Useful Extensions for SecurityToken Handling - Convert a SecurityToken to Claims

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by Your DisplayName here! on Least Privilege See other posts from Least Privilege or by Your DisplayName here!
Published on Fri, 17 Jun 2011 06:50:51 GMT Indexed on 2011/06/20 16:38 UTC
Read the original article Hit count: 281

Filed under:

That’s a very common one: 

public static IClaimsPrincipal ToClaimsPrincipal(

this SecurityToken token, X509Certificate2 signingCertificate)

{

    var configuration
= CreateStandardConfiguration(signingCertificate);

    return token.ToClaimsPrincipal(configuration.CreateDefaultHandlerCollection());

}
 
public static IClaimsPrincipal ToClaimsPrincipal(this SecurityToken token, 


X509Certificate2 signingCertificate, string audienceUri)

{

    var configuration
= CreateStandardConfiguration(signingCertificate);



    configuration.AudienceRestriction.AudienceMode = AudienceUriMode.Always;

    configuration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(audienceUri));



    return token.ToClaimsPrincipal(configuration.CreateDefaultHandlerCollection());

}
 
public static IClaimsPrincipal ToClaimsPrincipal(

this SecurityToken token, SecurityTokenHandlerCollection handler)

{

    var ids
= handler.ValidateToken(token);

    return ClaimsPrincipal.CreateFromIdentities(ids);

}
 
private static SecurityTokenHandlerConfiguration CreateStandardConfiguration(

X509Certificate2 signingCertificate)
{
    >var configuration = new SecurityTokenHandlerConfiguration>();

    configuration.AudienceRestriction.AudienceMode = AudienceUriMode.Never;
    configuration.IssuerNameRegistry = signingCertificate.CreateIssuerNameRegistry();
    configuration.IssuerTokenResolver = signingCertificate.CreateSecurityTokenResolver();
    configuration.SaveBootstrapTokens = true>;

    return configuration;
}
 
private static IssuerNameRegistry CreateIssuerNameRegistry(this X509Certificate2 certificate)

{

    var registry
= new ConfigurationBasedIssuerNameRegistry();

    registry.AddTrustedIssuer(certificate.Thumbprint, certificate.Subject);



    return registry;

}
 
private static SecurityTokenResolver CreateSecurityTokenResolver(

this X509Certificate2 certificate)

{

    var tokens
= new List<SecurityToken>

    {

        new X509SecurityToken(certificate)

    };



    return SecurityTokenResolver.CreateDefaultSecurityTokenResolver(tokens.AsReadOnly(), true);

}
 
private static SecurityTokenHandlerCollection CreateDefaultHandlerCollection(

this SecurityTokenHandlerConfiguration configuration)

{

    return 

SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection(configuration);

}
 

© Least Privilege or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about IdentityModel

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle