Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / ServiceModel / System / ServiceModel / Security / TlsnegoTokenAuthenticator.cs / 1 / TlsnegoTokenAuthenticator.cs
//------------------------------------------------------------------------------ // Copyright (c) Microsoft Corporation. All rights reserved. //----------------------------------------------------------------------------- namespace System.ServiceModel.Security { using System; using System.ServiceModel; using System.Collections; using System.Xml; using System.Security.Principal; using System.IdentityModel.Claims; using System.IdentityModel.Policy; using System.IdentityModel.Tokens; using System.IdentityModel.Selectors; using System.Security.Cryptography.X509Certificates; using System.ServiceModel.Security.Tokens; using System.Collections.Generic; using System.Collections.ObjectModel; using System.Runtime.Serialization; using SchProtocols = System.IdentityModel.SchProtocols; sealed class TlsnegoTokenAuthenticator : SspiNegotiationTokenAuthenticator { SecurityTokenAuthenticator clientTokenAuthenticator; SecurityTokenProvider serverTokenProvider; X509SecurityToken serverToken; bool mapCertificateToWindowsAccount; public TlsnegoTokenAuthenticator() : base() { // empty } public SecurityTokenAuthenticator ClientTokenAuthenticator { get { return this.clientTokenAuthenticator; } set { this.CommunicationObject.ThrowIfDisposedOrImmutable(); this.clientTokenAuthenticator = value; } } public SecurityTokenProvider ServerTokenProvider { get { return this.serverTokenProvider; } set { this.CommunicationObject.ThrowIfDisposedOrImmutable(); this.serverTokenProvider = value; } } public bool MapCertificateToWindowsAccount { get { return this.mapCertificateToWindowsAccount; } set { this.CommunicationObject.ThrowIfDisposedOrImmutable(); this.mapCertificateToWindowsAccount = value; } } X509SecurityToken ValidateX509Token(SecurityToken token) { X509SecurityToken result = token as X509SecurityToken; if (result == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.TokenProviderReturnedBadToken, token == null ? "" : token.GetType().ToString()))); } SecurityUtils.EnsureCertificateCanDoKeyExchange(result.Certificate); return result; } // overrides public override XmlDictionaryString NegotiationValueType { get { if (this.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005) { return XD.TrustApr2004Dictionary.TlsnegoValueTypeUri; } else if (this.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrust13) { return DXD.TrustDec2005Dictionary.TlsnegoValueTypeUri; } // Not supported throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException()); } } public override void OnOpen(TimeSpan timeout) { if (this.serverTokenProvider == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.NoServerX509TokenProvider))); } TimeoutHelper timeoutHelper = new TimeoutHelper(timeout); SecurityUtils.OpenTokenProviderIfRequired(this.serverTokenProvider, timeoutHelper.RemainingTime()); if (this.clientTokenAuthenticator != null) { SecurityUtils.OpenTokenAuthenticatorIfRequired(this.clientTokenAuthenticator, timeoutHelper.RemainingTime()); } SecurityToken token = this.serverTokenProvider.GetToken(timeoutHelper.RemainingTime()); this.serverToken = ValidateX509Token(token); base.OnOpen(timeoutHelper.RemainingTime()); } public override void OnClose(TimeSpan timeout) { TimeoutHelper timeoutHelper = new TimeoutHelper(timeout); if (this.serverTokenProvider != null) { SecurityUtils.CloseTokenProviderIfRequired(this.serverTokenProvider, timeoutHelper.RemainingTime()); this.serverTokenProvider = null; } if (this.clientTokenAuthenticator != null) { SecurityUtils.CloseTokenAuthenticatorIfRequired(this.clientTokenAuthenticator, timeoutHelper.RemainingTime()); this.clientTokenAuthenticator = null; } if (this.serverToken != null) { this.serverToken = null; } base.OnClose(timeoutHelper.RemainingTime()); } public override void OnAbort() { if (this.serverTokenProvider != null) { SecurityUtils.AbortTokenProviderIfRequired(this.serverTokenProvider); this.serverTokenProvider = null; } if (this.clientTokenAuthenticator != null) { SecurityUtils.AbortTokenAuthenticatorIfRequired(this.clientTokenAuthenticator); this.clientTokenAuthenticator = null; } if (this.serverToken != null) { this.serverToken = null; } base.OnAbort(); } protected override void ValidateIncomingBinaryNegotiation(BinaryNegotiation incomingNego) { // Accept both strings for WSTrustFeb2005 if (incomingNego != null && incomingNego.ValueTypeUri != this.NegotiationValueType.Value && this.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005) { incomingNego.Validate(DXD.TrustDec2005Dictionary.TlsnegoValueTypeUri); } else { base.ValidateIncomingBinaryNegotiation(incomingNego); } } protected override SspiNegotiationTokenAuthenticatorState CreateSspiState(byte[] incomingBlob, string incomingValueTypeUri) { TlsSspiNegotiation tlsNegotiation = new TlsSspiNegotiation(SchProtocols.TlsServer | SchProtocols.Ssl3Server, this.serverToken.Certificate, this.ClientTokenAuthenticator != null); // Echo only for TrustFeb2005 and ValueType mismatch if (this.