Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / ServiceModel / System / ServiceModel / Security / Tokens / SecurityContextCookieSerializer.cs / 1 / SecurityContextCookieSerializer.cs
//------------------------------------------------------------------------------
// Copyright (c) Microsoft Corporation. All rights reserved.
//-----------------------------------------------------------------------------
namespace System.ServiceModel.Security.Tokens
{
using System.Xml;
using System.ServiceModel.Channels;
using System.ServiceModel;
using System.IdentityModel.Claims;
using System.IdentityModel.Policy;
using System.IdentityModel.Tokens;
using System.Collections.ObjectModel;
using System.Collections.Generic;
using System.Security.Principal;
using System.IO;
using System.Runtime.InteropServices;
using System.Runtime.Serialization;
using System.ServiceModel.Dispatcher;
struct SecurityContextCookieSerializer
{
const int SupportedPersistanceVersion = 1;
SecurityStateEncoder securityStateEncoder;
IList knownTypes;
public SecurityContextCookieSerializer(SecurityStateEncoder securityStateEncoder, IList knownTypes)
{
if (securityStateEncoder == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("securityStateEncoder");
}
this.securityStateEncoder = securityStateEncoder;
this.knownTypes = knownTypes ?? new List();
}
SecurityContextSecurityToken DeserializeContext(byte[] serializedContext, byte[] cookieBlob, string id, XmlDictionaryReaderQuotas quotas)
{
SctClaimDictionary dictionary = SctClaimDictionary.Instance;
XmlDictionaryReader reader = XmlDictionaryReader.CreateBinaryReader(serializedContext, 0, serializedContext.Length, dictionary, quotas, null, null);
int cookieVersion = -1;
UniqueId cookieContextId = null;
DateTime effectiveTime = SecurityUtils.MinUtcDateTime;
DateTime expiryTime = SecurityUtils.MaxUtcDateTime;
byte[] key = null;
string localId = null;
UniqueId keyGeneration = null;
DateTime keyEffectiveTime = SecurityUtils.MinUtcDateTime;
DateTime keyExpirationTime = SecurityUtils.MaxUtcDateTime;
List claimSets = null;
IList identities = null;
bool isCookie = true;
reader.ReadFullStartElement(dictionary.SecurityContextSecurityToken, dictionary.EmptyString);
while (reader.IsStartElement())
{
if (reader.IsStartElement(dictionary.Version, dictionary.EmptyString))
{
cookieVersion = reader.ReadElementContentAsInt();
}
else if (reader.IsStartElement(dictionary.ContextId, dictionary.EmptyString))
{
cookieContextId = reader.ReadElementContentAsUniqueId();
}
else if (reader.IsStartElement(dictionary.Id, dictionary.EmptyString))
{
localId = reader.ReadElementContentAsString();
}
else if (reader.IsStartElement(dictionary.EffectiveTime, dictionary.EmptyString))
{
effectiveTime = new DateTime(XmlHelper.ReadElementContentAsInt64(reader), DateTimeKind.Utc);
}
else if (reader.IsStartElement(dictionary.ExpiryTime, dictionary.EmptyString))
{
expiryTime = new DateTime(XmlHelper.ReadElementContentAsInt64(reader), DateTimeKind.Utc);
}
else if (reader.IsStartElement(dictionary.Key, dictionary.EmptyString))
{
key = reader.ReadElementContentAsBase64();
}
else if (reader.IsStartElement(dictionary.KeyGeneration, dictionary.EmptyString))
{
keyGeneration = reader.ReadElementContentAsUniqueId();
}
else if (reader.IsStartElement(dictionary.KeyEffectiveTime, dictionary.EmptyString))
{
