FederatedMessageSecurityOverHttp.cs source code in C# .NET

                        
Code:
                         / WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / ServiceModel / System / ServiceModel / FederatedMessageSecurityOverHttp.cs / 1 / FederatedMessageSecurityOverHttp.cs
                        

                        
                            //------------------------------------------------------------ 
// Copyright (c) Microsoft Corporation.  All rights reserved.
//-----------------------------------------------------------
namespace System.ServiceModel
{ 
    using System.Collections.ObjectModel;
    using System.ServiceModel.Channels; 
    using System.Xml; 
    using System.Net.Security;
    using System.IdentityModel.Tokens; 
    using System.ServiceModel.Security;
    using System.ServiceModel.Security.Tokens;
    using System.Runtime.CompilerServices;
 

    public sealed class FederatedMessageSecurityOverHttp 
    { 
        internal const bool DefaultNegotiateServiceCredential = true;
        internal const SecurityKeyType DefaultIssuedKeyType = SecurityKeyType.SymmetricKey; 

        bool negotiateServiceCredential;
        SecurityAlgorithmSuite algorithmSuite;
        EndpointAddress issuerAddress; 
        EndpointAddress issuerMetadataAddress;
        Binding issuerBinding; 
        Collection claimTypeRequirements; 
        string issuedTokenType;
        SecurityKeyType issuedKeyType; 
        Collection tokenRequestParameters;

        internal FederatedMessageSecurityOverHttp()
        { 
            negotiateServiceCredential = DefaultNegotiateServiceCredential;
            algorithmSuite = SecurityAlgorithmSuite.Default; 
            issuedKeyType = DefaultIssuedKeyType; 
            claimTypeRequirements = new Collection();
            tokenRequestParameters = new Collection(); 
        }

        public bool NegotiateServiceCredential
        { 
            get { return this.negotiateServiceCredential; }
            set { this.negotiateServiceCredential = value; } 
        } 

        public SecurityAlgorithmSuite AlgorithmSuite 
        {
            get { return this.algorithmSuite; }
            set
            { 
                if (value == null)
                { 
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value"); 
                }
                this.algorithmSuite = value; 
            }
        }

        public EndpointAddress IssuerAddress 
        {
            get { return this.issuerAddress; } 
            set { this.issuerAddress = value; } 
        }
 
        public EndpointAddress IssuerMetadataAddress
        {
            get { return this.issuerMetadataAddress; }
            set { this.issuerMetadataAddress = value; } 
        }
 
        public Binding IssuerBinding 
        {
            get 
            {
                return this.issuerBinding;
            }
            set 
            {
                this.issuerBinding = value; 
            } 
        }
 
        public string IssuedTokenType
        {
            get { return this.issuedTokenType; }
            set { this.issuedTokenType = value; } 
        }
 
        public SecurityKeyType IssuedKeyType 
        {
            get { return this.issuedKeyType; } 
            set
            {
                if (!SecurityKeyTypeHelper.IsDefined(value))
                { 
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value"));
                } 
                this.issuedKeyType = value; 
            }
        } 

        public Collection ClaimTypeRequirements
        {
            get { return this.claimTypeRequirements; } 
        }
 
        public Collection TokenRequestParameters 
        {
            get { return this.tokenRequestParameters; } 
        }

        [MethodImpl(MethodImplOptions.NoInlining)]
        internal SecurityBindingElement CreateSecurityBindingElement(bool isSecureTransportMode, 
                                                                     bool isReliableSession,
                                                                     MessageSecurityVersion version) 
        { 
            if((this.IssuedKeyType == SecurityKeyType.BearerKey) &&
               (version.TrustVersion == TrustVersion.WSTrustFeb2005)) 
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.BearerKeyIncompatibleWithWSFederationHttpBinding)));
            }
 
            SecurityBindingElement result;
            bool emitBspAttributes = true; 
            IssuedSecurityTokenParameters issuedParameters = new IssuedSecurityTokenParameters(this.IssuedTokenType, this.IssuerAddress, this.IssuerBinding); 
            issuedParameters.IssuerMetadataAddress = this.issuerMetadataAddress;
            issuedParameters.KeyType = this.IssuedKeyType; 
            if (this.IssuedKeyType == SecurityKeyType.SymmetricKey)
            {
                issuedParameters.KeySize = this.AlgorithmSuite.DefaultSymmetricKeyLength;
            } 
            else
            { 
                issuedParameters.KeySize = 0; 
            }
            foreach (ClaimTypeRequirement c in this.claimTypeRequirements) 
            {
                issuedParameters.ClaimTypeRequirements.Add(c);
            }
            foreach (XmlElement p in this.TokenRequestParameters) 
            {
                issuedParameters.AdditionalRequestParameters.Add(p); 
            } 
            WSSecurityTokenSerializer versionSpecificSerializer = new WSSecurityTokenSerializer(version.SecurityVersion,
                                                                                                version.TrustVersion, 
                                                                                                version.SecureConversationVersion,
                                                                                                emitBspAttributes,
                                                                                                null, null, null);
            SecurityStandardsManager versionSpecificStandardsManager = new SecurityStandardsManager(version, versionSpecificSerializer); 
            issuedParameters.AddAlgorithmParameters(this.AlgorithmSuite, versionSpecificStandardsManager, this.issuedKeyType);
 
