All geek questions in one place

Checking the SWT Token REST WCF Service

I am currently working on a WPF client that receives a SWT token from Windows Azure AppFabric ACS. With this token, I want to use the RESTful WCF Service. I used this tutorial to get the SWT token and it works great. Using this MSDN tutorial, I created the RESTful WCF service.

The problem is that the token may have the wrong format, because the token validator cannot check it (error in the IsHMACValid method for validating the validator, swtWithSignatur.Length == 1).

An example of a token with which I access the server:

{"appliesTo":"http://localhost:7100/Service/Default.aspx","context":null,"created":1326996221,"expires":1326999821,"securityToken":"<?xml version="1.0" encoding="utf-16"?><wsse:BinarySecurityToken wsu:Id="uuid:74ba5667-04ea-4074-9544-aaafb570c648" ValueType="http://schemas.xmlsoap.org/ws/2009/11/swt-token-profile-1.0" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"></wsse:BinarySecurityToken>","tokenType":"http://schemas.xmlsoap.org/ws/2009/11/swt-token-profile-1.0"}

In the Windows Azure Management Portal, I selected SWT as the token format for my Relying Party application. According to the first tutorial, the format for the SWT token looks good, but the token validator does not accept it.

PS: If someone tries to complete the second tutorial ("How: Verify the authenticity of the WCF REST service deployed on Windows Azure using ACS"): I think that in step 11 in step 3 there is an error in which you need to change the web.config file web.config (the system/webService does not exist). The configuration should look something like this:

 <?xml version="1.0"?> <configuration> <system.webServer> <modules runAllManagedModulesForAllRequests="true"> <add name="SWTModule" type="SecurityModule.SWTModule, SecurityModule" /> </modules> </system.webServer> </configuration>
+4
source share
1 answer

The token that I sent to the server was in the wrong format. The aforementioned token is in json format and contains a "securityToken", which is encoded in xml. Using HttpUtility.UrlDecode and XMLReader you can get a base64 string. The base64 string of the specified token:

aHR0cCUzYSUyZiUyZnNjaGVtYXMueG1sc29hcC5vcmclMmZ3cyUyZjIwMDUlMmYwNSUyZmlkZW50aXR5JTJmY2xhaW1zJTJmZW1haWxhZGRyZXNzPXBhdHJpY2suZWNrZXIlNDBnbWFpbC5jb20maHR0cCUzYSUyZiUyZnNjaGVtYXMueG1sc29hcC5vcmclMmZ3cyUyZjIwMDUlMmYwNSUyZmlkZW50aXR5JTJmY2xhaW1zJTJmbmFtZT1QYXRyaWNrK0Vja2VyJmh0dHAlM2ElMmYlMmZzY2hlbWFzLnhtbHNvYXAub3JnJTJmd3MlMmYyMDA1JTJmMDUlMmZpZGVudGl0eSUyZmNsYWltcyUyZm5hbWVpZGVudGlmaWVyPWh0dHBzJTNhJTJmJTJmd3d3Lmdvb2dsZS5jb20lMmZhY2NvdW50cyUyZm84JTJmaWQlM2ZpZCUzZEFJdE9hd2xzM1doNlgwRFJ6d1BsdzU2a1R0WURmLVNNaDZxZFJtQSZodHRwJTNhJTJmJTJmc2NoZW1hcy5taWNyb3NvZnQuY29tJTJmYWNjZXNzY29udHJvbHNlcnZpY2UlMmYyMDEwJTJmMDclMmZjbGFpbXMlMmZpZGVudGl0eXByb3ZpZGVyPUdvb2dsZSZBdWRpZW5jZT1odHRwJTNhJTJmJTJmbG9jYWxob3N0JTNhNzEwMCUyZlNlcnZpY2UlMmZEZWZhdWx0LmFzcHgmRXhwaXJlc09uPTEzMjY5OTk4MjEmSXNzdWVyPWh0dHBzJTNhJTJmJTJmZmhiYXlhenVyZW5zLmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQlMmYmSE1BQ1NIQTI1Nj1SUnN3OUJTSlc2ZFJ0MjJyNkNkcjZWZHpyJTJicTF6MHlhV0FMNVdlJTJiJTJmV3owJTNk

I decoded this string and got the ACS token. This ACS token is now valid and my RESTful WCF service can be used.

Server-side code has not changed. This is what I have on the client side:

 // parse the token from the json string, var token = JsonNotifyRequestSecurityTokenResponse.FromJson(txtReceivedToken.Text); // get the security token and decode it string xmlString = HttpUtility.UrlDecode(token.SecurityTokenString); // get the base64 string an string string64 = ""; using (XmlReader xmlReader = XmlReader.Create(new StringReader(xmlString))) { while (xmlReader.Read()) { if (xmlReader.NodeType == XmlNodeType.Text) { // find the first text element, which should be the base64 string string64 = xmlReader.Value; break; } } } // decode it string acsToken = base64Decode(string64); // set the header string headerValue = string.Format("WRAP access_token=\"{0}\"", acsToken); client.Headers.Add("Authorization", headerValue); Stream stream = client.OpenRead(@"http://127.0.0.1:81/Service1.svc/users"); StreamReader reader = new StreamReader(stream); String response = reader.ReadToEnd();

The base64Decode method is 'stole' from http://www.vbforums.com/showthread.php?t=287324 . The JsonNotifyRequestSecurityTokenResponse.FromJson part, obtained from http://www.leastprivilege.com/ , but I think that it can be analyzed using any available JSON parser.

I don't know if this is the best solution, but it works for me.

+5
source

Source: https://habr.com/ru/post/1391902/

More articles:


All Articles