1.5.6. Creating the Web Service Consumer
The web service client
creates an SWT token with input claims and sends it to ACS to acquire
an SWT token with output claims. The web service client packages this
token into the header of the web service method call. The Client
project in the Visual Studio solution contains the implementation of
the web service client. Listing 8 shows the main method from Program.cs in the Client project.
Example 8. Main Method in Program.cs from the Web Service Client
static void Main() { Console.WriteLin("Enter your solution name, then press <ENTER>"); serviceNamespace = Console.ReadLine();
Console.WriteLine(); Console.WriteLine("Enter your issuer key, then press <ENTER>"); issuerKey = "K9GJNT96CQTL370TUnCyATOruMbnHVCLvb3RXO0g3z4="; // create a token with a group=user claim string userToken = GetUserToken();
// send the token to ACS string acsIssuedToken = SendSWTToACS(userToken, "http://localhost/acsexample");
// perform the calculator operations Console.WriteLine(); Console.WriteLine("Calling calculator with 'group=user' claim"); DoOperations(acsIssuedToken);
// create a token with a group=user,executive claim string executiveToken = GetUserAdminToken();
// send the token to ACS acsIssuedToken = SendSWTToACS(executiveToken, "http://localhost/acsexample");
// perform the calculator operations Console.WriteLine(); Console.WriteLine("Calling ACS Example with 'group=user,admin' claim"); DoOperations(acsIssuedToken);
Console.WriteLine(); Console.WriteLine("Done. Press <ENTER> to end"); Console.ReadLine(); }
|
The GetUserToken() method
creates an SWT token representing a user group and then calls the
SendSWTToACS() method to get the SWT token from ACS that's specific to
the user group. The code then calls the DoOperations() method, which
calls all the operations on the ACSMachineInfo web service. Then, the
GetUserAdminToken() method creates an SWT token that is sent to ACS to
get an ACS-issued token for the admin group. The code then calls the
DoOperations() method with the ACS-issued token. The output of the
method calls should indicate when the particular group has enough
permissions to call a web service method. The TokenFactory class
contains the necessary logic to create an SWT token to be sent to ACS. Listing 9 shows the code to create an SWT token.
Example 9. Creating an SWT Token
public string CreateToken(Dictionary<string, string> claims) { // check for dup claimtypes Dictionary<string, string> claimList = this.RemoveDuplicateClaimTypes(claims);
// build the claims string StringBuilder builder = new StringBuilder(); foreach (KeyValuePair<string, string> entry in claimList) { builder.Append(entry.Key); builder.Append('='); builder.Append(entry.Value); builder.Append('&'); }
// add the issuer name builder.Append("Issuer="); builder.Append(this.issuerName); builder.Append('&');
// add the Audience builder.Append("Audience="); builder.Append(string.Format("https://{0}.{1}/WRAPv0.8&", this.solutionName, this.acsHost));
// add the expires on date builder.Append("ExpiresOn="); builder.Append(GetExpiresOn(20));
string signature = this.GenerateSignature(builder.ToString(), this.signingKey); builder.Append("&HMACSHA256="); builder.Append(signature);
return builder.ToString(); }
|
You can see that
creating an SWT token is very simple because you create only certain
name/value pairs and POST them to the service namespace.