Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / ServiceModel / System / ServiceModel / FederatedMessageSecurityOverHttp.cs / 1 / FederatedMessageSecurityOverHttp.cs
//------------------------------------------------------------ // Copyright (c) Microsoft Corporation. All rights reserved. //----------------------------------------------------------- namespace System.ServiceModel { using System.Collections.ObjectModel; using System.ServiceModel.Channels; using System.Xml; using System.Net.Security; using System.IdentityModel.Tokens; using System.ServiceModel.Security; using System.ServiceModel.Security.Tokens; using System.Runtime.CompilerServices; public sealed class FederatedMessageSecurityOverHttp { internal const bool DefaultNegotiateServiceCredential = true; internal const SecurityKeyType DefaultIssuedKeyType = SecurityKeyType.SymmetricKey; bool negotiateServiceCredential; SecurityAlgorithmSuite algorithmSuite; EndpointAddress issuerAddress; EndpointAddress issuerMetadataAddress; Binding issuerBinding; CollectionclaimTypeRequirements; string issuedTokenType; SecurityKeyType issuedKeyType; Collection tokenRequestParameters; internal FederatedMessageSecurityOverHttp() { negotiateServiceCredential = DefaultNegotiateServiceCredential; algorithmSuite = SecurityAlgorithmSuite.Default; issuedKeyType = DefaultIssuedKeyType; claimTypeRequirements = new Collection (); tokenRequestParameters = new Collection (); } public bool NegotiateServiceCredential { get { return this.negotiateServiceCredential; } set { this.negotiateServiceCredential = value; } } public SecurityAlgorithmSuite AlgorithmSuite { get { return this.algorithmSuite; } set { if (value == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value"); } this.algorithmSuite = value; } } public EndpointAddress IssuerAddress { get { return this.issuerAddress; } set { this.issuerAddress = value; } } public EndpointAddress IssuerMetadataAddress { get { return this.issuerMetadataAddress; } set { this.issuerMetadataAddress = value; } } public Binding IssuerBinding { get { return this.issuerBinding; } set { this.issuerBinding = value; } } public string IssuedTokenType { get { return this.issuedTokenType; } set { this.issuedTokenType = value; } } public SecurityKeyType IssuedKeyType { get { return this.issuedKeyType; } set { if (!SecurityKeyTypeHelper.IsDefined(value)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value")); } this.issuedKeyType = value; } } public Collection ClaimTypeRequirements { get { return this.claimTypeRequirements; } } public Collection TokenRequestParameters { get { return this.tokenRequestParameters; } } [MethodImpl(MethodImplOptions.NoInlining)] internal SecurityBindingElement CreateSecurityBindingElement(bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version) { if((this.IssuedKeyType == SecurityKeyType.BearerKey) && (version.TrustVersion == TrustVersion.WSTrustFeb2005)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.BearerKeyIncompatibleWithWSFederationHttpBinding))); } SecurityBindingElement result; bool emitBspAttributes = true; IssuedSecurityTokenParameters issuedParameters = new IssuedSecurityTokenParameters(this.IssuedTokenType, this.IssuerAddress, this.IssuerBinding); issuedParameters.IssuerMetadataAddress = this.issuerMetadataAddress; issuedParameters.KeyType = this.IssuedKeyType; if (this.IssuedKeyType == SecurityKeyType.SymmetricKey) { issuedParameters.KeySize = this.AlgorithmSuite.DefaultSymmetricKeyLength; } else { issuedParameters.KeySize = 0; } foreach (ClaimTypeRequirement c in this.claimTypeRequirements) { issuedParameters.ClaimTypeRequirements.Add(c); } foreach (XmlElement p in this.TokenRequestParameters) { issuedParameters.AdditionalRequestParameters.Add(p); } WSSecurityTokenSerializer versionSpecificSerializer = new WSSecurityTokenSerializer(version.SecurityVersion, version.TrustVersion, version.SecureConversationVersion, emitBspAttributes, null, null, null); SecurityStandardsManager versionSpecificStandardsManager = new SecurityStandardsManager(version, versionSpecificSerializer); issuedParameters.AddAlgorithmParameters(this.AlgorithmSuite, versionSpecificStandardsManager, this.issuedKeyType); SecurityBindingElement issuedTokenSecurity; if (isSecureTransportMode) { issuedTokenSecurity = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(issuedParameters); } else { if (negotiateServiceCredential) { // We should have passed 'true' as RequireCancelation to be consistent with other standard bindings. // However, to limit the change for Orcas, we scope down to just newer version of WSSecurityPolicy. issuedTokenSecurity = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(issuedParameters, version.SecurityPolicyVersion != SecurityPolicyVersion.WSSecurityPolicy11); } else { issuedTokenSecurity = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(issuedParameters); } } issuedTokenSecurity.MessageSecurityVersion = version; issuedTokenSecurity.DefaultAlgorithmSuite = this.AlgorithmSuite; result = SecurityBindingElement.CreateSecureConversationBindingElement(issuedTokenSecurity, true); result.MessageSecurityVersion = version; result.DefaultAlgorithmSuite = this.AlgorithmSuite; result.IncludeTimestamp = true; if (!isReliableSession) { result.LocalServiceSettings.ReconnectTransportOnFailure = false; result.LocalClientSettings.ReconnectTransportOnFailure = false; } else { result.LocalServiceSettings.ReconnectTransportOnFailure = true; result.LocalClientSettings.ReconnectTransportOnFailure = true; } return result; } internal static bool TryCreate(SecurityBindingElement sbe, bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version, out FederatedMessageSecurityOverHttp messageSecurity) { DiagnosticUtility.DebugAssert(null != sbe, string.Empty); messageSecurity = null; // do not check local settings: sbe.LocalServiceSettings and sbe.LocalClientSettings if (!sbe.IncludeTimestamp) return false; if (sbe.SecurityHeaderLayout != SecurityProtocolFactory.defaultSecurityHeaderLayout) return false; bool emitBspAttributes = true; // Do not check MessageSecurityVersion: it maybe changed by the wrapper element and gets checked later in the SecuritySection.AreBindingsMatching() SecurityBindingElement bootstrapSecurity; if (!SecurityBindingElement.IsSecureConversationBinding(sbe, true, out bootstrapSecurity)) return false; if (isSecureTransportMode && !(bootstrapSecurity is TransportSecurityBindingElement)) return false; bool negotiateServiceCredential = DefaultNegotiateServiceCredential; IssuedSecurityTokenParameters issuedTokenParameters; if (isSecureTransportMode) { if (!SecurityBindingElement.IsIssuedTokenOverTransportBinding(bootstrapSecurity, out issuedTokenParameters)) return false; } else { // We should have passed 'true' as RequireCancelation to be consistent with other standard bindings. // However, to limit the change for Orcas, we scope down to just newer version of WSSecurityPolicy. if (SecurityBindingElement.IsIssuedTokenForSslBinding(bootstrapSecurity, version.SecurityPolicyVersion != SecurityPolicyVersion.WSSecurityPolicy11, out issuedTokenParameters)) negotiateServiceCredential = true; else if (SecurityBindingElement.IsIssuedTokenForCertificateBinding(bootstrapSecurity, out issuedTokenParameters)) negotiateServiceCredential = false; else return false; } if ((issuedTokenParameters.KeyType == SecurityKeyType.BearerKey) && (version.TrustVersion == TrustVersion.WSTrustFeb2005)) { return false; } Collection nonAlgorithmRequestParameters; WSSecurityTokenSerializer versionSpecificSerializer = new