TransportSecurityBindingElement.cs source code in C# .NET

Source code for the .NET framework in C#

                        

Code:

/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / ServiceModel / System / ServiceModel / Channels / TransportSecurityBindingElement.cs / 1 / TransportSecurityBindingElement.cs

                            //------------------------------------------------------------------------------ 
// Copyright (c) Microsoft Corporation.  All rights reserved.
//-----------------------------------------------------------------------------
namespace System.ServiceModel.Channels
{ 
    using System;
    using System.ServiceModel.Description; 
    using System.Xml; 
    using System.Collections.Generic;
    using System.Runtime.Serialization; 
    using System.ServiceModel;
    using System.ServiceModel.Security;
    using System.ServiceModel.Security.Tokens;
 
    using System.Net.Security;
 
    public sealed class TransportSecurityBindingElement : SecurityBindingElement, IPolicyExportExtension 
    {
        public TransportSecurityBindingElement() 
            : base()
        {
            this.LocalClientSettings.DetectReplays = this.LocalServiceSettings.DetectReplays = false;
        } 

        TransportSecurityBindingElement(TransportSecurityBindingElement elementToBeCloned) 
            : base(elementToBeCloned) 
        {
            // empty 
        }

        internal override ISecurityCapabilities GetIndividualISecurityCapabilities()
        { 
            bool supportsClientAuthentication;
            bool supportsClientWindowsIdentity; 
            GetSupportingTokensCapabilities(out supportsClientAuthentication, out supportsClientWindowsIdentity); 
            return new SecurityCapabilities(supportsClientAuthentication, false, supportsClientWindowsIdentity,
                ProtectionLevel.None, ProtectionLevel.None); 
        }

        internal override bool SessionMode
        { 
            get
            { 
                SecureConversationSecurityTokenParameters scParameters = null; 
                if (this.EndpointSupportingTokenParameters.Endorsing.Count > 0)
                    scParameters = this.EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters; 
                if (scParameters != null)
                    return scParameters.RequireCancellation;
                else
                    return false; 
            }
        } 
 
        internal override bool SupportsDuplex
        { 
            get { return true; }
        }

        internal override bool SupportsRequestReply 
        {
            get { return true; } 
        } 

        internal override SecurityProtocolFactory CreateSecurityProtocolFactory(BindingContext context, SecurityCredentialsManager credentialsManager, bool isForService, BindingContext issuerBindingContext) 
        {
            if (context == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");
            if (credentialsManager == null) 
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("credentialsManager");
 
            TransportSecurityProtocolFactory protocolFactory = new TransportSecurityProtocolFactory(); 
            if (isForService)
                base.ApplyAuditBehaviorSettings(context, protocolFactory); 
            base.ConfigureProtocolFactory(protocolFactory, credentialsManager, isForService, issuerBindingContext, context.Binding);
            protocolFactory.DetectReplays = false;

            return protocolFactory; 
        }
 
        protected override IChannelFactory BuildChannelFactoryCore(BindingContext context) 
        {
            ISecurityCapabilities securityCapabilities = this.GetProperty(context); 
            SecurityCredentialsManager credentialsManager = context.BindingParameters.Find();
            if (credentialsManager == null)
            {
                credentialsManager = ClientCredentials.CreateDefaultCredentials(); 
            }
 
            SecureConversationSecurityTokenParameters scParameters = null; 
            if (this.EndpointSupportingTokenParameters.Endorsing.Count > 0)
            { 
                scParameters = this.EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters;
            }

            // This adds the demuxer element to the context 
            ChannelBuilder channelBuilder = new ChannelBuilder(context, RequiresChannelDemuxer());
            BindingContext issuerBindingContext = context.Clone(); 
 
            SecurityChannelFactory channelFactory;
            if (scParameters != null) 
            {
                if (scParameters.BootstrapSecurityBindingElement == null)
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SecureConversationSecurityTokenParametersRequireBootstrapBinding)));
 
                scParameters.IssuerBindingContext = issuerBindingContext;
                if (scParameters.RequireCancellation) 
                { 
                    SessionSymmetricTransportSecurityProtocolFactory sessionFactory = new SessionSymmetricTransportSecurityProtocolFactory();
                    sessionFactory.SecurityTokenParameters = scParameters.Clone(); 
                    ((SecureConversationSecurityTokenParameters)sessionFactory.SecurityTokenParameters).IssuerBindingContext = issuerBindingContext;
                    this.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0);
                    try
                    { 
                        base.ConfigureProtocolFactory(sessionFactory, credentialsManager, false, issuerBindingContext, context.Binding);
                    } 
                    finally 
                    {
                        this.EndpointSupportingTokenParameters.Endorsing.Insert(0, scParameters); 
                    }

