CustomCredentialPolicy.cs source code in C# .NET

Source code for the .NET framework in C#

                        

Code:

/ DotNET / DotNET / 8.0 / untmp / WIN_WINDOWS / lh_tools_devdiv_wpf / Windows / wcp / Core / MS / Internal / AppModel / CustomCredentialPolicy.cs / 2 / CustomCredentialPolicy.cs

                            //------------------------------------------------------------------------------ 
//
// 
//    Copyright (C) Microsoft Corporation.  All rights reserved.
//  
//
// Description: 
// 
// This creates and registers a custom ICredentialPolicy that will be used
// whenever a server sends a 401 UNAUTHORIZED in response to a WebRequest. The 
// .NET framework will call ShouldSendCredential to determine if credentials
// should be sent.
//
// Our policy is to go ahead and send whatever credentials there might be, 
// EXCEPT if we are using default credentials and the request is not going to
// an Intranet, Local Machine or Trusted domain. 
// 
//!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
// IMPORTANT: We are creating an instance of IInternetSecurityManager here. This 
// is currently also done in the AppSecurityManager at the Framework level. Any
// modification to either of these classes--especially concerning MapUrlToZone--
// should be considered for both classes.
//!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 
//
// An IInternetSecurityManagerSite is not currently needed here, because the 
// only method of IInternetSecurityManager that we are calling is MapUrlToZone, 
// and that does not prompt the user.
// 
// History:
//  03/15/2006: [....] - Initial creation.
//-----------------------------------------------------------------------------
 
using System;
using System.Collections.Generic; 
using System.Net; 
using System.Runtime.InteropServices;
using System.Security; 
using System.Security.Permissions;

using MS.Internal.PresentationCore;
using MS.Win32; 

namespace MS.Internal.AppModel 
{ 
    [FriendAccessAllowed]
    internal class CustomCredentialPolicy : ICredentialPolicy 
    {

        /// 
        /// Critical - Accesses critical members 
        /// PublicOK - Nothing is exposed, and nothing depends on user input. We're just creating objects for use later.
        ///  
        [SecurityCritical, SecurityTreatAsSafe] 
        static CustomCredentialPolicy()
        { 
            _lockObj = new object();
            _initialized = false;
        }
 
        /// 
        /// Critical - Access critical member _environmentPermissionSet 
        /// PublicOK - Nothing is exposed, and nothing depends on user input. We're just creating objects for use later. 
        /// 
        [SecurityCritical, SecurityTreatAsSafe] 
        public CustomCredentialPolicy()
        {
            _environmentPermissionSet = new PermissionSet(null);
            _environmentPermissionSet.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERDOMAIN")); 
            _environmentPermissionSet.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME"));
        } 
 
        /// 
        /// Critical    - Asserts for permission to set the credential policy. 
        /// TreatAsSafe - Nothing is exposed. This method is safe to call at any time.
        /// 
        [SecurityCritical, SecurityTreatAsSafe]
        static internal void EnsureCustomCredentialPolicy() 
        {
            if (!_initialized) 
            { 
                lock (_lockObj)
                { 
                    if (!_initialized)
                    {
                        new SecurityPermission(SecurityPermissionFlag.ControlPolicy).Assert();  // BlessedAssert:
                        try 
                        {
                            AuthenticationManager.CredentialPolicy = new CustomCredentialPolicy(); 
                            _initialized = true; 
                        }
                        finally 
                        {
                            CodeAccessPermission.RevertAssert();
                        }
                    } 
                }
            } 
        } 

