Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / ServiceModel / System / ServiceModel / Security / Tokens / SecurityContextCookieSerializer.cs / 1 / SecurityContextCookieSerializer.cs
//------------------------------------------------------------------------------ // Copyright (c) Microsoft Corporation. All rights reserved. //----------------------------------------------------------------------------- namespace System.ServiceModel.Security.Tokens { using System.Xml; using System.ServiceModel.Channels; using System.ServiceModel; using System.IdentityModel.Claims; using System.IdentityModel.Policy; using System.IdentityModel.Tokens; using System.Collections.ObjectModel; using System.Collections.Generic; using System.Security.Principal; using System.IO; using System.Runtime.InteropServices; using System.Runtime.Serialization; using System.ServiceModel.Dispatcher; struct SecurityContextCookieSerializer { const int SupportedPersistanceVersion = 1; SecurityStateEncoder securityStateEncoder; IListknownTypes; public SecurityContextCookieSerializer(SecurityStateEncoder securityStateEncoder, IList knownTypes) { if (securityStateEncoder == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("securityStateEncoder"); } this.securityStateEncoder = securityStateEncoder; this.knownTypes = knownTypes ?? new List (); } SecurityContextSecurityToken DeserializeContext(byte[] serializedContext, byte[] cookieBlob, string id, XmlDictionaryReaderQuotas quotas) { SctClaimDictionary dictionary = SctClaimDictionary.Instance; XmlDictionaryReader reader = XmlDictionaryReader.CreateBinaryReader(serializedContext, 0, serializedContext.Length, dictionary, quotas, null, null); int cookieVersion = -1; UniqueId cookieContextId = null; DateTime effectiveTime = SecurityUtils.MinUtcDateTime; DateTime expiryTime = SecurityUtils.MaxUtcDateTime; byte[] key = null; string localId = null; UniqueId keyGeneration = null; DateTime keyEffectiveTime = SecurityUtils.MinUtcDateTime; DateTime keyExpirationTime = SecurityUtils.MaxUtcDateTime; List claimSets = null; IList identities = null; bool isCookie = true; reader.ReadFullStartElement(dictionary.SecurityContextSecurityToken, dictionary.EmptyString); while (reader.IsStartElement()) { if (reader.IsStartElement(dictionary.Version, dictionary.EmptyString)) { cookieVersion = reader.ReadElementContentAsInt(); } else if (reader.IsStartElement(dictionary.ContextId, dictionary.EmptyString)) { cookieContextId = reader.ReadElementContentAsUniqueId(); } else if (reader.IsStartElement(dictionary.Id, dictionary.EmptyString)) { localId = reader.ReadElementContentAsString(); } else if (reader.IsStartElement(dictionary.EffectiveTime, dictionary.EmptyString)) { effectiveTime = new DateTime(XmlHelper.ReadElementContentAsInt64(reader), DateTimeKind.Utc); } else if (reader.IsStartElement(dictionary.ExpiryTime, dictionary.EmptyString)) { expiryTime = new DateTime(XmlHelper.ReadElementContentAsInt64(reader), DateTimeKind.Utc); } else if (reader.IsStartElement(dictionary.Key, dictionary.EmptyString)) { key = reader.ReadElementContentAsBase64(); } else if (reader.IsStartElement(dictionary.KeyGeneration, dictionary.EmptyString)) { keyGeneration = reader.ReadElementContentAsUniqueId(); } else if (reader.IsStartElement(dictionary.KeyEffectiveTime, dictionary.EmptyString)) { keyEffectiveTime = new DateTime(XmlHelper.ReadElementContentAsInt64(reader), DateTimeKind.Utc); } else if (reader.IsStartElement(dictionary.KeyExpiryTime, dictionary.EmptyString)) { keyExpirationTime = new DateTime(XmlHelper.ReadElementContentAsInt64(reader), DateTimeKind.Utc); } else if (reader.IsStartElement(dictionary.Identities, dictionary.EmptyString)) { identities = SctClaimSerializer.DeserializeIdentities(reader, dictionary, DataContractSerializerDefaults.CreateSerializer(typeof(IIdentity), this.knownTypes, int.MaxValue)); } else if (reader.IsStartElement(dictionary.ClaimSets, dictionary.EmptyString)) { reader.ReadStartElement(); DataContractSerializer claimSetSerializer = DataContractSerializerDefaults.CreateSerializer(typeof(ClaimSet), this.knownTypes, int.MaxValue); DataContractSerializer claimSerializer = DataContractSerializerDefaults.CreateSerializer(typeof(Claim), this.knownTypes, int.MaxValue); claimSets = new List (1); while (reader.IsStartElement()) { claimSets.Add(SctClaimSerializer.DeserializeClaimSet(reader, dictionary, claimSetSerializer, claimSerializer)); } reader.ReadEndElement(); } else