Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / ServiceModel / System / ServiceModel / FederatedMessageSecurityOverHttp.cs / 1 / FederatedMessageSecurityOverHttp.cs
//------------------------------------------------------------
// Copyright (c) Microsoft Corporation. All rights reserved.
//-----------------------------------------------------------
namespace System.ServiceModel
{
using System.Collections.ObjectModel;
using System.ServiceModel.Channels;
using System.Xml;
using System.Net.Security;
using System.IdentityModel.Tokens;
using System.ServiceModel.Security;
using System.ServiceModel.Security.Tokens;
using System.Runtime.CompilerServices;
public sealed class FederatedMessageSecurityOverHttp
{
internal const bool DefaultNegotiateServiceCredential = true;
internal const SecurityKeyType DefaultIssuedKeyType = SecurityKeyType.SymmetricKey;
bool negotiateServiceCredential;
SecurityAlgorithmSuite algorithmSuite;
EndpointAddress issuerAddress;
EndpointAddress issuerMetadataAddress;
Binding issuerBinding;
Collection claimTypeRequirements;
string issuedTokenType;
SecurityKeyType issuedKeyType;
Collection tokenRequestParameters;
internal FederatedMessageSecurityOverHttp()
{
negotiateServiceCredential = DefaultNegotiateServiceCredential;
algorithmSuite = SecurityAlgorithmSuite.Default;
issuedKeyType = DefaultIssuedKeyType;
claimTypeRequirements = new Collection();
tokenRequestParameters = new Collection();
}
public bool NegotiateServiceCredential
{
get { return this.negotiateServiceCredential; }
set { this.negotiateServiceCredential = value; }
}
public SecurityAlgorithmSuite AlgorithmSuite
{
get { return this.algorithmSuite; }
set
{
if (value == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value");
}
this.algorithmSuite = value;
}
}
public EndpointAddress IssuerAddress
{
get { return this.issuerAddress; }
set { this.issuerAddress = value; }
}
public EndpointAddress IssuerMetadataAddress
{
get { return this.issuerMetadataAddress; }
set { this.issuerMetadataAddress = value; }
}
public Binding IssuerBinding
{
get
{
return this.issuerBinding;
}
set
{
this.issuerBinding = value;
}
}
public string IssuedTokenType
{
get { return this.issuedTokenType; }
set { this.issuedTokenType = value; }
}
public SecurityKeyType IssuedKeyType
{
get { return this.issuedKeyType; }
set
{
if (!SecurityKeyTypeHelper.IsDefined(value))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value"));
}
this.issuedKeyType = value;
}
}
public Collection ClaimTypeRequirements
{
get { return this.claimTypeRequirements; }
}
public Collection TokenRequestParameters
{
get { return this.tokenRequestParameters; }
}
[MethodImpl(MethodImplOptions.NoInlining)]
internal SecurityBindingElement CreateSecurityBindingElement(bool isSecureTransportMode,
bool isReliableSession,
MessageSecurityVersion version)
{
if((this.IssuedKeyType == SecurityKeyType.BearerKey) &&
(version.TrustVersion == TrustVersion.WSTrustFeb2005))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.BearerKeyIncompatibleWithWSFederationHttpBinding)));
}
SecurityBindingElement result;
bool emitBspAttributes = true;
IssuedSecurityTokenParameters issuedParameters = new IssuedSecurityTokenParameters(this.IssuedTokenType, this.IssuerAddress, this.IssuerBinding);
issuedParameters.IssuerMetadataAddress = this.issuerMetadataAddress;
issuedParameters.KeyType = this.IssuedKeyType;
if (this.IssuedKeyType == SecurityKeyType.SymmetricKey)
{
issuedParameters.KeySize = this.AlgorithmSuite.DefaultSymmetricKeyLength;
}
else
{
issuedParameters.KeySize = 0;
}
foreach (ClaimTypeRequirement c in this.claimTypeRequirements)
{
issuedParameters.ClaimTypeRequirements.Add(c);
}
foreach (XmlElement p in this.TokenRequestParameters)
{
issuedParameters.AdditionalRequestParameters.Add(p);
}
WSSecurityTokenSerializer versionSpecificSerializer = new WSSecurityTokenSerializer(version.SecurityVersion,
version.TrustVersion,
version.SecureConversationVersion,
emitBspAttributes,
null, null, null);
SecurityStandardsManager versionSpecificStandardsManager = new SecurityStandardsManager(version, versionSpecificSerializer);
issuedParameters.AddAlgorithmParameters(this.AlgorithmSuite, versionSpecificStandardsManager, this.issuedKeyType);
SecurityBindingElement issuedTokenSecurity;
if (isSecureTransportMode)
{
issuedTokenSecurity = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(issuedParameters);
}
else
{
if (negotiateServiceCredential)
{
// We should have passed 'true' as RequireCancelation to be consistent with other standard bindings.
