Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / ServiceModel / System / ServiceModel / Security / TlsnegoTokenAuthenticator.cs / 1 / TlsnegoTokenAuthenticator.cs
//------------------------------------------------------------------------------
// Copyright (c) Microsoft Corporation. All rights reserved.
//-----------------------------------------------------------------------------
namespace System.ServiceModel.Security
{
using System;
using System.ServiceModel;
using System.Collections;
using System.Xml;
using System.Security.Principal;
using System.IdentityModel.Claims;
using System.IdentityModel.Policy;
using System.IdentityModel.Tokens;
using System.IdentityModel.Selectors;
using System.Security.Cryptography.X509Certificates;
using System.ServiceModel.Security.Tokens;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.Runtime.Serialization;
using SchProtocols = System.IdentityModel.SchProtocols;
sealed class TlsnegoTokenAuthenticator : SspiNegotiationTokenAuthenticator
{
SecurityTokenAuthenticator clientTokenAuthenticator;
SecurityTokenProvider serverTokenProvider;
X509SecurityToken serverToken;
bool mapCertificateToWindowsAccount;
public TlsnegoTokenAuthenticator()
: base()
{
// empty
}
public SecurityTokenAuthenticator ClientTokenAuthenticator
{
get
{
return this.clientTokenAuthenticator;
}
set
{
this.CommunicationObject.ThrowIfDisposedOrImmutable();
this.clientTokenAuthenticator = value;
}
}
public SecurityTokenProvider ServerTokenProvider
{
get
{
return this.serverTokenProvider;
}
set
{
this.CommunicationObject.ThrowIfDisposedOrImmutable();
this.serverTokenProvider = value;
}
}
public bool MapCertificateToWindowsAccount
{
get
{
return this.mapCertificateToWindowsAccount;
}
set
{
this.CommunicationObject.ThrowIfDisposedOrImmutable();
this.mapCertificateToWindowsAccount = value;
}
}
X509SecurityToken ValidateX509Token(SecurityToken token)
{
X509SecurityToken result = token as X509SecurityToken;
if (result == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.TokenProviderReturnedBadToken, token == null ? "" : token.GetType().ToString())));
}
SecurityUtils.EnsureCertificateCanDoKeyExchange(result.Certificate);
return result;
}
// overrides
public override XmlDictionaryString NegotiationValueType
{
get
{
if (this.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005)
{
return XD.TrustApr2004Dictionary.TlsnegoValueTypeUri;
}
else if (this.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrust13)
{
return DXD.TrustDec2005Dictionary.TlsnegoValueTypeUri;
}
// Not supported
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException());
}
}
public override void OnOpen(TimeSpan timeout)
{
if (this.serverTokenProvider == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.NoServerX509TokenProvider)));
}
TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);
SecurityUtils.OpenTokenProviderIfRequired(this.serverTokenProvider, timeoutHelper.RemainingTime());
if (this.clientTokenAuthenticator != null)
{
SecurityUtils.OpenTokenAuthenticatorIfRequired(this.clientTokenAuthenticator, timeoutHelper.RemainingTime());
}
SecurityToken token = this.serverTokenProvider.GetToken(timeoutHelper.RemainingTime());
this.serverToken = ValidateX509Token(token);
base.OnOpen(timeoutHelper.RemainingTime());
}
public override void OnClose(TimeSpan timeout)
{
TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);
if (this.serverTokenProvider != null)
{
SecurityUtils.CloseTokenProviderIfRequired(this.serverTokenProvider, timeoutHelper.RemainingTime());
this.serverTokenProvider = null;
}
if (this.clientTokenAuthenticator != null)
{
SecurityUtils.CloseTokenAuthenticatorIfRequired(this.clientTokenAuthenticator, timeoutHelper.RemainingTime());
this.clientTokenAuthenticator = null;
}
if (this.serverToken != null)
{
this.serverToken = null;
}
base.OnClose(timeoutHelper.RemainingTime());
}
public override void OnAbort()
{
if (this.serverTokenProvider != null)
{
SecurityUtils.AbortTokenProviderIfRequired(this.serverTokenProvider);
this.serverTokenProvider = null;
}
if (this.clientTokenAuthenticator != null)
{
SecurityUtils.AbortTokenAuthenticatorIfRequired(this.clientTokenAuthenticator);
this.clientTokenAuthenticator = null;
}
if (this.serverToken != null)
{
this.serverToken = null;
}
base.OnAbort();
}
protected override void ValidateIncomingBinaryNegotiation(BinaryNegotiation incomingNego)
{
// Accept both strings for WSTrustFeb2005
if (incomingNego != null &&
incomingNego.ValueTypeUri != this.NegotiationValueType.Value &&
this.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005)
{
incomingNego.Validate(DXD.TrustDec2005Dictionary.TlsnegoValueTypeUri);
}
else
{
base.ValidateIncomingBinaryNegotiation(incomingNego);
}
}
protected override SspiNegotiationTokenAuthenticatorState CreateSspiState(byte[] incomingBlob, string incomingValueTypeUri)
{
