[Fork] .NET 5 WS-Trust | C# Online Compiler

[Fork] .NET 5 WS-Trust by michaelkaarechristensen

using System;
using System.Linq;
using System.Reflection;
using System.Threading;
using System.Xml;
using System.IdentityModel.Selectors;
using System.IdentityModel.Tokens;
using System.ServiceModel;
using System.ServiceModel.Description;
using System.ServiceModel.Federation;
using System.ServiceModel.Security;
using System.Threading.Tasks;
using System.Text;
using System.IO;
using System.IO.Compression;
using System.Security;

public class Program
{
	public static async Task Main()
	{
		var endpoint = "https://si-idp.vfltest.dk/adfs/services/trust/13/usernamemixed";
		var audience = "https://si-obapi.vfltest.dk/";
		var user = "cvruser1";
		var pass = "Pass1word";
		var token = await Issue(endpoint, audience, user, pass);
		var tokenXml = token.TokenXml;
		Console.WriteLine(tokenXml);
		//tokenXml = "set-value-here";
		// or from base64
		//var base64TokenXml = "ZmFrZSB0b2tlbg==";
		//tokenXml = Encoding.UTF8.GetString(Convert.FromBase64String(base64TokenXml));
		var encodedToken = new DeflatedSamlEncoder().Encode(tokenXml);
		Console.WriteLine(encodedToken);
	}

	static async Task<(GenericXmlSecurityToken TypedToken, string TokenXml)> Issue(string endpoint, string audience, string user, string pass)
	{
		var issueEndpoint = new EndpointAddress(endpoint);
		var binding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential, false);
		binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
		binding.Security.Message.EstablishSecurityContext = false;
		//binding.ProxyAddress = new Uri("http://127.0.0.1:8888");
		//binding.UseDefaultWebProxy = false;
		var tokenParameters = WSTrustTokenParameters.CreateWS2007FederationTokenParameters(binding, issueEndpoint);
		tokenParameters.KeyType = SecurityKeyType.BearerKey;
		var clientCredentials = new ClientCredentials();
		clientCredentials.UserName.UserName = user;
		clientCredentials.UserName.Password = pass;
		;
		var channelCredentials = new WSTrustChannelClientCredentials(clientCredentials);
		var tokenManager = channelCredentials.CreateSecurityTokenManager();
		var tokenRequirement = new SecurityTokenRequirement();
		EndpointAddress appliesTo = new EndpointAddress(audience); //Realm
		tokenRequirement.Properties["http://schemas.microsoft.com/ws/2006/05/servicemodel/securitytokenrequirement/IssuedSecurityTokenParameters"] = tokenParameters;
		tokenRequirement.Properties["http://schemas.microsoft.com/ws/2006/05/servicemodel/securitytokenrequirement/TargetAddress"] = appliesTo;
		tokenRequirement.Properties.Add("http://schemas.microsoft.com/ws/2006/05/servicemodel/securitytokenrequirement/SecurityAlgorithmSuite", SecurityAlgorithmSuite.TripleDes);
		var tokenProvider = tokenManager.CreateSecurityTokenProvider(tokenRequirement);
		((ICommunicationObject)tokenProvider).Open();
		var token = await tokenProvider.GetTokenAsync(Timeout.InfiniteTimeSpan);
		// Cannot figure out why this property cannot be called directly - it is public ?!?
		var tokenXmlProp = typeof(GenericXmlSecurityToken).GetProperties(BindingFlags.Public | BindingFlags.Instance).Single(p => p.Name == "TokenXml");
		var xml = (XmlElement)tokenXmlProp.GetValue(token);
		return ((GenericXmlSecurityToken)token, xml.OuterXml);
	}

