Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / ServiceModel / System / ServiceModel / Security / WSSecurityPolicy12.cs / 1 / WSSecurityPolicy12.cs
//------------------------------------------------------------------------------
// Copyright (c) Microsoft Corporation. All rights reserved.
//-----------------------------------------------------------------------------
namespace System.ServiceModel.Security
{
using System;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.Net;
using System.ServiceModel.Description;
using System.ServiceModel.Channels;
using System.ServiceModel.Security.Tokens;
using System.Text;
using System.Xml;
class WSSecurityPolicy12 : WSSecurityPolicy
{
public const string WsspNamespace = @"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";
public const string SignedEncryptedSupportingTokensName = "SignedEncryptedSupportingTokens";
public const string RequireImpliedDerivedKeysName = "RequireImpliedDerivedKeys";
public const string RequireExplicitDerivedKeysName = "RequireExplicitDerivedKeys";
public override string WsspNamespaceUri
{
get { return WSSecurityPolicy12.WsspNamespace; }
}
public override bool IsSecurityVersionSupported(MessageSecurityVersion version)
{
return version == MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10 ||
version == MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12 ||
version == MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
}
public override MessageSecurityVersion GetSupportedMessageSecurityVersion(SecurityVersion version)
{
return (version == SecurityVersion.WSSecurity10) ? MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10 : MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
}
public override TrustDriver TrustDriver
{
get
{
return new WSTrustDec2005.DriverDec2005(new SecurityStandardsManager(MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12, WSSecurityTokenSerializer.DefaultInstance));
}
}
public override XmlElement CreateWsspHttpsTokenAssertion(MetadataExporter exporter, HttpsTransportBindingElement httpsBinding)
{
XmlElement result = CreateWsspAssertion(WSSecurityPolicy.HttpsTokenName);
if (httpsBinding.RequireClientCertificate ||
httpsBinding.AuthenticationScheme == AuthenticationSchemes.Basic ||
httpsBinding.AuthenticationScheme == AuthenticationSchemes.Digest)
{
XmlElement policy = CreateWspPolicyWrapper(exporter);
if (httpsBinding.RequireClientCertificate)
{
policy.AppendChild(CreateWsspAssertion(WSSecurityPolicy.RequireClientCertificateName));
}
if (httpsBinding.AuthenticationScheme == AuthenticationSchemes.Basic)
{
policy.AppendChild(CreateWsspAssertion(WSSecurityPolicy.HttpBasicAuthenticationName));
}
else if (httpsBinding.AuthenticationScheme == AuthenticationSchemes.Digest)
{
policy.AppendChild(CreateWsspAssertion(WSSecurityPolicy.HttpDigestAuthenticationName));
}
result.AppendChild(policy);
}
return result;
}
public override bool TryImportWsspHttpsTokenAssertion(MetadataImporter importer, ICollection assertions, HttpsTransportBindingElement httpsBinding)
{
if (assertions == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("assertions");
}
bool result = true;
XmlElement assertion;
if (TryImportWsspAssertion(assertions, HttpsTokenName, out assertion))
{
XmlElement policyElement = null;
foreach (XmlNode node in assertion.ChildNodes)
{
if (node is XmlElement && node.LocalName == WSSecurityPolicy.PolicyName && (node.NamespaceURI == WSSecurityPolicy.WspNamespace || node.NamespaceURI == WSSecurityPolicy.Wsp15Namespace))
{
policyElement = (XmlElement)node;
break;
}
}
if (policyElement != null)
{
foreach (XmlNode node in policyElement.ChildNodes)
{
if (node is XmlElement && node.NamespaceURI == this.WsspNamespaceUri)
{
if (node.LocalName == WSSecurityPolicy.RequireClientCertificateName)
{
httpsBinding.RequireClientCertificate = true;
}
else if (node.LocalName == WSSecurityPolicy.HttpBasicAuthenticationName)
{
httpsBinding.AuthenticationScheme = AuthenticationSchemes.Basic;
}
else if (node.LocalName == WSSecurityPolicy.HttpDigestAuthenticationName)
{
httpsBinding.AuthenticationScheme = AuthenticationSchemes.Digest;
}
}
}
}
}
else
{
result = false;
}
return result;
}
public override Collection CreateWsspSupportingTokensAssertion(MetadataExporter exporter, Collection signed, Collection signedEncrypted, Collection endorsing, Collection signedEndorsing, Collection optionalSigned, Collection optionalSignedEncrypted, Collection optionalEndorsing, Collection optionalSignedEndorsing, AddressingVersion addressingVersion)
{
Collection supportingTokenAssertions = new Collection();
// Signed Supporting Tokens
XmlElement supportingTokenAssertion = CreateWsspSignedSupportingTokensAssertion(exporter, signed, optionalSigned);
if (supportingTokenAssertion != null)
supportingTokenAssertions.Add(supportingTokenAssertion);
// Signed Encrypted Supporting Tokens
supportingTokenAssertion = CreateWsspSignedEncryptedSupportingTokensAssertion(exporter, signedEncrypted, optionalSignedEncrypted);
if (supportingTokenAssertion != null)
supportingTokenAssertions.Add(supportingTokenAssertion);
// Endorsing Supporting Tokens.