                    SecuritySessionClientSettings sessionClientSettings = new SecuritySessionClientSettings();
                    sessionClientSettings.ChannelBuilder = channelBuilder; 
                    sessionClientSettings.KeyRenewalInterval = this.LocalClientSettings.SessionKeyRenewalInterval;
                    sessionClientSettings.KeyRolloverInterval = this.LocalClientSettings.SessionKeyRolloverInterval; 
                    sessionClientSettings.TolerateTransportFailures = this.LocalClientSettings.ReconnectTransportOnFailure; 
                    sessionClientSettings.IssuedSecurityTokenParameters = scParameters.Clone();
                    ((SecureConversationSecurityTokenParameters)sessionClientSettings.IssuedSecurityTokenParameters).IssuerBindingContext = issuerBindingContext; 
                    sessionClientSettings.SecurityStandardsManager = sessionFactory.StandardsManager;
                    sessionClientSettings.SessionProtocolFactory = sessionFactory;
                    channelFactory = new SecurityChannelFactory(securityCapabilities, context, sessionClientSettings);
                } 
                else
                { 
                    TransportSecurityProtocolFactory protocolFactory = new TransportSecurityProtocolFactory(); 
                    this.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0);
                    try 
                    {
                        base.ConfigureProtocolFactory(protocolFactory, credentialsManager, false, issuerBindingContext, context.Binding);
                        SecureConversationSecurityTokenParameters acceleratedTokenParameters = (SecureConversationSecurityTokenParameters) scParameters.Clone();
                        acceleratedTokenParameters.IssuerBindingContext = issuerBindingContext; 
                        protocolFactory.SecurityBindingElement.EndpointSupportingTokenParameters.Endorsing.Insert(0, acceleratedTokenParameters);
                    } 
                    finally 
                    {
                        this.EndpointSupportingTokenParameters.Endorsing.Insert(0, scParameters); 
                    }

                    channelFactory = new SecurityChannelFactory(securityCapabilities, context, channelBuilder, protocolFactory);
                } 
            }
            else 
            { 
                SecurityProtocolFactory protocolFactory = this.CreateSecurityProtocolFactory(
                    context, credentialsManager, false, issuerBindingContext); 
                channelFactory = new SecurityChannelFactory(securityCapabilities, context, channelBuilder, protocolFactory);
            }

            return channelFactory; 
        }
 
        protected override IChannelListener BuildChannelListenerCore(BindingContext context) 
        {
            SecurityChannelListener channelListener = new SecurityChannelListener(this, context); 

            SecurityCredentialsManager credentialsManager = context.BindingParameters.Find();
            if (credentialsManager == null)
                credentialsManager = ServiceCredentials.CreateDefaultCredentials(); 

            SecureConversationSecurityTokenParameters scParameters; 
            if (this.EndpointSupportingTokenParameters.Endorsing.Count > 0) 
                scParameters = this.EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters;
            else 
                scParameters = null;

            ChannelBuilder channelBuilder = new ChannelBuilder(context, RequiresChannelDemuxer());
            BindingContext issuerBindingContext = context.Clone(); 
            if (scParameters != null)
            { 
                if (scParameters.BootstrapSecurityBindingElement == null) 
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SecureConversationSecurityTokenParametersRequireBootstrapBinding)));
 
                AddDemuxerForSecureConversation(channelBuilder, issuerBindingContext);

                if (scParameters.RequireCancellation)
                { 
                    SessionSymmetricTransportSecurityProtocolFactory sessionFactory = new SessionSymmetricTransportSecurityProtocolFactory();
                    base.ApplyAuditBehaviorSettings(context, sessionFactory); 
                    sessionFactory.SecurityTokenParameters = scParameters.Clone(); 
                    ((SecureConversationSecurityTokenParameters)sessionFactory.SecurityTokenParameters).IssuerBindingContext = issuerBindingContext;
                    this.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0); 
                    try
                    {
                        base.ConfigureProtocolFactory(sessionFactory, credentialsManager, true, issuerBindingContext, context.Binding);
                    } 
                    finally
                    { 
                        this.EndpointSupportingTokenParameters.Endorsing.Insert(0, scParameters); 
                    }
 
