CustomCredentialPolicy.cs source code in C# .NET

                        
Code:
                         / DotNET / DotNET / 8.0 / untmp / WIN_WINDOWS / lh_tools_devdiv_wpf / Windows / wcp / Core / MS / Internal / AppModel / CustomCredentialPolicy.cs / 2 / CustomCredentialPolicy.cs
                        

                        
                            //------------------------------------------------------------------------------ 
//
// 
//    Copyright (C) Microsoft Corporation.  All rights reserved.
//  
//
// Description: 
// 
// This creates and registers a custom ICredentialPolicy that will be used
// whenever a server sends a 401 UNAUTHORIZED in response to a WebRequest. The 
// .NET framework will call ShouldSendCredential to determine if credentials
// should be sent.
//
// Our policy is to go ahead and send whatever credentials there might be, 
// EXCEPT if we are using default credentials and the request is not going to
// an Intranet, Local Machine or Trusted domain. 
// 
//!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
// IMPORTANT: We are creating an instance of IInternetSecurityManager here. This 
// is currently also done in the AppSecurityManager at the Framework level. Any
// modification to either of these classes--especially concerning MapUrlToZone--
// should be considered for both classes.
//!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 
//
// An IInternetSecurityManagerSite is not currently needed here, because the 
// only method of IInternetSecurityManager that we are calling is MapUrlToZone, 
// and that does not prompt the user.
// 
// History:
//  03/15/2006: [....] - Initial creation.
//-----------------------------------------------------------------------------
 
using System;
using System.Collections.Generic; 
using System.Net; 
using System.Runtime.InteropServices;
using System.Security; 
using System.Security.Permissions;

using MS.Internal.PresentationCore;
using MS.Win32; 

namespace MS.Internal.AppModel 
{ 
    [FriendAccessAllowed]
    internal class CustomCredentialPolicy : ICredentialPolicy 
    {

        /// 
        /// Critical - Accesses critical members 
        /// PublicOK - Nothing is exposed, and nothing depends on user input. We're just creating objects for use later.
        ///  
        [SecurityCritical, SecurityTreatAsSafe] 
        static CustomCredentialPolicy()
        { 
            _lockObj = new object();
            _initialized = false;
        }
 
        /// 
        /// Critical - Access critical member _environmentPermissionSet 
        /// PublicOK - Nothing is exposed, and nothing depends on user input. We're just creating objects for use later. 
        /// 
        [SecurityCritical, SecurityTreatAsSafe] 
        public CustomCredentialPolicy()
        {
            _environmentPermissionSet = new PermissionSet(null);
            _environmentPermissionSet.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERDOMAIN")); 
            _environmentPermissionSet.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME"));
        } 
 
        /// 
        /// Critical    - Asserts for permission to set the credential policy. 
        /// TreatAsSafe - Nothing is exposed. This method is safe to call at any time.
        /// 
        [SecurityCritical, SecurityTreatAsSafe]
        static internal void EnsureCustomCredentialPolicy() 
        {
            if (!_initialized) 
            { 
                lock (_lockObj)
                { 
                    if (!_initialized)
                    {
                        new SecurityPermission(SecurityPermissionFlag.ControlPolicy).Assert();  // BlessedAssert:
                        try 
                        {
                            AuthenticationManager.CredentialPolicy = new CustomCredentialPolicy(); 
                            _initialized = true; 
                        }
                        finally 
                        {
                            CodeAccessPermission.RevertAssert();
                        }
                    } 
                }
            } 
        } 

        #region ICredentialPolicy Members 

        /// 
        /// Critical    - Calls SecurityCritical method IsDefaultCredentials.
        /// TreatAsSafe - This is called by the framework to determine if credentials should be sent 
        ///               in response to the server sending a 401. The challengUri and request are
        ///               coming from the app; the credential and authenticationModule are coming 
        ///               from the framework. The only ouput is whether or not credentials should 
        ///               be sent, which is not critical.
        ///  
        [SecurityCritical, SecurityTreatAsSafe]
        public bool ShouldSendCredential(Uri challengeUri, WebRequest request, NetworkCredential credential, IAuthenticationModule authenticationModule)
        {
            switch (MapUrlToZone(challengeUri)) 
            {
                // Always send credentials (including default credentials) to these zones 
                case SecurityZone.Intranet: 
                case SecurityZone.Trusted:
                case SecurityZone.MyComputer: 
                    return true;
                // Don't send default credentials to any of these zones
                case SecurityZone.Internet:
                case SecurityZone.Untrusted: 
                default:
                    return !IsDefaultCredentials(credential); 
            } 
        }
 
        #endregion

        /// 
        /// Critical - Asserts for permission to examine the user name and password. They are 
        ///            only checked to see if they are non-null, and not exposed, but the
        ///            fact that default credential are being used and are available might 
        ///            something we would not want revealed, which is why it is not TAS. 
        /// 
        [SecurityCritical] 
        private bool IsDefaultCredentials(NetworkCredential credential)
        {
            _environmentPermissionSet.Assert();  // BlessedAssert:
            try 
            {
                return credential == CredentialCache.DefaultCredentials; 
            } 
            finally
            { 
                CodeAccessPermission.RevertAssert();
            }
        }
 
        /// 
        /// Critical    - Call critical method MapUrlToZone. 
        /// TreatAsSafe - Returns the zone of the uri, which is not critical. 
        /// 
        [SecurityCritical, SecurityTreatAsSafe] 
        internal static SecurityZone MapUrlToZone(Uri uri)
        {
            EnsureSecurityManager();
 
            int targetZone;
            _securityManager.MapUrlToZone(BindUriHelper.UriToString(uri), out targetZone, 0); 
 