if (reader.IsStartElement(dictionary.IsCookieMode, dictionary.EmptyString)) { isCookie = reader.ReadElementString() == "1" ? true : false; } else { OnInvalidCookieFailure(SR.GetString(SR.SctCookieXmlParseError)); } } reader.ReadEndElement(); if (cookieVersion != SupportedPersistanceVersion) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.SerializedTokenVersionUnsupported, cookieVersion))); } if (cookieContextId == null) { OnInvalidCookieFailure(SR.GetString(SR.SctCookieValueMissingOrIncorrect, "ContextId")); } if (key == null || key.Length == 0) { OnInvalidCookieFailure(SR.GetString(SR.SctCookieValueMissingOrIncorrect, "Key")); } if (localId != id) { OnInvalidCookieFailure(SR.GetString(SR.SctCookieValueMissingOrIncorrect, "Id")); } List authorizationPolicies; if (claimSets != null) { authorizationPolicies = new List (1); authorizationPolicies.Add(new SctUnconditionalPolicy(identities, claimSets, expiryTime)); } else { authorizationPolicies = null; } return new SecurityContextSecurityToken(cookieContextId, localId, key, effectiveTime, expiryTime, authorizationPolicies != null ? authorizationPolicies.AsReadOnly() : null, isCookie, cookieBlob, keyGeneration, keyEffectiveTime, keyExpirationTime); } public byte[] CreateCookieFromSecurityContext(UniqueId contextId, string id, byte[] key, DateTime tokenEffectiveTime, DateTime tokenExpirationTime, UniqueId keyGeneration, DateTime keyEffectiveTime, DateTime keyExpirationTime, ReadOnlyCollection authorizationPolicies) { if (contextId == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("contextId"); } if (key == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("key"); } MemoryStream stream = new MemoryStream(); XmlDictionaryWriter writer = XmlDictionaryWriter.CreateBinaryWriter(stream, SctClaimDictionary.Instance, null); SctClaimDictionary dictionary = SctClaimDictionary.Instance; writer.WriteStartElement(dictionary.SecurityContextSecurityToken, dictionary.EmptyString); writer.WriteStartElement(dictionary.Version, dictionary.EmptyString); writer.WriteValue(SupportedPersistanceVersion); writer.WriteEndElement(); if (id != null) writer.WriteElementString(dictionary.Id, dictionary.EmptyString, id); XmlHelper.WriteElementStringAsUniqueId(writer, dictionary.ContextId, dictionary.EmptyString, contextId); writer.WriteStartElement(dictionary.Key, dictionary.EmptyString); writer.WriteBase64(key, 0, key.Length); writer.WriteEndElement(); if (keyGeneration != null) { XmlHelper.WriteElementStringAsUniqueId(writer, dictionary.KeyGeneration, dictionary.EmptyString, keyGeneration); } XmlHelper.WriteElementContentAsInt64(writer, dictionary.EffectiveTime, dictionary.EmptyString, tokenEffectiveTime.ToUniversalTime().Ticks); XmlHelper.WriteElementContentAsInt64(writer, dictionary.ExpiryTime, dictionary.EmptyString, tokenExpirationTime.ToUniversalTime().Ticks); XmlHelper.WriteElementContentAsInt64(writer, dictionary.KeyEffectiveTime, dictionary.EmptyString, keyEffectiveTime.ToUniversalTime().Ticks); XmlHelper.WriteElementContentAsInt64(writer, dictionary.KeyExpiryTime, dictionary.EmptyString, keyExpirationTime.ToUniversalTime().Ticks); AuthorizationContext authContext = null; if (authorizationPolicies != null) authContext = AuthorizationContext.CreateDefaultAuthorizationContext(authorizationPolicies); if (authContext != null && authContext.ClaimSets.Count != 0) { DataContractSerializer identitySerializer = DataContractSerializerDefaults.CreateSerializer(typeof(IIdentity), this.knownTypes, int.MaxValue); DataContractSerializer claimSetSerializer = DataContractSerializerDefaults.CreateSerializer(typeof(ClaimSet), this.knownTypes, int.MaxValue); DataContractSerializer claimSerializer = DataContractSerializerDefaults.CreateSerializer(typeof(Claim), this.knownTypes, int.MaxValue); SctClaimSerializer.SerializeIdentities(authContext, dictionary, writer, identitySerializer); writer.WriteStartElement(dictionary.ClaimSets, dictionary.EmptyString); for (int i = 0; i < authContext.ClaimSets.Count; i++) { SctClaimSerializer.SerializeClaimSet(authContext.ClaimSets[i], dictionary, writer, claimSetSerializer, claimSerializer); } writer.WriteEndElement(); } writer.WriteEndElement(); writer.Flush(); byte[] serializedContext = stream.ToArray(); return this.securityStateEncoder.EncodeSecurityState(serializedContext); } public SecurityContextSecurityToken CreateSecurityContextFromCookie(byte[] encodedCookie, UniqueId contextId, UniqueId generation, string