// However, to limit the change for Orcas, we scope down to just newer version of WSSecurityPolicy.
issuedTokenSecurity = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(issuedParameters, version.SecurityPolicyVersion != SecurityPolicyVersion.WSSecurityPolicy11);
}
else
{
issuedTokenSecurity = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(issuedParameters);
}
}
issuedTokenSecurity.MessageSecurityVersion = version;
issuedTokenSecurity.DefaultAlgorithmSuite = this.AlgorithmSuite;
result = SecurityBindingElement.CreateSecureConversationBindingElement(issuedTokenSecurity, true);
result.MessageSecurityVersion = version;
result.DefaultAlgorithmSuite = this.AlgorithmSuite;
result.IncludeTimestamp = true;
if (!isReliableSession)
{
result.LocalServiceSettings.ReconnectTransportOnFailure = false;
result.LocalClientSettings.ReconnectTransportOnFailure = false;
}
else
{
result.LocalServiceSettings.ReconnectTransportOnFailure = true;
result.LocalClientSettings.ReconnectTransportOnFailure = true;
}
return result;
}
internal static bool TryCreate(SecurityBindingElement sbe, bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version, out FederatedMessageSecurityOverHttp messageSecurity)
{
DiagnosticUtility.DebugAssert(null != sbe, string.Empty);
messageSecurity = null;
// do not check local settings: sbe.LocalServiceSettings and sbe.LocalClientSettings
if (!sbe.IncludeTimestamp)
return false;
if (sbe.SecurityHeaderLayout != SecurityProtocolFactory.defaultSecurityHeaderLayout)
return false;
bool emitBspAttributes = true;
// Do not check MessageSecurityVersion: it maybe changed by the wrapper element and gets checked later in the SecuritySection.AreBindingsMatching()
SecurityBindingElement bootstrapSecurity;
if (!SecurityBindingElement.IsSecureConversationBinding(sbe, true, out bootstrapSecurity))
return false;
if (isSecureTransportMode && !(bootstrapSecurity is TransportSecurityBindingElement))
return false;
bool negotiateServiceCredential = DefaultNegotiateServiceCredential;
IssuedSecurityTokenParameters issuedTokenParameters;
if (isSecureTransportMode)
{
if (!SecurityBindingElement.IsIssuedTokenOverTransportBinding(bootstrapSecurity, out issuedTokenParameters))
return false;
}
else
{
// We should have passed 'true' as RequireCancelation to be consistent with other standard bindings.
// However, to limit the change for Orcas, we scope down to just newer version of WSSecurityPolicy.
if (SecurityBindingElement.IsIssuedTokenForSslBinding(bootstrapSecurity, version.SecurityPolicyVersion != SecurityPolicyVersion.WSSecurityPolicy11, out issuedTokenParameters))
negotiateServiceCredential = true;
else if (SecurityBindingElement.IsIssuedTokenForCertificateBinding(bootstrapSecurity, out issuedTokenParameters))
negotiateServiceCredential = false;
else
return false;
}
if ((issuedTokenParameters.KeyType == SecurityKeyType.BearerKey) &&
(version.TrustVersion == TrustVersion.WSTrustFeb2005))
{
return false;
}
Collection nonAlgorithmRequestParameters;
WSSecurityTokenSerializer versionSpecificSerializer = new WSSecurityTokenSerializer(version.SecurityVersion,
version.TrustVersion,
version.SecureConversationVersion,
emitBspAttributes,
null, null, null);
SecurityStandardsManager versionSpecificStandardsManager = new SecurityStandardsManager(version, versionSpecificSerializer);
if (!issuedTokenParameters.DoAlgorithmsMatch(sbe.DefaultAlgorithmSuite,
versionSpecificStandardsManager,
out nonAlgorithmRequestParameters))
{
return false;