	public class DeflatedSamlEncoder
	{
		private readonly Encoding _encoding = Encoding.UTF8;
		private readonly DeflateCookieTransform _deflateCookieTransform = new DeflateCookieTransform();
		public virtual string Encode(string token)
		{
			// Before it’s sent, the message is deflated, base64-encoded, and URL-encoded, in that order.
			var bytes = _encoding.GetBytes(token);
			var deflatedBytes = _deflateCookieTransform.Encode(bytes);
			var base64String = Convert.ToBase64String(deflatedBytes);
			var encodedToken = System.Net.WebUtility.UrlEncode(base64String);
			return encodedToken;
		}

		public virtual string Decode(string encodedToken)
		{
			var base64String = System.Net.WebUtility.UrlDecode(encodedToken);
			var deflatedBytes = Convert.FromBase64String(base64String);
			var bytes = _deflateCookieTransform.Decode(deflatedBytes);
			var token = _encoding.GetString(bytes);
			return token;
		}

		/// <summary>Provides cookie compression using <see cref = "T:System.IO.Compression.DeflateStream"/>.</summary>
		/// Adapted from Decompiled .NET 4.5 sources
		private sealed class DeflateCookieTransform
		{
			/// <summary>Gets or sets the maximum size, in bytes, of a decompressed cookie.</summary>
			/// <returns>The maximum size, in bytes, of a decompressed cookie.</returns>
			public int MaxDecompressedSize
			{
				get;
				set;
			}

			= 1048576;
			/// <summary>Inflates data.</summary>
			/// <param name = "encoded">
			///     Data previously returned from
			///     <see cref = "M:System.IdentityModel.DeflateCookieTransform.Encode(System.Byte[])"/>
			/// </param>
			/// <returns>The decoded data.</returns>
			/// <exception cref = "T:System.ArgumentNullException">
			///     <paramref name = "value"/> is <see langword = "null"/>.
			/// </exception>
			/// <exception cref = "T:System.ArgumentException">
			///     <paramref name = "value"/> contains zero bytes.
			/// </exception>
			/// <exception cref = "T:System.IdentityModel.Tokens.SecurityTokenException">
			///     The decompressed length is larger than the
			///     maximum length specified by the <see cref = "P:System.IdentityModel.DeflateCookieTransform.MaxDecompressedSize"/>
			///     property.
			/// </exception>
			public byte[] Decode(byte[] encoded)
			{
				if (encoded == null)
					throw new ArgumentNullException(nameof(encoded));
				if (encoded.Length == 0)
					throw new ArgumentException(nameof(encoded), "ID6045");
				using (var deflateStream = new DeflateStream(new MemoryStream(encoded), CompressionMode.Decompress, false))
				{
					using (var memoryStream = new MemoryStream())
					{
						var buffer = new byte[1024];
						int count;
						do
						{
							count = deflateStream.Read(buffer, 0, buffer.Length);
							memoryStream.Write(buffer, 0, count);
							if (memoryStream.Length > MaxDecompressedSize)
								throw new SecurityException($"ID1068: {MaxDecompressedSize}");
							;
						}
						while (count > 0);
						return memoryStream.ToArray();
					}
				}
			}

			/// <summary>Deflates data.</summary>
			/// <param name = "value">The data to be compressed.</param>
			/// <returns>The compressed data.</returns>
			/// <exception cref = "T:System.ArgumentNullException">
			///     <paramref name = "value"/> is <see langword = "null"/>.
			/// </exception>
			/// <exception cref = "T:System.ArgumentException">
			///     <paramref name = "value"/> contains zero bytes.
			/// </exception>
			public byte[] Encode(byte[] value)
			{
				if (value == null)
					throw new ArgumentNullException(nameof(value));
				if (value.Length == 0)
					throw new ArgumentException(nameof(value), "ID6044");
				using (var memoryStream = new MemoryStream())
				{
					using (var deflateStream = new DeflateStream(memoryStream, CompressionMode.Compress, true))
					{
						deflateStream.Write(value, 0, value.Length);
					}