keyEffectiveTime = new DateTime(XmlHelper.ReadElementContentAsInt64(reader), DateTimeKind.Utc);
}
else if (reader.IsStartElement(dictionary.KeyExpiryTime, dictionary.EmptyString))
{
keyExpirationTime = new DateTime(XmlHelper.ReadElementContentAsInt64(reader), DateTimeKind.Utc);
}
else if (reader.IsStartElement(dictionary.Identities, dictionary.EmptyString))
{
identities = SctClaimSerializer.DeserializeIdentities(reader, dictionary, DataContractSerializerDefaults.CreateSerializer(typeof(IIdentity), this.knownTypes, int.MaxValue));
}
else if (reader.IsStartElement(dictionary.ClaimSets, dictionary.EmptyString))
{
reader.ReadStartElement();
DataContractSerializer claimSetSerializer = DataContractSerializerDefaults.CreateSerializer(typeof(ClaimSet), this.knownTypes, int.MaxValue);
DataContractSerializer claimSerializer = DataContractSerializerDefaults.CreateSerializer(typeof(Claim), this.knownTypes, int.MaxValue);
claimSets = new List(1);
while (reader.IsStartElement())
{
claimSets.Add(SctClaimSerializer.DeserializeClaimSet(reader, dictionary, claimSetSerializer, claimSerializer));
}
reader.ReadEndElement();
}
else if (reader.IsStartElement(dictionary.IsCookieMode, dictionary.EmptyString))
{
isCookie = reader.ReadElementString() == "1" ? true : false;
}
else
{
OnInvalidCookieFailure(SR.GetString(SR.SctCookieXmlParseError));
}
}
reader.ReadEndElement();
if (cookieVersion != SupportedPersistanceVersion)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.SerializedTokenVersionUnsupported, cookieVersion)));
}
if (cookieContextId == null)
{
OnInvalidCookieFailure(SR.GetString(SR.SctCookieValueMissingOrIncorrect, "ContextId"));
}
if (key == null || key.Length == 0)
{
OnInvalidCookieFailure(SR.GetString(SR.SctCookieValueMissingOrIncorrect, "Key"));
}
if (localId != id)
{
OnInvalidCookieFailure(SR.GetString(SR.SctCookieValueMissingOrIncorrect, "Id"));
}
List authorizationPolicies;
if (claimSets != null)
{
authorizationPolicies = new List(1);
authorizationPolicies.Add(new SctUnconditionalPolicy(identities, claimSets, expiryTime));
}
else
{
authorizationPolicies = null;
}
return new SecurityContextSecurityToken(cookieContextId, localId, key, effectiveTime, expiryTime,
authorizationPolicies != null ? authorizationPolicies.AsReadOnly() : null, isCookie, cookieBlob, keyGeneration, keyEffectiveTime, keyExpirationTime);
}
public byte[] CreateCookieFromSecurityContext(UniqueId contextId, string id, byte[] key, DateTime tokenEffectiveTime,
DateTime tokenExpirationTime, UniqueId keyGeneration, DateTime keyEffectiveTime, DateTime keyExpirationTime,
ReadOnlyCollection authorizationPolicies)
{
if (contextId == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("contextId");
}
if (key == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("key");
}
MemoryStream stream = new MemoryStream();
XmlDictionaryWriter writer = XmlDictionaryWriter.CreateBinaryWriter(stream, SctClaimDictionary.Instance, null);
SctClaimDictionary dictionary = SctClaimDictionary.Instance;
writer.WriteStartElement(dictionary.SecurityContextSecurityToken, dictionary.EmptyString);
writer.WriteStartElement(dictionary.Version, dictionary.EmptyString);
writer.WriteValue(SupportedPersistanceVersion);
writer.WriteEndElement();
if (id != null)
writer.WriteElementString(dictionary.Id, dictionary.EmptyString, id);
