Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / ServiceModel / System / ServiceModel / Security / TlsnegoTokenAuthenticator.cs / 1 / TlsnegoTokenAuthenticator.cs
//------------------------------------------------------------------------------
// Copyright (c) Microsoft Corporation. All rights reserved.
//-----------------------------------------------------------------------------
namespace System.ServiceModel.Security
{
using System;
using System.ServiceModel;
using System.Collections;
using System.Xml;
using System.Security.Principal;
using System.IdentityModel.Claims;
using System.IdentityModel.Policy;
using System.IdentityModel.Tokens;
using System.IdentityModel.Selectors;
using System.Security.Cryptography.X509Certificates;
using System.ServiceModel.Security.Tokens;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.Runtime.Serialization;
using SchProtocols = System.IdentityModel.SchProtocols;
sealed class TlsnegoTokenAuthenticator : SspiNegotiationTokenAuthenticator
{
SecurityTokenAuthenticator clientTokenAuthenticator;
SecurityTokenProvider serverTokenProvider;
X509SecurityToken serverToken;
bool mapCertificateToWindowsAccount;
public TlsnegoTokenAuthenticator()
: base()
{
// empty
}
public SecurityTokenAuthenticator ClientTokenAuthenticator
{
get
{
return this.clientTokenAuthenticator;
}
set
{
this.CommunicationObject.ThrowIfDisposedOrImmutable();
this.clientTokenAuthenticator = value;
}
}
public SecurityTokenProvider ServerTokenProvider
{
get
{
return this.serverTokenProvider;
}
set
{
this.CommunicationObject.ThrowIfDisposedOrImmutable();
this.serverTokenProvider = value;
}
}
public bool MapCertificateToWindowsAccount
{
get
{
return this.mapCertificateToWindowsAccount;
}
set
{
this.CommunicationObject.ThrowIfDisposedOrImmutable();
this.mapCertificateToWindowsAccount = value;
}
}
X509SecurityToken ValidateX509Token(SecurityToken token)
{
X509SecurityToken result = token as X509SecurityToken;
if (result == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.TokenProviderReturnedBadToken, token == null ? "" : token.GetType().ToString())));
}
SecurityUtils.EnsureCertificateCanDoKeyExchange(result.Certificate);
return result;
}
// overrides
public override XmlDictionaryString NegotiationValueType
{
get
{
if (this.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005)
{
return XD.TrustApr2004Dictionary.TlsnegoValueTypeUri;
}
else if (this.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrust13)
{
return DXD.TrustDec2005Dictionary.TlsnegoValueTypeUri;
}
// Not supported
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException());
}
}
public override void OnOpen(TimeSpan timeout)
{
if (this.serverTokenProvider == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.NoServerX509TokenProvider)));
}
TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);
SecurityUtils.OpenTokenProviderIfRequired(this.serverTokenProvider, timeoutHelper.RemainingTime());
if (this.clientTokenAuthenticator != null)
{
SecurityUtils.OpenTokenAuthenticatorIfRequired(this.clientTokenAuthenticator, timeoutHelper.RemainingTime());
}
SecurityToken token = this.serverTokenProvider.GetToken(timeoutHelper.RemainingTime());
this.serverToken = ValidateX509Token(token);
base.OnOpen(timeoutHelper.RemainingTime());
}
public override void OnClose(TimeSpan timeout)
{
TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);
if (this.serverTokenProvider != null)
{
SecurityUtils.CloseTokenProviderIfRequired(this.serverTokenProvider, timeoutHelper.RemainingTime());
this.serverTokenProvider = null;
}
if (this.clientTokenAuthenticator != null)
{
SecurityUtils.CloseTokenAuthenticatorIfRequired(this.clientTokenAuthenticator, timeoutHelper.RemainingTime());
this.clientTokenAuthenticator = null;
}
if (this.serverToken != null)
{
this.serverToken = null;
}
base.OnClose(timeoutHelper.RemainingTime());
}
public override void OnAbort()
{
if (this.serverTokenProvider != null)
{
SecurityUtils.AbortTokenProviderIfRequired(this.serverTokenProvider);
this.serverTokenProvider = null;
}
if (this.clientTokenAuthenticator != null)
{
SecurityUtils.AbortTokenAuthenticatorIfRequired(this.clientTokenAuthenticator);
this.clientTokenAuthenticator = null;
}
if (this.serverToken != null)
{
this.serverToken = null;
}
base.OnAbort();
}
protected override void ValidateIncomingBinaryNegotiation(BinaryNegotiation incomingNego)
{
// Accept both strings for WSTrustFeb2005
if (incomingNego != null &&
incomingNego.ValueTypeUri != this.NegotiationValueType.Value &&
this.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005)
{
incomingNego.Validate(DXD.TrustDec2005Dictionary.TlsnegoValueTypeUri);
}
else
{
base.ValidateIncomingBinaryNegotiation(incomingNego);
}
}
protected override SspiNegotiationTokenAuthenticatorState CreateSspiState(byte[] incomingBlob, string incomingValueTypeUri)
{
TlsSspiNegotiation tlsNegotiation = new TlsSspiNegotiation(SchProtocols.TlsServer | SchProtocols.Ssl3Server,