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005 && this.NegotiationValueType.Value != incomingValueTypeUri) { tlsNegotiation.IncomingValueTypeUri = incomingValueTypeUri; } return new SspiNegotiationTokenAuthenticatorState(tlsNegotiation); } protected override BinaryNegotiation GetOutgoingBinaryNegotiation(ISspiNegotiation sspiNegotiation, byte[] outgoingBlob) { TlsSspiNegotiation tlsNegotiation = sspiNegotiation as TlsSspiNegotiation; // Echo only for TrustFeb2005 and ValueType mismatch if (this.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005 && tlsNegotiation != null && tlsNegotiation.IncomingValueTypeUri != null) { return new BinaryNegotiation(tlsNegotiation.IncomingValueTypeUri, outgoingBlob); } else { return base.GetOutgoingBinaryNegotiation(sspiNegotiation, outgoingBlob); } } protected override ReadOnlyCollection ValidateSspiNegotiation(ISspiNegotiation sspiNegotiation) { TlsSspiNegotiation tlsNegotiation = (TlsSspiNegotiation)sspiNegotiation; if (tlsNegotiation.IsValidContext == false) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new SecurityNegotiationException(SR.GetString(SR.InvalidSspiNegotiation))); } if (this.ClientTokenAuthenticator == null) { return EmptyReadOnlyCollection .Instance; } X509Certificate2 clientCertificate = tlsNegotiation.RemoteCertificate; if (clientCertificate == null) { // isAnonymous is false. So, fail the negotiation throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new SecurityTokenValidationException(SR.GetString(SR.ClientCertificateNotProvided))); } ReadOnlyCollection authorizationPolicies; if (this.ClientTokenAuthenticator != null) { X509SecurityToken clientToken; WindowsIdentity preMappedIdentity; if (!this.MapCertificateToWindowsAccount || !tlsNegotiation.TryGetContextIdentity(out preMappedIdentity)) { clientToken = new X509SecurityToken(clientCertificate); } else { clientToken = new X509WindowsSecurityToken(clientCertificate, preMappedIdentity); preMappedIdentity.Dispose(); } authorizationPolicies = this.ClientTokenAuthenticator.ValidateToken(clientToken); clientToken.Dispose(); } else { authorizationPolicies = EmptyReadOnlyCollection .Instance; } return authorizationPolicies; } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu

This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- TextCompositionManager.cs
- AnimationLayer.cs
- WebPartConnectionsConnectVerb.cs
- MethodCallConverter.cs
- RoutedEvent.cs
- InputLanguage.cs
- ProcessProtocolHandler.cs
- GenericWebPart.cs
- Vector3DCollectionValueSerializer.cs
- HttpAsyncResult.cs
- FormatException.cs
- ToolStripContainer.cs
- StateDesigner.Layouts.cs
- ValidateNames.cs
- DataGridViewCellStyleChangedEventArgs.cs
- ClrPerspective.cs
- LateBoundBitmapDecoder.cs
- TemplateAction.cs
- FactoryGenerator.cs
- HttpModulesSection.cs
- DiagnosticStrings.cs
- DocumentPageHost.cs
- TableRowsCollectionEditor.cs
- FtpWebResponse.cs
- DataSourceCacheDurationConverter.cs
- MissingManifestResourceException.cs
- FieldDescriptor.cs
- FacetDescriptionElement.cs
- MetadataItemEmitter.cs
- WinFormsSecurity.cs
- CategoryNameCollection.cs
- DataSourceCache.cs
- SuppressIldasmAttribute.cs
- Typeface.cs
- CollectionConverter.cs
- MachineSettingsSection.cs
- PagesChangedEventArgs.cs
- GenericPrincipal.cs
- MemberAssignmentAnalysis.cs
- TemplateField.cs
- XmlUrlResolver.cs
- Faults.cs
- SchemaElementDecl.cs
- GridViewSelectEventArgs.cs
- KeyFrames.cs
- MsmqAppDomainProtocolHandler.cs
- HTMLTagNameToTypeMapper.cs
- ItemsPanelTemplate.cs
- RSAOAEPKeyExchangeFormatter.cs
- PartialCachingControl.cs
- WriteFileContext.cs
- StringConverter.cs
- CommonObjectSecurity.cs
- WeakEventManager.cs
- SelectedPathEditor.cs
- _Rfc2616CacheValidators.cs
- SchemaCompiler.cs
- SmiMetaData.cs
- BoundingRectTracker.cs
- ThemeableAttribute.cs
- DotExpr.cs
- NullReferenceException.cs
- DateTimeOffsetStorage.cs
- LookupBindingPropertiesAttribute.cs
- TypeCollectionPropertyEditor.cs
- HtmlTernaryTree.cs
- DelegatingHeader.cs
- ContextMarshalException.cs
- Splitter.cs
- KerberosSecurityTokenProvider.cs
- PagerSettings.cs
- SizeIndependentAnimationStorage.cs
- ClosureBinding.cs
- InternalConfigConfigurationFactory.cs
- DispatcherOperation.cs
- FixedSOMTextRun.cs
- SafeFileMappingHandle.cs
- ConfigurationStrings.cs
- HebrewCalendar.cs
- DataGridViewCellCollection.cs
- ToolStripGripRenderEventArgs.cs
- ScrollEvent.cs
- WSSecurityXXX2005.cs
- DeflateEmulationStream.cs
- PackageRelationshipSelector.cs
- GridViewSelectEventArgs.cs
- BmpBitmapEncoder.cs
- UriParserTemplates.cs
- EncryptedXml.cs
- MailAddress.cs
- SamlAssertion.cs
- SessionSwitchEventArgs.cs
- unsafenativemethodsother.cs
- CodeSnippetCompileUnit.cs
- ResourcePool.cs
- RtfToXamlLexer.cs
- StackSpiller.Generated.cs
- CodeLabeledStatement.cs
- DesignerDataStoredProcedure.cs
- _SecureChannel.cs