XmlHelper.WriteElementStringAsUniqueId(writer, dictionary.ContextId, dictionary.EmptyString, contextId);
writer.WriteStartElement(dictionary.Key, dictionary.EmptyString);
writer.WriteBase64(key, 0, key.Length);
writer.WriteEndElement();
if (keyGeneration != null)
{
XmlHelper.WriteElementStringAsUniqueId(writer, dictionary.KeyGeneration, dictionary.EmptyString, keyGeneration);
}
XmlHelper.WriteElementContentAsInt64(writer, dictionary.EffectiveTime, dictionary.EmptyString, tokenEffectiveTime.ToUniversalTime().Ticks);
XmlHelper.WriteElementContentAsInt64(writer, dictionary.ExpiryTime, dictionary.EmptyString, tokenExpirationTime.ToUniversalTime().Ticks);
XmlHelper.WriteElementContentAsInt64(writer, dictionary.KeyEffectiveTime, dictionary.EmptyString, keyEffectiveTime.ToUniversalTime().Ticks);
XmlHelper.WriteElementContentAsInt64(writer, dictionary.KeyExpiryTime, dictionary.EmptyString, keyExpirationTime.ToUniversalTime().Ticks);
AuthorizationContext authContext = null;
if (authorizationPolicies != null)
authContext = AuthorizationContext.CreateDefaultAuthorizationContext(authorizationPolicies);
if (authContext != null && authContext.ClaimSets.Count != 0)
{
DataContractSerializer identitySerializer = DataContractSerializerDefaults.CreateSerializer(typeof(IIdentity), this.knownTypes, int.MaxValue);
DataContractSerializer claimSetSerializer = DataContractSerializerDefaults.CreateSerializer(typeof(ClaimSet), this.knownTypes, int.MaxValue);
DataContractSerializer claimSerializer = DataContractSerializerDefaults.CreateSerializer(typeof(Claim), this.knownTypes, int.MaxValue);
SctClaimSerializer.SerializeIdentities(authContext, dictionary, writer, identitySerializer);
writer.WriteStartElement(dictionary.ClaimSets, dictionary.EmptyString);
for (int i = 0; i < authContext.ClaimSets.Count; i++)
{
SctClaimSerializer.SerializeClaimSet(authContext.ClaimSets[i], dictionary, writer, claimSetSerializer, claimSerializer);
}
writer.WriteEndElement();
}
writer.WriteEndElement();
writer.Flush();
byte[] serializedContext = stream.ToArray();
return this.securityStateEncoder.EncodeSecurityState(serializedContext);
}
public SecurityContextSecurityToken CreateSecurityContextFromCookie(byte[] encodedCookie, UniqueId contextId, UniqueId generation, string id, XmlDictionaryReaderQuotas quotas)
{
byte[] cookie = null;
try
{
cookie = this.securityStateEncoder.DecodeSecurityState(encodedCookie);
}
catch (Exception e)
{
if (DiagnosticUtility.IsFatal(e))
{
throw;
}
OnInvalidCookieFailure(SR.GetString(SR.SctCookieBlobDecodeFailure), e);
}
SecurityContextSecurityToken sct = DeserializeContext(cookie, encodedCookie, id, quotas);
if (sct.ContextId != contextId)
{
OnInvalidCookieFailure(SR.GetString(SR.SctCookieValueMissingOrIncorrect, "ContextId"));
}
if (sct.KeyGeneration != generation)
{
OnInvalidCookieFailure(SR.GetString(SR.SctCookieValueMissingOrIncorrect, "KeyGeneration"));
}
return sct;
}
internal static void OnInvalidCookieFailure(string reason)
{
OnInvalidCookieFailure(reason, null);
}
internal static void OnInvalidCookieFailure(string reason, Exception e)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.InvalidSecurityContextCookie, reason), e));
}
class SctUnconditionalPolicy : IAuthorizationPolicy
{
SecurityUniqueId id = SecurityUniqueId.Create();
IList identities;
IList claimSets;
DateTime expirationTime;
public SctUnconditionalPolicy(IList identities, IList claimSets, DateTime expirationTime)
