Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / ServiceModel / System / ServiceModel / Security / SpnegoTokenProvider.cs / 4 / SpnegoTokenProvider.cs
//------------------------------------------------------------------------------
// Copyright (c) Microsoft Corporation. All rights reserved.
//-----------------------------------------------------------------------------
namespace System.ServiceModel.Security
{
using System;
using System.Collections;
using System.Xml;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.Net;
using System.Security.Principal;
using System.IdentityModel.Claims;
using System.IdentityModel.Policy;
using System.ServiceModel;
using System.ServiceModel.Security.Tokens;
using System.Globalization;
using System.Runtime.Serialization;
using System.ServiceModel.Diagnostics;
using SafeFreeCredentials = System.IdentityModel.SafeFreeCredentials;
class SpnegoTokenProvider : SspiNegotiationTokenProvider
{
TokenImpersonationLevel allowedImpersonationLevel = TokenImpersonationLevel.Identification;
ICredentials clientCredential;
IdentityVerifier identityVerifier = IdentityVerifier.CreateDefault();
bool allowNtlm = true;
bool authenticateServer = true;
SafeFreeCredentials credentialsHandle;
bool ownCredentialsHandle = false;
public SpnegoTokenProvider(SafeFreeCredentials credentialsHandle)
: base()
{
this.credentialsHandle = credentialsHandle;
}
// settings
public IdentityVerifier IdentityVerifier
{
get
{
return this.identityVerifier;
}
set
{
this.CommunicationObject.ThrowIfDisposedOrImmutable();
this.identityVerifier = value;
}
}
public TokenImpersonationLevel AllowedImpersonationLevel
{
get
{
return this.allowedImpersonationLevel;
}
set
{
this.CommunicationObject.ThrowIfDisposedOrImmutable();
TokenImpersonationLevelHelper.Validate(value);
if (value == TokenImpersonationLevel.None)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value",
String.Format(CultureInfo.InvariantCulture, SR.GetString(SR.SpnegoImpersonationLevelCannotBeSetToNone))));
}
this.allowedImpersonationLevel = value;
}
}
public ICredentials ClientCredential
{
get
{
return this.clientCredential;
}
set
{
this.CommunicationObject.ThrowIfDisposedOrImmutable();
this.clientCredential = value;
}
}
public bool AllowNtlm
{
get
{
return this.allowNtlm;
}
set
{
this.CommunicationObject.ThrowIfDisposedOrImmutable();
this.allowNtlm = value;
}
}
public bool AuthenticateServer
{
get
{
return this.authenticateServer;
}
set
{
this.CommunicationObject.ThrowIfDisposedOrImmutable();
this.authenticateServer = value;
}
}
// overrides
public override XmlDictionaryString NegotiationValueType
{
get
{
return XD.TrustApr2004Dictionary.SpnegoValueTypeUri;
}
}
public override void OnOpening()
{
bool osIsGreaterThanXP = SecurityUtils.IsOsGreaterThanXP();
base.OnOpening();
if (this.credentialsHandle == null)
{
string packageName;
if ( !this.allowNtlm && !osIsGreaterThanXP )
{
packageName = "Kerberos";
}
else
{
packageName = "Negotiate";
}
NetworkCredential credential = null;
if (this.clientCredential != null)
{
credential = this.clientCredential.GetCredential(this.TargetAddress.Uri, packageName);
}
// if OS is less than 2k3 !NTLM is not supported, Windows SE 142400
if (!this.allowNtlm && osIsGreaterThanXP)
{
this.credentialsHandle = SecurityUtils.GetCredentialsHandle(packageName, credential, false, "!NTLM");
}
else
{
this.credentialsHandle = SecurityUtils.GetCredentialsHandle(packageName, credential, false);
}
this.ownCredentialsHandle = true;
}
}
public override void OnClose(TimeSpan timeout)
{
base.OnClose(timeout);
FreeCredentialsHandle();
}
public override void OnAbort()
{
base.OnAbort();
FreeCredentialsHandle();
}
void FreeCredentialsHandle()
{
if (this.credentialsHandle != null)
{
if (this.ownCredentialsHandle)
{
this.credentialsHandle.Close();
}
this.credentialsHandle = null;
}
}
protected override bool CreateNegotiationStateCompletesSynchronously(EndpointAddress target, Uri via)
{
return true;
}
protected override IAsyncResult BeginCreateNegotiationState(EndpointAddress target, Uri via, TimeSpan timeout, AsyncCallback callback, object state)
{
SspiNegotiationTokenProviderState sspiState = this.CreateNegotiationState(target, via, timeout);
return new TypedCompletedAsyncResult(sspiState, callback, state);
}
protected override SspiNegotiationTokenProviderState EndCreateNegotiationState(IAsyncResult result)
