87 lines
3.5 KiB
C#
87 lines
3.5 KiB
C#
|
//------------------------------------------------------------
|
|||
|
|
// Copyright (c) Microsoft Corporation. All rights reserved.
|
|||
|
|
//------------------------------------------------------------
|
|||
|
|
|
|||
|
|
using System.Collections.Generic;
|
|||
|
|
using System.Collections.ObjectModel;
|
|||
|
|
using System.IdentityModel.Policy;
|
|||
|
|
using System.IdentityModel.Selectors;
|
|||
|
|
using System.IdentityModel.Tokens;
|
|||
|
|
using System.Security.Claims;
|
|||
|
|
|
|||
|
|
namespace System.ServiceModel.Security
|
|||
|
|
{
|
|||
|
|
/// <summary>
|
|||
|
|
/// Wraps a Saml2SecurityTokenHandler. Delegates the token authentication call to
|
|||
|
|
/// this wrapped tokenAuthenticator. Wraps the returned ClaimsIdentities into
|
|||
|
|
/// an IAuthorizationPolicy.
|
|||
|
|
/// </summary>
|
|||
|
|
internal class WrappedSaml2SecurityTokenAuthenticator : SecurityTokenAuthenticator
|
|||
|
|
{
|
|||
|
|
Saml2SecurityTokenHandler _wrappedSaml2SecurityTokenHandler;
|
|||
|
|
ExceptionMapper _exceptionMapper;
|
|||
|
|
|
|||
|
|
/// <summary>
|
|||
|
|
/// Initializes an instance of <see cref="WrappedSaml2SecurityTokenAuthenticator"/>
|
|||
|
|
/// </summary>
|
|||
|
|
/// <param name="saml2SecurityTokenHandler">The Saml2SecurityTokenHandler to wrap.</param>
|
|||
|
|
/// <param name="exceptionMapper">Converts token validation exceptions to SOAP faults.</param>
|
|||
|
|
public WrappedSaml2SecurityTokenAuthenticator(
|
|||
|
|
Saml2SecurityTokenHandler saml2SecurityTokenHandler,
|
|||
|
|
ExceptionMapper exceptionMapper )
|
|||
|
|
{
|
|||
|
|
if ( saml2SecurityTokenHandler == null )
|
|||
|
|
{
|
|||
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "wrappedSaml2SecurityTokenHandler" );
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
if ( exceptionMapper == null )
|
|||
|
|
{
|
|||
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "exceptionMapper" );
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
_wrappedSaml2SecurityTokenHandler = saml2SecurityTokenHandler;
|
|||
|
|
_exceptionMapper = exceptionMapper;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
/// <summary>
|
|||
|
|
/// Checks if the given token can be validated. Returns true if the token is of type
|
|||
|
|
/// Saml2SecurityToken and if the wrapped SecurityTokenHandler can validate tokens.
|
|||
|
|
/// </summary>
|
|||
|
|
/// <param name="token">The token to be checked.</param>
|
|||
|
|
/// <returns>True if the token is of type Saml2SecurityToken and if the wrapped
|
|||
|
|
/// SecurityTokenHandler can validate tokens.</returns>
|
|||
|
|
protected override bool CanValidateTokenCore( SecurityToken token )
|
|||
|
|
{
|
|||
|
|
return (token is Saml2SecurityToken) && _wrappedSaml2SecurityTokenHandler.CanValidateToken;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
/// <summary>
|
|||
|
|
/// Validates the token using the wrapped token handler and generates IAuthorizationPolicy
|
|||
|
|
/// wrapping the returned ClaimsIdentities.
|
|||
|
|
/// </summary>
|
|||
|
|
/// <param name="token">Token to be validated.</param>
|
|||
|
|
/// <returns>Read-only collection of IAuthorizationPolicy</returns>
|
|||
|
|
protected override ReadOnlyCollection<IAuthorizationPolicy> ValidateTokenCore( SecurityToken token )
|
|||
|
|
{
|
|||
|
|
IEnumerable<ClaimsIdentity> identities = null;
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
identities = _wrappedSaml2SecurityTokenHandler.ValidateToken( token );
|
|||
|
|
}
|
|||
|
|
catch ( Exception ex )
|
|||
|
|
{
|
|||
|
|
if ( !_exceptionMapper.HandleSecurityTokenProcessingException( ex ) )
|
|||
|
|
{
|
|||
|
|
throw;
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
List<IAuthorizationPolicy> policies = new List<IAuthorizationPolicy>(1);
|
|||
|
|
policies.Add(new AuthorizationPolicy(identities));
|
|||
|
|
|
|||
|
|
return policies.AsReadOnly();
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|