Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / ServiceModel / System / ServiceModel / Security / TlsnegoTokenAuthenticator.cs / 1 / TlsnegoTokenAuthenticator.cs
//------------------------------------------------------------------------------ // Copyright (c) Microsoft Corporation. All rights reserved. //----------------------------------------------------------------------------- namespace System.ServiceModel.Security { using System; using System.ServiceModel; using System.Collections; using System.Xml; using System.Security.Principal; using System.IdentityModel.Claims; using System.IdentityModel.Policy; using System.IdentityModel.Tokens; using System.IdentityModel.Selectors; using System.Security.Cryptography.X509Certificates; using System.ServiceModel.Security.Tokens; using System.Collections.Generic; using System.Collections.ObjectModel; using System.Runtime.Serialization; using SchProtocols = System.IdentityModel.SchProtocols; sealed class TlsnegoTokenAuthenticator : SspiNegotiationTokenAuthenticator { SecurityTokenAuthenticator clientTokenAuthenticator; SecurityTokenProvider serverTokenProvider; X509SecurityToken serverToken; bool mapCertificateToWindowsAccount; public TlsnegoTokenAuthenticator() : base() { // empty } public SecurityTokenAuthenticator ClientTokenAuthenticator { get { return this.clientTokenAuthenticator; } set { this.CommunicationObject.ThrowIfDisposedOrImmutable(); this.clientTokenAuthenticator = value; } } public SecurityTokenProvider ServerTokenProvider { get { return this.serverTokenProvider; } set { this.CommunicationObject.ThrowIfDisposedOrImmutable(); this.serverTokenProvider = value; } } public bool MapCertificateToWindowsAccount { get { return this.mapCertificateToWindowsAccount; } set { this.CommunicationObject.ThrowIfDisposedOrImmutable(); this.mapCertificateToWindowsAccount = value; } } X509SecurityToken ValidateX509Token(SecurityToken token) { X509SecurityToken result = token as X509SecurityToken; if (result == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.TokenProviderReturnedBadToken, token == null ? "" : token.GetType().ToString()))); } SecurityUtils.EnsureCertificateCanDoKeyExchange(result.Certificate); return result; } // overrides public override XmlDictionaryString NegotiationValueType { get { if (this.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005) { return XD.TrustApr2004Dictionary.TlsnegoValueTypeUri; } else if (this.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrust13) { return DXD.TrustDec2005Dictionary.TlsnegoValueTypeUri; } // Not supported throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException()); } } public override void OnOpen(TimeSpan timeout) { if (this.serverTokenProvider == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.NoServerX509TokenProvider))); } TimeoutHelper timeoutHelper = new TimeoutHelper(timeout); SecurityUtils.OpenTokenProviderIfRequired(this.serverTokenProvider, timeoutHelper.RemainingTime()); if (this.clientTokenAuthenticator != null) { SecurityUtils.OpenTokenAuthenticatorIfRequired(this.clientTokenAuthenticator, timeoutHelper.RemainingTime()); } SecurityToken token = this.serverTokenProvider.GetToken(timeoutHelper.RemainingTime()); this.serverToken = ValidateX509Token(token); base.OnOpen(timeoutHelper.RemainingTime()); } public override void OnClose(TimeSpan timeout) { TimeoutHelper timeoutHelper = new TimeoutHelper(timeout); if (this.serverTokenProvider != null) { SecurityUtils.CloseTokenProviderIfRequired(this.serverTokenProvider, timeoutHelper.RemainingTime()); this.serverTokenProvider = null; } if (this.clientTokenAuthenticator != null) { SecurityUtils.CloseTokenAuthenticatorIfRequired(this.clientTokenAuthenticator, timeoutHelper.RemainingTime()); this.clientTokenAuthenticator = null; } if (this.serverToken != null) { this.serverToken = null; } base.OnClose(timeoutHelper.RemainingTime()); } public override void OnAbort() { if (this.serverTokenProvider != null) { SecurityUtils.AbortTokenProviderIfRequired(this.serverTokenProvider); this.serverTokenProvider = null; } if (this.clientTokenAuthenticator != null) { SecurityUtils.AbortTokenAuthenticatorIfRequired(this.clientTokenAuthenticator); this.clientTokenAuthenticator = null; } if (this.serverToken != null) { this.serverToken = null; } base.OnAbort(); } protected override void ValidateIncomingBinaryNegotiation(BinaryNegotiation incomingNego) { // Accept both strings for WSTrustFeb2005 if (incomingNego != null && incomingNego.ValueTypeUri != this.NegotiationValueType.Value && this.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005) { incomingNego.Validate(DXD.TrustDec2005Dictionary.TlsnegoValueTypeUri); } else { base.ValidateIncomingBinaryNegotiation(incomingNego); } } protected override SspiNegotiationTokenAuthenticatorState CreateSspiState(byte[] incomingBlob, string incomingValueTypeUri) { TlsSspiNegotiation tlsNegotiation = new TlsSspiNegotiation(SchProtocols.TlsServer | SchProtocols.Ssl3Server, this.serverToken.Certificate, this.ClientTokenAuthenticator != null); // Echo only for TrustFeb2005 and ValueType mismatch if (this.