Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / ServiceModel / System / ServiceModel / Security / SpnegoTokenProvider.cs / 4 / SpnegoTokenProvider.cs
//------------------------------------------------------------------------------ // Copyright (c) Microsoft Corporation. All rights reserved. //----------------------------------------------------------------------------- namespace System.ServiceModel.Security { using System; using System.Collections; using System.Xml; using System.Collections.Generic; using System.Collections.ObjectModel; using System.Net; using System.Security.Principal; using System.IdentityModel.Claims; using System.IdentityModel.Policy; using System.ServiceModel; using System.ServiceModel.Security.Tokens; using System.Globalization; using System.Runtime.Serialization; using System.ServiceModel.Diagnostics; using SafeFreeCredentials = System.IdentityModel.SafeFreeCredentials; class SpnegoTokenProvider : SspiNegotiationTokenProvider { TokenImpersonationLevel allowedImpersonationLevel = TokenImpersonationLevel.Identification; ICredentials clientCredential; IdentityVerifier identityVerifier = IdentityVerifier.CreateDefault(); bool allowNtlm = true; bool authenticateServer = true; SafeFreeCredentials credentialsHandle; bool ownCredentialsHandle = false; public SpnegoTokenProvider(SafeFreeCredentials credentialsHandle) : base() { this.credentialsHandle = credentialsHandle; } // settings public IdentityVerifier IdentityVerifier { get { return this.identityVerifier; } set { this.CommunicationObject.ThrowIfDisposedOrImmutable(); this.identityVerifier = value; } } public TokenImpersonationLevel AllowedImpersonationLevel { get { return this.allowedImpersonationLevel; } set { this.CommunicationObject.ThrowIfDisposedOrImmutable(); TokenImpersonationLevelHelper.Validate(value); if (value == TokenImpersonationLevel.None) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value", String.Format(CultureInfo.InvariantCulture, SR.GetString(SR.SpnegoImpersonationLevelCannotBeSetToNone)))); } this.allowedImpersonationLevel = value; } } public ICredentials ClientCredential { get { return this.clientCredential; } set { this.CommunicationObject.ThrowIfDisposedOrImmutable(); this.clientCredential = value; } } public bool AllowNtlm { get { return this.allowNtlm; } set { this.CommunicationObject.ThrowIfDisposedOrImmutable(); this.allowNtlm = value; } } public bool AuthenticateServer { get { return this.authenticateServer; } set { this.CommunicationObject.ThrowIfDisposedOrImmutable(); this.authenticateServer = value; } } // overrides public override XmlDictionaryString NegotiationValueType { get { return XD.TrustApr2004Dictionary.SpnegoValueTypeUri; } } public override void OnOpening() { bool osIsGreaterThanXP = SecurityUtils.IsOsGreaterThanXP(); base.OnOpening(); if (this.credentialsHandle == null) { string packageName; if ( !this.allowNtlm && !osIsGreaterThanXP ) { packageName = "Kerberos"; } else { packageName = "Negotiate"; } NetworkCredential credential = null; if (this.clientCredential != null) { credential = this.clientCredential.GetCredential(this.TargetAddress.Uri, packageName); } // if OS is less than 2k3 !NTLM is not supported, Windows SE 142400 if (!this.allowNtlm && osIsGreaterThanXP) { this.credentialsHandle = SecurityUtils.GetCredentialsHandle(packageName, credential, false, "!NTLM"); } else { this.credentialsHandle = SecurityUtils.GetCredentialsHandle(packageName, credential, false); } this.ownCredentialsHandle = true; } } public override void OnClose(TimeSpan timeout) { base.OnClose(timeout); FreeCredentialsHandle(); } public override void OnAbort() { base.OnAbort(); FreeCredentialsHandle(); } void FreeCredentialsHandle() { if (this.credentialsHandle != null) { if (this.ownCredentialsHandle) { this.credentialsHandle.Close(); } this.credentialsHandle = null; } } protected override bool CreateNegotiationStateCompletesSynchronously(EndpointAddress target, Uri via) { return true; } protected override IAsyncResult BeginCreateNegotiationState(EndpointAddress target, Uri via, TimeSpan timeout, AsyncCallback callback, object state) { SspiNegotiationTokenProviderState sspiState = this.CreateNegotiationState(target, via, timeout); return new TypedCompletedAsyncResult(sspiState, callback, state); } protected override SspiNegotiationTokenProviderState EndCreateNegotiationState(IAsyncResult