            SecurityBindingElement issuedTokenSecurity; 
            if (isSecureTransportMode)
            { 
                issuedTokenSecurity = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(issuedParameters);
            }
            else
            { 
                if (negotiateServiceCredential)
                { 
                    // We should have passed 'true' as RequireCancelation to be consistent with other standard bindings. 
                    // However, to limit the change for Orcas, we scope down to just newer version of WSSecurityPolicy.
                    issuedTokenSecurity = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(issuedParameters, version.SecurityPolicyVersion != SecurityPolicyVersion.WSSecurityPolicy11); 
                }
                else
                {
                    issuedTokenSecurity = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(issuedParameters); 
                }
            } 
 
            issuedTokenSecurity.MessageSecurityVersion = version;
            issuedTokenSecurity.DefaultAlgorithmSuite = this.AlgorithmSuite; 

            result = SecurityBindingElement.CreateSecureConversationBindingElement(issuedTokenSecurity, true);
            result.MessageSecurityVersion = version;
            result.DefaultAlgorithmSuite = this.AlgorithmSuite; 
            result.IncludeTimestamp = true;
 
            if (!isReliableSession) 
            {
                result.LocalServiceSettings.ReconnectTransportOnFailure = false; 
                result.LocalClientSettings.ReconnectTransportOnFailure = false;
            }
            else
            { 
                result.LocalServiceSettings.ReconnectTransportOnFailure = true;
                result.LocalClientSettings.ReconnectTransportOnFailure = true; 
            } 

            return result; 
        }

        internal static bool TryCreate(SecurityBindingElement sbe, bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version, out FederatedMessageSecurityOverHttp messageSecurity)
        { 
            DiagnosticUtility.DebugAssert(null != sbe, string.Empty);
 
            messageSecurity = null; 

            // do not check local settings: sbe.LocalServiceSettings and sbe.LocalClientSettings 

            if (!sbe.IncludeTimestamp)
                return false;
 
            if (sbe.SecurityHeaderLayout != SecurityProtocolFactory.defaultSecurityHeaderLayout)
                return false; 
 
            bool emitBspAttributes = true;
 
            // Do not check MessageSecurityVersion: it maybe changed by the wrapper element and gets checked later in the SecuritySection.AreBindingsMatching()

            SecurityBindingElement bootstrapSecurity;
 
            if (!SecurityBindingElement.IsSecureConversationBinding(sbe, true, out bootstrapSecurity))
                return false; 
 
            if (isSecureTransportMode && !(bootstrapSecurity is TransportSecurityBindingElement))
                return false; 

            bool negotiateServiceCredential = DefaultNegotiateServiceCredential;
            IssuedSecurityTokenParameters issuedTokenParameters;
 
            if (isSecureTransportMode)
            { 
                if (!SecurityBindingElement.IsIssuedTokenOverTransportBinding(bootstrapSecurity, out issuedTokenParameters)) 
                    return false;
            } 
            else
            {
                // We should have passed 'true' as RequireCancelation to be consistent with other standard bindings.
                // However, to limit the change for Orcas, we scope down to just newer version of WSSecurityPolicy. 
                if (SecurityBindingElement.IsIssuedTokenForSslBinding(bootstrapSecurity, version.SecurityPolicyVersion != SecurityPolicyVersion.WSSecurityPolicy11, out issuedTokenParameters))
                    negotiateServiceCredential = true; 
                else if (SecurityBindingElement.IsIssuedTokenForCertificateBinding(bootstrapSecurity, out issuedTokenParameters)) 
                    negotiateServiceCredential = false;
                else 
                    return false;
            }

            if ((issuedTokenParameters.KeyType == SecurityKeyType.BearerKey) && 
               (version.TrustVersion == TrustVersion.WSTrustFeb2005))
            { 
                return false; 
            }
 
            Collection nonAlgorithmRequestParameters;
            WSSecurityTokenSerializer versionSpecificSerializer = new WSSecurityTokenSerializer(version.SecurityVersion,
                                                                                                version.TrustVersion,
                                                                                                version.SecureConversationVersion, 
                                                                                                emitBspAttributes,
                                                                                                null, null, null); 
            SecurityStandardsManager versionSpecificStandardsManager = new SecurityStandardsManager(version, versionSpecificSerializer); 

            if (!issuedTokenParameters.DoAlgorithmsMatch(sbe.DefaultAlgorithmSuite, 
                                                         versionSpecificStandardsManager,
                                                         out nonAlgorithmRequestParameters))
            {
                return false; 
            }
            messageSecurity = new FederatedMessageSecurityOverHttp(); 
 