					var array = memoryStream.ToArray();
					return array;
				}
			}
		}
	}
}

​x
 
using System;
using System.Linq;
using System.Reflection;
using System.Threading;
using System.Xml;
using System.IdentityModel.Selectors;
using System.IdentityModel.Tokens;
using System.ServiceModel;
using System.ServiceModel.Description;
using System.ServiceModel.Federation;
using System.ServiceModel.Security;
using System.Threading.Tasks;
using System.Text;
using System.IO;
using System.IO.Compression;
using System.Security;
​
public class Program
{
    public static async Task Main()
    {
        var endpoint = "https://si-idp.vfltest.dk/adfs/services/trust/13/usernamemixed";
        var audience = "https://si-obapi.vfltest.dk/";
        var user = "cvruser1";
        var pass = "Pass1word";
        var token = await Issue(endpoint, audience, user, pass);
        var tokenXml = token.TokenXml;
        Console.WriteLine(tokenXml);
        //tokenXml = "set-value-here";
        // or from base64
        //var base64TokenXml = "ZmFrZSB0b2tlbg==";
        //tokenXml = Encoding.UTF8.GetString(Convert.FromBase64String(base64TokenXml));
        var encodedToken = new DeflatedSamlEncoder().Encode(tokenXml);
        Console.WriteLine(encodedToken);
    }
​
    static async Task<(GenericXmlSecurityToken TypedToken, string TokenXml)> Issue(string endpoint, string audience, string user, string pass)
    {
        var issueEndpoint = new EndpointAddress(endpoint);
        var binding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential, false);
        binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
        binding.Security.Message.EstablishSecurityContext = false;
        //binding.ProxyAddress = new Uri("http://127.0.0.1:8888");
        //binding.UseDefaultWebProxy = false;
        var tokenParameters = WSTrustTokenParameters.CreateWS2007FederationTokenParameters(binding, issueEndpoint);
        tokenParameters.KeyType = SecurityKeyType.BearerKey;
        var clientCredentials = new ClientCredentials();
        clientCredentials.UserName.UserName = user;
        clientCredentials.UserName.Password = pass;
        ;
        var channelCredentials = new WSTrustChannelClientCredentials(clientCredentials);
        var tokenManager = channelCredentials.CreateSecurityTokenManager();
        var tokenRequirement = new SecurityTokenRequirement();
        EndpointAddress appliesTo = new EndpointAddress(audience); //Realm
        tokenRequirement.Properties["http://schemas.microsoft.com/ws/2006/05/servicemodel/securitytokenrequirement/IssuedSecurityTokenParameters"] = tokenParameters;
        tokenRequirement.Properties["http://schemas.microsoft.com/ws/2006/05/servicemodel/securitytokenrequirement/TargetAddress"] = appliesTo;
        tokenRequirement.Properties.Add("http://schemas.microsoft.com/ws/2006/05/servicemodel/securitytokenrequirement/SecurityAlgorithmSuite", SecurityAlgorithmSuite.TripleDes);
        var tokenProvider = tokenManager.CreateSecurityTokenProvider(tokenRequirement);
        ((ICommunicationObject)tokenProvider).Open();
        var token = await tokenProvider.GetTokenAsync(Timeout.InfiniteTimeSpan);
        // Cannot figure out why this property cannot be called directly - it is public ?!?
        var tokenXmlProp = typeof(GenericXmlSecurityToken).GetProperties(BindingFlags.Public | BindingFlags.Instance).Single(p => p.Name == "TokenXml");
        var xml = (XmlElement)tokenXmlProp.GetValue(token);
        return ((GenericXmlSecurityToken)token, xml.OuterXml);
    }
​
    public class DeflatedSamlEncoder
    {
        private readonly Encoding _encoding = Encoding.UTF8;
        private readonly DeflateCookieTransform _deflateCookieTransform = new DeflateCookieTransform();
        public virtual string Encode(string token)
        {
            // Before it’s sent, the message is deflated, base64-encoded, and URL-encoded, in that order.
            var bytes = _encoding.GetBytes(token);
            var deflatedBytes = _deflateCookieTransform.Encode(bytes);
            var base64String = Convert.ToBase64String(deflatedBytes);
            var encodedToken = System.Net.WebUtility.UrlEncode(base64String);
            return encodedToken;
        }
​
        public virtual string Decode(string encodedToken)
        {