{
this.identities = identities;
this.claimSets = claimSets;
this.expirationTime = expirationTime;
}
public string Id
{
get { return this.id.Value; }
}
public ClaimSet Issuer
{
get { return ClaimSet.System; }
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
for (int i = 0; i < this.claimSets.Count; ++i)
{
evaluationContext.AddClaimSet(this, this.claimSets[i]);
}
if (this.identities != null)
{
object obj;
if (!evaluationContext.Properties.TryGetValue(SecurityUtils.Identities, out obj))
{
evaluationContext.Properties.Add(SecurityUtils.Identities, this.identities);
}
else
{
// null if other overrides the property with something else
List dstIdentities = obj as List;
if (dstIdentities != null)
{
dstIdentities.AddRange(this.identities);
}
}
}
evaluationContext.RecordExpirationTime(this.expirationTime);
return true;
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- StyleSheetRefUrlEditor.cs
- BrowserCapabilitiesFactoryBase.cs
- XmlText.cs
- HttpEncoder.cs
- NativeCppClassAttribute.cs
- UnsafeNativeMethods.cs
- ObjectStateFormatter.cs
- ItemType.cs
- ControlLocalizer.cs
- Peer.cs
- HuffmanTree.cs
- BinHexEncoder.cs
- RequestCachePolicy.cs
- View.cs
- ManualResetEventSlim.cs
- ListenerBinder.cs
- AxHostDesigner.cs
- ContentControl.cs
- XmlNotation.cs
- TaskFileService.cs
- ArrangedElementCollection.cs
- QilSortKey.cs
- Stream.cs
- PathFigureCollection.cs
- IDictionary.cs
- FullTextLine.cs
- Screen.cs
- DataSysAttribute.cs
- DataMisalignedException.cs
- SkipQueryOptionExpression.cs
- Rotation3DAnimationUsingKeyFrames.cs
- DesignerActionUIStateChangeEventArgs.cs
- MediaSystem.cs
- WorkflowServiceHost.cs
- CardSpacePolicyElement.cs
- AssociationEndMember.cs
- RequestChannel.cs
- WebPartVerb.cs
- isolationinterop.cs
- DataGridViewCellPaintingEventArgs.cs
- ReferenceEqualityComparer.cs
- SecurityDescriptor.cs
- CodeIterationStatement.cs
- LicenseManager.cs
- DataSourceDescriptorCollection.cs
- ReadOnlyDataSource.cs
- ThreadStateException.cs
- Hashtable.cs
- XmlAttributeCollection.cs
- CorePropertiesFilter.cs
- ImportedNamespaceContextItem.cs
- XmlTypeMapping.cs
- DynamicQueryableWrapper.cs
- SmiRequestExecutor.cs
- GB18030Encoding.cs
- LayoutEngine.cs
- StateDesigner.CommentLayoutGlyph.cs
- WebPartsPersonalizationAuthorization.cs
- ChtmlCalendarAdapter.cs
- ExitEventArgs.cs
- UpDownEvent.cs
- ContravarianceAdapter.cs
- DelegatingTypeDescriptionProvider.cs
- RawKeyboardInputReport.cs
- TrackBar.cs
- DictionaryKeyPropertyAttribute.cs
- ConfigurationStrings.cs
- ClientRolePrincipal.cs
- XamlInterfaces.cs
- OutputCacheProfile.cs
- LogReservationCollection.cs
- ToolboxItemCollection.cs
- XmlSchemaType.cs
- Highlights.cs
- X509IssuerSerialKeyIdentifierClause.cs
- odbcmetadatacolumnnames.cs
- DesignTimeTemplateParser.cs
- XmlSchemaSet.cs
- SoapFormatterSinks.cs
- ManifestResourceInfo.cs
- FullTextLine.cs
- OracleBoolean.cs
- CollectionChangedEventManager.cs
- EnvelopedPkcs7.cs
- _ConnectOverlappedAsyncResult.cs
- XmlArrayItemAttributes.cs
- ObjectSecurity.cs
- DocumentXPathNavigator.cs
- ApplicationServicesHostFactory.cs
- Graphics.cs
- DbConnectionStringCommon.cs
- ApplicationId.cs
- XsltConvert.cs
- InsufficientMemoryException.cs
- GradientStop.cs
- MemberRestriction.cs
- Schema.cs
- PageRanges.cs
- GridViewRowEventArgs.cs
- CodeAccessSecurityEngine.cs