Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / TransactionBridge / Microsoft / Transactions / Wsat / Messaging / Security.cs / 1 / Security.cs
//------------------------------------------------------------------------------ // Copyright (c) Microsoft Corporation. All rights reserved. //----------------------------------------------------------------------------- // Define some helper functions used for security using System; using System.ServiceModel; using System.Collections.Generic; using System.Collections.ObjectModel; using System.Diagnostics; using System.DirectoryServices.ActiveDirectory; using System.Globalization; using System.Net; using System.Net.Security; using System.IdentityModel.Claims; using System.IdentityModel.Policy; using System.IdentityModel.Tokens; using System.IdentityModel.Selectors; using System.Security.Cryptography; using System.Security.Cryptography.X509Certificates; using System.Security.Permissions; using System.Security.Principal; using System.Runtime.Serialization; using System.ServiceModel.Channels; using System.ServiceModel.Security; using System.ServiceModel.Security.Tokens; using System.ServiceModel.Transactions; using System.Text; using System.Transactions; using System.Xml; using DiagnosticUtility = Microsoft.Transactions.Bridge.DiagnosticUtility; using Microsoft.Transactions.Wsat.Protocol; namespace Microsoft.Transactions.Wsat.Messaging { class CoordinationServiceSecurity { IdentityVerifier identityVerifier = IdentityVerifier.CreateDefault(); static SecurityContextSecurityTokenParameters securityContextSecurityTokenParameters; public static SecurityContextSecurityTokenParameters SecurityContextSecurityTokenParameters { get { if (securityContextSecurityTokenParameters == null) securityContextSecurityTokenParameters = new SecurityContextSecurityTokenParameters(); return securityContextSecurityTokenParameters; } } static DataContractSerializer identifierElementSerializer10; static DataContractSerializer identifierElementSerializer11; static DataContractSerializer IdentifierElementSerializer(ProtocolVersion protocolVersion) { ProtocolVersionHelper.AssertProtocolVersion(protocolVersion, typeof(CoordinationServiceSecurity), "IdentifierElementSerializer"); //assert valid protocol version switch (protocolVersion) { case ProtocolVersion.Version10 : if (identifierElementSerializer10 == null) identifierElementSerializer10 = new DataContractSerializer(typeof(IdentifierElement10)); return identifierElementSerializer10; case ProtocolVersion.Version11 : if (identifierElementSerializer11 == null) identifierElementSerializer11 = new DataContractSerializer(typeof(IdentifierElement11)); return identifierElementSerializer11; default: return null; // inaccessible path because we have asserted the protocol version } } // // Issued tokens / supporting tokens // static byte[] Label = Encoding.UTF8.GetBytes("WS-AT Supporting Token"); static SecurityStandardsManager SecurityStandardsManager2007 = CreateStandardsManager(MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12); static SecurityStandardsManager CreateStandardsManager(MessageSecurityVersion securityVersion) { return new SecurityStandardsManager( securityVersion, new WSSecurityTokenSerializer(securityVersion.SecurityVersion, securityVersion.TrustVersion, securityVersion.SecureConversationVersion, false, null, null, null)); } static SecurityStandardsManager CreateStandardsManager(ProtocolVersion protocolVersion) { ProtocolVersionHelper.AssertProtocolVersion(protocolVersion, typeof(CoordinationServiceSecurity), "CreateStandardsManager"); switch (protocolVersion) { case ProtocolVersion.Version10: return SecurityStandardsManager.DefaultInstance; case ProtocolVersion.Version11: return CoordinationServiceSecurity.SecurityStandardsManager2007; default: return null; // inaccessible path because we have asserted the protocol version } } //======================================================================================= public static byte[] DeriveIssuedTokenKey(Guid transactionId, string sctId) { return Psha1DerivedKeyGeneratorHelper.GenerateDerivedKey(transactionId.ToByteArray(), Label, Encoding.UTF8.GetBytes(sctId), SecurityAlgorithmSuite.Default.DefaultSymmetricKeyLength, 0); } //======================================================================================= public static void CreateIssuedToken(Guid transactionId, string coordinationContextId, ProtocolVersion protocolVersion, out RequestSecurityTokenResponse issuedToken, out string sctId) { sctId = CoordinationContext.CreateNativeIdentifier(Guid.NewGuid()); byte[] derivedKey = DeriveIssuedTokenKey(transactionId, sctId); DateTime now = DateTime.UtcNow; SecurityContextSecurityToken sct = new