update to get more acs goodness in the application

scottdensmore · Apr 23, 2011 · 0d7b988 · 0d7b988
1 parent febd426
commit 0d7b988
Show file tree

Hide file tree

Showing 6 changed files with 57 additions and 96 deletions.
diff --git a/TailSpin/Shared/Samples.Web.ClaimsUtillities/AllOrganizations.cs b/TailSpin/Shared/Samples.Web.ClaimsUtillities/AllOrganizations.cs
@@ -1,14 +1,4 @@
-
-
-
-
-
-
-
-
-
-
-namespace Samples.Web.ClaimsUtillities
+namespace Samples.Web.ClaimsUtillities
 {
     public static class AllOrganizations
     {

diff --git a/TailSpin/Shared/Samples.Web.ClaimsUtillities/Fabrikam.cs b/TailSpin/Shared/Samples.Web.ClaimsUtillities/Fabrikam.cs
@@ -1,29 +1,16 @@
-
-
-
-
-
-
-
-
-
-
-namespace Samples.Web.ClaimsUtillities
+namespace Samples.Web.ClaimsUtillities
 {
     public static class Fabrikam
     {
         public static string OrganizationName
         {
-            get
-            {
-                return "Fabrikam";
-            }
+            get { return "Fabrikam"; }
         }
 
         public static class Groups
         {
-            public static readonly string MarketingManagers = "Marketing Managers";
             public static readonly string DomainUsers = "Domain Users";
+            public static readonly string MarketingManagers = "Marketing Managers";
         }
     }
 }
diff --git a/TailSpin/Shared/Samples.Web.ClaimsUtillities/TailSpin.cs b/TailSpin/Shared/Samples.Web.ClaimsUtillities/TailSpin.cs
@@ -1,23 +1,10 @@
-
-
-
-
-
-
-
-
-
-
-namespace Samples.Web.ClaimsUtillities
+namespace Samples.Web.ClaimsUtillities
 {
     public static class TailSpin
     {
         public static string TenantName
         {
-            get
-            {
-                return "TailSpin";
-            }
+            get { return "TailSpin"; }
         }
 
         public static class ClaimTypes

diff --git a/TailSpin/Shared/TailSpin.SimulatedIssuer.wp7/FederationSecurityTokenService.cs b/TailSpin/Shared/TailSpin.SimulatedIssuer.wp7/FederationSecurityTokenService.cs
@@ -1,14 +1,4 @@
-
-
-
-
-
-
-
-
-
-
-namespace TailSpin.SimulatedIssuer
+namespace TailSpin.SimulatedIssuer
 {
     using System;
     using System.Collections.Generic;
@@ -29,34 +19,6 @@ public FederationSecurityTokenService(SecurityTokenServiceConfiguration configur
         {
         }
 
-        protected override Scope GetScope(IClaimsPrincipal principal, RequestSecurityToken request)
-        {
-            Scope scope = new Scope(request.AppliesTo.Uri.AbsoluteUri, SecurityTokenServiceConfiguration.SigningCredentials);
-
-            string encryptingCertificateName = WebConfigurationManager.AppSettings[ApplicationSettingsNames.EncryptingCertificateName];
-            if (!string.IsNullOrEmpty(encryptingCertificateName))
-            {
-                scope.EncryptingCredentials = new X509EncryptingCredentials(CertificateUtilities.GetCertificate(StoreName.My, StoreLocation.LocalMachine, encryptingCertificateName));
-            }
-            else
-            {
-                scope.TokenEncryptionRequired = false;
-            }
-
-            if (!string.IsNullOrEmpty(request.ReplyTo))
-            {
-                scope.ReplyToAddress = request.ReplyTo;
-            }
-            else
-            {
-                scope.ReplyToAddress = scope.AppliesToAddress;
-            }
-
-            scope.TokenEncryptionRequired = false;
-
-            return scope;
-        }
-
         protected override IClaimsIdentity GetOutputClaimsIdentity(IClaimsPrincipal principal, RequestSecurityToken request, Scope scope)
         {
             var output = new ClaimsIdentity();
@@ -73,18 +35,18 @@ protected override IClaimsIdentity GetOutputClaimsIdentity(IClaimsPrincipal prin
             {
                 case "ADATUM":
                     var adatumClaimTypesToCopy = new[]
-                    {
-                        WSIdentityConstants.ClaimTypes.Name
-                    };
+                                                     {
+                                                         WSIdentityConstants.ClaimTypes.Name
+                                                     };
                     CopyClaims(input, adatumClaimTypesToCopy, output);
                     TransformClaims(input, AllOrganizations.ClaimTypes.Group, Adatum.Groups.MarketingManagers, ClaimTypes.Role, TailSpin.Roles.SurveyAdministrator, output);
                     output.Claims.Add(new Claim(TailSpin.ClaimTypes.Tenant, Adatum.OrganizationName));
                     break;
                 case "FABRIKAM":
                     var fabrikamClaimTypesToCopy = new[]
-                    {
-                        WSIdentityConstants.ClaimTypes.Name
-                    };
+                                                       {
+                                                           WSIdentityConstants.ClaimTypes.Name
+                                                       };
                     CopyClaims(input, fabrikamClaimTypesToCopy, output);
                     TransformClaims(input, AllOrganizations.ClaimTypes.Group, Fabrikam.Groups.MarketingManagers, ClaimTypes.Role, TailSpin.Roles.SurveyAdministrator, output);
                     output.Claims.Add(new Claim(TailSpin.ClaimTypes.Tenant, Fabrikam.OrganizationName));
@@ -94,7 +56,40 @@ protected override IClaimsIdentity GetOutputClaimsIdentity(IClaimsPrincipal prin
             }
 