supportingTokenAssertion = CreateWsspEndorsingSupportingTokensAssertion(exporter, endorsing, optionalEndorsing, addressingVersion);
if (supportingTokenAssertion != null)
supportingTokenAssertions.Add(supportingTokenAssertion);
// Signed Endorsing Supporting Tokens.
supportingTokenAssertion = CreateWsspSignedEndorsingSupportingTokensAssertion(exporter, signedEndorsing, optionalSignedEndorsing, addressingVersion);
if (supportingTokenAssertion != null)
supportingTokenAssertions.Add(supportingTokenAssertion);
return supportingTokenAssertions;
}
public override XmlElement CreateWsspSpnegoContextTokenAssertion(MetadataExporter exporter, SspiSecurityTokenParameters parameters)
{
XmlElement result = CreateWsspAssertion(SpnegoContextTokenName);
SetIncludeTokenValue(result, parameters.InclusionMode);
result.AppendChild(
CreateWspPolicyWrapper(
exporter,
CreateWsspRequireDerivedKeysAssertion(parameters.RequireDerivedKeys),
// Always emit > alternatives;
if (IsWsspAssertion(assertion, SpnegoContextTokenName)
&& TryGetIncludeTokenValue(assertion, out inclusionMode))
{
if (TryGetNestedPolicyAlternatives(importer, assertion, out alternatives))
{
foreach (Collection alternative in alternatives)
{
SspiSecurityTokenParameters sspi = new SspiSecurityTokenParameters();
parameters = sspi;
bool requireCancellation;
if (TryImportWsspRequireDerivedKeysAssertion(alternative, sspi)
&& TryImportWsspMustNotSendCancelAssertion(alternative, out requireCancellation)
&& TryImportWsspMustNotSendAmendAssertion(alternative)
&& TryImportWsspMustNotSendRenewAssertion(alternative)
&& alternative.Count == 0)
{
// Client always set this to true to match the standardbinding.
// This setting on client has no effect for spnego and sslnego.
sspi.RequireCancellation = true;
sspi.InclusionMode = inclusionMode;
break;
}
else
{
parameters = null;
}
}
}
else
{
parameters = new SspiSecurityTokenParameters();
parameters.RequireDerivedKeys = false;
parameters.InclusionMode = inclusionMode;
}
}
return parameters != null;
}
public override bool TryImportMsspSslContextTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters)
{
parameters = null;
SecurityTokenInclusionMode inclusionMode;
Collection> alternatives;
if (IsMsspAssertion(assertion, SslContextTokenName)
&& TryGetIncludeTokenValue(assertion, out inclusionMode))
{
if (TryGetNestedPolicyAlternatives(importer, assertion, out alternatives))
{
foreach (Collection alternative in alternatives)
{
SslSecurityTokenParameters ssl = new SslSecurityTokenParameters();
parameters = ssl;
bool requireCancellation;
if (TryImportWsspRequireDerivedKeysAssertion(alternative, ssl)
&& TryImportWsspMustNotSendCancelAssertion(alternative, out requireCancellation)
&& TryImportWsspMustNotSendAmendAssertion(alternative)
&& TryImportWsspMustNotSendRenewAssertion(alternative)
&& TryImportMsspRequireClientCertificateAssertion(alternative, ssl)
&& alternative.Count == 0)
{
// Client always set this to true to match the standardbinding.
