Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / TransactionBridge / Microsoft / Transactions / Wsat / Messaging / Security.cs / 1 / Security.cs
//------------------------------------------------------------------------------ // Copyright (c) Microsoft Corporation. All rights reserved. //----------------------------------------------------------------------------- // Define some helper functions used for security using System; using System.ServiceModel; using System.Collections.Generic; using System.Collections.ObjectModel; using System.Diagnostics; using System.DirectoryServices.ActiveDirectory; using System.Globalization; using System.Net; using System.Net.Security; using System.IdentityModel.Claims; using System.IdentityModel.Policy; using System.IdentityModel.Tokens; using System.IdentityModel.Selectors; using System.Security.Cryptography; using System.Security.Cryptography.X509Certificates; using System.Security.Permissions; using System.Security.Principal; using System.Runtime.Serialization; using System.ServiceModel.Channels; using System.ServiceModel.Security; using System.ServiceModel.Security.Tokens; using System.ServiceModel.Transactions; using System.Text; using System.Transactions; using System.Xml; using DiagnosticUtility = Microsoft.Transactions.Bridge.DiagnosticUtility; using Microsoft.Transactions.Wsat.Protocol; namespace Microsoft.Transactions.Wsat.Messaging { class CoordinationServiceSecurity { IdentityVerifier identityVerifier = IdentityVerifier.CreateDefault(); static SecurityContextSecurityTokenParameters securityContextSecurityTokenParameters; public static SecurityContextSecurityTokenParameters SecurityContextSecurityTokenParameters { get { if (securityContextSecurityTokenParameters == null) securityContextSecurityTokenParameters = new SecurityContextSecurityTokenParameters(); return securityContextSecurityTokenParameters; } } static DataContractSerializer identifierElementSerializer10; static DataContractSerializer identifierElementSerializer11; static DataContractSerializer IdentifierElementSerializer(ProtocolVersion protocolVersion) { ProtocolVersionHelper.AssertProtocolVersion(protocolVersion, typeof(CoordinationServiceSecurity), "IdentifierElementSerializer"); //assert valid protocol version switch (protocolVersion) { case ProtocolVersion.Version10 : if (identifierElementSerializer10 == null) identifierElementSerializer10 = new DataContractSerializer(typeof(IdentifierElement10)); return identifierElementSerializer10; case ProtocolVersion.Version11 : if (identifierElementSerializer11 == null) identifierElementSerializer11 = new DataContractSerializer(typeof(IdentifierElement11)); return identifierElementSerializer11; default: return null; // inaccessible path because we have asserted the protocol version } } // // Issued tokens / supporting tokens // static byte[] Label = Encoding.UTF8.GetBytes("WS-AT Supporting Token"); static SecurityStandardsManager SecurityStandardsManager2007 = CreateStandardsManager(MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12); static SecurityStandardsManager CreateStandardsManager(MessageSecurityVersion securityVersion) { return new SecurityStandardsManager( securityVersion, new WSSecurityTokenSerializer(securityVersion.SecurityVersion, securityVersion.TrustVersion, securityVersion.SecureConversationVersion, false, null, null, null)); } static SecurityStandardsManager CreateStandardsManager(ProtocolVersion protocolVersion) { ProtocolVersionHelper.AssertProtocolVersion(protocolVersion, typeof(CoordinationServiceSecurity), "CreateStandardsManager"); switch (protocolVersion) { case ProtocolVersion.Version10: return SecurityStandardsManager.DefaultInstance; case ProtocolVersion.Version11: return CoordinationServiceSecurity.SecurityStandardsManager2007; default: return null; // inaccessible path because we have asserted the protocol version } } //======================================================================================= public static byte[] DeriveIssuedTokenKey(Guid transactionId, string sctId) { return Psha1DerivedKeyGeneratorHelper.GenerateDerivedKey(transactionId.ToByteArray(), Label, Encoding.UTF8.GetBytes(sctId), SecurityAlgorithmSuite.Default.DefaultSymmetricKeyLength, 0); } //======================================================================================= public static void CreateIssuedToken(Guid transactionId, string coordinationContextId, ProtocolVersion protocolVersion, out RequestSecurityTokenResponse issuedToken, out string sctId) { sctId = CoordinationContext.CreateNativeIdentifier(Guid.NewGuid()); byte[] derivedKey = DeriveIssuedTokenKey(transactionId, sctId); DateTime now = DateTime.UtcNow; SecurityContextSecurityToken sct = new