Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / ServiceModel / System / ServiceModel / Security / TlsnegoTokenAuthenticator.cs / 1 / TlsnegoTokenAuthenticator.cs
//------------------------------------------------------------------------------ // Copyright (c) Microsoft Corporation. All rights reserved. //----------------------------------------------------------------------------- namespace System.ServiceModel.Security { using System; using System.ServiceModel; using System.Collections; using System.Xml; using System.Security.Principal; using System.IdentityModel.Claims; using System.IdentityModel.Policy; using System.IdentityModel.Tokens; using System.IdentityModel.Selectors; using System.Security.Cryptography.X509Certificates; using System.ServiceModel.Security.Tokens; using System.Collections.Generic; using System.Collections.ObjectModel; using System.Runtime.Serialization; using SchProtocols = System.IdentityModel.SchProtocols; sealed class TlsnegoTokenAuthenticator : SspiNegotiationTokenAuthenticator { SecurityTokenAuthenticator clientTokenAuthenticator; SecurityTokenProvider serverTokenProvider; X509SecurityToken serverToken; bool mapCertificateToWindowsAccount; public TlsnegoTokenAuthenticator() : base() { // empty } public SecurityTokenAuthenticator ClientTokenAuthenticator { get { return this.clientTokenAuthenticator; } set { this.CommunicationObject.ThrowIfDisposedOrImmutable(); this.clientTokenAuthenticator = value; } } public SecurityTokenProvider ServerTokenProvider { get { return this.serverTokenProvider; } set { this.CommunicationObject.ThrowIfDisposedOrImmutable(); this.serverTokenProvider = value; } } public bool MapCertificateToWindowsAccount { get { return this.mapCertificateToWindowsAccount; } set { this.CommunicationObject.ThrowIfDisposedOrImmutable(); this.mapCertificateToWindowsAccount = value; } } X509SecurityToken ValidateX509Token(SecurityToken token) { X509SecurityToken result = token as X509SecurityToken; if (result == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.TokenProviderReturnedBadToken, token == null ? "" : token.GetType().ToString()))); } SecurityUtils.EnsureCertificateCanDoKeyExchange(result.Certificate); return result; } // overrides public override XmlDictionaryString NegotiationValueType { get { if (this.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005) { return XD.TrustApr2004Dictionary.TlsnegoValueTypeUri; } else if (this.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrust13) { return DXD.TrustDec2005Dictionary.TlsnegoValueTypeUri; } // Not supported throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException()); } } public override void OnOpen(TimeSpan timeout) { if (this.serverTokenProvider == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.NoServerX509TokenProvider))); } TimeoutHelper timeoutHelper = new TimeoutHelper(timeout); SecurityUtils.OpenTokenProviderIfRequired(this.serverTokenProvider, timeoutHelper.RemainingTime()); if (this.clientTokenAuthenticator != null) { SecurityUtils.OpenTokenAuthenticatorIfRequired(this.clientTokenAuthenticator, timeoutHelper.RemainingTime()); } SecurityToken token = this.serverTokenProvider.GetToken(timeoutHelper.RemainingTime()); this.serverToken = ValidateX509Token(token); base.OnOpen(timeoutHelper.RemainingTime()); } public override void OnClose(TimeSpan timeout) { TimeoutHelper timeoutHelper = new TimeoutHelper(timeout); if (this.serverTokenProvider != null) { SecurityUtils.CloseTokenProviderIfRequired(this.serverTokenProvider, timeoutHelper.RemainingTime()); this.serverTokenProvider = null; } if (this.clientTokenAuthenticator != null) { SecurityUtils.CloseTokenAuthenticatorIfRequired(this.clientTokenAuthenticator, timeoutHelper.RemainingTime()); this.clientTokenAuthenticator = null; } if (this.serverToken != null) { this.serverToken = null; } base.OnClose(timeoutHelper.RemainingTime()); } public override void OnAbort() { if (this.serverTokenProvider != null) { SecurityUtils.AbortTokenProviderIfRequired(this.serverTokenProvider); this.serverTokenProvider = null; } if (this.clientTokenAuthenticator != null) { SecurityUtils.AbortTokenAuthenticatorIfRequired(this.clientTokenAuthenticator); this.clientTokenAuthenticator = null; } if (this.serverToken != null) { this.serverToken = null; } base.OnAbort(); } protected override void ValidateIncomingBinaryNegotiation(BinaryNegotiation incomingNego) { // Accept both strings for WSTrustFeb2005 if (incomingNego != null && incomingNego.ValueTypeUri != this.NegotiationValueType.Value && this.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005) { incomingNego.Validate(DXD.TrustDec2005Dictionary.TlsnegoValueTypeUri); } else { base.ValidateIncomingBinaryNegotiation(incomingNego); } } protected override SspiNegotiationTokenAuthenticatorState CreateSspiState(byte[] incomingBlob, string incomingValueTypeUri) { TlsSspiNegotiation tlsNegotiation = new TlsSspiNegotiation(SchProtocols.TlsServer | SchProtocols.Ssl3Server, this.serverToken.Certificate, this.ClientTokenAuthenticator != null); // Echo only for TrustFeb2005 and ValueType mismatch if (this.