Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / ServiceModel / System / ServiceModel / Security / Tokens / SecurityContextCookieSerializer.cs / 1 / SecurityContextCookieSerializer.cs
//------------------------------------------------------------------------------ // Copyright (c) Microsoft Corporation. All rights reserved. //----------------------------------------------------------------------------- namespace System.ServiceModel.Security.Tokens { using System.Xml; using System.ServiceModel.Channels; using System.ServiceModel; using System.IdentityModel.Claims; using System.IdentityModel.Policy; using System.IdentityModel.Tokens; using System.Collections.ObjectModel; using System.Collections.Generic; using System.Security.Principal; using System.IO; using System.Runtime.InteropServices; using System.Runtime.Serialization; using System.ServiceModel.Dispatcher; struct SecurityContextCookieSerializer { const int SupportedPersistanceVersion = 1; SecurityStateEncoder securityStateEncoder; IListknownTypes; public SecurityContextCookieSerializer(SecurityStateEncoder securityStateEncoder, IList knownTypes) { if (securityStateEncoder == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("securityStateEncoder"); } this.securityStateEncoder = securityStateEncoder; this.knownTypes = knownTypes ?? new List (); } SecurityContextSecurityToken DeserializeContext(byte[] serializedContext, byte[] cookieBlob, string id, XmlDictionaryReaderQuotas quotas) { SctClaimDictionary dictionary = SctClaimDictionary.Instance; XmlDictionaryReader reader = XmlDictionaryReader.CreateBinaryReader(serializedContext, 0, serializedContext.Length, dictionary, quotas, null, null); int cookieVersion = -1; UniqueId cookieContextId = null; DateTime effectiveTime = SecurityUtils.MinUtcDateTime; DateTime expiryTime = SecurityUtils.MaxUtcDateTime; byte[] key = null; string localId = null; UniqueId keyGeneration = null; DateTime keyEffectiveTime = SecurityUtils.MinUtcDateTime; DateTime keyExpirationTime = SecurityUtils.MaxUtcDateTime; List claimSets = null; IList identities = null; bool isCookie = true; reader.ReadFullStartElement(dictionary.SecurityContextSecurityToken, dictionary.EmptyString); while (reader.IsStartElement()) { if (reader.IsStartElement(dictionary.Version, dictionary.EmptyString)) { cookieVersion = reader.ReadElementContentAsInt(); } else if (reader.IsStartElement(dictionary.ContextId, dictionary.EmptyString)) { cookieContextId = reader.ReadElementContentAsUniqueId(); } else if (reader.IsStartElement(dictionary.Id, dictionary.EmptyString)) { localId = reader.ReadElementContentAsString(); } else if (reader.IsStartElement(dictionary.EffectiveTime, dictionary.EmptyString)) { effectiveTime = new DateTime(XmlHelper.ReadElementContentAsInt64(reader), DateTimeKind.Utc); } else if (reader.IsStartElement(dictionary.ExpiryTime, dictionary.EmptyString)) { expiryTime = new DateTime(XmlHelper.ReadElementContentAsInt64(reader), DateTimeKind.Utc); } else if (reader.IsStartElement(dictionary.Key, dictionary.EmptyString)) { key = reader.ReadElementContentAsBase64(); } else if (reader.IsStartElement(dictionary.KeyGeneration, dictionary.EmptyString)) { keyGeneration = reader.ReadElementContentAsUniqueId(); } else if (reader.IsStartElement(dictionary.KeyEffectiveTime, dictionary.EmptyString)) { keyEffectiveTime = new DateTime(XmlHelper.ReadElementContentAsInt64(reader), DateTimeKind.Utc); } else if (reader.IsStartElement(dictionary.KeyExpiryTime, dictionary.EmptyString)) { keyExpirationTime = new DateTime(XmlHelper.ReadElementContentAsInt64(reader), DateTimeKind.Utc); } else if (reader.IsStartElement(dictionary.Identities, dictionary.EmptyString)) { identities = SctClaimSerializer.DeserializeIdentities(reader, dictionary, DataContractSerializerDefaults.CreateSerializer(typeof(IIdentity), this.knownTypes, int.MaxValue)); } else if (reader.IsStartElement(dictionary.ClaimSets, dictionary.EmptyString)) { reader.ReadStartElement(); DataContractSerializer claimSetSerializer = DataContractSerializerDefaults.CreateSerializer(typeof(ClaimSet), this.knownTypes, int.MaxValue); DataContractSerializer claimSerializer = DataContractSerializerDefaults.CreateSerializer(typeof(Claim), this.knownTypes, int.MaxValue); claimSets = new List (1); while (reader.IsStartElement()) { claimSets.Add(SctClaimSerializer.DeserializeClaimSet(reader, dictionary, claimSetSerializer, claimSerializer)); } reader.ReadEndElement(); } else