从Windows XP上的安全令牌服务获取SAML令牌 - 不使用WIF

时间:2013-07-03 04:57:36

标签: .net azure saml-2.0 federated-identity ws-trust

我正在尝试在需要在Windows-XP及更高版本上运行的WPF客户端应用程序上为我的用户获取SAML令牌。我使用WS-Trust从我的身份提供者处获取SAML,然后将其传递到Azure访问控制服务,该服务使用O-Auth返回一个简单Web令牌,我用它来验证客户端上的用户并调用安全API在信任ACS的Azure上。

我的代码使用WIF(Windows Identity Foundation)并在windows-xp之上运行优秀的操作系统。我见过的唯一例子是使用WIF从安全令牌服务请求SAML令牌,但Windows-xp不支持WIF,因此我被卡住了。我尝试做一些研究,但没有找到一种方法来完成上述场景而不使用WIF。我有什么方法可以在Windows XP客户端上执行此操作吗?如果没有,那么我应该做些什么呢?

我用来获取令牌的代码是:

//使用UserCredential来自STS for ACS领域的GetSamlToken,这使用WIF 

    private SecurityToken GetSamlToken(string realm, string stsEndpoint, UserCredential userCredential)
    {
        Logger.Info("Getting Saml Token from Identity provider...");

        using (var factory = new WSTrustChannelFactory(new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress(new Uri(stsEndpoint))))
        {
            factory.Credentials.UserName.UserName = userCredential.UserName;
            factory.Credentials.UserName.Password = userCredential.Password;
            factory.TrustVersion = TrustVersion.WSTrust13;

            WSTrustChannel channel = null;

            try
            {
                var rst = new RequestSecurityToken
                    {
                        RequestType = WSTrust13Constants.RequestTypes.Issue,
                        AppliesTo = new EndpointAddress(realm),
                        KeyType = KeyTypes.Bearer,
                    };

                channel = (WSTrustChannel)factory.CreateChannel();

                RequestSecurityTokenResponse response;
                var token = channel.Issue(rst, out response);

                Logger.Info("Got Saml Token from Identity provider.");

                return token;
            }
            finally
            {
                if (channel != null)
                {
                    channel.Abort();
                }

                factory.Abort();
            }
        }
    }

//使用从STS获得的xmlSamlToken从ACS serviceEndpoint获取OAuthToken。

    private NameValueCollection GetOAuthToken(string xmlSamlToken, string serviceEndpoint, string acsRelyingParty)
    {
        Logger.Info("Passing Saml token to ACS...");
        WebClient client = new WebClient { BaseAddress = serviceEndpoint };

        var values = new NameValueCollection
                         {
                             { "grant_type", "urn:oasis:names:tc:SAML:2.0:assertion" }, 
                             { "assertion", xmlSamlToken },
                             { "scope", acsRelyingParty }

                         };

        byte[] acsTokenResponse = client.UploadValues("v2/OAuth2-13", "POST", values);
        string acsToken = Encoding.UTF8.GetString(acsTokenResponse);
        var tokens = new NameValueCollection();
        var parsed = new JavaScriptSerializer().DeserializeObject(acsToken) as Dictionary<string, object>;
        Logger.Info("Parsed OAuth token.");

        foreach (var item in parsed)
        {
            tokens.Add(item.Key, item.Value.ToString());
        }

        Logger.Info("Returning OAuth token.");
        return tokens;
    }

0 个答案:

没有答案
相关问题
最新问题