Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / ServiceModel / System / ServiceModel / Security / TlsnegoTokenAuthenticator.cs / 1 / TlsnegoTokenAuthenticator.cs
//------------------------------------------------------------------------------
// Copyright (c) Microsoft Corporation. All rights reserved.
//-----------------------------------------------------------------------------
namespace System.ServiceModel.Security
{
using System;
using System.ServiceModel;
using System.Collections;
using System.Xml;
using System.Security.Principal;
using System.IdentityModel.Claims;
using System.IdentityModel.Policy;
using System.IdentityModel.Tokens;
using System.IdentityModel.Selectors;
using System.Security.Cryptography.X509Certificates;
using System.ServiceModel.Security.Tokens;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.Runtime.Serialization;
using SchProtocols = System.IdentityModel.SchProtocols;
sealed class TlsnegoTokenAuthenticator : SspiNegotiationTokenAuthenticator
{
SecurityTokenAuthenticator clientTokenAuthenticator;
SecurityTokenProvider serverTokenProvider;
X509SecurityToken serverToken;
bool mapCertificateToWindowsAccount;
public TlsnegoTokenAuthenticator()
: base()
{
// empty
}
public SecurityTokenAuthenticator ClientTokenAuthenticator
{
get
{
return this.clientTokenAuthenticator;
}
set
{
this.CommunicationObject.ThrowIfDisposedOrImmutable();
this.clientTokenAuthenticator = value;
}
}
public SecurityTokenProvider ServerTokenProvider
{
get
{
return this.serverTokenProvider;
}
set
{
this.CommunicationObject.ThrowIfDisposedOrImmutable();
this.serverTokenProvider = value;
}
}
public bool MapCertificateToWindowsAccount
{
get
{
return this.mapCertificateToWindowsAccount;
}
set
{
this.CommunicationObject.ThrowIfDisposedOrImmutable();
this.mapCertificateToWindowsAccount = value;
}
}
X509SecurityToken ValidateX509Token(SecurityToken token)
{
X509SecurityToken result = token as X509SecurityToken;
if (result == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.TokenProviderReturnedBadToken, token == null ? "" : token.GetType().ToString())));
}
SecurityUtils.EnsureCertificateCanDoKeyExchange(result.Certificate);
return result;
}
// overrides
public override XmlDictionaryString NegotiationValueType
{
get
{
if (this.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005)
{
return XD.TrustApr2004Dictionary.TlsnegoValueTypeUri;
}
else if (this.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrust13)
{
return DXD.TrustDec2005Dictionary.TlsnegoValueTypeUri;
}
// Not supported
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException());
}
}
public override void OnOpen(TimeSpan timeout)
{
if (this.serverTokenProvider == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.NoServerX509TokenProvider)));
}
TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);
SecurityUtils.OpenTokenProviderIfRequired(this.serverTokenProvider, timeoutHelper.RemainingTime());
if (this.clientTokenAuthenticator != null)
{
SecurityUtils.OpenTokenAuthenticatorIfRequired(this.clientTokenAuthenticator, timeoutHelper.RemainingTime());
}
SecurityToken token = this.serverTokenProvider.GetToken(timeoutHelper.RemainingTime());
this.serverToken = ValidateX509Token(token);
base.OnOpen(timeoutHelper.RemainingTime());
}
public override void OnClose(TimeSpan timeout)
{
TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);
if (this.serverTokenProvider != null)
{
SecurityUtils.CloseTokenProviderIfRequired(this.serverTokenProvider, timeoutHelper.RemainingTime());
this.serverTokenProvider = null;
}
if (this.clientTokenAuthenticator != null)
{
SecurityUtils.CloseTokenAuthenticatorIfRequired(this.clientTokenAuthenticator, timeoutHelper.RemainingTime());
this.clientTokenAuthenticator = null;
}
if (this.serverToken != null)
{
this.serverToken = null;
}
base.OnClose(timeoutHelper.RemainingTime());
}
public override void OnAbort()
{
if (this.serverTokenProvider != null)
{
SecurityUtils.AbortTokenProviderIfRequired(this.serverTokenProvider);
this.serverTokenProvider = null;
}
if (this.clientTokenAuthenticator != null)
{
SecurityUtils.AbortTokenAuthenticatorIfRequired(this.clientTokenAuthenticator);
this.clientTokenAuthenticator = null;
}
if (this.serverToken != null)
{
this.serverToken = null;
}
base.OnAbort();
}
protected override void ValidateIncomingBinaryNegotiation(BinaryNegotiation incomingNego)
{
// Accept both strings for WSTrustFeb2005
if (incomingNego != null &&
incomingNego.ValueTypeUri != this.NegotiationValueType.Value &&
this.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005)
{
incomingNego.Validate(DXD.TrustDec2005Dictionary.TlsnegoValueTypeUri);
}
else
{
base.ValidateIncomingBinaryNegotiation(incomingNego);
}
}
protected override SspiNegotiationTokenAuthenticatorState CreateSspiState(byte[] incomingBlob, string incomingValueTypeUri)
{