id, XmlDictionaryReaderQuotas quotas) { byte[] cookie = null; try { cookie = this.securityStateEncoder.DecodeSecurityState(encodedCookie); } catch (Exception e) { if (DiagnosticUtility.IsFatal(e)) { throw; } OnInvalidCookieFailure(SR.GetString(SR.SctCookieBlobDecodeFailure), e); } SecurityContextSecurityToken sct = DeserializeContext(cookie, encodedCookie, id, quotas); if (sct.ContextId != contextId) { OnInvalidCookieFailure(SR.GetString(SR.SctCookieValueMissingOrIncorrect, "ContextId")); } if (sct.KeyGeneration != generation) { OnInvalidCookieFailure(SR.GetString(SR.SctCookieValueMissingOrIncorrect, "KeyGeneration")); } return sct; } internal static void OnInvalidCookieFailure(string reason) { OnInvalidCookieFailure(reason, null); } internal static void OnInvalidCookieFailure(string reason, Exception e) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.InvalidSecurityContextCookie, reason), e)); } class SctUnconditionalPolicy : IAuthorizationPolicy { SecurityUniqueId id = SecurityUniqueId.Create(); IList identities; IList claimSets; DateTime expirationTime; public SctUnconditionalPolicy(IList identities, IList claimSets, DateTime expirationTime) { this.identities = identities; this.claimSets = claimSets; this.expirationTime = expirationTime; } public string Id { get { return this.id.Value; } } public ClaimSet Issuer { get { return ClaimSet.System; } } public bool Evaluate(EvaluationContext evaluationContext, ref object state) { for (int i = 0; i < this.claimSets.Count; ++i) { evaluationContext.AddClaimSet(this, this.claimSets[i]); } if (this.identities != null) { object obj; if (!evaluationContext.Properties.TryGetValue(SecurityUtils.Identities, out obj)) { evaluationContext.Properties.Add(SecurityUtils.Identities, this.identities); } else { // null if other overrides the property with something else List dstIdentities = obj as List ; if (dstIdentities != null) { dstIdentities.AddRange(this.identities); } } } evaluationContext.RecordExpirationTime(this.expirationTime); return true; } } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- Utils.cs
- TableRowGroup.cs
- CodeDesigner.cs
- ReachPageContentCollectionSerializer.cs
- TemplateXamlTreeBuilder.cs
- AnimationClock.cs
- XmlMtomReader.cs
- ComponentDispatcher.cs
- Matrix.cs
- ContentPresenter.cs
- HtmlAnchor.cs
- MarshalByValueComponent.cs
- LineProperties.cs
- EncryptedData.cs
- ExternalFile.cs
- Events.cs
- SQLStringStorage.cs
- FrameworkElementAutomationPeer.cs
- ResponseBodyWriter.cs
- SID.cs
- BitmapEffectCollection.cs
- AggregateException.cs
- SymmetricAlgorithm.cs
- BinaryExpressionHelper.cs
- XmlToDatasetMap.cs
- NavigatorOutput.cs
- SourceSwitch.cs
- XmlWriterTraceListener.cs
- TransportSecurityProtocolFactory.cs
- AnimatedTypeHelpers.cs
- TableItemPatternIdentifiers.cs
- Transform3DGroup.cs
- TextPattern.cs
- SingleSelectRootGridEntry.cs
- SmtpMail.cs
- XmlBindingWorker.cs
- MaskedTextBoxDesignerActionList.cs
- HashMembershipCondition.cs
- ListViewTableRow.cs
- GlobalEventManager.cs
- PrintEvent.cs
- DataGridViewCellConverter.cs
- SchemaMerger.cs
- ExpressionWriter.cs
- ComponentDispatcherThread.cs
- ImmutableCollection.cs
- DbParameterHelper.cs
- PathFigure.cs
- RefreshEventArgs.cs
- ChineseLunisolarCalendar.cs
- CalendarKeyboardHelper.cs
- AttributeEmitter.cs
- ClientScriptManager.cs
- DependencyObject.cs
- DataPagerFieldCommandEventArgs.cs
- ImageField.cs
- DataServiceRequestException.cs
- MessageDescriptionCollection.cs
- EventData.cs
- IItemContainerGenerator.cs
- Brush.cs
- UnionCqlBlock.cs
- ChildrenQuery.cs
- PeerToPeerException.cs
- IncrementalReadDecoders.cs
- MinimizableAttributeTypeConverter.cs
- UniqueConstraint.cs
- TypedReference.cs
- FontConverter.cs
- FocusChangedEventArgs.cs
- Setter.cs
- NotSupportedException.cs
- _AuthenticationState.cs
- CacheSection.cs
- DbProviderFactory.cs
- CompilerGlobalScopeAttribute.cs
- StorageEndPropertyMapping.cs
- _SecureChannel.cs
- BaseParser.cs
- ClickablePoint.cs
- WorkflowPersistenceService.cs
- DynamicRenderer.cs
- GeneralTransform3DCollection.cs
- SubpageParagraph.cs
- ObjectNotFoundException.cs
- InplaceBitmapMetadataWriter.cs
- EntityDataSourceChangingEventArgs.cs
- GridViewCommandEventArgs.cs
- TaskFileService.cs
- CommandDesigner.cs
- Dynamic.cs
- MarginsConverter.cs
- TextEditorTyping.cs
- DesignerTransaction.cs
- Compilation.cs
- ParserContext.cs
- NativeCompoundFileAPIs.cs
- TreeNodeStyleCollection.cs
- LayoutInformation.cs
- Method.cs