如何SAML令牌XML字符串转换为任何SecurityToken或ClaimsPrincipal实例？ [英] How to convert SAML XML token string to either SecurityToken or ClaimsPrincipal instance?

问题描述

• 的.Net RESTful Web服务


• 客户端（混合平台，技术，LIB功能）已经获得了SAML令牌


• 试图接受认证/授权令牌的REST服务
  
  
  
  • 在HTTP授权/ X-Authorization头
  
  
  • 作为查询参数
  
  
  • .Net RESTful web service
  • Client (mixed platforms, technologies, lib capabilities) has obtained a SAML token
  • Trying to accept the token for authentication/authorization in the REST service
    • in HTTP Authorization / X-Authorization header
    • as query parameter

    我有一个SAML令牌在一个字符串：

    I have a SAML token in a string:

    <saml:Assertion xmlns:saml="..." ...> ..etc... </>
    

    在一个HttpModule，我想这个转换成ClaimsPrincipal让自己的服务可以做到平时主题。.CurrentPrincipal作为IClaimsPrincipal东西

    In an HttpModule, I want to convert this into a ClaimsPrincipal so that my service can do the usual Thread.CurrentPrincipal as IClaimsPrincipal stuff.

    我发现一对夫妇诱人页/博客/等...看起来有所帮助：

    I found a couple enticing pages/blogs/etc... that looked helpful:

    
    
    • 的 Cibrax的想法传递令牌在HTTP授权头
    
    
    • 多米尼克·拜尔对SWT类似的东西，有容易做同样的SAML
    
    
    • Cibrax's Idea for passing the token in the HTTP Authorization header
    • Dominick Baier on something similar for SWT, with mention of easily doing same for SAML

    提我坚持从字面上试图把SAML令牌进入ClaimsPrincipal（通过SecurityToken中间步骤或直接...开心无论哪种方式）。从Cibrax的想法的示例代码使用了至关重要的核查和反序列化的步骤如下：

    I'm stuck literally trying to turn the SAML token into the ClaimsPrincipal (via SecurityToken intermediate step or direct... happy either way). The sample code from Cibrax's idea uses the following for the crucial verification and deserialization step:

    SecurityTokenSerializer securityTokenSerializer 
        = new SecurityTokenSerializerAdapter(
            FederatedAuthentication.SecurityTokenHandlers, 
            MessageSecurityVersion.Default.SecurityVersion, 
            false, new SamlSerializer(), null, null);
    
    SecurityToken theToken 
        = WSFederationAuthenticationModule.GetSecurityToken(
            theSamlTokenInStringForm, securityTokenSerializer);
    

    
    
    

    我已经打在了墙上是WIF的RTM版本不公开GetSecurityToken这种超载。 ..它仅公开：

    The wall I've hit is that the RTM version of WIF does not expose this overload of GetSecurityToken... it only exposes:

    WSFederationAuthenticationModule fam = new WSFederationAuthenticationModule();
    SecurityToken theToken = fam.GetSecurityToken(HttpRequest theRequest);
    SecurityToken theToken = fam.GetSecurityToken(SignInResponseMessage message);
    

    
    
    

    感谢您帮助我摆脱这种困境！

    Thanks for helping me to get unstuck!

    泰勒

    推荐答案

    刚刚发现这是很有帮助的。
    HTTP：//www.tecsupra。 COM /博客/系统identitymodel-手动解析最SAML令牌/

    Just found this helpful. http://www.tecsupra.com/blog/system-identitymodel-manually-parsing-the-saml-token/

    基本思想：您所需要的观众的XML - 节点，然后可以使用SecurityTokenHandlerCollection并使用ValidateToken

    Basic idea: You need the XML of the "Audience"-node and then you can use the SecurityTokenHandlerCollection and use "ValidateToken"

    从岗位：

           string samlTokenXml = signInResponseXml
                .DocumentElement  // <trust:RequestSecurityTokenResponseCollection>
                .ChildNodes[0] // <trust:RequestSecurityTokenResponse>
                .ChildNodes[2] // <trust:RequestedSecurityToken>
                .InnerXml; // <Assertion>
    
            var xmlTextReader = new XmlTextReader(new StringReader(samlTokenXml));
    
            SecurityTokenHandlerCollection handlers = 
           FederatedAuthentication.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers;
    
            // read the token
            SecurityToken securityToken = handlers.ReadToken(xmlTextReader);
    

    这篇关于如何SAML令牌XML字符串转换为任何SecurityToken或ClaimsPrincipal实例？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！