WSSecurityTokenSerializer(version.SecurityVersion, version.TrustVersion, version.SecureConversationVersion, emitBspAttributes, null, null, null); SecurityStandardsManager versionSpecificStandardsManager = new SecurityStandardsManager(version, versionSpecificSerializer); if (!issuedTokenParameters.DoAlgorithmsMatch(sbe.DefaultAlgorithmSuite, versionSpecificStandardsManager, out nonAlgorithmRequestParameters)) { return false; } messageSecurity = new FederatedMessageSecurityOverHttp(); messageSecurity.AlgorithmSuite = sbe.DefaultAlgorithmSuite; messageSecurity.NegotiateServiceCredential = negotiateServiceCredential; messageSecurity.IssuedTokenType = issuedTokenParameters.TokenType; messageSecurity.IssuerAddress = issuedTokenParameters.IssuerAddress; messageSecurity.IssuerBinding = issuedTokenParameters.IssuerBinding; messageSecurity.IssuerMetadataAddress = issuedTokenParameters.IssuerMetadataAddress; messageSecurity.IssuedKeyType = issuedTokenParameters.KeyType; foreach (ClaimTypeRequirement c in issuedTokenParameters.ClaimTypeRequirements) { messageSecurity.ClaimTypeRequirements.Add(c); } foreach (XmlElement p in nonAlgorithmRequestParameters) { messageSecurity.TokenRequestParameters.Add(p); } if (issuedTokenParameters.AlternativeIssuerEndpoints != null && issuedTokenParameters.AlternativeIssuerEndpoints.Count > 0) { return false; } return true; } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- BlockUIContainer.cs
- EncryptedData.cs
- CaseStatement.cs
- BidOverLoads.cs
- HijriCalendar.cs
- ResourcesBuildProvider.cs
- HttpModulesSection.cs
- ResourceProviderFactory.cs
- UpdatePanelTriggerCollection.cs
- RemoteWebConfigurationHostStream.cs
- SelfIssuedAuthAsymmetricKey.cs
- IChannel.cs
- ColumnHeaderConverter.cs
- Bitmap.cs
- GradientBrush.cs
- WriteTimeStream.cs
- LogRecordSequence.cs
- HtmlInputSubmit.cs
- FacetDescription.cs
- MembershipUser.cs
- TypeInitializationException.cs
- BufferedOutputStream.cs
- CodeCommentStatementCollection.cs
- FormatterServices.cs
- WebEventTraceProvider.cs
- securitymgrsite.cs
- TextRange.cs
- ScrollProviderWrapper.cs
- ButtonBaseAdapter.cs
- PageBreakRecord.cs
- compensatingcollection.cs
- PopupEventArgs.cs
- ChildTable.cs
- DataSvcMapFileSerializer.cs
- OracleFactory.cs
- ComponentChangingEvent.cs
- PageAdapter.cs
- CodeAccessPermission.cs
- EditorPartCollection.cs
- ShortcutKeysEditor.cs
- WebReferenceOptions.cs
- WhitespaceRule.cs
- SoapServerProtocol.cs
- ApplicationCommands.cs
- RequestTimeoutManager.cs
- ColumnWidthChangedEvent.cs
- DynamicObject.cs
- TypeValidationEventArgs.cs
- UrlMappingsModule.cs
- NameValueFileSectionHandler.cs
- SymbolEqualComparer.cs
- XmlSchemaGroupRef.cs
- Timer.cs
- XPathConvert.cs
- WorkflowInstance.cs
- UniqueIdentifierService.cs
- Header.cs
- SoapFormatter.cs
- DynamicRendererThreadManager.cs
- BitConverter.cs
- TextEvent.cs
- GenericPrincipal.cs
- ClientWindowsAuthenticationMembershipProvider.cs
- StringUtil.cs
- WebPartConnectionsCloseVerb.cs
- OleDbMetaDataFactory.cs
- ImageConverter.cs
- XmlStringTable.cs
- ConnectionPointCookie.cs
- BindingListCollectionView.cs
- PartManifestEntry.cs
- TagMapInfo.cs
- DBDataPermission.cs
- CollectionTypeElement.cs
- UnknownWrapper.cs
- CalendarDesigner.cs
- Expander.cs
- SequenceDesigner.cs
- ProvidersHelper.cs
- BamlBinaryReader.cs
- TypeConverterAttribute.cs
- MLangCodePageEncoding.cs
- DataGridViewTopRowAccessibleObject.cs
- OneOfScalarConst.cs
- _DomainName.cs
- EntryIndex.cs
- HtmlInputRadioButton.cs
- SHA1CryptoServiceProvider.cs
- SqlInternalConnectionSmi.cs
- Int16Converter.cs
- RowUpdatingEventArgs.cs
- MemberMaps.cs
- HttpModuleActionCollection.cs
- FormParameter.cs
- UnsafeNativeMethodsMilCoreApi.cs
- ByteAnimationUsingKeyFrames.cs
- Win32SafeHandles.cs
- ConfigurationHelpers.cs
- ContourSegment.cs
- EnvelopedSignatureTransform.cs