// This setting on client has no effect for spnego and sslnego.
ssl.RequireCancellation = true;
ssl.InclusionMode = inclusionMode;
break;
}
else
{
parameters = null;
}
}
}
else
{
parameters = new SslSecurityTokenParameters();
parameters.RequireDerivedKeys = false;
parameters.InclusionMode = inclusionMode;
}
}
return parameters != null;
}
public override bool TryImportWsspSecureConversationTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters)
{
parameters = null;
SecurityTokenInclusionMode inclusionMode;
Collection> alternatives;
if (IsWsspAssertion(assertion, SecureConversationTokenName)
&& TryGetIncludeTokenValue(assertion, out inclusionMode))
{
if (TryGetNestedPolicyAlternatives(importer, assertion, out alternatives))
{
foreach (Collection alternative in alternatives)
{
SecureConversationSecurityTokenParameters sc = new SecureConversationSecurityTokenParameters();
parameters = sc;
bool requireCancellation;
if (TryImportWsspRequireDerivedKeysAssertion(alternative, sc)
&& TryImportWsspMustNotSendCancelAssertion(alternative, out requireCancellation)
&& TryImportWsspMustNotSendAmendAssertion(alternative)
// the assertions)
{
TryImportWsspAssertion(assertions, MustNotSendAmendName);
return true;
}
public virtual bool TryImportWsspMustNotSendRenewAssertion(ICollection assertions)
{
TryImportWsspAssertion(assertions, MustNotSendRenewName);
return true;
}
XmlElement CreateWsspSignedSupportingTokensAssertion(MetadataExporter exporter, Collection signed, Collection optionalSigned)
{
XmlElement result;
if ((signed == null || signed.Count == 0)
&& (optionalSigned == null || optionalSigned.Count == 0))
{
result = null;
}
else
{
XmlElement policy = CreateWspPolicyWrapper(exporter);
if (signed != null)
{
foreach (SecurityTokenParameters p in signed)
{
policy.AppendChild(CreateTokenAssertion(exporter, p));
}
}
if (optionalSigned != null)
{
foreach (SecurityTokenParameters p in optionalSigned)
{
policy.AppendChild(CreateTokenAssertion(exporter, p, true));
}
}
result = CreateWsspAssertion(SignedSupportingTokensName);
result.AppendChild(policy);
}
return result;
}
XmlElement CreateWsspSignedEncryptedSupportingTokensAssertion(MetadataExporter exporter, Collection signedEncrypted, Collection optionalSignedEncrypted)
{
XmlElement result;
if ((signedEncrypted == null || signedEncrypted.Count == 0)
&& (optionalSignedEncrypted == null || optionalSignedEncrypted.Count == 0))
{
result = null;
}
else
{
XmlElement policy = CreateWspPolicyWrapper(exporter);
if (signedEncrypted != null)
{
foreach (SecurityTokenParameters p in signedEncrypted)
{
policy.AppendChild(CreateTokenAssertion(exporter, p));
}
}
if (optionalSignedEncrypted != null)
{
foreach (SecurityTokenParameters p in optionalSignedEncrypted)
{
policy.AppendChild(CreateTokenAssertion(exporter, p, true));
}
}
result = CreateWsspAssertion(SignedEncryptedSupportingTokensName);
result.AppendChild(policy);
}
return result;
}
public override bool TryImportWsspSupportingTokensAssertion(MetadataImporter importer, PolicyConversionContext policyContext, ICollection assertions, Collection signed, Collection signedEncrypted, Collection endorsing, Collection signedEndorsing, Collection optionalSigned, Collection optionalSignedEncrypted, Collection optionalEndorsing, Collection optionalSignedEndorsing)
{
XmlElement assertion;
if (!TryImportWsspSignedSupportingTokensAssertion(
importer,
policyContext,
assertions,
signed,
optionalSigned,
out assertion)
&& assertion != null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.UnsupportedSecurityPolicyAssertion, assertion.OuterXml)));
}
if (!TryImportWsspSignedEncryptedSupportingTokensAssertion(
