Damir Dobric Posts » Using of GetToken() in CardSpace

Using of GetToken() in CardSpace

Damir Dobric Posts

Tags

View more

Next talks:

 

    

Follow me on Twitter: #ddobric



 

 

Archives

Syndication

Using of GetToken() method in the CardSpace API without having to use WCF or a browser seem to be some more tricky operation.If you take a look on CardSpace and/or WCF examples you will find, that all of them describe how to use card-space in relation to WCF.Unfortunately, there are many scenarios which could be solved by using of CardSpace, but there is almost no any example which describes how to do that. Few months ago Sergey has described theoretically, in his very god post, how this could be solved, but I did not found corresponding example. I decided to post this example, because the actual design of CardSpace-API is a little bit problematic and not very intuitive.
Here is the example:

static void Main()
{
// Get Certificate which identifies the target endpoint. X509Certificate2 cert =
this.getCertificate(www.fabrikam.com,
X509FindType.FindBySubjectName,
StoreLocation.LocalMachine,
StoreName.My);


// Creates the target element
#region Target
EndpointIdentity identity =
EndpointIdentity.CreateX509CertificateIdentity(cert);
Uri targetUri = new Uri("http://localhost/MyApplication"); EndpointAddress adr =
new EndpointAddress(targetUri, identity, new
AddressHeader[0]);

StringBuilder sbTarget =
new StringBuilder();

using (XmlWriter writer = XmlWriter.Create(sbTarget))
{
  adr.WriteTo(AddressingVersion.WSAddressing10, writer);
}

XmlDocument docTarget = new XmlDocument();
docTarget.LoadXml(sbTarget.ToString());
#endregion

// Creates the Issuer
#region Issuer
Uri issuerUri =
new Uri("http://www.fabrikam.com/Sts/
UserNameToken.svc/usernamepassword/sts");

EndpointAddress issuerAddre = new
EndpointAddress(issuerUri);

StringBuilder sbIssuer = new StringBuilder();

using (XmlWriter writer =
XmlWriter.Create(sbIssuer))
{
  issuerAddre.WriteTo(AddressingVersion.WSAddressing10, 
  writer);
}

 XmlDocument docIssuer = new XmlDocument();
 docIssuer.LoadXml(sbIssuer.ToString());
#endregion

// Creates the TokenType
#region TokenType
string tokenType = @"<wst:TokenType xmlns:wst='http://schemas.xmlsoap.org/ws/2005/02/trust'>
urn:oasis:names:tc:SAML:1.0:assertion</wst:TokenType>";

XmlDocument docTokenType = new XmlDocument();
docTokenType.LoadXml(tokenType);
#endregion

// Creates required and optional Claims
#region Claims
string claimsEl = "<t:Claims
xmlns:t='http://schemas.xmlsoap.org/ws/2005/02/trust'>
{0}</t:Claims>";

string requiredClaims = "<wsid:ClaimType Uri='{0}'
xmlns:wsid='http://schemas.xmlsoap.org/ws/2005/05/
identity' />";

string optionalClaims = "<wsid:ClaimType Uri='{0}'
Optional=xmlns:wsid='http://schemas.xmlsoap.org/ws/
2005/05/identity' />";

StringBuilder sb = new StringBuilder();

sb.AppendFormat(requiredClaims, ClaimTypes.GivenName); sb.AppendFormat(requiredClaims, ClaimTypes.Surname); sb.AppendFormat(requiredClaims, ClaimTypes.Email);

sb.AppendFormat(optionalClaims,
"http://daenet.eu/identity/sampleclaim");

XmlDocument docClaims = new XmlDocument();

docClaims.LoadXml(string.Format(claimsEl, sb.ToString()));
#endregion


 // Adds token type and claims as parameter
 Collection<XmlElement> parameters =
 new Collection<XmlElement>();
 parameters.Add(docTokenType.DocumentElement);
 parameters.Add(docClaims.DocumentElement);

 // Creates the policy element.
 CardSpacePolicyElement polEl =
 new CardSpacePolicyElement(docTarget.DocumentElement,
 docIssuer.DocumentElement, parameters, null, 0, false);

 // Creates the token
 GenericXmlSecurityToken token =
 CardSpaceSelector.GetToken(new CardSpacePolicyElement[]
 { polEl }, System.ServiceModel.Security.
 WSSecurityTokenSerializer.DefaultInstance);
 Console.WriteLine(token.TokenXml.OuterXml);
}

To get the token by using of CardSpace the class CardSpaceSelector is used. This class has three static methods: Manage Import and GetToken. The method manage is used when the CardSpace UI has to be shown. The method Import is used for importing of cards. Most interesting and unfortunately most complicated one is GetToken.

As shown at the end of example this method requires an array of CardSpacePolicyElement
elements, which describes certain policies. In our case one policy is used only. To create the policy, it is required to define XmlElements for target, issuer, the type of token, claims and some few others which are optional. This should look as shown here:

new CardSpacePolicyElement(XmlElement,
                           XmlElement,
                           Collection<XmlElement>,
                           null, 0, false);

First XmlElement describes the target element. That is RP (Relying Party). To build this element create EndpointAddress and EndpointIdentity . The address is the recipient of the token and the identity is the certificate of that endpoint. It is used to encrypt the token. If the
identity is not specified the call to GetToken will fail.

The issuer element is similar to target element. It is an EndpointAddress, but without of identity. If managed card has to be retrieved (as shown in this example) this is the URI of the Security Token Service, which is issuer of the card.
Here is the addres of STS used in this example:
http://www.fabrikam.com/Sts/UserNameToken.svc/usernamepassword/sts

If the card is self issued the address of the issuer has to be set on:
http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self

In following steps the token type is created as XmlElement, followed with few claims. Last, but not least, the last parameter of the method GetToken currently has to be set on false. By setting it on true (in case of retrieving of managed token) the method fails with an entry in event log. I used on this place false even in a case of managed token.

Posted Jul 01 2007, 11:02 PM by Damir Dobric
Filed under:

Comments

k.c.s. wrote re: Using of GetToken() in CardSpace
on 03-01-2010 3:04

Code missing?  Can you explain how this works at the start of your code?  "this.getCertificate(www.fabrikam.com,..."  I am having trouble getting the X509Certificate2.  is "getCertificate" a helper method that you did not post?  Thank you for your non-WCF, non-browser example!  Only one I have found!

lakuns wrote re: Using of GetToken() in CardSpace
on 11-23-2010 22:42

Need help how to fix this problem vs2008 show a error

"Error 1 'cardspaces1.login' does not contain a definition for 'GetCertificateFromStore' and no extension method 'GetCertificateFromStore' accepting a first argument of type 'cardspaces1.login' could be found (are you missing a using directive or an assembly reference?) C:\Users\lakuns\Documents\Visual Studio 2008\Projects\cardspaces1\cardspaces1\login.cs 85 42 cardspaces1"

lakuns wrote re: Using of GetToken() in CardSpace
on 11-23-2010 22:42

Need help how to fix this problem vs2008 show a error

"Error 1 'cardspaces1.login' does not contain a definition for 'GetCertificateFromStore' and no extension method 'GetCertificateFromStore' accepting a first argument of type 'cardspaces1.login' could be found (are you missing a using directive or an assembly reference?) C:\Users\lakuns\Documents\Visual Studio 2008\Projects\cardspaces1\cardspaces1\login.cs 85 42 cardspaces1"

developers.de is a .Net Community Blog powered by daenet GmbH.