TlsSspiNegotiation tlsNegotiation = new TlsSspiNegotiation(SchProtocols.TlsServer | SchProtocols.Ssl3Server,
this.serverToken.Certificate, this.ClientTokenAuthenticator != null);
// Echo only for TrustFeb2005 and ValueType mismatch
if (this.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005 &&
this.NegotiationValueType.Value != incomingValueTypeUri)
{
tlsNegotiation.IncomingValueTypeUri = incomingValueTypeUri;
}
return new SspiNegotiationTokenAuthenticatorState(tlsNegotiation);
}
protected override BinaryNegotiation GetOutgoingBinaryNegotiation(ISspiNegotiation sspiNegotiation, byte[] outgoingBlob)
{
TlsSspiNegotiation tlsNegotiation = sspiNegotiation as TlsSspiNegotiation;
// Echo only for TrustFeb2005 and ValueType mismatch
if (this.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005 &&
tlsNegotiation != null &&
tlsNegotiation.IncomingValueTypeUri != null)
{
return new BinaryNegotiation(tlsNegotiation.IncomingValueTypeUri, outgoingBlob);
}
else
{
return base.GetOutgoingBinaryNegotiation(sspiNegotiation, outgoingBlob);
}
}
protected override ReadOnlyCollection ValidateSspiNegotiation(ISspiNegotiation sspiNegotiation)
{
TlsSspiNegotiation tlsNegotiation = (TlsSspiNegotiation)sspiNegotiation;
if (tlsNegotiation.IsValidContext == false)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new SecurityNegotiationException(SR.GetString(SR.InvalidSspiNegotiation)));
}
if (this.ClientTokenAuthenticator == null)
{
return EmptyReadOnlyCollection.Instance;
}
X509Certificate2 clientCertificate = tlsNegotiation.RemoteCertificate;
if (clientCertificate == null)
{
// isAnonymous is false. So, fail the negotiation
throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new SecurityTokenValidationException(SR.GetString(SR.ClientCertificateNotProvided)));
}
ReadOnlyCollection authorizationPolicies;
if (this.ClientTokenAuthenticator != null)
{
X509SecurityToken clientToken;
WindowsIdentity preMappedIdentity;
if (!this.MapCertificateToWindowsAccount || !tlsNegotiation.TryGetContextIdentity(out preMappedIdentity))
{
clientToken = new X509SecurityToken(clientCertificate);
}
else
{
clientToken = new X509WindowsSecurityToken(clientCertificate, preMappedIdentity);
preMappedIdentity.Dispose();
}
authorizationPolicies = this.ClientTokenAuthenticator.ValidateToken(clientToken);
clientToken.Dispose();
}
else
{
authorizationPolicies = EmptyReadOnlyCollection.Instance;
}
return authorizationPolicies;
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- CngKey.cs
- DisplayMemberTemplateSelector.cs
- CodeCommentStatementCollection.cs
- GroupBox.cs
- InkCanvasInnerCanvas.cs
- FrameworkRichTextComposition.cs
- QueryStringParameter.cs
- TypeUnloadedException.cs
- diagnosticsswitches.cs
- WmiPutTraceRecord.cs
- ReadOnlyPropertyMetadata.cs
- SoapReflectionImporter.cs
- EventTrigger.cs
- MiniMapControl.xaml.cs
- BooleanToVisibilityConverter.cs
- RoleManagerModule.cs
- initElementDictionary.cs
- WriteStateInfoBase.cs
- GCHandleCookieTable.cs
- TaiwanCalendar.cs
- ParseElementCollection.cs
- StandardCommands.cs
- EncryptedKey.cs
- DataSet.cs
- WebSysDefaultValueAttribute.cs
- _AuthenticationState.cs
- BindingGroup.cs
- FilterQueryOptionExpression.cs
- AlphaSortedEnumConverter.cs
- MouseEvent.cs
- XPathDocumentIterator.cs
- ComponentEvent.cs
- CodeCastExpression.cs
- Model3DGroup.cs
- SafeNativeMethods.cs
- ListViewSortEventArgs.cs
- PropertyEntry.cs
- HttpChannelBindingToken.cs
- TextSpanModifier.cs
- EventPropertyMap.cs
- SoapExtensionImporter.cs
- TextContainerChangedEventArgs.cs
- CheckBox.cs
- XhtmlBasicValidationSummaryAdapter.cs
- EncoderParameter.cs
- ContentAlignmentEditor.cs
- BatchParser.cs
- ObjectDataSourceMethodEventArgs.cs
- HTMLTagNameToTypeMapper.cs
- CalloutQueueItem.cs
- Mouse.cs
- ListCollectionView.cs
- ObjectStateFormatter.cs
- StringCollection.cs
- Operand.cs
- SourceInterpreter.cs
- EdmSchemaAttribute.cs
- ParseChildrenAsPropertiesAttribute.cs
- unsafenativemethodstextservices.cs
- ThaiBuddhistCalendar.cs
- XmlExpressionDumper.cs
- TextReader.cs
- DataGridCell.cs
- UndirectedGraph.cs
- NextPreviousPagerField.cs
- DependencyObjectType.cs
- OleDbEnumerator.cs
- MsmqChannelFactory.cs
- EventLog.cs
- HttpModuleCollection.cs
- Part.cs
- HMACSHA512.cs
- lengthconverter.cs
- _SecureChannel.cs
- BinaryReader.cs
- CodeIterationStatement.cs
- ServerIdentity.cs
- Size.cs
- MethodCallConverter.cs
- EnumBuilder.cs
- XmlAggregates.cs
- OleDbConnectionPoolGroupProviderInfo.cs
- NotificationContext.cs
- ConnectionPoint.cs
- ImportCatalogPart.cs
- CancelRequestedQuery.cs
- AsymmetricSecurityProtocolFactory.cs
- PrinterResolution.cs
- SecurityKeyUsage.cs
- BaseParaClient.cs
- Listen.cs
- RangeContentEnumerator.cs
- DispatcherExceptionFilterEventArgs.cs
- FactoryGenerator.cs
- ErrorStyle.cs
- SoapFault.cs
- dbenumerator.cs
- ObjectSet.cs
- ConnectorEditor.cs
- brushes.cs