Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / ServiceModel / System / ServiceModel / MessageSecurityOverHttp.cs / 1 / MessageSecurityOverHttp.cs
//------------------------------------------------------------
// Copyright (c) Microsoft Corporation. All rights reserved.
//-----------------------------------------------------------
namespace System.ServiceModel
{
using System.Net.Security;
using System.ServiceModel.Channels;
using System.ServiceModel.Security;
using System.ServiceModel.Security.Tokens;
using System.Runtime.CompilerServices;
public class MessageSecurityOverHttp
{
internal const MessageCredentialType DefaultClientCredentialType = MessageCredentialType.Windows;
internal const bool DefaultNegotiateServiceCredential = true;
MessageCredentialType clientCredentialType;
bool negotiateServiceCredential;
SecurityAlgorithmSuite algorithmSuite;
bool wasAlgorithmSuiteSet;
internal MessageSecurityOverHttp()
{
clientCredentialType = DefaultClientCredentialType;
negotiateServiceCredential = DefaultNegotiateServiceCredential;
algorithmSuite = SecurityAlgorithmSuite.Default;
}
public MessageCredentialType ClientCredentialType
{
get { return this.clientCredentialType; }
set
{
if (!MessageCredentialTypeHelper.IsDefined(value))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value"));
}
this.clientCredentialType = value;
}
}
public bool NegotiateServiceCredential
{
get { return this.negotiateServiceCredential; }
set { this.negotiateServiceCredential = value; }
}
public SecurityAlgorithmSuite AlgorithmSuite
{
get { return this.algorithmSuite; }
set
{
if (value == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value");
}
this.algorithmSuite = value;
wasAlgorithmSuiteSet = true;
}
}
internal bool WasAlgorithmSuiteSet
{
get { return this.wasAlgorithmSuiteSet; }
}
protected virtual bool IsSecureConversationEnabled()
{
return true;
}
[MethodImpl(MethodImplOptions.NoInlining)]
internal SecurityBindingElement CreateSecurityBindingElement(bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version)
{
if (isReliableSession && !this.IsSecureConversationEnabled())
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SecureConversationRequiredByReliableSession)));
}
SecurityBindingElement result;
SecurityBindingElement oneShotSecurity;
bool isKerberosSelected = false;
bool emitBspAttributes = true;
if (isSecureTransportMode)
{
switch (this.clientCredentialType)
{
case MessageCredentialType.None:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ClientCredentialTypeMustBeSpecifiedForMixedMode)));
case MessageCredentialType.UserName:
oneShotSecurity = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
break;
case MessageCredentialType.Certificate:
oneShotSecurity = SecurityBindingElement.CreateCertificateOverTransportBindingElement();
break;
case MessageCredentialType.Windows:
oneShotSecurity = SecurityBindingElement.CreateSspiNegotiationOverTransportBindingElement(true);
break;
case MessageCredentialType.IssuedToken:
oneShotSecurity = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(new WSSecurityTokenSerializer(emitBspAttributes)), this.algorithmSuite));
break;
default:
DiagnosticUtility.DebugAssert("unknown ClientCredentialType");
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
if (this.IsSecureConversationEnabled())
{
result = SecurityBindingElement.CreateSecureConversationBindingElement(oneShotSecurity, true);
}
else
{
result = oneShotSecurity;
}
}
else
{
if (negotiateServiceCredential)
{
switch (this.clientCredentialType)
{
case MessageCredentialType.None:
oneShotSecurity = SecurityBindingElement.CreateSslNegotiationBindingElement(false, true);
break;