            var base64String = System.Net.WebUtility.UrlDecode(encodedToken);
            var deflatedBytes = Convert.FromBase64String(base64String);
            var bytes = _deflateCookieTransform.Decode(deflatedBytes);
            var token = _encoding.GetString(bytes);
            return token;
        }
​
        /// <summary>Provides cookie compression using <see cref = "T:System.IO.Compression.DeflateStream"/>.</summary>
        /// Adapted from Decompiled .NET 4.5 sources
        private sealed class DeflateCookieTransform
        {
            /// <summary>Gets or sets the maximum size, in bytes, of a decompressed cookie.</summary>
            /// <returns>The maximum size, in bytes, of a decompressed cookie.</returns>
            public int MaxDecompressedSize
            {
                get;
                set;
            }
​
            = 1048576;
            /// <summary>Inflates data.</summary>
            /// <param name = "encoded">
            ///     Data previously returned from
            ///     <see cref = "M:System.IdentityModel.DeflateCookieTransform.Encode(System.Byte[])"/>
            /// </param>
            /// <returns>The decoded data.</returns>
            /// <exception cref = "T:System.ArgumentNullException">
            ///     <paramref name = "value"/> is <see langword = "null"/>.
            /// </exception>
            /// <exception cref = "T:System.ArgumentException">
            ///     <paramref name = "value"/> contains zero bytes.
            /// </exception>
            /// <exception cref = "T:System.IdentityModel.Tokens.SecurityTokenException">
            ///     The decompressed length is larger than the
            ///     maximum length specified by the <see cref = "P:System.IdentityModel.DeflateCookieTransform.MaxDecompressedSize"/>
            ///     property.
            /// </exception>
            public byte[] Decode(byte[] encoded)
            {
                if (encoded == null)
                    throw new ArgumentNullException(nameof(encoded));
                if (encoded.Length == 0)
                    throw new ArgumentException(nameof(encoded), "ID6045");
                using (var deflateStream = new DeflateStream(new MemoryStream(encoded), CompressionMode.Decompress, false))
                {
                    using (var memoryStream = new MemoryStream())
                    {
                        var buffer = new byte[1024];
                        int count;
                        do
                        {
                            count = deflateStream.Read(buffer, 0, buffer.Length);
                            memoryStream.Write(buffer, 0, count);
                            if (memoryStream.Length > MaxDecompressedSize)
                                throw new SecurityException($"ID1068: {MaxDecompressedSize}");
                            ;
                        }
                        while (count > 0);
                        return memoryStream.ToArray();
                    }
                }
            }
​
            /// <summary>Deflates data.</summary>
            /// <param name = "value">The data to be compressed.</param>
            /// <returns>The compressed data.</returns>
            /// <exception cref = "T:System.ArgumentNullException">
            ///     <paramref name = "value"/> is <see langword = "null"/>.
            /// </exception>
            /// <exception cref = "T:System.ArgumentException">
            ///     <paramref name = "value"/> contains zero bytes.
            /// </exception>
            public byte[] Encode(byte[] value)
            {
                if (value == null)
                    throw new ArgumentNullException(nameof(value));
                if (value.Length == 0)
                    throw new ArgumentException(nameof(value), "ID6044");
                using (var memoryStream = new MemoryStream())
                {
                    using (var deflateStream = new DeflateStream(memoryStream, CompressionMode.Compress, true))
                    {
                        deflateStream.Write(value, 0, value.Length);
                    }
​
                    var array = memoryStream.ToArray();
                    return array;
                }
            }
        }
    }
}

View IL Code