this.serverToken.Certificate, this.ClientTokenAuthenticator != null);
// Echo only for TrustFeb2005 and ValueType mismatch
if (this.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005 &&
this.NegotiationValueType.Value != incomingValueTypeUri)
{
tlsNegotiation.IncomingValueTypeUri = incomingValueTypeUri;
}
return new SspiNegotiationTokenAuthenticatorState(tlsNegotiation);
}
protected override BinaryNegotiation GetOutgoingBinaryNegotiation(ISspiNegotiation sspiNegotiation, byte[] outgoingBlob)
{
TlsSspiNegotiation tlsNegotiation = sspiNegotiation as TlsSspiNegotiation;
// Echo only for TrustFeb2005 and ValueType mismatch
if (this.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005 &&
tlsNegotiation != null &&
tlsNegotiation.IncomingValueTypeUri != null)
{
return new BinaryNegotiation(tlsNegotiation.IncomingValueTypeUri, outgoingBlob);
}
else
{
return base.GetOutgoingBinaryNegotiation(sspiNegotiation, outgoingBlob);
}
}
protected override ReadOnlyCollection ValidateSspiNegotiation(ISspiNegotiation sspiNegotiation)
{
TlsSspiNegotiation tlsNegotiation = (TlsSspiNegotiation)sspiNegotiation;
if (tlsNegotiation.IsValidContext == false)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new SecurityNegotiationException(SR.GetString(SR.InvalidSspiNegotiation)));
}
if (this.ClientTokenAuthenticator == null)
{
return EmptyReadOnlyCollection.Instance;
}
X509Certificate2 clientCertificate = tlsNegotiation.RemoteCertificate;
if (clientCertificate == null)
{
// isAnonymous is false. So, fail the negotiation
throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new SecurityTokenValidationException(SR.GetString(SR.ClientCertificateNotProvided)));
}
ReadOnlyCollection authorizationPolicies;
if (this.ClientTokenAuthenticator != null)
{
X509SecurityToken clientToken;
WindowsIdentity preMappedIdentity;
if (!this.MapCertificateToWindowsAccount || !tlsNegotiation.TryGetContextIdentity(out preMappedIdentity))
{
clientToken = new X509SecurityToken(clientCertificate);
}
else
{
clientToken = new X509WindowsSecurityToken(clientCertificate, preMappedIdentity);
preMappedIdentity.Dispose();
}
authorizationPolicies = this.ClientTokenAuthenticator.ValidateToken(clientToken);
clientToken.Dispose();
}
else
{
authorizationPolicies = EmptyReadOnlyCollection.Instance;
}
return authorizationPolicies;
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- TextCompositionManager.cs
- AnimationLayer.cs
- WebPartConnectionsConnectVerb.cs
- MethodCallConverter.cs
- RoutedEvent.cs
- InputLanguage.cs
- ProcessProtocolHandler.cs
- GenericWebPart.cs
- Vector3DCollectionValueSerializer.cs
- HttpAsyncResult.cs
- FormatException.cs
- ToolStripContainer.cs
- StateDesigner.Layouts.cs
- ValidateNames.cs
- DataGridViewCellStyleChangedEventArgs.cs
- ClrPerspective.cs
- LateBoundBitmapDecoder.cs
- TemplateAction.cs
- FactoryGenerator.cs
- HttpModulesSection.cs
- DiagnosticStrings.cs
- DocumentPageHost.cs
- TableRowsCollectionEditor.cs
- FtpWebResponse.cs
- DataSourceCacheDurationConverter.cs
- MissingManifestResourceException.cs
- FieldDescriptor.cs
- FacetDescriptionElement.cs
- MetadataItemEmitter.cs
- WinFormsSecurity.cs
- CategoryNameCollection.cs
- DataSourceCache.cs
- SuppressIldasmAttribute.cs
- Typeface.cs
- CollectionConverter.cs
- MachineSettingsSection.cs
- PagesChangedEventArgs.cs
- GenericPrincipal.cs
- MemberAssignmentAnalysis.cs
- TemplateField.cs
- XmlUrlResolver.cs
- Faults.cs
- SchemaElementDecl.cs
- GridViewSelectEventArgs.cs
- KeyFrames.cs
- MsmqAppDomainProtocolHandler.cs
- HTMLTagNameToTypeMapper.cs
- ItemsPanelTemplate.cs
- RSAOAEPKeyExchangeFormatter.cs
- PartialCachingControl.cs
- WriteFileContext.cs
- StringConverter.cs
- CommonObjectSecurity.cs
- WeakEventManager.cs
- SelectedPathEditor.cs
- _Rfc2616CacheValidators.cs
- SchemaCompiler.cs
- SmiMetaData.cs
- BoundingRectTracker.cs
- ThemeableAttribute.cs
- DotExpr.cs
- NullReferenceException.cs
- DateTimeOffsetStorage.cs
- LookupBindingPropertiesAttribute.cs
- TypeCollectionPropertyEditor.cs
- HtmlTernaryTree.cs
- DelegatingHeader.cs
- ContextMarshalException.cs
- Splitter.cs
- KerberosSecurityTokenProvider.cs
- PagerSettings.cs
- SizeIndependentAnimationStorage.cs
- ClosureBinding.cs
- InternalConfigConfigurationFactory.cs
- DispatcherOperation.cs
- FixedSOMTextRun.cs
- SafeFileMappingHandle.cs
- ConfigurationStrings.cs
- HebrewCalendar.cs
- DataGridViewCellCollection.cs
- ToolStripGripRenderEventArgs.cs
- ScrollEvent.cs
- WSSecurityXXX2005.cs
- DeflateEmulationStream.cs
- PackageRelationshipSelector.cs
- GridViewSelectEventArgs.cs
- BmpBitmapEncoder.cs
- UriParserTemplates.cs
- EncryptedXml.cs
- MailAddress.cs
- SamlAssertion.cs
- SessionSwitchEventArgs.cs
- unsafenativemethodsother.cs
- CodeSnippetCompileUnit.cs
- ResourcePool.cs
- RtfToXamlLexer.cs
- StackSpiller.Generated.cs
- CodeLabeledStatement.cs
- DesignerDataStoredProcedure.cs
- _SecureChannel.cs