SecurityContextSecurityToken(new UniqueId(sctId), derivedKey, now, now + TimeSpan.FromDays(100 * 365)); BinarySecretSecurityToken proof = new BinarySecretSecurityToken(derivedKey); SecurityStandardsManager standardsManager = CreateStandardsManager(protocolVersion); RequestSecurityTokenResponse rstr = new RequestSecurityTokenResponse(standardsManager); rstr.TokenType = standardsManager.SecureConversationDriver.TokenTypeUri; rstr.RequestedUnattachedReference = SecurityContextSecurityTokenParameters.CreateKeyIdentifierClause(sct, SecurityTokenReferenceStyle.External); rstr.RequestedAttachedReference = SecurityContextSecurityTokenParameters.CreateKeyIdentifierClause(sct, SecurityTokenReferenceStyle.Internal); rstr.RequestedSecurityToken = sct; rstr.RequestedProofToken = proof; DataContractSerializer identifierElementSerializer = IdentifierElementSerializer(protocolVersion); ProtocolVersionHelper.AssertProtocolVersion(protocolVersion, typeof(CoordinationServiceSecurity), "CreateIssuedToken"); //assert valid protocol version switch(protocolVersion) { case ProtocolVersion.Version10 : rstr.SetAppliesTo(new IdentifierElement10(coordinationContextId), identifierElementSerializer); break; case ProtocolVersion.Version11 : rstr.SetAppliesTo (new IdentifierElement11(coordinationContextId), identifierElementSerializer); break; default : break; // inaccessible path because we have asserted the protocol version } rstr.MakeReadOnly(); if (DebugTrace.Verbose) { DebugTrace.Trace(TraceLevel.Verbose, "Created issued token with id {0} for transaction {1}", sctId, transactionId); } issuedToken = rstr; } //======================================================================================== public static void AddIssuedToken(Message message, RequestSecurityTokenResponse rstr) { TransactionFlowProperty transactionFlowProp = TransactionFlowProperty.Ensure(message); transactionFlowProp.IssuedTokens.Add(rstr); if (DebugTrace.Verbose) { DebugTrace.Trace(TraceLevel.Verbose, "Added issued token to message"); } } //======================================================================================= // This function can throw XmlException public static RequestSecurityTokenResponse GetIssuedToken(Message message, string identifier, ProtocolVersion protocolVersion) { ICollection rstrCollection = TransactionFlowProperty.TryGetIssuedTokens(message); if (rstrCollection == null) { if (DebugTrace.Verbose) DebugTrace.Trace(TraceLevel.Verbose, "No issued tokens found in message"); return null; } string coordIdentifier = CoordinationStrings.Version(protocolVersion).Identifier; string coordNamespace = CoordinationStrings.Version(protocolVersion).Namespace; foreach (RequestSecurityTokenResponse rstr in rstrCollection) { string name, ns; rstr.GetAppliesToQName(out name, out ns); if (name == coordIdentifier && ns == coordNamespace) { if (DebugTrace.Verbose) DebugTrace.Trace(TraceLevel.Verbose, "Found issued token in message"); try { IdentifierElement id = null; DataContractSerializer identifierElementSerializer = IdentifierElementSerializer(protocolVersion); ProtocolVersionHelper.AssertProtocolVersion(protocolVersion, typeof(CoordinationServiceSecurity), "GetIssuedToken"); //assert valid protocol version switch (protocolVersion) { case ProtocolVersion.Version10 : id = rstr.GetAppliesTo (identifierElementSerializer); break; case ProtocolVersion.Version11 : id = rstr.GetAppliesTo (identifierElementSerializer); break; // no default - we have asserted the protocol version } // Make sure the identifier matches the expected value if (id.Identifier != identifier) { if (DebugTrace.Error) DebugTrace.Trace(TraceLevel.Error, "Issued token identifier does not match expected {0}", identifier); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new XmlException(SR.GetString(SR.IssuedTokenIdentifierMismatch))); } } catch (SerializationException e) { if (DebugTrace.Error) DebugTrace.Trace(TraceLevel.Error, "Issued token AppliesTo element could not be deserialized: {0}", e.Message); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new XmlException(e.Message, e)); } return rstr; } } if (DebugTrace.Verbose) DebugTrace.Trace(TraceLevel.Verbose, "No matching issued token found in message"); return null; } //======================================================================================== public static void AddSupportingToken(Message message, RequestSecurityTokenResponse rstr) { // Currently, we only support a binary secret as the proof of RSTR GenericXmlSecurityToken supportingToken = rstr.GetIssuedToken(null, null, SecurityKeyEntropyMode.ServerEntropy, null, null, null); SecurityMessageProperty property = new SecurityMessageProperty(); SupportingTokenSpecification spec = new SupportingTokenSpecification(supportingToken, new