importer,
policyContext,
assertions,
signedEncrypted,
optionalSignedEncrypted,
out assertion)
&& assertion != null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.UnsupportedSecurityPolicyAssertion, assertion.OuterXml)));
}
if (!TryImportWsspEndorsingSupportingTokensAssertion(
importer,
policyContext,
assertions,
endorsing,
optionalEndorsing,
out assertion)
&& assertion != null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.UnsupportedSecurityPolicyAssertion, assertion.OuterXml)));
}
if (!TryImportWsspSignedEndorsingSupportingTokensAssertion(
importer,
policyContext,
assertions,
signedEndorsing,
optionalSignedEndorsing,
out assertion)
&& assertion != null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.UnsupportedSecurityPolicyAssertion, assertion.OuterXml)));
}
return true;
}
bool TryImportWsspSignedSupportingTokensAssertion(MetadataImporter importer, PolicyConversionContext policyContext, ICollection assertions, Collection signed, Collection optionalSigned, out XmlElement assertion)
{
if (signed == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("signed");
}
if (optionalSigned == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("optionalSigned");
}
bool result = true;
Collection> alternatives;
if (TryImportWsspAssertion(assertions, SignedSupportingTokensName, out assertion)
&& TryGetNestedPolicyAlternatives(importer, assertion, out alternatives))
{
foreach (Collection alternative in alternatives)
{
SecurityTokenParameters parameters;
bool isOptional;
while (alternative.Count > 0 && TryImportTokenAssertion(importer, policyContext, alternative, out parameters, out isOptional))
{
if (isOptional)
{
optionalSigned.Add(parameters);
}
else
{
signed.Add(parameters);
}
}
if (alternative.Count == 0)
{
result = true;
break;
}
else
{
result = false;
}
}
}
return result;
}
bool TryImportWsspSignedEncryptedSupportingTokensAssertion(MetadataImporter importer, PolicyConversionContext policyContext, ICollection assertions, Collection signedEncrypted, Collection optionalSignedEncrypted, out XmlElement assertion)
{
if (signedEncrypted == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("signedEncrypted");
}
if (optionalSignedEncrypted == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("optionalSignedEncrypted");
}
bool result = true;
Collection> alternatives;
if (TryImportWsspAssertion(assertions, SignedEncryptedSupportingTokensName, out assertion)
&& TryGetNestedPolicyAlternatives(importer, assertion, out alternatives))
{
foreach (Collection alternative in alternatives)
{
SecurityTokenParameters parameters;
bool isOptional;
while (alternative.Count > 0 && TryImportTokenAssertion(importer, policyContext, alternative, out parameters, out isOptional))
{
if (isOptional)
{
optionalSignedEncrypted.Add(parameters);
}
else
{
signedEncrypted.Add(parameters);
}
}
if (alternative.Count == 0)
{
result = true;
break;
}
else
{
result = false;
}
}
}
return result;
}
public override bool TryImportWsspRequireDerivedKeysAssertion(ICollection assertions, SecurityTokenParameters parameters)
{
parameters.RequireDerivedKeys = TryImportWsspAssertion(assertions, WSSecurityPolicy.RequireDerivedKeysName);
if (!parameters.RequireDerivedKeys)
{
parameters.RequireDerivedKeys = TryImportWsspAssertion(assertions, WSSecurityPolicy12.RequireExplicitDerivedKeysName);
}
if (!parameters.RequireDerivedKeys)
{
XmlElement assertion = null;
if (TryImportWsspAssertion(assertions, WSSecurityPolicy12.RequireImpliedDerivedKeysName, out assertion))
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.UnsupportedSecurityPolicyAssertion, assertion.OuterXml)));
}