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005 && this.NegotiationValueType.Value != incomingValueTypeUri) { tlsNegotiation.IncomingValueTypeUri = incomingValueTypeUri; } return new SspiNegotiationTokenAuthenticatorState(tlsNegotiation); } protected override BinaryNegotiation GetOutgoingBinaryNegotiation(ISspiNegotiation sspiNegotiation, byte[] outgoingBlob) { TlsSspiNegotiation tlsNegotiation = sspiNegotiation as TlsSspiNegotiation; // Echo only for TrustFeb2005 and ValueType mismatch if (this.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005 && tlsNegotiation != null && tlsNegotiation.IncomingValueTypeUri != null) { return new BinaryNegotiation(tlsNegotiation.IncomingValueTypeUri, outgoingBlob); } else { return base.GetOutgoingBinaryNegotiation(sspiNegotiation, outgoingBlob); } } protected override ReadOnlyCollection ValidateSspiNegotiation(ISspiNegotiation sspiNegotiation) { TlsSspiNegotiation tlsNegotiation = (TlsSspiNegotiation)sspiNegotiation; if (tlsNegotiation.IsValidContext == false) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new SecurityNegotiationException(SR.GetString(SR.InvalidSspiNegotiation))); } if (this.ClientTokenAuthenticator == null) { return EmptyReadOnlyCollection .Instance; } X509Certificate2 clientCertificate = tlsNegotiation.RemoteCertificate; if (clientCertificate == null) { // isAnonymous is false. So, fail the negotiation throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new SecurityTokenValidationException(SR.GetString(SR.ClientCertificateNotProvided))); } ReadOnlyCollection authorizationPolicies; if (this.ClientTokenAuthenticator != null) { X509SecurityToken clientToken; WindowsIdentity preMappedIdentity; if (!this.MapCertificateToWindowsAccount || !tlsNegotiation.TryGetContextIdentity(out preMappedIdentity)) { clientToken = new X509SecurityToken(clientCertificate); } else { clientToken = new X509WindowsSecurityToken(clientCertificate, preMappedIdentity); preMappedIdentity.Dispose(); } authorizationPolicies = this.ClientTokenAuthenticator.ValidateToken(clientToken); clientToken.Dispose(); } else { authorizationPolicies = EmptyReadOnlyCollection .Instance; } return authorizationPolicies; } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- CultureTableRecord.cs
- SizeAnimation.cs
- RoleManagerModule.cs
- PropertyChangedEventArgs.cs
- ReadOnlyCollection.cs
- DataGridBoolColumn.cs
- XmlSchemaAll.cs
- RootNamespaceAttribute.cs
- RuleSettingsCollection.cs
- PropertyEntry.cs
- EnumType.cs
- FixedLineResult.cs
- webeventbuffer.cs
- XmlFormatWriterGenerator.cs
- CollectionViewGroup.cs
- ClientUrlResolverWrapper.cs
- SqlBooleanMismatchVisitor.cs
- CounterCreationData.cs
- MessagePropertyDescription.cs
- AppDomainProtocolHandler.cs
- RuntimeWrappedException.cs
- DbParameterHelper.cs
- GlobalizationAssembly.cs
- AncillaryOps.cs
- QueryGeneratorBase.cs
- Style.cs
- SystemDropShadowChrome.cs
- Pair.cs
- TrustManager.cs
- XmlDataSourceNodeDescriptor.cs
- Operand.cs
- DocumentSequenceHighlightLayer.cs
- NavigationService.cs
- AmbientProperties.cs
- Hex.cs
- WorkItem.cs
- StreamUpgradeProvider.cs
- OneOfElement.cs
- FormView.cs
- DeploymentSection.cs
- ExpressionBinding.cs
- DbCommandTree.cs
- BoundField.cs
- WebPartZoneDesigner.cs
- StringSource.cs
- WebPartDisplayModeCollection.cs
- TreeViewItem.cs
- RuntimeWrappedException.cs
- StaticExtension.cs
- WsdlContractConversionContext.cs
- ComponentSerializationService.cs
- EntityDescriptor.cs
- WebResponse.cs
- SystemIPAddressInformation.cs
- SettingsProperty.cs
- VerticalAlignConverter.cs
- SqlBulkCopy.cs
- ReferencedAssembly.cs
- InputManager.cs
- ObservableDictionary.cs
- CompModSwitches.cs
- WarningException.cs
- AnnouncementService.cs
- PageVisual.cs
- SqlClientWrapperSmiStream.cs
- WebAdminConfigurationHelper.cs
- CircleEase.cs
- DbParameterCollection.cs
- XmlSerializationWriter.cs
- MessageQuerySet.cs
- DbFunctionCommandTree.cs
- GeneralTransform.cs
- ResXResourceSet.cs
- RegistryPermission.cs
- ScrollContentPresenter.cs
- TableLayoutSettings.cs
- ComAdminWrapper.cs
- XmlTextWriter.cs
- TogglePattern.cs
- ImagingCache.cs
- RpcCryptoContext.cs
- DynamicVirtualDiscoSearcher.cs
- RegistryConfigurationProvider.cs
- AppliedDeviceFiltersDialog.cs
- Misc.cs
- FrugalList.cs
- __Filters.cs
- PixelFormats.cs
- WebScriptMetadataMessageEncodingBindingElement.cs
- SqlInternalConnectionTds.cs
- ListViewInsertEventArgs.cs
- SignatureDescription.cs
- ArglessEventHandlerProxy.cs
- OutputCacheProfile.cs
- SecurityKeyType.cs
- DictionaryManager.cs
- DesignTimeSiteMapProvider.cs
- RuntimeConfigLKG.cs
- TraceListener.cs
- TextEvent.cs