        #region ICredentialPolicy Members 

        /// 
        /// Critical    - Calls SecurityCritical method IsDefaultCredentials.
        /// TreatAsSafe - This is called by the framework to determine if credentials should be sent 
        ///               in response to the server sending a 401. The challengUri and request are
        ///               coming from the app; the credential and authenticationModule are coming 
        ///               from the framework. The only ouput is whether or not credentials should 
        ///               be sent, which is not critical.
        ///  
        [SecurityCritical, SecurityTreatAsSafe]
        public bool ShouldSendCredential(Uri challengeUri, WebRequest request, NetworkCredential credential, IAuthenticationModule authenticationModule)
        {
            switch (MapUrlToZone(challengeUri)) 
            {
                // Always send credentials (including default credentials) to these zones 
                case SecurityZone.Intranet: 
                case SecurityZone.Trusted:
                case SecurityZone.MyComputer: 
                    return true;
                // Don't send default credentials to any of these zones
                case SecurityZone.Internet:
                case SecurityZone.Untrusted: 
                default:
                    return !IsDefaultCredentials(credential); 
            } 
        }
 
        #endregion

        /// 
        /// Critical - Asserts for permission to examine the user name and password. They are 
        ///            only checked to see if they are non-null, and not exposed, but the
        ///            fact that default credential are being used and are available might 
        ///            something we would not want revealed, which is why it is not TAS. 
        /// 
        [SecurityCritical] 
        private bool IsDefaultCredentials(NetworkCredential credential)
        {
            _environmentPermissionSet.Assert();  // BlessedAssert:
            try 
            {
                return credential == CredentialCache.DefaultCredentials; 
            } 
            finally
            { 
                CodeAccessPermission.RevertAssert();
            }
        }
 
        /// 
        /// Critical    - Call critical method MapUrlToZone. 
        /// TreatAsSafe - Returns the zone of the uri, which is not critical. 
        /// 
        [SecurityCritical, SecurityTreatAsSafe] 
        internal static SecurityZone MapUrlToZone(Uri uri)
        {
            EnsureSecurityManager();
 
            int targetZone;
            _securityManager.MapUrlToZone(BindUriHelper.UriToString(uri), out targetZone, 0); 
 
            // The enum is directly mappable, but taking no chances...
            switch (targetZone) 
            {
                case NativeMethods.URLZONE_LOCAL_MACHINE:
                    return SecurityZone.MyComputer;
                case NativeMethods.URLZONE_INTERNET: 
                    return SecurityZone.Internet;
                case NativeMethods.URLZONE_INTRANET: 
                    return SecurityZone.Intranet; 
                case NativeMethods.URLZONE_TRUSTED:
                    return SecurityZone.Trusted; 
                case NativeMethods.URLZONE_UNTRUSTED:
                    return SecurityZone.Untrusted;
            }
 
            return SecurityZone.NoZone;
        } 
 
        /// 
        /// Critical    - Accesses critical member _securityManager and calls the SUC'd MapUrlToZone. 
        /// TreatAsSafe - Doesn't expose anything, doesn't take user input, safe to call at any time.
        /// 
        [SecurityCritical, SecurityTreatAsSafe]
        private static void EnsureSecurityManager() 
        {
            // IMPORTANT: See comments in header r.e. IInternetSecurityManager 
 
            if (_securityManager == null)
            { 
                lock (_lockObj)
                {
                    if (_securityManager == null)
                    { 
                        _securityManager = (UnsafeNativeMethods.IInternetSecurityManager)new InternetSecurityManager();
                    } 
                } 
            }
        } 

        [ComImport, ComVisible(false), Guid("7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4")]
        private class InternetSecurityManager
        { 
        }
 
        /// 
        /// Critical - requires an elevation to create.
        /// 
        [SecurityCritical]
        private static UnsafeNativeMethods.IInternetSecurityManager _securityManager;

        [SecurityCritical] 
        private static object _lockObj;
 
        [SecurityCritical] 
        private static bool _initialized;
 
        [SecurityCritical]
        PermissionSet _environmentPermissionSet;
    }
} 

// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// Copyright (c) Microsoft Corporation. All rights reserved.
                        

Link Menu

Network programming in C#, Network Programming in VB.NET, Network Programming in .NET
This book is available now!
Buy at Amazon US or
Buy at Amazon UK