if (reader.IsStartElement(dictionary.IsCookieMode, dictionary.EmptyString)) { isCookie = reader.ReadElementString() == "1" ? true : false; } else { OnInvalidCookieFailure(SR.GetString(SR.SctCookieXmlParseError)); } } reader.ReadEndElement(); if (cookieVersion != SupportedPersistanceVersion) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.SerializedTokenVersionUnsupported, cookieVersion))); } if (cookieContextId == null) { OnInvalidCookieFailure(SR.GetString(SR.SctCookieValueMissingOrIncorrect, "ContextId")); } if (key == null || key.Length == 0) { OnInvalidCookieFailure(SR.GetString(SR.SctCookieValueMissingOrIncorrect, "Key")); } if (localId != id) { OnInvalidCookieFailure(SR.GetString(SR.SctCookieValueMissingOrIncorrect, "Id")); } List authorizationPolicies; if (claimSets != null) { authorizationPolicies = new List (1); authorizationPolicies.Add(new SctUnconditionalPolicy(identities, claimSets, expiryTime)); } else { authorizationPolicies = null; } return new SecurityContextSecurityToken(cookieContextId, localId, key, effectiveTime, expiryTime, authorizationPolicies != null ? authorizationPolicies.AsReadOnly() : null, isCookie, cookieBlob, keyGeneration, keyEffectiveTime, keyExpirationTime); } public byte[] CreateCookieFromSecurityContext(UniqueId contextId, string id, byte[] key, DateTime tokenEffectiveTime, DateTime tokenExpirationTime, UniqueId keyGeneration, DateTime keyEffectiveTime, DateTime keyExpirationTime, ReadOnlyCollection authorizationPolicies) { if (contextId == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("contextId"); } if (key == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("key"); } MemoryStream stream = new MemoryStream(); XmlDictionaryWriter writer = XmlDictionaryWriter.CreateBinaryWriter(stream, SctClaimDictionary.Instance, null); SctClaimDictionary dictionary = SctClaimDictionary.Instance; writer.WriteStartElement(dictionary.SecurityContextSecurityToken, dictionary.EmptyString); writer.WriteStartElement(dictionary.Version, dictionary.EmptyString); writer.WriteValue(SupportedPersistanceVersion); writer.WriteEndElement(); if (id != null) writer.WriteElementString(dictionary.Id, dictionary.EmptyString, id); XmlHelper.WriteElementStringAsUniqueId(writer, dictionary.ContextId, dictionary.EmptyString, contextId); writer.WriteStartElement(dictionary.Key, dictionary.EmptyString); writer.WriteBase64(key, 0, key.Length); writer.WriteEndElement(); if (keyGeneration != null) { XmlHelper.WriteElementStringAsUniqueId(writer, dictionary.KeyGeneration, dictionary.EmptyString, keyGeneration); } XmlHelper.WriteElementContentAsInt64(writer, dictionary.EffectiveTime, dictionary.EmptyString, tokenEffectiveTime.ToUniversalTime().Ticks); XmlHelper.WriteElementContentAsInt64(writer, dictionary.ExpiryTime, dictionary.EmptyString, tokenExpirationTime.ToUniversalTime().Ticks); XmlHelper.WriteElementContentAsInt64(writer, dictionary.KeyEffectiveTime, dictionary.EmptyString, keyEffectiveTime.ToUniversalTime().Ticks); XmlHelper.WriteElementContentAsInt64(writer, dictionary.KeyExpiryTime, dictionary.EmptyString, keyExpirationTime.ToUniversalTime().Ticks); AuthorizationContext authContext = null; if (authorizationPolicies != null) authContext = AuthorizationContext.CreateDefaultAuthorizationContext(authorizationPolicies); if (authContext != null && authContext.ClaimSets.Count != 0) { DataContractSerializer identitySerializer = DataContractSerializerDefaults.CreateSerializer(typeof(IIdentity), this.knownTypes, int.MaxValue); DataContractSerializer claimSetSerializer = DataContractSerializerDefaults.CreateSerializer(typeof(ClaimSet), this.knownTypes, int.MaxValue); DataContractSerializer claimSerializer = DataContractSerializerDefaults.CreateSerializer(typeof(Claim), this.knownTypes, int.MaxValue); SctClaimSerializer.SerializeIdentities(authContext, dictionary, writer, identitySerializer); writer.WriteStartElement(dictionary.ClaimSets, dictionary.EmptyString); for (int i = 0; i < authContext.ClaimSets.Count; i++) { SctClaimSerializer.SerializeClaimSet(authContext.ClaimSets[i], dictionary, writer, claimSetSerializer, claimSerializer); } writer.WriteEndElement(); } writer.WriteEndElement(); writer.Flush(); byte[] serializedContext = stream.ToArray(); return this.securityStateEncoder.EncodeSecurityState(serializedContext); } public SecurityContextSecurityToken CreateSecurityContextFromCookie(byte[] encodedCookie, UniqueId contextId, UniqueId