WS-Federation - 解密来自SecurityContextToken的Cookie

时间:2016-06-16 07:40:07

标签: c# encryption ws-federation

我们已经实现了WSFederation,我们希望进行集成测试,因为我们需要能够从idsrvauth Cookie获取用户声明。

我可以获得idsrvauth和idsrvauth1 cookie。然后使用以下代码我尝试解码cookie 

var auth = WebResp.Cookies["idsrvauth"].Value + WebResp.Cookies["idsrvauth1"].Value;

byte[] authBytes = Convert.FromBase64String(auth);
string decodedString = Encoding.UTF8.GetString(authBytes);         


var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
var thumbprint = "********";
var certs = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false);

List<CookieTransform> sessionTransforms = new List<CookieTransform>(new CookieTransform[]
   {
        new DeflateCookieTransform(),
        new RsaSignatureCookieTransform(certs[0]),
        new RsaEncryptionCookieTransform(certs[0])
   });

SessionSecurityTokenHandler sessionHandler = new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly());

SecurityTokenResolver resolver;
{
    var token = new X509SecurityToken(certs[0]);    
    var tokens = new List<SecurityToken>() { token };    
    resolver = SecurityTokenResolver.CreateDefaultSecurityTokenResolver(tokens.AsReadOnly(), false);
}

sessionHandler.Configuration = new SecurityTokenHandlerConfiguration();
sessionHandler.Configuration.IssuerTokenResolver = resolver;


var xmlSett = new XmlReaderSettings();

using (var reader = XmlReader.Create(new MemoryStream(Encoding.UTF8.GetBytes(decodedString)), xmlSett))
{
    var theToken = sessionHandler.ReadToken(reader);
}

解码和组合Cookie(idsrvauth和idsrvauth1)如下所示:

<?xml version="1.0" encoding="utf-8"?>
<SecurityContextToken p1:Id="_564051b3-57ad-41de-831f-41beda49d8e8-7D534CD4043540BBB2EE96A4ADB59C42" xmlns:p1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512">
  <Identifier>urn:uuid:8614f321-2f9d-4332-a1d9-8ea00190bd52
  </Identifier>
  <Cookie xmlns="http://schemas.microsoft.com/ws/2006/05/security">AAEAAA *** [Totaly 2064 chars]
  </Cookie>
</SecurityContextToken>

我在尝试获取令牌时遇到的所有内容(sessionHandler.ReadToken(reader))都是错误的:

附加信息:ID1006:数据格式不正确。加密密钥长度为负:' - 666895530'。 Cookie可能已被截断。

方法是否正确?任何帮助将不胜感激: - )

0 个答案:

没有答案
相关问题
最新问题