case MessageCredentialType.UserName:
oneShotSecurity = SecurityBindingElement.CreateUserNameForSslBindingElement(true);
break;
case MessageCredentialType.Certificate:
oneShotSecurity = SecurityBindingElement.CreateSslNegotiationBindingElement(true, true);
break;
case MessageCredentialType.Windows:
oneShotSecurity = SecurityBindingElement.CreateSspiNegotiationBindingElement(true);
break;
case MessageCredentialType.IssuedToken:
oneShotSecurity = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(new WSSecurityTokenSerializer(emitBspAttributes)), this.algorithmSuite), true);
break;
default:
DiagnosticUtility.DebugAssert("unknown ClientCredentialType");
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
}
else
{
switch (this.clientCredentialType)
{
case MessageCredentialType.None:
oneShotSecurity = SecurityBindingElement.CreateAnonymousForCertificateBindingElement();
break;
case MessageCredentialType.UserName:
oneShotSecurity = SecurityBindingElement.CreateUserNameForCertificateBindingElement();
break;
case MessageCredentialType.Certificate:
oneShotSecurity = SecurityBindingElement.CreateMutualCertificateBindingElement();
break;
case MessageCredentialType.Windows:
oneShotSecurity = SecurityBindingElement.CreateKerberosBindingElement();
isKerberosSelected = true;
break;
case MessageCredentialType.IssuedToken:
oneShotSecurity = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(new WSSecurityTokenSerializer(emitBspAttributes)), this.algorithmSuite));
break;
default:
DiagnosticUtility.DebugAssert("unknown ClientCredentialType");
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
}
if (this.IsSecureConversationEnabled())
{
result = SecurityBindingElement.CreateSecureConversationBindingElement(oneShotSecurity, true);
}
else
{
result = oneShotSecurity;
}
}
// set the algorithm suite and issued token params if required
if (wasAlgorithmSuiteSet || (!isKerberosSelected))
{
result.DefaultAlgorithmSuite = oneShotSecurity.DefaultAlgorithmSuite = this.AlgorithmSuite;
}
else if (isKerberosSelected)
{
result.DefaultAlgorithmSuite = oneShotSecurity.DefaultAlgorithmSuite = SecurityAlgorithmSuite.KerberosDefault;
}
result.IncludeTimestamp = true;
oneShotSecurity.MessageSecurityVersion = version;
result.MessageSecurityVersion = version;
if (!isReliableSession)
{
result.LocalServiceSettings.ReconnectTransportOnFailure = false;
result.LocalClientSettings.ReconnectTransportOnFailure = false;
}
else
{
result.LocalServiceSettings.ReconnectTransportOnFailure = true;
result.LocalClientSettings.ReconnectTransportOnFailure = true;
}
if (this.IsSecureConversationEnabled())
{
// issue the transition SCT for a short duration only
oneShotSecurity.LocalServiceSettings.IssuedCookieLifetime = SpnegoTokenAuthenticator.defaultServerIssuedTransitionTokenLifetime;
}
return result;
}
internal static bool TryCreate(SecurityBindingElement sbe, bool isSecureTransportMode, bool isReliableSession, out TSecurity messageSecurity)
where TSecurity : MessageSecurityOverHttp
{
DiagnosticUtility.DebugAssert(null != sbe, string.Empty);
messageSecurity = null;
// do not check local settings: sbe.LocalServiceSettings and sbe.LocalClientSettings
if (!sbe.IncludeTimestamp)
{
return false;
}
// Do not check MessageSecurityVersion: it maybe changed by the wrapper element and gets checked later in the SecuritySection.AreBindingsMatching()
if (sbe.SecurityHeaderLayout != SecurityProtocolFactory.defaultSecurityHeaderLayout)
{
return false;
}
bool negotiateServiceCredential = DefaultNegotiateServiceCredential;
MessageCredentialType clientCredentialType;
SecurityAlgorithmSuite algorithmSuite = SecurityAlgorithmSuite.Default;
bool isSecureConversation;