SecurityContextSecurityToken(new UniqueId(sctId), derivedKey, now, now + TimeSpan.FromDays(100 * 365)); BinarySecretSecurityToken proof = new BinarySecretSecurityToken(derivedKey); SecurityStandardsManager standardsManager = CreateStandardsManager(protocolVersion); RequestSecurityTokenResponse rstr = new RequestSecurityTokenResponse(standardsManager); rstr.TokenType = standardsManager.SecureConversationDriver.TokenTypeUri; rstr.RequestedUnattachedReference = SecurityContextSecurityTokenParameters.CreateKeyIdentifierClause(sct, SecurityTokenReferenceStyle.External); rstr.RequestedAttachedReference = SecurityContextSecurityTokenParameters.CreateKeyIdentifierClause(sct, SecurityTokenReferenceStyle.Internal); rstr.RequestedSecurityToken = sct; rstr.RequestedProofToken = proof; DataContractSerializer identifierElementSerializer = IdentifierElementSerializer(protocolVersion); ProtocolVersionHelper.AssertProtocolVersion(protocolVersion, typeof(CoordinationServiceSecurity), "CreateIssuedToken"); //assert valid protocol version switch(protocolVersion) { case ProtocolVersion.Version10 : rstr.SetAppliesTo(new IdentifierElement10(coordinationContextId), identifierElementSerializer); break; case ProtocolVersion.Version11 : rstr.SetAppliesTo (new IdentifierElement11(coordinationContextId), identifierElementSerializer); break; default : break; // inaccessible path because we have asserted the protocol version } rstr.MakeReadOnly(); if (DebugTrace.Verbose) { DebugTrace.Trace(TraceLevel.Verbose, "Created issued token with id {0} for transaction {1}", sctId, transactionId); } issuedToken = rstr; } //======================================================================================== public static void AddIssuedToken(Message message, RequestSecurityTokenResponse rstr) { TransactionFlowProperty transactionFlowProp = TransactionFlowProperty.Ensure(message); transactionFlowProp.IssuedTokens.Add(rstr); if (DebugTrace.Verbose) { DebugTrace.Trace(TraceLevel.Verbose, "Added issued token to message"); } } //======================================================================================= // This function can throw XmlException public static RequestSecurityTokenResponse GetIssuedToken(Message message, string identifier, ProtocolVersion protocolVersion) { ICollection rstrCollection = TransactionFlowProperty.TryGetIssuedTokens(message); if (rstrCollection == null) { if (DebugTrace.Verbose) DebugTrace.Trace(TraceLevel.Verbose, "No issued tokens found in message"); return null; } string coordIdentifier = CoordinationStrings.Version(protocolVersion).Identifier; string coordNamespace = CoordinationStrings.Version(protocolVersion).Namespace; foreach (RequestSecurityTokenResponse rstr in rstrCollection) { string name, ns; rstr.GetAppliesToQName(out name, out ns); if (name == coordIdentifier && ns == coordNamespace) { if (DebugTrace.Verbose) DebugTrace.Trace(TraceLevel.Verbose, "Found issued token in message"); try { IdentifierElement id = null; DataContractSerializer identifierElementSerializer = IdentifierElementSerializer(protocolVersion); ProtocolVersionHelper.AssertProtocolVersion(protocolVersion, typeof(CoordinationServiceSecurity), "GetIssuedToken"); //assert valid protocol version switch (protocolVersion) { case ProtocolVersion.Version10 : id = rstr.GetAppliesTo (identifierElementSerializer); break; case ProtocolVersion.Version11 : id = rstr.GetAppliesTo (identifierElementSerializer); break; // no default - we have asserted the protocol version } // Make sure the identifier matches the expected value if (id.Identifier != identifier) { if (DebugTrace.Error) DebugTrace.Trace(TraceLevel.Error, "Issued token identifier does not match expected {0}", identifier); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new XmlException(SR.GetString(SR.IssuedTokenIdentifierMismatch))); } } catch (SerializationException e) { if (DebugTrace.Error) DebugTrace.Trace(TraceLevel.Error, "Issued token AppliesTo element could not be deserialized: {0}", e.Message); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new XmlException(e.Message, e)); } return rstr; } } if (DebugTrace.Verbose) DebugTrace.Trace(TraceLevel.Verbose, "No matching issued token found in message"); return null; } //======================================================================================== public static void AddSupportingToken(Message message, RequestSecurityTokenResponse rstr) { // Currently, we only support a binary secret as the proof of RSTR GenericXmlSecurityToken supportingToken = rstr.GetIssuedToken(null, null, SecurityKeyEntropyMode.ServerEntropy, null, null, null); SecurityMessageProperty property = new SecurityMessageProperty(); SupportingTokenSpecification spec = new