumentNullException("principal");
}
var outputIdentity = new ClaimsIdentity();
IEnumerable<Claim> outputClaims;
if (this.scopeModel.UseClaimsPolicyEngine)
{
IClaimsPolicyEvaluator evaluator = new ClaimsPolicyEvaluator(PolicyStoreFactory.Instance);
outputClaims = evaluator.Evaluate(new Uri(scope.AppliesToAddress), ((ClaimsIdentity)principal.Identity).Claims);
}
else
{
outputClaims = ((ClaimsIdentity)principal.Identity).Claims;
}
outputIdentity.AddClaims(outputClaims);
if (outputIdentity.Name == null && outputIdentity.Claims.SingleOrDefault(c => c.Type == ClaimTypes.NameIdentifier) != null)
outputIdentity.AddClaim(new Claim(ClaimTypes.Name, outputIdentity.Claims.SingleOrDefault(c => c.Type == ClaimTypes.NameIdentifier).Value));
var isPersistent =
((ClaimsIdentity)principal.Identity).Claims.SingleOrDefault(c => c.Type == ClaimTypes.IsPersistent);
if (isPersistent != null)
{
outputIdentity.AddClaim(new Claim(ClaimTypes.IsPersistent, isPersistent.Value));
}
return outputIdentity;
}示例9: GetActAsToken
private SecurityToken GetActAsToken()
{
// Retrieve the token that was saved during initial user login
BootstrapContext bootstrapContext = ClaimsPrincipal.Current.Identities.First().BootstrapContext as BootstrapContext;
// Use the Thinktecture-implementation of the UserNameWSBinding to setup the channel factory to ADFS
var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential);
var factory = new WSTrustChannelFactory(binding, new EndpointAddress("https://[ADFS]/adfs/services/trust/13/usernamemixed"));
// For demo purposes, we're authenticating to ADFS using a user name and password representing the web application
// If the web server is domain-joined, you can use Windows Authentication instead
factory.Credentials.UserName.UserName = "authdemos\\sa_web";
factory.Credentials.UserName.Password = "Welkom01";
factory.TrustVersion = TrustVersion.WSTrust13;
// Setup the request details to ask for a token for the backend service, acting as the logged in user
var request = new RequestSecurityToken();
request.RequestType = Thinktecture.IdentityModel.Constants.WSTrust13Constants.RequestTypes.Issue;
request.AppliesTo = new EndpointReference("https://[BackendService]/Service.svc");
request.ActAs = new SecurityTokenElement(bootstrapContext.SecurityToken);
// Create the channel
var channel = factory.CreateChannel();
RequestSecurityTokenResponse response = null;
SecurityToken delegatedToken = channel.Issue(request, out response);
// Return the acquired token
return delegatedToken;
}示例10: GetScope
protected override Scope GetScope(ClaimsPrincipal principal, RequestSecurityToken request)
{
// Validate the AppliesTo address
ValidateAppliesTo( request.AppliesTo );
// Create the scope using the request AppliesTo address and the RP identity
Scope scope = new Scope( request.AppliesTo.Uri.AbsoluteUri, _signingCreds );
if (Uri.IsWellFormedUriString(request.ReplyTo, UriKind.Absolute))
{
if (request.AppliesTo.Uri.Host != new Uri(request.ReplyTo).Host)
scope.ReplyToAddress = request.AppliesTo.Uri.AbsoluteUri;
else
scope.ReplyToAddress = request.ReplyTo;
}
else
{
Uri resultUri = null;
if (Uri.TryCreate(request.AppliesTo.Uri, request.ReplyTo, out resultUri))
scope.ReplyToAddress = resultUri.AbsoluteUri;
else
scope.ReplyToAddress = request.AppliesTo.Uri.ToString() ;
}
// Note: In this sample app only a single RP identity is shown, which is localhost, and the certificate of that RP is
// populated as _encryptingCreds
// If you have multiple RPs for the STS you would select the certificate that is specific to
// the RP that requests the token and then use that for _encryptingCreds
scope.EncryptingCredentials = _encryptingCreds;
return scope;
}示例11: TryIssueToken
public bool TryIssueToken(EndpointReference appliesTo, ClaimsPrincipal principal, string tokenType,
out SecurityToken token)
{
token = null;
var rst = new RequestSecurityToken
{
RequestType = RequestTypes.Issue,
AppliesTo = appliesTo,
KeyType = KeyTypes.Bearer,
TokenType = tokenType
};
try
{
var rstr = _sts.Issue(principal, rst);
token = rstr.RequestedSecurityToken.SecurityToken;
return true;
}
catch (Exception e)
{
Tracing.Error("Failed to issue token. An exception occurred. " + e);
return false;
}
}示例12: GetWindowsToken
private static string GetWindowsToken(string windowsAuthSiteEndPoint, string realm)
{
var identityProviderEndpoint = new EndpointAddress(new Uri(windowsAuthSiteEndPoint + TenantApiUri.WindowsAuthSite));
var identityProviderBinding = new WS2007HttpBinding(SecurityMode.Transport);
identityProviderBinding.Security.Message.EstablishSecurityContext = false;
identityProviderBinding.Security.Message.ClientCredentialType = MessageCredentialType.None;
identityProviderBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
var trustChannelFactory = new WSTrustChannelFactory(identityProviderBinding, identityProviderEndpoint)
{
TrustVersion = TrustVersion.WSTrust13,
};
trustChannelFactory.Credentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication() { CertificateValidationMode = X509CertificateValidationMode.None };
var channel = trustChannelFactory.CreateChannel();
var rst = new RequestSecurityToken(RequestTypes.Issue)
{
AppliesTo = new EndpointReference(realm),
KeyType = KeyTypes.Bearer,
};
RequestSecurityTokenResponse rstr = null;
SecurityToken token = null;
token = channel.Issue(rst, out rstr);
var tokenString = (token as GenericXmlSecurityToken).TokenXml.InnerText;
var jwtString = Encoding.UTF8.GetString(Convert.FromBase64String(tokenString));
return jwtString;
}示例13: Validate_NoRealm
public void Validate_NoRealm()
{
var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue };
var details = request.Analyze(rst, _alice);
// unknown realm
request.Validate();
}示例14: Issue
/// <summary>
/// Requests a token desribed by an RST.
/// </summary>
/// <param name="stsAddress">The STS address.</param>
/// <param name="binding">The binding.</param>
/// <param name="credentials">The credentials.</param>
/// <param name="rst">The RST.</param>
/// <param name="rstr">The RSTR.</param>
/// <returns>A SecurityToken</returns>
public static SecurityToken Issue(EndpointAddress stsAddress, Binding binding, ClientCredentials credentials, RequestSecurityToken rst, out RequestSecurityTokenResponse rstr)
{
var channel = CreateWSTrustChannel(
stsAddress,
binding,
credentials);
var token = channel.Issue(rst, out rstr);
return token;
}示例15: GetScope
protected override Scope GetScope(ClaimsPrincipal principal, RequestSecurityToken request)
{
return new Scope(
request.AppliesTo.Uri.AbsoluteUri,
this.SecurityTokenServiceConfiguration.SigningCredentials)
{
ReplyToAddress = request.ReplyTo,
TokenEncryptionRequired = false
};
}