SecurityBindingElement bootstrapSecurity;
if (!SecurityBindingElement.IsSecureConversationBinding(sbe, true, out bootstrapSecurity))
{
isSecureConversation = false;
bootstrapSecurity = sbe;
}
else
{
isSecureConversation = true;
}
if (!isSecureConversation && typeof(TSecurity).Equals(typeof(MessageSecurityOverHttp)))
{
return false;
}
if (!isSecureConversation && isReliableSession)
{
return false;
}
if (isSecureTransportMode && !(bootstrapSecurity is TransportSecurityBindingElement))
{
return false;
}
IssuedSecurityTokenParameters infocardParameters;
if (isSecureTransportMode)
{
if (SecurityBindingElement.IsUserNameOverTransportBinding(bootstrapSecurity))
{
clientCredentialType = MessageCredentialType.UserName;
}
else if (SecurityBindingElement.IsCertificateOverTransportBinding(bootstrapSecurity))
{
clientCredentialType = MessageCredentialType.Certificate;
}
else if (SecurityBindingElement.IsSspiNegotiationOverTransportBinding(bootstrapSecurity, true))
{
clientCredentialType = MessageCredentialType.Windows;
}
else if (SecurityBindingElement.IsIssuedTokenOverTransportBinding(bootstrapSecurity, out infocardParameters))
{
if (!IssuedSecurityTokenParameters.IsInfoCardParameters(infocardParameters))
{
return false;
}
clientCredentialType = MessageCredentialType.IssuedToken;
}
else
{
// the standard binding does not support None client credential type in mixed mode
return false;
}
}
else
{
if (SecurityBindingElement.IsSslNegotiationBinding(bootstrapSecurity, false, true))
{
negotiateServiceCredential = true;
clientCredentialType = MessageCredentialType.None;
}
else if (SecurityBindingElement.IsUserNameForSslBinding(bootstrapSecurity, true))
{
negotiateServiceCredential = true;
clientCredentialType = MessageCredentialType.UserName;
}
else if (SecurityBindingElement.IsSslNegotiationBinding(bootstrapSecurity, true, true))
{
negotiateServiceCredential = true;
clientCredentialType = MessageCredentialType.Certificate;
}
else if (SecurityBindingElement.IsSspiNegotiationBinding(bootstrapSecurity, true))
{
negotiateServiceCredential = true;
clientCredentialType = MessageCredentialType.Windows;
}
else if (SecurityBindingElement.IsIssuedTokenForSslBinding(bootstrapSecurity, true, out infocardParameters))
{
if (!IssuedSecurityTokenParameters.IsInfoCardParameters(infocardParameters))
{
return false;
}
negotiateServiceCredential = true;
clientCredentialType = MessageCredentialType.IssuedToken;
}
else if (SecurityBindingElement.IsUserNameForCertificateBinding(bootstrapSecurity))
{
negotiateServiceCredential = false;
clientCredentialType = MessageCredentialType.UserName;
}
else if (SecurityBindingElement.IsMutualCertificateBinding(bootstrapSecurity))
{
negotiateServiceCredential = false;
clientCredentialType = MessageCredentialType.Certificate;
}
else if (SecurityBindingElement.IsKerberosBinding(bootstrapSecurity))
{
negotiateServiceCredential = false;
clientCredentialType = MessageCredentialType.Windows;
}
else if (SecurityBindingElement.IsIssuedTokenForCertificateBinding(bootstrapSecurity, out infocardParameters))
{
if (!IssuedSecurityTokenParameters.IsInfoCardParameters(infocardParameters))
{
return false;
}
negotiateServiceCredential = false;
clientCredentialType = MessageCredentialType.IssuedToken;
}
else if (SecurityBindingElement.IsAnonymousForCertificateBinding(bootstrapSecurity))
{
negotiateServiceCredential = false;
clientCredentialType = MessageCredentialType.None;
}
else
{
return false;
}
}
// Do not check any Local* settings
// Do not check DefaultAlgorithmSuite: is it often changed after the Security element is created, it will verified by SecuritySectionBase.AreBindingsMatching().