                    channelListener.SessionMode = true;
                    channelListener.SessionServerSettings.InactivityTimeout = this.LocalServiceSettings.InactivityTimeout;
                    channelListener.SessionServerSettings.KeyRolloverInterval = this.LocalServiceSettings.SessionKeyRolloverInterval;
                    channelListener.SessionServerSettings.MaximumPendingSessions = this.LocalServiceSettings.MaxPendingSessions; 
                    channelListener.SessionServerSettings.MaximumKeyRenewalInterval = this.LocalServiceSettings.SessionKeyRenewalInterval;
                    channelListener.SessionServerSettings.TolerateTransportFailures = this.LocalServiceSettings.ReconnectTransportOnFailure; 
                    channelListener.SessionServerSettings.IssuedSecurityTokenParameters = scParameters.Clone(); 
                    ((SecureConversationSecurityTokenParameters)channelListener.SessionServerSettings.IssuedSecurityTokenParameters).IssuerBindingContext = issuerBindingContext;
                    channelListener.SessionServerSettings.SecurityStandardsManager = sessionFactory.StandardsManager; 
                    channelListener.SessionServerSettings.SessionProtocolFactory = sessionFactory;

                    // pass in the error handler for handling unknown security sessions - dont do this if the underlying channel is duplex since sending
                    // back faults in response to badly secured requests over duplex can result in DoS. 
                    if (context.BindingParameters != null && context.BindingParameters.Find() == null
                        && !IsUnderlyingListenerDuplex(context)) 
                    { 
                        context.BindingParameters.Add(new SecuritySessionServerSettings.SecuritySessionDemuxFailureHandler(sessionFactory.StandardsManager));
                    } 
                }
                else
                {
                    TransportSecurityProtocolFactory protocolFactory = new TransportSecurityProtocolFactory(); 
                    base.ApplyAuditBehaviorSettings(context, protocolFactory);
                    this.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0); 
                    try 
                    {
                        base.ConfigureProtocolFactory(protocolFactory, credentialsManager, true, issuerBindingContext, context.Binding); 
                        SecureConversationSecurityTokenParameters acceleratedTokenParameters = (SecureConversationSecurityTokenParameters) scParameters.Clone();
                        acceleratedTokenParameters.IssuerBindingContext = issuerBindingContext;
                        protocolFactory.SecurityBindingElement.EndpointSupportingTokenParameters.Endorsing.Insert(0, acceleratedTokenParameters);
                    } 
                    finally
                    { 
                        this.EndpointSupportingTokenParameters.Endorsing.Insert(0, scParameters); 
                    }
 
                    channelListener.SecurityProtocolFactory = protocolFactory;
                }
            }
            else 
            {
                SecurityProtocolFactory protocolFactory = this.CreateSecurityProtocolFactory(context, credentialsManager, true, issuerBindingContext); 
                channelListener.SecurityProtocolFactory = protocolFactory; 
            }
 
            channelListener.InitializeListener(channelBuilder);

            return channelListener;
        } 

        public override T GetProperty(BindingContext context) 
        { 
            if (context == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context"); 

            if (typeof(T) == typeof(ChannelProtectionRequirements))
            {
                AddressingVersion addressing = MessageVersion.Default.Addressing; 
#pragma warning suppress 56506
                MessageEncodingBindingElement encoding = context.Binding.Elements.Find(); 
                if (encoding != null) 
                {
                    addressing = encoding.MessageVersion.Addressing; 
                }

                ChannelProtectionRequirements myRequirements = base.GetProtectionRequirements(addressing, ProtectionLevel.EncryptAndSign);
                myRequirements.Add(context.GetInnerProperty()??new ChannelProtectionRequirements()); 
                return (T)(object)myRequirements;
            } 
            else 
            {
                return base.GetProperty(context); 
            }
        }

        public override BindingElement Clone() 
        {
            return new TransportSecurityBindingElement(this); 
        } 

 
        void IPolicyExportExtension.ExportPolicy(MetadataExporter exporter, PolicyConversionContext policyContext)
        {
            if (exporter == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("exporter"); 
            if (policyContext == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("policyContext"); 
 
            if (policyContext.BindingElements.Find() == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ExportOfBindingWithTransportSecurityBindingElementAndNoTransportSecurityNotSupported))); 

            // the ITransportTokenAssertionProvider will perform the acutal export steps.
        }
    } 
}

// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// Copyright (c) Microsoft Corporation. All rights reserved.


                        

Link Menu

Network programming in C#, Network Programming in VB.NET, Network Programming in .NET
This book is available now!
Buy at Amazon US or
Buy at Amazon UK