Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / ServiceModel / System / ServiceModel / Channels / SymmetricSecurityBindingElement.cs / 1 / SymmetricSecurityBindingElement.cs
//------------------------------------------------------------------------------ // Copyright (c) Microsoft Corporation. All rights reserved. //----------------------------------------------------------------------------- namespace System.ServiceModel.Channels { using System; using System.ServiceModel.Description; using System.Xml; using System.Collections.Generic; using System.Globalization; using System.Runtime.Serialization; using System.ServiceModel; using System.ServiceModel.Security; using System.ServiceModel.Security.Tokens; using System.ServiceModel.Dispatcher; using System.Net.Security; using System.Text; public sealed class SymmetricSecurityBindingElement : SecurityBindingElement, IPolicyExportExtension { MessageProtectionOrder messageProtectionOrder; SecurityTokenParameters protectionTokenParameters; bool requireSignatureConfirmation; SymmetricSecurityBindingElement(SymmetricSecurityBindingElement elementToBeCloned) : base(elementToBeCloned) { this.messageProtectionOrder = elementToBeCloned.messageProtectionOrder; if (elementToBeCloned.protectionTokenParameters != null) this.protectionTokenParameters = (SecurityTokenParameters)elementToBeCloned.protectionTokenParameters.Clone(); this.requireSignatureConfirmation = elementToBeCloned.requireSignatureConfirmation; } public SymmetricSecurityBindingElement() : this((SecurityTokenParameters)null) { // empty } public SymmetricSecurityBindingElement(SecurityTokenParameters protectionTokenParameters) : base() { this.messageProtectionOrder = SecurityBindingElement.defaultMessageProtectionOrder; this.requireSignatureConfirmation = SecurityBindingElement.defaultRequireSignatureConfirmation; this.protectionTokenParameters = protectionTokenParameters; } public bool RequireSignatureConfirmation { get { return this.requireSignatureConfirmation; } set { this.requireSignatureConfirmation = value; } } public MessageProtectionOrder MessageProtectionOrder { get { return this.messageProtectionOrder; } set { if (!MessageProtectionOrderHelper.IsDefined(value)) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value")); this.messageProtectionOrder = value; } } public SecurityTokenParameters ProtectionTokenParameters { get { return this.protectionTokenParameters; } set { this.protectionTokenParameters = value; } } internal override ISecurityCapabilities GetIndividualISecurityCapabilities() { bool supportsServerAuthentication = false; bool supportsClientAuthentication; bool supportsClientWindowsIdentity; GetSupportingTokensCapabilities(out supportsClientAuthentication, out supportsClientWindowsIdentity); if (ProtectionTokenParameters != null) { supportsClientAuthentication = supportsClientAuthentication || ProtectionTokenParameters.SupportsClientAuthentication; supportsClientWindowsIdentity = supportsClientWindowsIdentity || ProtectionTokenParameters.SupportsClientWindowsIdentity; if (ProtectionTokenParameters.HasAsymmetricKey) { supportsServerAuthentication = ProtectionTokenParameters.SupportsClientAuthentication; } else { supportsServerAuthentication = ProtectionTokenParameters.SupportsServerAuthentication; } } return new SecurityCapabilities(supportsClientAuthentication, supportsServerAuthentication, supportsClientWindowsIdentity, ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign); } internal override bool SessionMode { get { SecureConversationSecurityTokenParameters secureConversationTokenParameters = this.ProtectionTokenParameters as SecureConversationSecurityTokenParameters; if (secureConversationTokenParameters != null) return secureConversationTokenParameters.RequireCancellation; else return false; } } internal override bool SupportsDuplex { get { return this.SessionMode; } } internal override bool SupportsRequestReply { get { return true; } } public override void SetKeyDerivation(bool requireDerivedKeys) { base.SetKeyDerivation(requireDerivedKeys); if (this.protectionTokenParameters != null) this.protectionTokenParameters.RequireDerivedKeys = requireDerivedKeys; } internal override bool IsSetKeyDerivation(bool requireDerivedKeys) { if (!base.IsSetKeyDerivation(requireDerivedKeys)) return false; if (this.protectionTokenParameters != null && this.protectionTokenParameters.RequireDerivedKeys != requireDerivedKeys) return false; return true; } internal override SecurityProtocolFactory CreateSecurityProtocolFactory(BindingContext context, SecurityCredentialsManager credentialsManager, bool isForService, BindingContext issuerBindingContext) { if (context == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); if (credentialsManager == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("credentialsManager"); if (this.ProtectionTokenParameters == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SymmetricSecurityBindingElementNeedsProtectionTokenParameters, this.ToString()))); } SymmetricSecurityProtocolFactory protocolFactory = new SymmetricSecurityProtocolFactory(); if (isForService) { base.ApplyAuditBehaviorSettings(context, protocolFactory); } protocolFactory.SecurityTokenParameters = (SecurityTokenParameters)this.ProtectionTokenParameters.Clone(); SetIssuerBindingContextIfRequired(protocolFactory.SecurityTokenParameters, issuerBindingContext); protocolFactory.ApplyConfidentiality = true; protocolFactory.RequireConfidentiality = true; protocolFactory.ApplyIntegrity = true; protocolFactory.RequireIntegrity = true; protocolFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier; protocolFactory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation; protocolFactory.MessageProtectionOrder = this.MessageProtectionOrder; protocolFactory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, isForService)); base.ConfigureProtocolFactory(protocolFactory, credentialsManager, isForService, issuerBindingContext, context.Binding); return protocolFactory; } internal override bool RequiresChannelDemuxer() { return (base.RequiresChannelDemuxer() || RequiresChannelDemuxer(this.ProtectionTokenParameters)); } protected override IChannelFactory BuildChannelFactoryCore (BindingContext context) { ISecurityCapabilities securityCapabilities = this.GetProperty (context); SecurityCredentialsManager credentialsManager = context.BindingParameters.Find (); if (credentialsManager == null) { credentialsManager = ClientCredentials.CreateDefaultCredentials(); } // This adds the demuxer element to the context. We add a demuxer element only if the binding is configured to do // secure conversation or negotiation ChannelBuilder channelBuilder = new ChannelBuilder(context, RequiresChannelDemuxer()); BindingContext issuerBindingContext = context.Clone(); SecurityChannelFactory channelFactory; if (this.ProtectionTokenParameters is SecureConversationSecurityTokenParameters) { SecureConversationSecurityTokenParameters scParameters = (SecureConversationSecurityTokenParameters)this.ProtectionTokenParameters; if (scParameters.BootstrapSecurityBindingElement == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SecureConversationSecurityTokenParametersRequireBootstrapBinding))); BindingContext scIssuerBindingContext = issuerBindingContext.Clone(); scIssuerBindingContext.BindingParameters.Remove (); scIssuerBindingContext.BindingParameters.Add(scParameters.BootstrapProtectionRequirements); if (scParameters.RequireCancellation) { SessionSymmetricMessageSecurityProtocolFactory sessionFactory = new SessionSymmetricMessageSecurityProtocolFactory(); sessionFactory.SecurityTokenParameters = scParameters.Clone(); ((SecureConversationSecurityTokenParameters)sessionFactory.SecurityTokenParameters).IssuerBindingContext = scIssuerBindingContext; sessionFactory.ApplyConfidentiality = true; sessionFactory.RequireConfidentiality = true; sessionFactory.ApplyIntegrity = true; sessionFactory.RequireIntegrity = true; sessionFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier; sessionFactory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation; sessionFactory.MessageProtectionOrder = this.MessageProtectionOrder; sessionFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier; sessionFactory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, false)); base.ConfigureProtocolFactory(sessionFactory, credentialsManager, false, issuerBindingContext, context.Binding); SecuritySessionClientSettings sessionClientSettings = new SecuritySessionClientSettings (); sessionClientSettings.ChannelBuilder = channelBuilder; sessionClientSettings.KeyRenewalInterval = this.LocalClientSettings.SessionKeyRenewalInterval; sessionClientSettings.KeyRolloverInterval = this.LocalClientSettings.SessionKeyRolloverInterval; sessionClientSettings.TolerateTransportFailures = this.LocalClientSettings.ReconnectTransportOnFailure; sessionClientSettings.IssuedSecurityTokenParameters = scParameters.Clone(); ((SecureConversationSecurityTokenParameters)sessionClientSettings.IssuedSecurityTokenParameters).IssuerBindingContext = issuerBindingContext; sessionClientSettings.SecurityStandardsManager = sessionFactory.StandardsManager; sessionClientSettings.SessionProtocolFactory = sessionFactory; channelFactory = new SecurityChannelFactory (securityCapabilities, context, sessionClientSettings); } else { SymmetricSecurityProtocolFactory protocolFactory = new SymmetricSecurityProtocolFactory(); protocolFactory.SecurityTokenParameters = scParameters.Clone(); ((SecureConversationSecurityTokenParameters)protocolFactory.SecurityTokenParameters).IssuerBindingContext = scIssuerBindingContext; protocolFactory.ApplyConfidentiality = true; protocolFactory.RequireConfidentiality = true; protocolFactory.ApplyIntegrity = true; protocolFactory.RequireIntegrity = true; protocolFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier; protocolFactory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation; protocolFactory.MessageProtectionOrder = this.MessageProtectionOrder; protocolFactory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, false)); base.ConfigureProtocolFactory(protocolFactory, credentialsManager, false, issuerBindingContext, context.Binding); channelFactory = new SecurityChannelFactory (securityCapabilities, context, channelBuilder, protocolFactory); } } else { SecurityProtocolFactory protocolFactory = this.CreateSecurityProtocolFactory (context, credentialsManager, false, issuerBindingContext); channelFactory = new SecurityChannelFactory (securityCapabilities, context, channelBuilder, protocolFactory); } return channelFactory; } protected override IChannelListener BuildChannelListenerCore (BindingContext context) { SecurityChannelListener channelListener = new SecurityChannelListener (this, context); SecurityCredentialsManager credentialsManager = context.BindingParameters.Find (); if (credentialsManager == null) credentialsManager = ServiceCredentials.CreateDefaultCredentials(); // This adds the demuxer element to the context. We add a demuxer element only if the binding is configured to do // secure conversation or negotiation ChannelBuilder channelBuilder = new ChannelBuilder(context, RequiresChannelDemuxer()); BindingContext issuerBindingContext = context.Clone(); if (this.ProtectionTokenParameters is SecureConversationSecurityTokenParameters) { SecureConversationSecurityTokenParameters scParameters = (SecureConversationSecurityTokenParameters)this.ProtectionTokenParameters; if (scParameters.BootstrapSecurityBindingElement == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SecureConversationSecurityTokenParametersRequireBootstrapBinding))); BindingContext scIssuerBindingContext = issuerBindingContext.Clone(); scIssuerBindingContext.BindingParameters.Remove (); scIssuerBindingContext.BindingParameters.Add(scParameters.BootstrapProtectionRequirements); IMessageFilterTable endpointFilterTable = context.BindingParameters.Find >(); AddDemuxerForSecureConversation(channelBuilder, scIssuerBindingContext); if (scParameters.RequireCancellation) { SessionSymmetricMessageSecurityProtocolFactory