Pro ASP.NET Web API Security: Securing ASP.NET Web API by Badrinarayanan Lakshmiraghavan

Author:Badrinarayanan Lakshmiraghavan [Lakshmiraghavan, Badrinarayanan]
Language: eng
Format: epub, pdf
Tags: Computers, Programming Languages, Programming, General, C#, Web, Web Programming, Microsoft
ISBN: 9781430257820
Publisher: Apress
Published: 2013-03-27T04:00:00+00:00

if (headers.Authorization != null && headers.Authorization.Scheme.Equals("Saml"))

{

string token = encoding.GetString(

Convert.FromBase64String(headers.Authorization.Parameter));

// Code to use the token goes here

}

return await base.SendAsync(request, cancellationToken);

}

}

It is possible to parse the SAML just like any other XML, but there is a better alternative. We can use a security token handler to read and validate the token. Of course, we need to specify the X.509 certificate used by the STS as encrypting credentials so that the token handler can decrypt it correctly. In Listing 9-15, I use the certificate CN=RP. On a machine running STS, this certificate will contain only the public key. The machine running the web API must have the certificate with the private key. I reuse the extension method ToCertificate that we created in Chapter 6 here to read the certificates. Listing 9-15. Reading a SAML Token

using (var stringReader = new StringReader(token))

{

using (var samlReader = XmlReader.Create(stringReader))

{

var tokenHandlers = SecurityTokenHandlerCollection

.CreateDefaultSecurityTokenHandlerCollection();

SecurityTokenHandlerConfiguration config = tokenHandlers.Configuration;

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.