            messageSecurity.AlgorithmSuite = sbe.DefaultAlgorithmSuite;
            messageSecurity.NegotiateServiceCredential = negotiateServiceCredential; 

            messageSecurity.IssuedTokenType = issuedTokenParameters.TokenType;
            messageSecurity.IssuerAddress = issuedTokenParameters.IssuerAddress;
            messageSecurity.IssuerBinding = issuedTokenParameters.IssuerBinding; 
            messageSecurity.IssuerMetadataAddress = issuedTokenParameters.IssuerMetadataAddress;
            messageSecurity.IssuedKeyType = issuedTokenParameters.KeyType; 
            foreach (ClaimTypeRequirement c in issuedTokenParameters.ClaimTypeRequirements) 
            {
                messageSecurity.ClaimTypeRequirements.Add(c); 
            }
            foreach (XmlElement p in nonAlgorithmRequestParameters)
            {
                messageSecurity.TokenRequestParameters.Add(p); 
            }
            if (issuedTokenParameters.AlternativeIssuerEndpoints != null && issuedTokenParameters.AlternativeIssuerEndpoints.Count > 0) 
            { 
                return false;
            } 
            return true;
        }
    }
} 

// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// Copyright (c) Microsoft Corporation. All rights reserved.


                        

                        

                        
                        

Link Menu

This book is available now!
Buy at Amazon US or
Buy at Amazon UK

• DataPagerFieldCollection.cs
• BinaryEditor.cs
• EncodingConverter.cs
• SerializableAttribute.cs
• BlurBitmapEffect.cs
• QueryOptionExpression.cs
• DelayDesigner.cs
• XmlSchemaInclude.cs
• InvokeSchedule.cs
• FormatConvertedBitmap.cs
• SamlAssertion.cs
• CoTaskMemUnicodeSafeHandle.cs
• TranslateTransform.cs
• ConnectionConsumerAttribute.cs
• ColumnBinding.cs
• SQLSingleStorage.cs
• SoapCodeExporter.cs
• GuidelineSet.cs
• UnsafeNativeMethodsPenimc.cs
• ArrayWithOffset.cs
• ResourceDefaultValueAttribute.cs
• CompilerLocalReference.cs
• _emptywebproxy.cs
• PKCS1MaskGenerationMethod.cs
• RowToFieldTransformer.cs
• KeyBinding.cs
• SchemaImporterExtension.cs
• TemplateBindingExpressionConverter.cs
• PathNode.cs
• ListChunk.cs
• ConsoleKeyInfo.cs
• ReadOnlyCollection.cs
• CaretElement.cs
• ParameterCollection.cs
• QilStrConcat.cs
• DependentTransaction.cs
• StateElement.cs
• PatternMatchRules.cs
• ThreadAbortException.cs
• Mutex.cs
• NotifyCollectionChangedEventArgs.cs
• unitconverter.cs
• BinaryKeyIdentifierClause.cs
• SizeConverter.cs
• XmlLanguageConverter.cs
• CachedFontFace.cs
• GeneralTransform3DGroup.cs
• CharKeyFrameCollection.cs
• Int32CAMarshaler.cs
• FillRuleValidation.cs
• Mutex.cs
• IgnorePropertiesAttribute.cs
• RelatedImageListAttribute.cs
• keycontainerpermission.cs
• XhtmlStyleClass.cs
• SineEase.cs
• HttpCacheParams.cs
• PasswordPropertyTextAttribute.cs
• ScrollChrome.cs
• CustomTokenProvider.cs
• TripleDESCryptoServiceProvider.cs
• BinaryCommonClasses.cs
• HtmlTableRow.cs
• _IPv6Address.cs
• COM2Properties.cs
• XhtmlBasicPhoneCallAdapter.cs
• SystemDiagnosticsSection.cs
• AdPostCacheSubstitution.cs
• HttpCapabilitiesEvaluator.cs
• Int32RectValueSerializer.cs
• DictionaryEntry.cs
• DataRowView.cs
• IList.cs
• TableItemProviderWrapper.cs
• InputReportEventArgs.cs
• NotifyCollectionChangedEventArgs.cs
• TrackingMemoryStream.cs
• CompositeControl.cs
• TimeoutValidationAttribute.cs
• XmlAttributeOverrides.cs
• UIElement3D.cs
• CqlErrorHelper.cs
• SessionSwitchEventArgs.cs
• BuildResultCache.cs
• TypedServiceChannelBuilder.cs
• BaseDataListActionList.cs
• OciLobLocator.cs
• SymbolTable.cs
• Dictionary.cs
• SystemNetworkInterface.cs
• BindingBase.cs
• OdbcCommandBuilder.cs
• _SingleItemRequestCache.cs
• EventProviderWriter.cs
• SessionEndingEventArgs.cs
• RangeBase.cs
• DirectionalLight.cs
• InstanceKeyCollisionException.cs
• InfoCardRSACryptoProvider.cs
• ValueTable.cs