result) { return TypedCompletedAsyncResult .End(result); } protected override SspiNegotiationTokenProviderState CreateNegotiationState(EndpointAddress target, Uri via, TimeSpan timeout) { EnsureEndpointAddressDoesNotRequireEncryption(target); EndpointIdentity identity = null; if (this.identityVerifier == null) { identity = target.Identity; } else { this.identityVerifier.TryGetIdentity(target, out identity); } string spn; if (this.AuthenticateServer || !this.AllowNtlm) { spn = SecurityUtils.GetSpnFromIdentity(identity, target); } else { // if an SPN or UPN identity is configured (for example, in mixed mode SSPI), then // use that identity for Negotiate Claim identityClaim = identity.IdentityClaim; if (identityClaim != null && (identityClaim.ClaimType == ClaimTypes.Spn || identityClaim.ClaimType == ClaimTypes.Upn)) { spn = identityClaim.Resource.ToString(); } else { spn = "host/" + target.Uri.DnsSafeHost; } } string packageName; if ( !this.allowNtlm && !SecurityUtils.IsOsGreaterThanXP() ) { packageName = "Kerberos"; } else { packageName = "Negotiate"; } WindowsSspiNegotiation sspiNegotiation = new WindowsSspiNegotiation(packageName, this.credentialsHandle, this.AllowedImpersonationLevel, spn, true); return new SspiNegotiationTokenProviderState(sspiNegotiation); } protected override ReadOnlyCollection ValidateSspiNegotiation(ISspiNegotiation sspiNegotiation) { WindowsSspiNegotiation windowsNegotiation = (WindowsSspiNegotiation)sspiNegotiation; if (windowsNegotiation.IsValidContext == false) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.InvalidSspiNegotiation))); } if (this.AuthenticateServer && windowsNegotiation.IsMutualAuthFlag == false) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.CannotAuthenticateServer))); } SecurityTraceRecordHelper.TraceClientSpnego(windowsNegotiation); return SecurityUtils.CreatePrincipalNameAuthorizationPolicies(windowsNegotiation.ServicePrincipalName); } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- CellRelation.cs
- KeyMatchBuilder.cs
- SerializationInfoEnumerator.cs
- HealthMonitoringSection.cs
- Relationship.cs
- XmlToDatasetMap.cs
- CodeTypeReference.cs
- BoundColumn.cs
- XsdCachingReader.cs
- RootBrowserWindowProxy.cs
- XmlnsDictionary.cs
- DataPagerFieldItem.cs
- PriorityBindingExpression.cs
- XmlArrayItemAttributes.cs
- documentsequencetextpointer.cs
- LifetimeServices.cs
- Keyboard.cs
- SQLDoubleStorage.cs
- Point3DCollection.cs
- CodeDesigner.cs
- Hex.cs
- RadioButtonBaseAdapter.cs
- HttpModuleCollection.cs
- XmlQueryTypeFactory.cs
- DbConnectionPoolGroup.cs
- DateRangeEvent.cs
- Hyperlink.cs
- XmlExceptionHelper.cs
- TextRangeSerialization.cs
- TagPrefixAttribute.cs
- RayHitTestParameters.cs
- TableStyle.cs
- Boolean.cs
- DoubleConverter.cs
- CacheEntry.cs
- ContainerSelectorActiveEvent.cs
- DispatcherExceptionFilterEventArgs.cs
- ChildDocumentBlock.cs
- FileDialogCustomPlacesCollection.cs
- LifetimeServices.cs
- XmlSchemaSubstitutionGroup.cs
- CodeSnippetCompileUnit.cs
- FileSystemEventArgs.cs
- Compilation.cs
- OdbcTransaction.cs
- ConfigurationValidatorAttribute.cs
- IssuedTokenClientElement.cs
- XsdValidatingReader.cs
- Thickness.cs
- StylusCollection.cs
- SoapDocumentMethodAttribute.cs
- MsmqHostedTransportManager.cs
- ViewGenResults.cs
- InputDevice.cs
- InternalUserCancelledException.cs
- InvalidateEvent.cs
- Ops.cs
- RegionIterator.cs
- DataGridPagerStyle.cs
- ColorContext.cs
- VariableDesigner.xaml.cs
- DefaultCompensation.cs
- FocusWithinProperty.cs
- PageCatalogPart.cs
- DataGridViewColumnCollection.cs
- CodeBinaryOperatorExpression.cs
- FigureHelper.cs
- CommandPlan.cs
- FutureFactory.cs
- ExpressionPrinter.cs
- ProcessModuleCollection.cs
- DataServiceQuery.cs
- FileUtil.cs
- PassportIdentity.cs
- XmlCustomFormatter.cs
- FileVersionInfo.cs
- ConfigsHelper.cs
- ResumeStoryboard.cs
- smtppermission.cs
- MetadataArtifactLoaderComposite.cs
- SimpleNameService.cs
- TraceHwndHost.cs
- InkCanvasInnerCanvas.cs
- DispatcherOperation.cs
- AttributeCallbackBuilder.cs
- SimpleTextLine.cs
- NativeMethods.cs
- DataGridClipboardHelper.cs
- StringFormat.cs
- Emitter.cs
- ClientFormsIdentity.cs
- MimeFormImporter.cs
- ErrorTolerantObjectWriter.cs
- PartialArray.cs
- NonBatchDirectoryCompiler.cs
- ChtmlSelectionListAdapter.cs
- Executor.cs
- FlowLayoutPanel.cs
- HttpModuleAction.cs
- PKCS1MaskGenerationMethod.cs