List ().AsReadOnly(), SecurityTokenAttachmentMode.Endorsing, SecurityContextSecurityTokenParameters); property.OutgoingSupportingTokens.Add(spec); message.Properties.Security = property; if (DebugTrace.Verbose) { DebugTrace.Trace (TraceLevel.Verbose, "Attached supporting token {0} to register message", rstr.Context); } } // // Per-enlistment security // //======================================================================================== public static string GetSenderName (Message message) { return GetSenderName(message.Properties); } //======================================================================================= public static string GetSenderName (MessageProperties messageProperties) { SecurityMessageProperty securityMessageProperty = messageProperties.Security; if (securityMessageProperty == null) { return "anonymous"; } ServiceSecurityContext securityContext = securityMessageProperty.ServiceSecurityContext; if (securityContext == null || securityContext.IsAnonymous) { return "anonymous"; } IIdentity identity = securityContext.PrimaryIdentity; if (identity != null) { return identity.Name; } return securityContext.PrimaryIdentity.ToString(); } //======================================================================================== public bool CheckIdentity(Proxy proxy, Message message) { EndpointAddress service = proxy.To; bool access = this.identityVerifier.CheckAccess(service, message); TraceCheckIdentityResult(access, service, message); return access; } //======================================================================================= void TraceCheckIdentityResult(bool access, EndpointAddress service, Message message) { if (DebugTrace.Verbose) { if (DebugTrace.Pii) { string sender = GetSenderName(message); if (access) { DebugTrace.Trace(TraceLevel.Verbose, "Access granted by identity verifier to {0}", sender); } else { DebugTrace.Trace(TraceLevel.Verbose, "Access denied by identity verifier to {0}, expected {1}", sender, service.Identity == null ? service.Uri.AbsoluteUri : service.Identity.ToString()); } } else { if (access) { DebugTrace.Trace(TraceLevel.Verbose, "Access granted by identity verifier"); } else { DebugTrace.Trace(TraceLevel.Verbose, "Access denied by identity verifier"); } } } } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- XmlDataSourceNodeDescriptor.cs
- PropertyGridView.cs
- WebReferencesBuildProvider.cs
- EntityDesignerBuildProvider.cs
- RenderCapability.cs
- MarkupCompiler.cs
- CustomDictionarySources.cs
- FixedPageProcessor.cs
- FtpWebRequest.cs
- SoapCodeExporter.cs
- Attachment.cs
- MessageBox.cs
- indexingfiltermarshaler.cs
- BindingFormattingDialog.cs
- GeometryConverter.cs
- SHA384Managed.cs
- MenuScrollingVisibilityConverter.cs
- RefreshPropertiesAttribute.cs
- HttpModuleCollection.cs
- WebResponse.cs
- MessageAction.cs
- DesignerAttribute.cs
- SafeFindHandle.cs
- SecurityCriticalDataForSet.cs
- CustomAttributeBuilder.cs
- PointCollectionValueSerializer.cs
- _ContextAwareResult.cs
- UrlMappingsSection.cs
- PipelineModuleStepContainer.cs
- ValueOfAction.cs
- TargetInvocationException.cs
- DataGridViewTopLeftHeaderCell.cs
- WriteableBitmap.cs
- GC.cs
- MessageContractMemberAttribute.cs
- CountAggregationOperator.cs
- SqlBulkCopyColumnMapping.cs
- CommandPlan.cs
- CodeThrowExceptionStatement.cs
- GenerateScriptTypeAttribute.cs
- ProfileGroupSettingsCollection.cs
- PageStatePersister.cs
- _ConnectionGroup.cs
- SelectedDatesCollection.cs
- Attributes.cs
- PropertyItemInternal.cs
- StateRuntime.cs
- WindowClosedEventArgs.cs
- _Semaphore.cs
- AjaxFrameworkAssemblyAttribute.cs
- DataServiceConfiguration.cs
- UrlPath.cs
- AuthenticateEventArgs.cs
- ComPlusDiagnosticTraceRecords.cs
- GridLengthConverter.cs
- QilTargetType.cs
- WebResponse.cs
- MappedMetaModel.cs
- filewebresponse.cs
- CodeDOMProvider.cs
- ProfileProvider.cs
- IMembershipProvider.cs
- PassportIdentity.cs
- NotifyIcon.cs
- TickBar.cs
- HtmlTableCell.cs
- WebPartDisplayModeCollection.cs
- FixedLineResult.cs
- Rules.cs
- WebSysDescriptionAttribute.cs
- SingleAnimation.cs
- CryptoKeySecurity.cs
- WebScriptServiceHost.cs
- DataMisalignedException.cs
- CachedCompositeFamily.cs
- GacUtil.cs
- Base64Stream.cs
- StylusEditingBehavior.cs
- SID.cs
- DataFormats.cs
- WebCategoryAttribute.cs
- ActivationProxy.cs
- DataIdProcessor.cs
- Popup.cs
- Imaging.cs
- SatelliteContractVersionAttribute.cs
- XmlSchemaChoice.cs
- GenericsInstances.cs
- Input.cs
- Types.cs
- HtmlLiteralTextAdapter.cs
- PackageProperties.cs
- BulletDecorator.cs
- Underline.cs
- RoutedEventValueSerializer.cs
- DbConnectionPoolIdentity.cs
- SafeRegistryHandle.cs
- OutputCacheSettingsSection.cs
- ConfigurationElement.cs
- ProfilePropertySettings.cs