return true;
}
public override XmlElement CreateWsspTrustAssertion(MetadataExporter exporter, SecurityKeyEntropyMode keyEntropyMode)
{
return CreateWsspTrustAssertion(Trust13Name, exporter, keyEntropyMode);
}
public override bool TryImportWsspTrustAssertion(MetadataImporter importer, ICollection assertions, SecurityBindingElement binding, out XmlElement assertion)
{
return TryImportWsspTrustAssertion(Trust13Name, importer, assertions, binding, out assertion);
}
public override XmlElement CreateWsspRsaTokenAssertion(RsaSecurityTokenParameters parameters)
{
XmlElement result = CreateWsspAssertion(KeyValueTokenName);
SetIncludeTokenValue(result, parameters.InclusionMode);
return result;
}
public override bool TryImportWsspRsaTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters)
{
parameters = null;
SecurityTokenInclusionMode inclusionMode;
Collection> alternatives;
if (IsWsspAssertion(assertion, KeyValueTokenName)
&& TryGetIncludeTokenValue(assertion, out inclusionMode)
&& TryGetNestedPolicyAlternatives(importer, assertion, out alternatives) == false)
{
parameters = new RsaSecurityTokenParameters();
parameters.InclusionMode = inclusionMode;
}
return parameters != null;
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- DataColumnMappingCollection.cs
- AutomationProperties.cs
- InkCollectionBehavior.cs
- Panel.cs
- FieldDescriptor.cs
- GlyphRun.cs
- LocationSectionRecord.cs
- GenericsInstances.cs
- SQLMoney.cs
- ApplicationDirectory.cs
- FontDriver.cs
- IDispatchConstantAttribute.cs
- Block.cs
- CultureInfoConverter.cs
- WebPartZoneBase.cs
- EventHandlers.cs
- DynamicDataRouteHandler.cs
- WebPartRestoreVerb.cs
- DrawingVisualDrawingContext.cs
- TextSelectionHighlightLayer.cs
- Permission.cs
- SchemaNames.cs
- Vector3DKeyFrameCollection.cs
- MenuRenderer.cs
- XmlIterators.cs
- WebPartUserCapability.cs
- CatalogZoneDesigner.cs
- DocumentStream.cs
- PersonalizationStateQuery.cs
- GeneralTransform3DTo2D.cs
- UpdatableWrapper.cs
- TextServicesContext.cs
- FixedSOMTableCell.cs
- NavigationEventArgs.cs
- BulletedList.cs
- SqlProfileProvider.cs
- WebPartChrome.cs
- ChangePassword.cs
- MetadataHelper.cs
- XPathCompileException.cs
- EnumValAlphaComparer.cs
- IPAddressCollection.cs
- DataBindingValueUIHandler.cs
- TextCharacters.cs
- Point3DCollection.cs
- WindowsGraphics2.cs
- ValueTable.cs
- CommandSet.cs
- LayoutInformation.cs
- RectangleGeometry.cs
- ActivityCollectionMarkupSerializer.cs
- TextSpanModifier.cs
- XmlSchemaException.cs
- ResolveCriteria.cs
- ButtonStandardAdapter.cs
- PolyBezierSegmentFigureLogic.cs
- ProfileSection.cs
- MissingSatelliteAssemblyException.cs
- ProgressBarHighlightConverter.cs
- FormatSettings.cs
- AssemblyBuilder.cs
- ConsoleKeyInfo.cs
- LocalizedNameDescriptionPair.cs
- Converter.cs
- GeometryHitTestParameters.cs
- ControlBuilderAttribute.cs
- CmsUtils.cs
- AccessControlEntry.cs
- TableAdapterManagerGenerator.cs
- SerializationAttributes.cs
- PolyLineSegment.cs
- FontUnit.cs
- UnlockInstanceCommand.cs
- Selection.cs
- SqlStream.cs
- XPathNodePointer.cs
- CodeValidator.cs
- ErrorStyle.cs
- IItemContainerGenerator.cs
- LabelAutomationPeer.cs
- GreenMethods.cs
- EntityContainerAssociationSet.cs
- DbProviderFactory.cs
- WorkflowApplicationAbortedEventArgs.cs
- ToolStripDropDownMenu.cs
- CheckBoxAutomationPeer.cs
- DataGridViewHeaderCell.cs
- FontUnitConverter.cs
- SQLMoney.cs
- DurableInstanceProvider.cs
- TypeUsage.cs
- SizeKeyFrameCollection.cs
- TextLineResult.cs
- EntityDataSourceDataSelectionPanel.cs
- BCLDebug.cs
- EmptyCollection.cs
- CodeDOMUtility.cs
- RemotingConfigParser.cs
- PrintController.cs
- ExtensibleClassFactory.cs