SupportingTokenSpecification(supportingToken, new List ().AsReadOnly(), SecurityTokenAttachmentMode.Endorsing, SecurityContextSecurityTokenParameters); property.OutgoingSupportingTokens.Add(spec); message.Properties.Security = property; if (DebugTrace.Verbose) { DebugTrace.Trace (TraceLevel.Verbose, "Attached supporting token {0} to register message", rstr.Context); } } // // Per-enlistment security // //======================================================================================== public static string GetSenderName (Message message) { return GetSenderName(message.Properties); } //======================================================================================= public static string GetSenderName (MessageProperties messageProperties) { SecurityMessageProperty securityMessageProperty = messageProperties.Security; if (securityMessageProperty == null) { return "anonymous"; } ServiceSecurityContext securityContext = securityMessageProperty.ServiceSecurityContext; if (securityContext == null || securityContext.IsAnonymous) { return "anonymous"; } IIdentity identity = securityContext.PrimaryIdentity; if (identity != null) { return identity.Name; } return securityContext.PrimaryIdentity.ToString(); } //======================================================================================== public bool CheckIdentity(Proxy proxy, Message message) { EndpointAddress service = proxy.To; bool access = this.identityVerifier.CheckAccess(service, message); TraceCheckIdentityResult(access, service, message); return access; } //======================================================================================= void TraceCheckIdentityResult(bool access, EndpointAddress service, Message message) { if (DebugTrace.Verbose) { if (DebugTrace.Pii) { string sender = GetSenderName(message); if (access) { DebugTrace.Trace(TraceLevel.Verbose, "Access granted by identity verifier to {0}", sender); } else { DebugTrace.Trace(TraceLevel.Verbose, "Access denied by identity verifier to {0}, expected {1}", sender, service.Identity == null ? service.Uri.AbsoluteUri : service.Identity.ToString()); } } else { if (access) { DebugTrace.Trace(TraceLevel.Verbose, "Access granted by identity verifier"); } else { DebugTrace.Trace(TraceLevel.Verbose, "Access denied by identity verifier"); } } } } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- QueryableDataSourceHelper.cs
- DbDataRecord.cs
- InternalCache.cs
- EtwProvider.cs
- HandleCollector.cs
- FlowDocument.cs
- PackWebResponse.cs
- ConvertEvent.cs
- autovalidator.cs
- Lasso.cs
- WebBrowserDesigner.cs
- LiteralText.cs
- NamespaceCollection.cs
- TimerTable.cs
- XPathNodeList.cs
- StrongNameIdentityPermission.cs
- Content.cs
- StructuredType.cs
- Mapping.cs
- WinCategoryAttribute.cs
- base64Transforms.cs
- DataGridViewElement.cs
- StreamInfo.cs
- _TLSstream.cs
- JsonEncodingStreamWrapper.cs
- EventLogConfiguration.cs
- SiblingIterators.cs
- MSG.cs
- DataList.cs
- BaseParser.cs
- ImageInfo.cs
- TableColumn.cs
- RepeatButtonAutomationPeer.cs
- RenderData.cs
- TextTreeTextElementNode.cs
- AuthenticationService.cs
- BaseProcessor.cs
- Stack.cs
- RootCodeDomSerializer.cs
- TextEditorParagraphs.cs
- ObjectListGeneralPage.cs
- ComponentDispatcherThread.cs
- PackageDigitalSignature.cs
- FormsAuthentication.cs
- IconHelper.cs
- RowToFieldTransformer.cs
- TextRunTypographyProperties.cs
- Misc.cs
- ChangeBlockUndoRecord.cs
- ComAdminWrapper.cs
- ServiceModelActivationSectionGroup.cs
- ListBoxChrome.cs
- FormsAuthenticationEventArgs.cs
- AssemblyAssociatedContentFileAttribute.cs
- TextureBrush.cs
- Timeline.cs
- MimeTypeAttribute.cs
- CompilerErrorCollection.cs
- ObjectCache.cs
- ResourceDisplayNameAttribute.cs
- SafeHandles.cs
- XmlUtil.cs
- TryExpression.cs
- AsyncPostBackErrorEventArgs.cs
- SnapshotChangeTrackingStrategy.cs
- XpsSerializationManagerAsync.cs
- VirtualizingStackPanel.cs
- DataObjectPastingEventArgs.cs
- ReliableSessionBindingElementImporter.cs
- ReferenceEqualityComparer.cs
- EndOfStreamException.cs
- IsolatedStorageFileStream.cs
- EntityViewGenerationAttribute.cs
- PermissionSetTriple.cs
- RuleSettings.cs
- SqlRecordBuffer.cs
- ObjectAssociationEndMapping.cs
- ResourceSet.cs
- ForeignConstraint.cs
- XmlSiteMapProvider.cs
- MultiPageTextView.cs
- IdentifierCreationService.cs
- FlowDocumentView.cs
- MobileSysDescriptionAttribute.cs
- XmlResolver.cs
- ArgumentNullException.cs
- AppliedDeviceFiltersEditor.cs
- WeakReferenceList.cs
- RectangleGeometry.cs
- ProviderConnectionPointCollection.cs
- ToolStripItemImageRenderEventArgs.cs
- SqlProviderUtilities.cs
- RegexCapture.cs
- CachedFontFace.cs
- TranslateTransform.cs
- MetaModel.cs
- ObjectStateEntryDbDataRecord.cs
- ProfileService.cs
- XamlWriter.cs
- CopyAction.cs