generation, string id, XmlDictionaryReaderQuotas quotas) { byte[] cookie = null; try { cookie = this.securityStateEncoder.DecodeSecurityState(encodedCookie); } catch (Exception e) { if (DiagnosticUtility.IsFatal(e)) { throw; } OnInvalidCookieFailure(SR.GetString(SR.SctCookieBlobDecodeFailure), e); } SecurityContextSecurityToken sct = DeserializeContext(cookie, encodedCookie, id, quotas); if (sct.ContextId != contextId) { OnInvalidCookieFailure(SR.GetString(SR.SctCookieValueMissingOrIncorrect, "ContextId")); } if (sct.KeyGeneration != generation) { OnInvalidCookieFailure(SR.GetString(SR.SctCookieValueMissingOrIncorrect, "KeyGeneration")); } return sct; } internal static void OnInvalidCookieFailure(string reason) { OnInvalidCookieFailure(reason, null); } internal static void OnInvalidCookieFailure(string reason, Exception e) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.InvalidSecurityContextCookie, reason), e)); } class SctUnconditionalPolicy : IAuthorizationPolicy { SecurityUniqueId id = SecurityUniqueId.Create(); IList identities; IList claimSets; DateTime expirationTime; public SctUnconditionalPolicy(IList identities, IList claimSets, DateTime expirationTime) { this.identities = identities; this.claimSets = claimSets; this.expirationTime = expirationTime; } public string Id { get { return this.id.Value; } } public ClaimSet Issuer { get { return ClaimSet.System; } } public bool Evaluate(EvaluationContext evaluationContext, ref object state) { for (int i = 0; i < this.claimSets.Count; ++i) { evaluationContext.AddClaimSet(this, this.claimSets[i]); } if (this.identities != null) { object obj; if (!evaluationContext.Properties.TryGetValue(SecurityUtils.Identities, out obj)) { evaluationContext.Properties.Add(SecurityUtils.Identities, this.identities); } else { // null if other overrides the property with something else List dstIdentities = obj as List ; if (dstIdentities != null) { dstIdentities.AddRange(this.identities); } } } evaluationContext.RecordExpirationTime(this.expirationTime); return true; } } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- __TransparentProxy.cs
- ScriptRef.cs
- ExpressionPrinter.cs
- designeractionbehavior.cs
- UpdateRecord.cs
- MemberCollection.cs
- TrackingLocation.cs
- Label.cs
- HwndProxyElementProvider.cs
- HealthMonitoringSection.cs
- HasCopySemanticsAttribute.cs
- DurationConverter.cs
- WebSysDefaultValueAttribute.cs
- RetriableClipboard.cs
- BlurEffect.cs
- WeakReferenceEnumerator.cs
- ViewDesigner.cs
- handlecollector.cs
- CompressEmulationStream.cs
- GlyphCollection.cs
- Pool.cs
- InkCanvasSelectionAdorner.cs
- SponsorHelper.cs
- TreeView.cs
- CustomExpressionEventArgs.cs
- SubclassTypeValidator.cs
- ZipIOFileItemStream.cs
- SqlRetyper.cs
- RegionInfo.cs
- DataServiceQueryOfT.cs
- TypeDefinition.cs
- FrameworkElementFactoryMarkupObject.cs
- ScriptRegistrationManager.cs
- RSACryptoServiceProvider.cs
- MessageDecoder.cs
- NameSpaceEvent.cs
- FileSystemWatcher.cs
- WizardDesigner.cs
- FrameworkTextComposition.cs
- XmlSerializerSection.cs
- AuthenticationSection.cs
- QilGeneratorEnv.cs
- SimpleMailWebEventProvider.cs
- formatstringdialog.cs
- GridItemProviderWrapper.cs
- ImageAutomationPeer.cs
- StrokeNodeOperations2.cs
- CompositeDataBoundControl.cs
- ModulesEntry.cs
- UInt16Storage.cs
- ChangePasswordDesigner.cs
- XmlNodeChangedEventManager.cs
- StorageTypeMapping.cs
- DesignerOptionService.cs
- PageStatePersister.cs
- BitmapData.cs
- EmptyStringExpandableObjectConverter.cs
- DatagridviewDisplayedBandsData.cs
- RegisteredExpandoAttribute.cs
- CodeDomSerializer.cs
- ParseHttpDate.cs
- CodeTypeConstructor.cs
- FormClosedEvent.cs
- SubstitutionDesigner.cs
- Freezable.cs
- WindowAutomationPeer.cs
- HttpCacheVary.cs
- QilReplaceVisitor.cs
- DataListDesigner.cs
- Hyperlink.cs
- ClientOptions.cs
- IsolationInterop.cs
- ValueUnavailableException.cs
- StorageBasedPackageProperties.cs
- TypeUsageBuilder.cs
- JsonEnumDataContract.cs
- PtsContext.cs
- Transform.cs
- DeobfuscatingStream.cs
- SQLDateTimeStorage.cs
- NetworkCredential.cs
- StorageEntityContainerMapping.cs
- MessageQueue.cs
- WhitespaceRuleLookup.cs
- XmlTextEncoder.cs
- IdnElement.cs
- RichTextBox.cs
- ImageInfo.cs
- AttributeAction.cs
- FakeModelItemImpl.cs
- ButtonPopupAdapter.cs
- IChannel.cs
- ControlUtil.cs
- HashSetEqualityComparer.cs
- XmlCountingReader.cs
- Polyline.cs
- ValueChangedEventManager.cs
- TimeSpanHelper.cs
- SQLConvert.cs
- BindingObserver.cs