sessionFactory = new SessionSymmetricMessageSecurityProtocolFactory(); base.ApplyAuditBehaviorSettings(context, sessionFactory); sessionFactory.SecurityTokenParameters = scParameters.Clone(); ((SecureConversationSecurityTokenParameters)sessionFactory.SecurityTokenParameters).IssuerBindingContext = scIssuerBindingContext; sessionFactory.ApplyConfidentiality = true; sessionFactory.RequireConfidentiality = true; sessionFactory.ApplyIntegrity = true; sessionFactory.RequireIntegrity = true; sessionFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier; sessionFactory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation; sessionFactory.MessageProtectionOrder = this.MessageProtectionOrder; sessionFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier; sessionFactory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, true)); base.ConfigureProtocolFactory(sessionFactory, credentialsManager, true, issuerBindingContext, context.Binding); channelListener.SessionMode = true; channelListener.SessionServerSettings.InactivityTimeout = this.LocalServiceSettings.InactivityTimeout; channelListener.SessionServerSettings.KeyRolloverInterval = this.LocalServiceSettings.SessionKeyRolloverInterval; channelListener.SessionServerSettings.MaximumPendingSessions = this.LocalServiceSettings.MaxPendingSessions; channelListener.SessionServerSettings.MaximumKeyRenewalInterval = this.LocalServiceSettings.SessionKeyRenewalInterval; channelListener.SessionServerSettings.TolerateTransportFailures = this.LocalServiceSettings.ReconnectTransportOnFailure; channelListener.SessionServerSettings.IssuedSecurityTokenParameters = scParameters.Clone(); ((SecureConversationSecurityTokenParameters)channelListener.SessionServerSettings.IssuedSecurityTokenParameters).IssuerBindingContext = scIssuerBindingContext; channelListener.SessionServerSettings.SecurityStandardsManager = sessionFactory.StandardsManager; channelListener.SessionServerSettings.SessionProtocolFactory = sessionFactory; channelListener.SessionServerSettings.SessionProtocolFactory.EndpointFilterTable = endpointFilterTable; // pass in the error handler for handling unknown security sessions - dont do this if the underlying channel is duplex since sending // back faults in response to badly secured requests over duplex can result in DoS. if (context.BindingParameters != null && context.BindingParameters.Find () == null && !IsUnderlyingListenerDuplex (context)) { context.BindingParameters.Add(new SecuritySessionServerSettings.SecuritySessionDemuxFailureHandler(sessionFactory.StandardsManager)); } } else { SymmetricSecurityProtocolFactory protocolFactory = new SymmetricSecurityProtocolFactory(); base.ApplyAuditBehaviorSettings(context, protocolFactory); protocolFactory.SecurityTokenParameters = scParameters.Clone(); ((SecureConversationSecurityTokenParameters)protocolFactory.SecurityTokenParameters).IssuerBindingContext = scIssuerBindingContext; protocolFactory.ApplyConfidentiality = true; protocolFactory.RequireConfidentiality = true; protocolFactory.ApplyIntegrity = true; protocolFactory.RequireIntegrity = true; protocolFactory.IdentityVerifier = this.LocalClientSettings.IdentityVerifier; protocolFactory.DoRequestSignatureConfirmation = this.RequireSignatureConfirmation; protocolFactory.MessageProtectionOrder = this.MessageProtectionOrder; protocolFactory.ProtectionRequirements.Add(SecurityBindingElement.ComputeProtectionRequirements(this, context.BindingParameters, context.Binding.Elements, true)); protocolFactory.EndpointFilterTable = endpointFilterTable; base.ConfigureProtocolFactory(protocolFactory, credentialsManager, true, issuerBindingContext, context.Binding); channelListener.SecurityProtocolFactory = protocolFactory; } } else { SecurityProtocolFactory protocolFactory = this.CreateSecurityProtocolFactory (context, credentialsManager, true, issuerBindingContext); channelListener.SecurityProtocolFactory = protocolFactory; } channelListener.InitializeListener(channelBuilder); return channelListener; } public override