if (typeof(NonDualMessageSecurityOverHttp).Equals(typeof(TSecurity)))
{
messageSecurity = (TSecurity)(object)new NonDualMessageSecurityOverHttp();
((NonDualMessageSecurityOverHttp)(object)messageSecurity).EstablishSecurityContext = isSecureConversation;
}
else
{
messageSecurity = (TSecurity)(object)new MessageSecurityOverHttp();
}
messageSecurity.ClientCredentialType = clientCredentialType;
messageSecurity.NegotiateServiceCredential = negotiateServiceCredential;
messageSecurity.AlgorithmSuite = sbe.DefaultAlgorithmSuite;
return true;
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- MULTI_QI.cs
- EntityDataSourceContainerNameConverter.cs
- URLString.cs
- ModifierKeysValueSerializer.cs
- ConfigXmlWhitespace.cs
- SqlDelegatedTransaction.cs
- XmlSchemaSimpleTypeList.cs
- CssTextWriter.cs
- XamlPathDataSerializer.cs
- ParameterCollection.cs
- CertificateReferenceElement.cs
- GridViewRowEventArgs.cs
- ImplicitInputBrush.cs
- DrawingContextWalker.cs
- DefaultSection.cs
- TreeViewHitTestInfo.cs
- DesignBinding.cs
- TimerEventSubscriptionCollection.cs
- BitmapDownload.cs
- WindowsGrip.cs
- ThreadAttributes.cs
- SecurityPolicySection.cs
- SafeRegistryKey.cs
- HandleRef.cs
- ColorBlend.cs
- HandlerWithFactory.cs
- PolicyException.cs
- grammarelement.cs
- SQLConvert.cs
- BinaryReader.cs
- XmlWriterSettings.cs
- ConfigurationSchemaErrors.cs
- ProgressBarBrushConverter.cs
- X509IssuerSerialKeyIdentifierClause.cs
- DiffuseMaterial.cs
- SoapFaultCodes.cs
- ClientType.cs
- XmlSchemas.cs
- SimplePropertyEntry.cs
- HTTPNotFoundHandler.cs
- TraversalRequest.cs
- LeaseManager.cs
- MouseActionValueSerializer.cs
- NullableLongSumAggregationOperator.cs
- GeometryDrawing.cs
- EntityStoreSchemaFilterEntry.cs
- MimePart.cs
- StateMachineSubscriptionManager.cs
- Bitmap.cs
- AsyncStreamReader.cs
- PatternMatcher.cs
- SiteMapHierarchicalDataSourceView.cs
- ItemCheckedEvent.cs
- ColumnCollectionEditor.cs
- XmlSchemaProviderAttribute.cs
- hresults.cs
- autovalidator.cs
- InfoCardRSAPKCS1KeyExchangeFormatter.cs
- ColorBlend.cs
- ItemType.cs
- ContentType.cs
- SchemaNamespaceManager.cs
- PartManifestEntry.cs
- EventEntry.cs
- MostlySingletonList.cs
- SchemaElementDecl.cs
- TabPageDesigner.cs
- SoapSchemaImporter.cs
- PolygonHotSpot.cs
- DBBindings.cs
- RtfFormatStack.cs
- CodeIdentifier.cs
- NotificationContext.cs
- CaseStatement.cs
- EpmSourceTree.cs
- FileUtil.cs
- DBSqlParserTableCollection.cs
- CodeDomConfigurationHandler.cs
- RunInstallerAttribute.cs
- WebControlToolBoxItem.cs
- TreeNodeEventArgs.cs
- PointCollectionConverter.cs
- PresentationSource.cs
- InkSerializer.cs
- XPathArrayIterator.cs
- RelatedCurrencyManager.cs
- XPathAxisIterator.cs
- LoginNameDesigner.cs
- PropertyMetadata.cs
- Point4DConverter.cs
- ProtocolsConfigurationEntry.cs
- Facet.cs
- PriorityBinding.cs
- UnsafeNativeMethodsPenimc.cs
- ManipulationBoundaryFeedbackEventArgs.cs
- FixedPageAutomationPeer.cs
- AnimationException.cs
- SafeMILHandle.cs
- InvalidCastException.cs
- ObjectHelper.cs