TlsSspiNegotiation tlsNegotiation = new TlsSspiNegotiation(SchProtocols.TlsServer | SchProtocols.Ssl3Server,
this.serverToken.Certificate, this.ClientTokenAuthenticator != null);
// Echo only for TrustFeb2005 and ValueType mismatch
if (this.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005 &&
this.NegotiationValueType.Value != incomingValueTypeUri)
{
tlsNegotiation.IncomingValueTypeUri = incomingValueTypeUri;
}
return new SspiNegotiationTokenAuthenticatorState(tlsNegotiation);
}
protected override BinaryNegotiation GetOutgoingBinaryNegotiation(ISspiNegotiation sspiNegotiation, byte[] outgoingBlob)
{
TlsSspiNegotiation tlsNegotiation = sspiNegotiation as TlsSspiNegotiation;
// Echo only for TrustFeb2005 and ValueType mismatch
if (this.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005 &&
tlsNegotiation != null &&
tlsNegotiation.IncomingValueTypeUri != null)
{
return new BinaryNegotiation(tlsNegotiation.IncomingValueTypeUri, outgoingBlob);
}
else
{
return base.GetOutgoingBinaryNegotiation(sspiNegotiation, outgoingBlob);
}
}
protected override ReadOnlyCollection ValidateSspiNegotiation(ISspiNegotiation sspiNegotiation)
{
TlsSspiNegotiation tlsNegotiation = (TlsSspiNegotiation)sspiNegotiation;
if (tlsNegotiation.IsValidContext == false)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new SecurityNegotiationException(SR.GetString(SR.InvalidSspiNegotiation)));
}
if (this.ClientTokenAuthenticator == null)
{
return EmptyReadOnlyCollection.Instance;
}
X509Certificate2 clientCertificate = tlsNegotiation.RemoteCertificate;
if (clientCertificate == null)
{
// isAnonymous is false. So, fail the negotiation
throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new SecurityTokenValidationException(SR.GetString(SR.ClientCertificateNotProvided)));
}
ReadOnlyCollection authorizationPolicies;
if (this.ClientTokenAuthenticator != null)
{
X509SecurityToken clientToken;
WindowsIdentity preMappedIdentity;
if (!this.MapCertificateToWindowsAccount || !tlsNegotiation.TryGetContextIdentity(out preMappedIdentity))
{
clientToken = new X509SecurityToken(clientCertificate);
}
else
{
clientToken = new X509WindowsSecurityToken(clientCertificate, preMappedIdentity);
preMappedIdentity.Dispose();
}
authorizationPolicies = this.ClientTokenAuthenticator.ValidateToken(clientToken);
clientToken.Dispose();
}
else
{
authorizationPolicies = EmptyReadOnlyCollection.Instance;
}
return authorizationPolicies;
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- EffectiveValueEntry.cs
- XpsColorContext.cs
- StringValidatorAttribute.cs
- ArraySubsetEnumerator.cs
- LinqDataSourceInsertEventArgs.cs
- WriteableBitmap.cs
- SharedDp.cs
- ObjectItemNoOpAssemblyLoader.cs
- UserControlDesigner.cs
- TypeToken.cs
- ArgumentException.cs
- ZipIOCentralDirectoryDigitalSignature.cs
- ForceCopyBuildProvider.cs
- DesignRelationCollection.cs
- DefinitionBase.cs
- InputScopeConverter.cs
- DataSourceCacheDurationConverter.cs
- DbDataRecord.cs
- ContainerParaClient.cs
- GenericParameterDataContract.cs
- HttpWebResponse.cs
- ConfigurationSection.cs
- XslNumber.cs
- DataGridViewRowConverter.cs
- ReachDocumentPageSerializerAsync.cs
- StsCommunicationException.cs
- IndicCharClassifier.cs
- HyperLinkColumn.cs
- CursorConverter.cs
- TextureBrush.cs
- WorkflowControlEndpoint.cs
- PeerTransportSecurityElement.cs
- DataSourceControl.cs
- SingleConverter.cs
- DropShadowEffect.cs
- ListenerConnectionDemuxer.cs
- SR.cs
- RepeatBehavior.cs
- AssemblyHash.cs
- OperandQuery.cs
- HandleDictionary.cs
- XamlClipboardData.cs
- SimpleWorkerRequest.cs
- BamlWriter.cs
- Label.cs
- ToolStripSettings.cs
- SspiNegotiationTokenProvider.cs
- Dynamic.cs
- PrePrepareMethodAttribute.cs
- ContextStack.cs
- ProxyHwnd.cs
- XmlSchemaNotation.cs
- ProfileParameter.cs
- PopupRoot.cs
- ServiceModelEnhancedConfigurationElementCollection.cs
- ExecutionProperties.cs
- SqlColumnizer.cs
- ComponentSerializationService.cs
- ServiceDurableInstanceContextProvider.cs
- TypeReference.cs
- DynamicScriptObject.cs
- _SafeNetHandles.cs
- CommandValueSerializer.cs
- SiteOfOriginPart.cs
- D3DImage.cs
- WhileDesigner.xaml.cs
- QuadraticBezierSegment.cs
- Constants.cs
- _PooledStream.cs
- IProvider.cs
- WeakHashtable.cs
- SynchronizationContext.cs
- IISUnsafeMethods.cs
- SecurityHelper.cs
- SamlAssertionKeyIdentifierClause.cs
- BamlRecords.cs
- cache.cs
- DesignTable.cs
- RayHitTestParameters.cs
- VectorValueSerializer.cs
- MsmqBindingElementBase.cs
- BackgroundWorker.cs
- MachineKeyConverter.cs
- ZipIOCentralDirectoryDigitalSignature.cs
- RemotingConfiguration.cs
- QilChoice.cs
- MatrixUtil.cs
- FlowPosition.cs
- EmptyElement.cs
- wmiprovider.cs
- WebResourceUtil.cs
- WebHttpBinding.cs
- DataGridTextBox.cs
- ColorTransform.cs
- HttpRuntime.cs
- BaseValidator.cs
- AutoCompleteStringCollection.cs
- DataServiceQueryOfT.cs
- BaseInfoTable.cs
- AccessViolationException.cs