T GetProperty (BindingContext context) { if (context == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); if (typeof(T) == typeof(ChannelProtectionRequirements)) { AddressingVersion addressing = MessageVersion.Default.Addressing; #pragma warning suppress 56506 MessageEncodingBindingElement encoding = context.Binding.Elements.Find (); if (encoding != null) { addressing = encoding.MessageVersion.Addressing; } ChannelProtectionRequirements myRequirements = base.GetProtectionRequirements(addressing, ProtectionLevel.EncryptAndSign); myRequirements.Add(context.GetInnerProperty ()??new ChannelProtectionRequirements()); return (T)(object)myRequirements; } else { return base.GetProperty (context); } } public override string ToString() { StringBuilder sb = new StringBuilder(); sb.AppendLine(base.ToString()); sb.AppendLine(String.Format(CultureInfo.InvariantCulture, "MessageProtectionOrder: {0}", this.messageProtectionOrder.ToString())); sb.AppendLine(String.Format(CultureInfo.InvariantCulture, "RequireSignatureConfirmation: {0}", this.requireSignatureConfirmation.ToString())); sb.Append("ProtectionTokenParameters: "); if (this.protectionTokenParameters != null) sb.AppendLine(this.protectionTokenParameters.ToString().Trim().Replace("\n", "\n ")); else sb.AppendLine("null"); return sb.ToString().Trim(); } public override BindingElement Clone() { return new SymmetricSecurityBindingElement(this); } void IPolicyExportExtension.ExportPolicy(MetadataExporter exporter, PolicyConversionContext context) { SecurityBindingElement.ExportPolicy(exporter, context); } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- ArrayTypeMismatchException.cs
- HScrollProperties.cs
- DataGridViewCellParsingEventArgs.cs
- streamingZipPartStream.cs
- HexParser.cs
- DodSequenceMerge.cs
- ObfuscateAssemblyAttribute.cs
- StringKeyFrameCollection.cs
- OptionalRstParameters.cs
- DynamicMethod.cs
- StructuredTypeEmitter.cs
- ApplicationServiceHelper.cs
- FixUpCollection.cs
- CfgSemanticTag.cs
- RootBrowserWindow.cs
- BrushConverter.cs
- WebEventCodes.cs
- BaseProcessor.cs
- IndexedGlyphRun.cs
- TreeViewEvent.cs
- MessageHeaderException.cs
- XmlDocumentFragment.cs
- FormViewUpdateEventArgs.cs
- BaseCollection.cs
- IteratorFilter.cs
- shaperfactoryquerycachekey.cs
- ViewSimplifier.cs
- PeerChannelListener.cs
- TextRange.cs
- ParseHttpDate.cs
- WebPartVerbCollection.cs
- JpegBitmapEncoder.cs
- UnsafeNativeMethods.cs
- ParagraphVisual.cs
- XPathDocumentIterator.cs
- dsa.cs
- XmlWhitespace.cs
- Section.cs
- UITypeEditor.cs
- GenericAuthenticationEventArgs.cs
- TransformerInfo.cs
- Vector3D.cs
- BadImageFormatException.cs
- WebServiceFaultDesigner.cs
- XmlDataSource.cs
- httpserverutility.cs
- DecoderReplacementFallback.cs
- Restrictions.cs
- Panel.cs
- MessageOperationFormatter.cs
- MasterPageParser.cs
- CngAlgorithm.cs
- AppSecurityManager.cs
- ExpressionQuoter.cs
- DependencyObject.cs
- PersonalizationStateQuery.cs
- CacheChildrenQuery.cs
- EntityDataSourceContextCreatingEventArgs.cs
- CollectionViewGroupRoot.cs
- TcpConnectionPoolSettings.cs
- QuaternionIndependentAnimationStorage.cs
- NaturalLanguageHyphenator.cs
- KerberosSecurityTokenProvider.cs
- RoamingStoreFileUtility.cs
- ConnectionStringEditor.cs
- ExpressionValueEditor.cs
- ScriptingWebServicesSectionGroup.cs
- COM2PropertyPageUITypeConverter.cs
- DbMetaDataCollectionNames.cs
- Stopwatch.cs
- FixedTextView.cs
- ToolboxItemCollection.cs
- GlyphTypeface.cs
- FaultPropagationRecord.cs
- DeploymentSectionCache.cs
- ItemsControlAutomationPeer.cs
- Page.cs
- XmlQualifiedNameTest.cs
- ObjectPersistData.cs
- RefType.cs
- TypefaceMap.cs
- sqlstateclientmanager.cs
- TimeIntervalCollection.cs
- GestureRecognizer.cs
- TextSelectionProcessor.cs
- DateTimeFormat.cs
- XPathNodeIterator.cs
- TrustSection.cs
- TagNameToTypeMapper.cs
- AnimationTimeline.cs
- SpeechUI.cs
- MenuBase.cs
- DebugView.cs
- ArrayTypeMismatchException.cs
- SerialStream.cs
- CountdownEvent.cs
- handlecollector.cs
- StretchValidation.cs
- FileChangesMonitor.cs
- TraceRecord.cs