             return output;
-        }      
+        }
+
+        protected override Scope GetScope(IClaimsPrincipal principal, RequestSecurityToken request)
+        {
+            Scope scope = new Scope(request.AppliesTo.Uri.AbsoluteUri, this.SecurityTokenServiceConfiguration.SigningCredentials);
+
+            string encryptingCertificateName = WebConfigurationManager.AppSettings[ApplicationSettingsNames.EncryptingCertificateName];
+            if (!string.IsNullOrEmpty(encryptingCertificateName))
+            {
+                scope.EncryptingCredentials = new X509EncryptingCredentials(CertificateUtilities.GetCertificate(StoreName.My, StoreLocation.LocalMachine, encryptingCertificateName));
+            }
+            else
+            {
+                scope.TokenEncryptionRequired = false;
+            }
+
+            if (!string.IsNullOrEmpty(request.ReplyTo))
+            {
+                scope.ReplyToAddress = request.ReplyTo;
+            }
+            else
+            {
+                scope.ReplyToAddress = scope.AppliesToAddress;
+            }
+
+            scope.TokenEncryptionRequired = false;
+
+            return scope;
+        }
+
+        private static void CopyClaims(IClaimsIdentity input, IEnumerable<string> claimTypes, IClaimsIdentity output)
+        {
+            output.Claims.CopyRange(input.Claims.Where(c => claimTypes.Contains(c.ClaimType)));
+        }
 
         private static void TransformClaims(IClaimsIdentity input, string inputClaimType, string inputClaimValue, string outputClaimType, string outputClaimValue, IClaimsIdentity output)
         {
@@ -113,10 +108,5 @@ private static void TransformClaims(IClaimsIdentity input, string inputClaimType
                 }
             }
         }
-
-        private static void CopyClaims(IClaimsIdentity input, IEnumerable<string> claimTypes, IClaimsIdentity output)
-        {
-            output.Claims.CopyRange(input.Claims.Where(c => claimTypes.Contains(c.ClaimType)));
-        }
     }
 }
diff --git a/TailSpin/TailSpin.Web/Controllers/ClaimsAuthenticationController.cs b/TailSpin/TailSpin.Web/Controllers/ClaimsAuthenticationController.cs
@@ -12,7 +12,7 @@
     public class ClaimsAuthenticationController : Controller
     {
         private const string IdentityProviderJsonEndpoint =
-            "https://{0}.accesscontrol.windows.net:443/v2/metadata/IdentityProviders.js?protocol=wsfederation&realm={1}&reply_to=&context=&request_id=&version=1.0";
+            "https://{0}.accesscontrol.windows.net:443/v2/metadata/IdentityProviders.js?protocol=wsfederation&realm={1}&reply_to=&context=/Survey/Surveys&request_id=&version=1.0";
 
         [ValidateInput(false)]
         [HttpPost]

diff --git a/TailSpin/TailSpin.Web/Security/AuthenticateAndAuthorizeAttribute.cs b/TailSpin/TailSpin.Web/Security/AuthenticateAndAuthorizeAttribute.cs
@@ -1,16 +1,20 @@
 namespace TailSpin.Web.Security
 {
     using System;
+    using System.Collections.Generic;
     using System.Configuration;
     using System.Globalization;
+    using System.Linq;
     using System.Text;
     using System.Web;
     using System.Web.Mvc;
     using System.Web.Routing;
+    using Microsoft.IdentityModel.Claims;
     using Microsoft.IdentityModel.Protocols.WSFederation;
     using Microsoft.IdentityModel.Web;
     using Samples.Web.ClaimsUtillities;
     using TailSpin.Web.Controllers;
+    using AuthorizationContext = System.Web.Mvc.AuthorizationContext;
 
     [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
     public sealed class AuthenticateAndAuthorizeAttribute : FilterAttribute, IAuthorizationFilter
@@ -29,9 +33,12 @@ public void OnAuthorization(AuthorizationContext filterContext)
                 throw new NotSupportedException("The AuthenticateAndAuthorize attribute can only be used in controllers that inherit from TenantController.");
             }
 
-            var tenantName = (string) filterContext.RouteData.Values["tenant"];
+            IClaimsPrincipal claimsPrincipal = filterContext.HttpContext.User as IClaimsPrincipal;
+            ClaimsIdentity id = claimsPrincipal.Identity as ClaimsIdentity;
+            var tenantName = id.Claims.Where(x => x.ClaimType == TailSpin.ClaimTypes.Tenant).SingleOrDefault();
+            //var tenantName =  (string) filterContext.RouteData.Values["tenant"];
             var tenantController = filterContext.Controller as TenantController;
-            var tenant = tenantController.TenantStore.GetTenant(tenantName);
+            var tenant = tenantController.TenantStore.GetTenant(tenantName.Value);
             if (tenant == null)
             {
                 throw new ArgumentException(string.Format(CultureInfo.CurrentUICulture, "'{0}' is not a valid tenant.", tenantName));