}
messageSecurity = new FederatedMessageSecurityOverHttp();
messageSecurity.AlgorithmSuite = sbe.DefaultAlgorithmSuite;
messageSecurity.NegotiateServiceCredential = negotiateServiceCredential;
messageSecurity.IssuedTokenType = issuedTokenParameters.TokenType;
messageSecurity.IssuerAddress = issuedTokenParameters.IssuerAddress;
messageSecurity.IssuerBinding = issuedTokenParameters.IssuerBinding;
messageSecurity.IssuerMetadataAddress = issuedTokenParameters.IssuerMetadataAddress;
messageSecurity.IssuedKeyType = issuedTokenParameters.KeyType;
foreach (ClaimTypeRequirement c in issuedTokenParameters.ClaimTypeRequirements)
{
messageSecurity.ClaimTypeRequirements.Add(c);
}
foreach (XmlElement p in nonAlgorithmRequestParameters)
{
messageSecurity.TokenRequestParameters.Add(p);
}
if (issuedTokenParameters.AlternativeIssuerEndpoints != null && issuedTokenParameters.AlternativeIssuerEndpoints.Count > 0)
{
return false;
}
return true;
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- XmlElementAttribute.cs
- HttpHeaderCollection.cs
- XmlILStorageConverter.cs
- EnumerableCollectionView.cs
- TypeRefElement.cs
- AuthorizationSection.cs
- SqlAliasesReferenced.cs
- SelectionUIService.cs
- RegistryExceptionHelper.cs
- XD.cs
- Ray3DHitTestResult.cs
- ProtocolProfile.cs
- StrokeFIndices.cs
- HttpDigestClientElement.cs
- XPathDocumentBuilder.cs
- CodeVariableReferenceExpression.cs
- AsyncStreamReader.cs
- ImageCollectionEditor.cs
- AccessDataSource.cs
- CfgSemanticTag.cs
- UxThemeWrapper.cs
- UnsafeNativeMethodsPenimc.cs
- AddingNewEventArgs.cs
- RowToParametersTransformer.cs
- DesignerActionMethodItem.cs
- SspiNegotiationTokenProviderState.cs
- TextSelection.cs
- BaseAppDomainProtocolHandler.cs
- SafeHandle.cs
- ExpressionBuilderCollection.cs
- OutputScopeManager.cs
- Model3DCollection.cs
- TaskSchedulerException.cs
- WindowsImpersonationContext.cs
- PointAnimationUsingKeyFrames.cs
- UriTemplateTrieNode.cs
- _AcceptOverlappedAsyncResult.cs
- ObjectKeyFrameCollection.cs
- GridViewEditEventArgs.cs
- EventHandlersStore.cs
- DataKey.cs
- TableNameAttribute.cs
- UpDownBaseDesigner.cs
- ByteStorage.cs
- PointLightBase.cs
- M3DUtil.cs
- X509CertificateStore.cs
- ValidationErrorEventArgs.cs
- BrowserCapabilitiesCodeGenerator.cs
- EntityDataSource.cs
- ConfigXmlText.cs
- TerminatorSinks.cs
- EntityCommandExecutionException.cs
- AuthenticationManager.cs
- SignerInfo.cs
- SmiEventSink_Default.cs
- SharedDp.cs
- ColumnTypeConverter.cs
- IntSecurity.cs
- StringExpressionSet.cs
- SubpageParagraph.cs
- CodeAssignStatement.cs
- CodeExporter.cs
- WorkflowServiceBehavior.cs
- RenameRuleObjectDialog.Designer.cs
- EncoderParameter.cs
- ApplicationSecurityManager.cs
- SchemaImporterExtensionsSection.cs
- ComboBoxItem.cs
- ToolStripContentPanelRenderEventArgs.cs
- AmbientLight.cs
- NameValueCollection.cs
- ListBoxItem.cs
- ExtenderControl.cs
- Fonts.cs
- SafeMarshalContext.cs
- DocobjHost.cs
- TypeUsageBuilder.cs
- BinaryConverter.cs
- DrawListViewSubItemEventArgs.cs
- MsmqAuthenticationMode.cs
- ConfigurationValue.cs
- CredentialCache.cs
- BamlReader.cs
- DataGridTableCollection.cs
- httpstaticobjectscollection.cs
- WebPartVerb.cs
- WCFModelStrings.Designer.cs
- EntityTypeEmitter.cs
- ActivityInstanceReference.cs
- EditorPartChrome.cs
- ResourceExpressionBuilder.cs
- MemoryRecordBuffer.cs
- TogglePattern.cs
- ByteStack.cs
- UiaCoreApi.cs
- RelationshipWrapper.cs
- TdsParserStateObject.cs
- ModelItemCollectionImpl.cs
- FlowDocumentPaginator.cs