2

I have built a winforms app in c# to request an auth token from ADFS (windowsmixed), which works fine, and I'm issued a token. I'm using WIF/ThinkTecture IdentityModel.

What is the best way to cache/save the token locally and then re-load the token (so i can then validate)?

I'm issued a token in the form of a GenericXmlSecurityToken object. Whats the best way to save/cache this to a file and then reload/serialize it into a new GenericXmlSecurityToken object?

I can convert the token to string and save:

string strToken = ((GenericXmlSecurityToken)genericToken).TokenXml.OuterXml;

But I'm not sure how to re-serializer this string back into GenericXmlSecurityToken or even if this is the best approach (I appreciate extra security is required when saving the token to disk, thats a future task).

Developr
  • 447
  • 8
  • 21

2 Answers2

0

Using System.IdentityModel you can serialize a GenericXmlSecurityToken to Xml. Here is a post by Shawn Cicoria giving an example on how to do this: http://geekswithblogs.net/cicorias/archive/2012/03/22/getting-a-securitytoken-from-a-requestsecuritytokenresponse-in-wif.aspx

Given the serialized token, you will have to devise a way to save it.

Note: Add a reference to System.IdentityModel and System.IdentityModel.Services if you do not have them already.

TimS
  • 3
  • 3
Konnor Andrews
  • 109
  • 3
0

If you just want deserialized token to i.e. initialize WCF (I think the name of the method is something like create WithIssuedToken) you can just use constructor of GenericXmlSecurityToken. Use only the XmlElement tokenXml parameter and leave the others as null (or some defaults for DateTime parameters)

var xmlToken = new GenericXmlSecurityToken(
        tokenXmlElement,
        null,
        DateTime.Now,
        DateTime.Now.AddHours(1),
        null,
        null,
        null);

I should note that the instance will have properties (like effectiveTime and expirationTime) that will not correspond to the actual values from the now being deserialed SecurityToken (because you set them manually in the constructor). But WCF will use the real information in the token so it will work this way.

pepo
  • 8,644
  • 2
  • 27
  • 42
  • This won't work if a delegation token issued by AD FS is base64 encoded and then instantiated this way when it's used to call a service. It "might" have something to do with the ExternalTokenReference, InternalTokenReference, and ProofToken being null here, but I'm not certain. I do know that the following error will be thrown in this scenario: System.ServiceModel.Security.MessageSecurityException Unable to create token reference. But it does work fine for non-delegation tokens. (Delegation tokens being tokens issued by AD FS during identity delegation.) – Toby Artisan Jun 27 '18 at 21:15