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005 && this.NegotiationValueType.Value != incomingValueTypeUri) { tlsNegotiation.IncomingValueTypeUri = incomingValueTypeUri; } return new SspiNegotiationTokenAuthenticatorState(tlsNegotiation); } protected override BinaryNegotiation GetOutgoingBinaryNegotiation(ISspiNegotiation sspiNegotiation, byte[] outgoingBlob) { TlsSspiNegotiation tlsNegotiation = sspiNegotiation as TlsSspiNegotiation; // Echo only for TrustFeb2005 and ValueType mismatch if (this.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005 && tlsNegotiation != null && tlsNegotiation.IncomingValueTypeUri != null) { return new BinaryNegotiation(tlsNegotiation.IncomingValueTypeUri, outgoingBlob); } else { return base.GetOutgoingBinaryNegotiation(sspiNegotiation, outgoingBlob); } } protected override ReadOnlyCollection ValidateSspiNegotiation(ISspiNegotiation sspiNegotiation) { TlsSspiNegotiation tlsNegotiation = (TlsSspiNegotiation)sspiNegotiation; if (tlsNegotiation.IsValidContext == false) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new SecurityNegotiationException(SR.GetString(SR.InvalidSspiNegotiation))); } if (this.ClientTokenAuthenticator == null) { return EmptyReadOnlyCollection .Instance; } X509Certificate2 clientCertificate = tlsNegotiation.RemoteCertificate; if (clientCertificate == null) { // isAnonymous is false. So, fail the negotiation throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new SecurityTokenValidationException(SR.GetString(SR.ClientCertificateNotProvided))); } ReadOnlyCollection authorizationPolicies; if (this.ClientTokenAuthenticator != null) { X509SecurityToken clientToken; WindowsIdentity preMappedIdentity; if (!this.MapCertificateToWindowsAccount || !tlsNegotiation.TryGetContextIdentity(out preMappedIdentity)) { clientToken = new X509SecurityToken(clientCertificate); } else { clientToken = new X509WindowsSecurityToken(clientCertificate, preMappedIdentity); preMappedIdentity.Dispose(); } authorizationPolicies = this.ClientTokenAuthenticator.ValidateToken(clientToken); clientToken.Dispose(); } else { authorizationPolicies = EmptyReadOnlyCollection .Instance; } return authorizationPolicies; } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- XmlAnyAttributeAttribute.cs
- MemberNameValidator.cs
- SaveFileDialog.cs
- ServiceDescription.cs
- XmlRawWriter.cs
- LazyTextWriterCreator.cs
- PartBasedPackageProperties.cs
- WorkflowPersistenceService.cs
- ThaiBuddhistCalendar.cs
- XhtmlBasicPhoneCallAdapter.cs
- StandardToolWindows.cs
- WsdlInspector.cs
- ViewStateModeByIdAttribute.cs
- XNodeNavigator.cs
- BaseTemplateParser.cs
- MyContact.cs
- PhonemeConverter.cs
- ImportedNamespaceContextItem.cs
- HwndTarget.cs
- NotSupportedException.cs
- HuffCodec.cs
- BoundColumn.cs
- ParallelTimeline.cs
- ResourceAssociationTypeEnd.cs
- ObjectHandle.cs
- HealthMonitoringSection.cs
- ReadOnlyPermissionSet.cs
- WizardStepBase.cs
- ModelItemKeyValuePair.cs
- FixedSOMFixedBlock.cs
- _Rfc2616CacheValidators.cs
- SkinIDTypeConverter.cs
- DSASignatureFormatter.cs
- StringDictionaryWithComparer.cs
- Literal.cs
- LogWriteRestartAreaAsyncResult.cs
- HostExecutionContextManager.cs
- XMLSyntaxException.cs
- altserialization.cs
- WindowPatternIdentifiers.cs
- ProfileModule.cs
- FontWeightConverter.cs
- ListViewInsertedEventArgs.cs
- LinearGradientBrush.cs
- SimpleHandlerFactory.cs
- CallbackTimeoutsElement.cs
- SiteMembershipCondition.cs
- Pen.cs
- FontFamilyConverter.cs
- XmlNullResolver.cs
- UnauthorizedWebPart.cs
- RijndaelManaged.cs
- ArcSegment.cs
- KeyedCollection.cs
- LineServicesRun.cs
- SqlProfileProvider.cs
- SecurityPermission.cs
- CreateRefExpr.cs
- ObjectDisposedException.cs
- ObjRef.cs
- OdbcErrorCollection.cs
- NavigationService.cs
- UnderstoodHeaders.cs
- CrossAppDomainChannel.cs
- TreeNodeEventArgs.cs
- BitmapEffectInputConnector.cs
- ScriptMethodAttribute.cs
- dbenumerator.cs
- ToolStripGripRenderEventArgs.cs
- SqlRemoveConstantOrderBy.cs
- SpellerInterop.cs
- TextContainerHelper.cs
- AttachedPropertyBrowsableAttribute.cs
- ComponentResourceKey.cs
- XsltConvert.cs
- EditorPartCollection.cs
- ListViewGroupConverter.cs
- _AuthenticationState.cs
- SqlDataSourceConfigureSelectPanel.cs
- DataContractSerializer.cs
- ColumnResizeUndoUnit.cs
- RectangleGeometry.cs
- Rect.cs
- AdapterDictionary.cs
- SessionStateModule.cs
- Tracer.cs
- ApplicationException.cs
- DockPanel.cs
- OleDbWrapper.cs
- SettingsSection.cs
- EDesignUtil.cs
- SafeLibraryHandle.cs
- ResourceExpression.cs
- CellQuery.cs
- SqlDataSourceWizardForm.cs
- DataGridRelationshipRow.cs
- NamespaceEmitter.cs
- ReadOnlyAttribute.cs
- PointLight.cs
- Scheduler.cs