{
return TypedCompletedAsyncResult.End(result);
}
protected override SspiNegotiationTokenProviderState CreateNegotiationState(EndpointAddress target, Uri via, TimeSpan timeout)
{
EnsureEndpointAddressDoesNotRequireEncryption(target);
EndpointIdentity identity = null;
if (this.identityVerifier == null)
{
identity = target.Identity;
}
else
{
this.identityVerifier.TryGetIdentity(target, out identity);
}
string spn;
if (this.AuthenticateServer || !this.AllowNtlm)
{
spn = SecurityUtils.GetSpnFromIdentity(identity, target);
}
else
{
// if an SPN or UPN identity is configured (for example, in mixed mode SSPI), then
// use that identity for Negotiate
Claim identityClaim = identity.IdentityClaim;
if (identityClaim != null && (identityClaim.ClaimType == ClaimTypes.Spn || identityClaim.ClaimType == ClaimTypes.Upn))
{
spn = identityClaim.Resource.ToString();
}
else
{
spn = "host/" + target.Uri.DnsSafeHost;
}
}
string packageName;
if ( !this.allowNtlm && !SecurityUtils.IsOsGreaterThanXP() )
{
packageName = "Kerberos";
}
else
{
packageName = "Negotiate";
}
WindowsSspiNegotiation sspiNegotiation = new WindowsSspiNegotiation(packageName, this.credentialsHandle,
this.AllowedImpersonationLevel, spn, true);
return new SspiNegotiationTokenProviderState(sspiNegotiation);
}
protected override ReadOnlyCollection ValidateSspiNegotiation(ISspiNegotiation sspiNegotiation)
{
WindowsSspiNegotiation windowsNegotiation = (WindowsSspiNegotiation)sspiNegotiation;
if (windowsNegotiation.IsValidContext == false)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.InvalidSspiNegotiation)));
}
if (this.AuthenticateServer && windowsNegotiation.IsMutualAuthFlag == false)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.CannotAuthenticateServer)));
}
SecurityTraceRecordHelper.TraceClientSpnego(windowsNegotiation);
return SecurityUtils.CreatePrincipalNameAuthorizationPolicies(windowsNegotiation.ServicePrincipalName);
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- TextDecorationLocationValidation.cs
- Rfc2898DeriveBytes.cs
- DialogResultConverter.cs
- Exceptions.cs
- xml.cs
- StaticExtensionConverter.cs
- AppDomainUnloadedException.cs
- DoubleAnimationUsingKeyFrames.cs
- ActivityTypeResolver.xaml.cs
- GeometryDrawing.cs
- ViewGenResults.cs
- ChannelBinding.cs
- TemplatePagerField.cs
- SafeFileHandle.cs
- SelfIssuedAuthRSAPKCS1SignatureFormatter.cs
- SoapSchemaMember.cs
- SerTrace.cs
- ApplicationServiceHelper.cs
- StandardRuntimeEnumValidatorAttribute.cs
- SelectedDatesCollection.cs
- BamlResourceContent.cs
- ListenerServiceInstallComponent.cs
- FocusManager.cs
- CounterSampleCalculator.cs
- _NativeSSPI.cs
- XmlILAnnotation.cs
- QueryResponse.cs
- CodeDirectionExpression.cs
- CultureTable.cs
- XmlSchemaSimpleTypeRestriction.cs
- CodeMemberMethod.cs
- WebGetAttribute.cs
- DbExpressionRules.cs
- XamlReader.cs
- WizardPanel.cs
- FileDialogCustomPlacesCollection.cs
- UnknownBitmapDecoder.cs
- IriParsingElement.cs
- WindowInteropHelper.cs
- ResumeStoryboard.cs
- ThicknessAnimationBase.cs
- WindowsListViewItemCheckBox.cs
- ReadOnlyTernaryTree.cs
- FunctionMappingTranslator.cs
- TraceUtility.cs
- StorageMappingItemCollection.cs
- ImportedPolicyConversionContext.cs
- ZipIOFileItemStream.cs
- InfoCardMetadataExchangeClient.cs
- odbcmetadatacolumnnames.cs
- DocumentPage.cs
- ExceptionUtil.cs
- TextSimpleMarkerProperties.cs
- NullReferenceException.cs
- DescendentsWalker.cs
- GuidTagList.cs
- _FixedSizeReader.cs
- WebBaseEventKeyComparer.cs
- WebPartDeleteVerb.cs
- Action.cs
- AsymmetricCryptoHandle.cs
- MobileTextWriter.cs
- FloaterBaseParagraph.cs
- ParameterToken.cs
- LongTypeConverter.cs
- WebServiceTypeData.cs
- MethodExpr.cs
- ToolBarButton.cs
- AuthenticateEventArgs.cs
- FixedStringLookup.cs
- GridViewSelectEventArgs.cs
- ExternalCalls.cs
- DataRow.cs
- TreeNodeCollection.cs
- FontStyles.cs
- ContextQuery.cs
- DataFormats.cs
- BinaryReader.cs
- Highlights.cs
- SqlMethodAttribute.cs
- X509Extension.cs
- DataObject.cs
- EnvironmentPermission.cs
- SchemaSetCompiler.cs
- BoolExpr.cs
- Avt.cs
- TrackingValidationObjectDictionary.cs
- CodeCompileUnit.cs
- SmiContext.cs
- XmlIlVisitor.cs
- NetworkInterface.cs
- X509CertificateValidationMode.cs
- BoundField.cs
- Accessors.cs
- Menu.cs
- MetadataCache.cs
- ProxyManager.cs
- TemplatePartAttribute.cs
- SafeEventLogWriteHandle.cs
- PageAsyncTask.cs