            // The enum is directly mappable, but taking no chances...
            switch (targetZone) 
            {
                case NativeMethods.URLZONE_LOCAL_MACHINE:
                    return SecurityZone.MyComputer;
                case NativeMethods.URLZONE_INTERNET: 
                    return SecurityZone.Internet;
                case NativeMethods.URLZONE_INTRANET: 
                    return SecurityZone.Intranet; 
                case NativeMethods.URLZONE_TRUSTED:
                    return SecurityZone.Trusted; 
                case NativeMethods.URLZONE_UNTRUSTED:
                    return SecurityZone.Untrusted;
            }
 
            return SecurityZone.NoZone;
        } 
 
        /// 
        /// Critical    - Accesses critical member _securityManager and calls the SUC'd MapUrlToZone. 
        /// TreatAsSafe - Doesn't expose anything, doesn't take user input, safe to call at any time.
        /// 
        [SecurityCritical, SecurityTreatAsSafe]
        private static void EnsureSecurityManager() 
        {
            // IMPORTANT: See comments in header r.e. IInternetSecurityManager 
 
            if (_securityManager == null)
            { 
                lock (_lockObj)
                {
                    if (_securityManager == null)
                    { 
                        _securityManager = (UnsafeNativeMethods.IInternetSecurityManager)new InternetSecurityManager();
                    } 
                } 
            }
        } 

        [ComImport, ComVisible(false), Guid("7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4")]
        private class InternetSecurityManager
        { 
        }
 
        /// 
        /// Critical - requires an elevation to create.
        /// 
        [SecurityCritical]
        private static UnsafeNativeMethods.IInternetSecurityManager _securityManager;

        [SecurityCritical] 
        private static object _lockObj;
 
        [SecurityCritical] 
        private static bool _initialized;
 
        [SecurityCritical]
        PermissionSet _environmentPermissionSet;
    }
} 

// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// Copyright (c) Microsoft Corporation. All rights reserved.


                        

                        

                        
                        

Link Menu

This book is available now!
Buy at Amazon US or
Buy at Amazon UK

• RelationshipEndCollection.cs
• SmiContextFactory.cs
• ValidatingPropertiesEventArgs.cs
• Win32.cs
• SharedHttpTransportManager.cs
• ResXResourceReader.cs
• DLinqTableProvider.cs
• FormViewRow.cs
• BindingNavigator.cs
• ListViewItem.cs
• XmlText.cs
• DataControlLinkButton.cs
• RedirectionProxy.cs
• ResourceIDHelper.cs
• DataGridViewCellStyleChangedEventArgs.cs
• WeakHashtable.cs
• Scheduler.cs
• EventPrivateKey.cs
• RegexCode.cs
• ConfigurationSectionHelper.cs
• XamlRtfConverter.cs
• DesignerImageAdapter.cs
• DataRelationPropertyDescriptor.cs
• SspiSafeHandles.cs
• LinkArea.cs
• HttpException.cs
• ThreadStateException.cs
• EntityCommandDefinition.cs
• XmlChoiceIdentifierAttribute.cs
• InitializationEventAttribute.cs
• OdbcConnectionHandle.cs
• StoragePropertyMapping.cs
• TableLayoutRowStyleCollection.cs
• AsymmetricSignatureDeformatter.cs
• WinFormsUtils.cs
• XmlSortKeyAccumulator.cs
• RequestQueryProcessor.cs
• Base64Encoding.cs
• DeclarativeExpressionConditionDeclaration.cs
• Trace.cs
• Range.cs
• WSSecureConversationDec2005.cs
• TemplateControlBuildProvider.cs
• TextShapeableCharacters.cs
• LinqDataSourceDeleteEventArgs.cs
• RoleGroupCollection.cs
• OptimizerPatterns.cs
• SmiSettersStream.cs
• CuspData.cs
• GeneralTransform3D.cs
• Drawing.cs
• TextEditorTables.cs
• TdsParserSafeHandles.cs
• ViewValidator.cs
• RewritingProcessor.cs
• CachedPathData.cs
• HtmlControlPersistable.cs
• WmpBitmapDecoder.cs
• DrawToolTipEventArgs.cs
• FocusTracker.cs
• InputProcessorProfilesLoader.cs
• EdmComplexPropertyAttribute.cs
• WhereQueryOperator.cs
• DefaultEventAttribute.cs
• DBSchemaTable.cs
• SspiSafeHandles.cs
• OleDbConnectionPoolGroupProviderInfo.cs
• WebPartMenu.cs
• ConfigXmlComment.cs
• ObjectDataSourceMethodEventArgs.cs
• COSERVERINFO.cs
• ResXBuildProvider.cs
• RayMeshGeometry3DHitTestResult.cs
• ActivityXRefConverter.cs
• ObjectQueryExecutionPlan.cs
• CachedTypeface.cs
• RegexCompiler.cs
• GenerateHelper.cs
• ZipIOExtraFieldElement.cs
• LogWriteRestartAreaAsyncResult.cs
• NativeActivityMetadata.cs
• PageBreakRecord.cs
• ThreadNeutralSemaphore.cs
• TextEditorTyping.cs
• IOException.cs
• xmlglyphRunInfo.cs
• LogExtent.cs
• GenerateTemporaryAssemblyTask.cs
• TextBoxView.cs
• DetailsViewUpdatedEventArgs.cs
• filewebrequest.cs
• SqlDataSourceEnumerator.cs
• SAPIEngineTypes.cs
• TypeForwardedToAttribute.cs
• QueryAccessibilityHelpEvent.cs
• CustomExpression.cs
• ColorPalette.cs
• WebPartsPersonalization.cs
• ByteStorage.cs
• ProcessThreadCollection.cs