Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / IdentityModel / System / IdentityModel / Tokens / SamlSubject.cs / 1 / SamlSubject.cs
//------------------------------------------------------------------------------ // Copyright (c) Microsoft Corporation. All rights reserved. //----------------------------------------------------------------------------- namespace System.IdentityModel.Tokens { using System.Collections; using System.Collections.Generic; using System.Collections.ObjectModel; using System.IdentityModel.Claims; using System.IdentityModel.Selectors; using System.Runtime.Serialization; using System.Security.Cryptography; using System.Security.Cryptography.Xml; using System.Security.Principal; using System.Security; using System.Xml; using System.Xml.Serialization; public class SamlSubject { // Saml SubjectConfirmation parts. readonly ImmutableCollectionconfirmationMethods = new ImmutableCollection (); string confirmationData; SecurityKeyIdentifier securityKeyIdentifier; SecurityKey crypto; SecurityToken subjectToken; // Saml NameIdentifier element parts. string name; string nameFormat; string nameQualifier; List claims; IIdentity identity; ClaimSet subjectKeyClaimset; bool isReadOnly = false; public SamlSubject() { } public SamlSubject(string nameFormat, string nameQualifier, string name) : this(nameFormat, nameQualifier, name, null, null, null) { } public SamlSubject(string nameFormat, string nameQualifier, string name, IEnumerable confirmations, string confirmationData, SecurityKeyIdentifier securityKeyIdentifier) { if (confirmations != null) { foreach (string method in confirmations) { if (String.IsNullOrEmpty(method)) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.SAMLEntityCannotBeNullOrEmpty, XD.SamlDictionary.SubjectConfirmationMethod.Value)); this.confirmationMethods.Add(method); } } if ((this.confirmationMethods.Count == 0) && (String.IsNullOrEmpty(name))) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.SAMLSubjectRequiresNameIdentifierOrConfirmationMethod)); if ((this.confirmationMethods.Count == 0) && ((confirmationData != null) || (securityKeyIdentifier != null))) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.SAMLSubjectRequiresConfirmationMethodWhenConfirmationDataOrKeyInfoIsSpecified)); this.name = name; this.nameFormat = nameFormat; this.nameQualifier = nameQualifier; this.confirmationData = confirmationData; this.securityKeyIdentifier = securityKeyIdentifier; } public string Name { get { return this.name; } set { if (isReadOnly) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ObjectIsReadOnly))); if (String.IsNullOrEmpty(value)) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.SAMLSubjectNameIdentifierRequiresNameValue)); this.name = value; } } public string NameFormat { get { return this.nameFormat; } set { if (isReadOnly) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ObjectIsReadOnly))); this.nameFormat = value; } } public string NameQualifier { get { return this.nameQualifier; } set { if (isReadOnly) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ObjectIsReadOnly))); this.nameQualifier = value; } } public static string NameClaimType { get { return ClaimTypes.NameIdentifier; } } public IList ConfirmationMethods { get { return this.confirmationMethods; } } internal IIdentity Identity { get { return this.identity; } } public string SubjectConfirmationData { get { return this.confirmationData; } set { if (value == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value"); this.confirmationData = value; } } public SecurityKeyIdentifier KeyIdentifier { get { return this.securityKeyIdentifier; } set { if (isReadOnly) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ObjectIsReadOnly))); if (value == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value"); this.securityKeyIdentifier = value; } } public SecurityKey Crypto { get { return this.crypto; } set { if (isReadOnly) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ObjectIsReadOnly))); if (value == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value"); this.crypto = value; } } public bool IsReadOnly { get { return this.isReadOnly; } } public void MakeReadOnly() { if (!this.isReadOnly) { if (securityKeyIdentifier != null) securityKeyIdentifier.MakeReadOnly(); this.confirmationMethods.MakeReadOnly(); this.isReadOnly = true; } } void CheckObjectValidity() { if ((this.confirmationMethods.Count == 0) && (String.IsNullOrEmpty(name))) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLSubjectRequiresNameIdentifierOrConfirmationMethod))); if ((this.confirmationMethods.Count == 0) && ((this.confirmationData != null) || (this.securityKeyIdentifier != null))) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLSubjectRequiresConfirmationMethodWhenConfirmationDataOrKeyInfoIsSpecified))); } public virtual ReadOnlyCollection ExtractClaims() { if (this.claims == null) { this.claims = new List (); if (!String.IsNullOrEmpty(this.name)) { this.claims.Add(new Claim(ClaimTypes.NameIdentifier, new SamlNameIdentifierClaimResource(this.name, this.nameQualifier, this.nameFormat), Rights.Identity)); this.claims.Add(new Claim(ClaimTypes.NameIdentifier, new SamlNameIdentifierClaimResource(this.name, this.nameQualifier, this.nameFormat), Rights.PossessProperty)); } } return this.claims.AsReadOnly(); } public virtual ClaimSet ExtractSubjectKeyClaimSet(SamlSecurityTokenAuthenticator samlAuthenticator) { if ((this.subjectKeyClaimset == null) && (this.securityKeyIdentifier != null)) { if (samlAuthenticator == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("samlAuthenticator"); if (this.subjectToken != null) { this.subjectKeyClaimset = samlAuthenticator.ResolveClaimSet(this.subjectToken); this.identity = samlAuthenticator.ResolveIdentity(this.subjectToken); if ((this.identity == null) && (this.subjectKeyClaimset != null)) { Claim identityClaim = null; foreach (Claim claim in this.subjectKeyClaimset.FindClaims(null, Rights.Identity)) { identityClaim = claim; break; } if (identityClaim != null) { this.identity = SecurityUtils.CreateIdentity(identityClaim.Resource.ToString(), this.GetType().Name); } } } if (this.subjectKeyClaimset == null) { // Add the type of the primary claim as the Identity claim. this.subjectKeyClaimset = samlAuthenticator.ResolveClaimSet(this.securityKeyIdentifier); this.identity = samlAuthenticator.ResolveIdentity(this.securityKeyIdentifier); } } return this.subjectKeyClaimset; } public virtual void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver) { if (reader == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader")); if (samlSerializer == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("samlSerializer"); #pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null. SamlDictionary dictionary = samlSerializer.DictionaryManager.SamlDictionary; reader.MoveToContent(); reader.Read(); if (reader.IsStartElement(dictionary.NameIdentifier, dictionary.Namespace)) { this.nameFormat = reader.GetAttribute(dictionary.NameIdentifierFormat, null); this.nameQualifier = reader.GetAttribute(dictionary.NameIdentifierNameQualifier, null); reader.MoveToContent(); this.name = reader.ReadString(); if (this.name == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLNameIdentifierMissingIdentifierValueOnRead))); reader.MoveToContent(); reader.ReadEndElement(); } if (reader.IsStartElement(dictionary.SubjectConfirmation, dictionary.Namespace)) { reader.MoveToContent(); reader.Read(); while (reader.IsStartElement(dictionary.SubjectConfirmationMethod, dictionary.Namespace)) { string method = reader.ReadString(); if (string.IsNullOrEmpty(method)) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLBadSchema, dictionary.SubjectConfirmationMethod.Value))); this.confirmationMethods.Add(method); reader.MoveToContent(); reader.ReadEndElement(); } if (this.confirmationMethods.Count == 0) { // A SubjectConfirmaton clause should specify at least one // ConfirmationMethod. throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLSubjectConfirmationClauseMissingConfirmationMethodOnRead))); } if (reader.IsStartElement(dictionary.SubjectConfirmationData, dictionary.Namespace)) { reader.MoveToContent(); // An Authentication protocol specified in the confirmation method might need this // data. Just store this content value as string. this.confirmationData = reader.ReadString(); reader.MoveToContent(); reader.ReadEndElement(); } #pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null. if (reader.IsStartElement(samlSerializer.DictionaryManager.XmlSignatureDictionary.KeyInfo, samlSerializer.DictionaryManager.XmlSignatureDictionary.Namespace)) { XmlDictionaryReader dictionaryReader = XmlDictionaryReader.CreateDictionaryReader(reader); this.securityKeyIdentifier = SamlSerializer.ReadSecurityKeyIdentifier(dictionaryReader, keyInfoSerializer); this.crypto = SamlSerializer.ResolveSecurityKey(this.securityKeyIdentifier, outOfBandTokenResolver); if (this.crypto == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SamlUnableToExtractSubjectKey))); } this.subjectToken = SamlSerializer.ResolveSecurityToken(this.securityKeyIdentifier, outOfBandTokenResolver); } if ((this.confirmationMethods.Count == 0) && (String.IsNullOrEmpty(name))) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLSubjectRequiresNameIdentifierOrConfirmationMethodOnRead))); reader.MoveToContent(); reader.ReadEndElement(); } reader.MoveToContent(); reader.ReadEndElement(); } public virtual void WriteXml(XmlDictionaryWriter writer, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer) { CheckObjectValidity(); if (writer == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("writer")); if (samlSerializer == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer")); #pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null. SamlDictionary dictionary = samlSerializer.DictionaryManager.SamlDictionary; writer.WriteStartElement(dictionary.PreferredPrefix.Value, dictionary.Subject, dictionary.Namespace); if (this.name != null) { writer.WriteStartElement(dictionary.PreferredPrefix.Value, dictionary.NameIdentifier, dictionary.Namespace); if (this.nameFormat != null) { writer.WriteStartAttribute(dictionary.NameIdentifierFormat, null); writer.WriteString(this.nameFormat); writer.WriteEndAttribute(); } if (this.nameQualifier != null) { writer.WriteStartAttribute(dictionary.NameIdentifierNameQualifier, null); writer.WriteString(this.nameQualifier); writer.WriteEndAttribute(); } writer.WriteString(this.name); writer.WriteEndElement(); } if (this.confirmationMethods.Count > 0) { writer.WriteStartElement(dictionary.PreferredPrefix.Value, dictionary.SubjectConfirmation, dictionary.Namespace); foreach (string method in this.confirmationMethods) writer.WriteElementString(dictionary.SubjectConfirmationMethod, dictionary.Namespace, method); if (!string.IsNullOrEmpty(this.confirmationData)) writer.WriteElementString(dictionary.SubjectConfirmationData, dictionary.Namespace, this.confirmationData); if (this.securityKeyIdentifier != null) { XmlDictionaryWriter dictionaryWriter = XmlDictionaryWriter.CreateDictionaryWriter(writer); SamlSerializer.WriteSecurityKeyIdentifier(dictionaryWriter, this.securityKeyIdentifier, keyInfoSerializer); } writer.WriteEndElement(); } writer.WriteEndElement(); } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- SecurityException.cs
- SecurityState.cs
- DirtyTextRange.cs
- ImportContext.cs
- StreamWriter.cs
- SQLByteStorage.cs
- ClaimTypeRequirement.cs
- FontStyle.cs
- DecimalAnimation.cs
- LocalizationParserHooks.cs
- HtmlLiteralTextAdapter.cs
- ImageCodecInfo.cs
- CatalogPartChrome.cs
- AdapterDictionary.cs
- securestring.cs
- InstanceKeyCompleteException.cs
- XhtmlBasicCommandAdapter.cs
- WindowShowOrOpenTracker.cs
- TypeName.cs
- MetadataPropertyCollection.cs
- RectAnimation.cs
- XmlObjectSerializer.cs
- MenuItem.cs
- CapabilitiesUse.cs
- DbUpdateCommandTree.cs
- TraceProvider.cs
- RadioButtonFlatAdapter.cs
- WriteTimeStream.cs
- ParameterCollection.cs
- SemanticAnalyzer.cs
- XmlUtil.cs
- CurrentChangingEventArgs.cs
- Logging.cs
- HtmlTableCellCollection.cs
- SByteStorage.cs
- ErrorFormatter.cs
- PropertyEmitterBase.cs
- TableCell.cs
- MatrixTransform.cs
- _SSPISessionCache.cs
- ReferentialConstraintRoleElement.cs
- RegionInfo.cs
- PaginationProgressEventArgs.cs
- Int32CollectionConverter.cs
- UIPermission.cs
- DBConnectionString.cs
- TimeoutException.cs
- SizeAnimation.cs
- XmlSchemaResource.cs
- ErrorBehavior.cs
- ExtendedTransformFactory.cs
- RectValueSerializer.cs
- LogPolicy.cs
- Viewport3DAutomationPeer.cs
- ResourcesGenerator.cs
- RawStylusSystemGestureInputReport.cs
- DbFunctionCommandTree.cs
- OrCondition.cs
- InputScopeNameConverter.cs
- TriggerBase.cs
- SafeFileHandle.cs
- querybuilder.cs
- SHA512.cs
- ProcessInputEventArgs.cs
- BinaryConverter.cs
- WebPartTransformer.cs
- XmlMemberMapping.cs
- ToggleButtonAutomationPeer.cs
- HttpHandlerAction.cs
- OleDbConnection.cs
- StrongNameKeyPair.cs
- BypassElementCollection.cs
- PreviewKeyDownEventArgs.cs
- FontUnit.cs
- FigureParaClient.cs
- DataContext.cs
- GPStream.cs
- HttpWebRequestElement.cs
- NumberFunctions.cs
- BindingListCollectionView.cs
- TextBox.cs
- BindingOperations.cs
- FlowLayout.cs
- HttpCookieCollection.cs
- propertytag.cs
- MethodImplAttribute.cs
- PrintDialogDesigner.cs
- InputScopeNameConverter.cs
- CultureTableRecord.cs
- OperatingSystem.cs
- _HeaderInfo.cs
- CategoryGridEntry.cs
- PartManifestEntry.cs
- ObjectItemCachedAssemblyLoader.cs
- BaseCollection.cs
- MergeFailedEvent.cs
- BufferModeSettings.cs
- EmptyCollection.cs
- DefaultWorkflowSchedulerService.cs
- OperationBehaviorAttribute.cs