Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / TransactionBridge / Microsoft / Transactions / Wsat / Messaging / Security.cs / 1 / Security.cs
//------------------------------------------------------------------------------ // Copyright (c) Microsoft Corporation. All rights reserved. //----------------------------------------------------------------------------- // Define some helper functions used for security using System; using System.ServiceModel; using System.Collections.Generic; using System.Collections.ObjectModel; using System.Diagnostics; using System.DirectoryServices.ActiveDirectory; using System.Globalization; using System.Net; using System.Net.Security; using System.IdentityModel.Claims; using System.IdentityModel.Policy; using System.IdentityModel.Tokens; using System.IdentityModel.Selectors; using System.Security.Cryptography; using System.Security.Cryptography.X509Certificates; using System.Security.Permissions; using System.Security.Principal; using System.Runtime.Serialization; using System.ServiceModel.Channels; using System.ServiceModel.Security; using System.ServiceModel.Security.Tokens; using System.ServiceModel.Transactions; using System.Text; using System.Transactions; using System.Xml; using DiagnosticUtility = Microsoft.Transactions.Bridge.DiagnosticUtility; using Microsoft.Transactions.Wsat.Protocol; namespace Microsoft.Transactions.Wsat.Messaging { class CoordinationServiceSecurity { IdentityVerifier identityVerifier = IdentityVerifier.CreateDefault(); static SecurityContextSecurityTokenParameters securityContextSecurityTokenParameters; public static SecurityContextSecurityTokenParameters SecurityContextSecurityTokenParameters { get { if (securityContextSecurityTokenParameters == null) securityContextSecurityTokenParameters = new SecurityContextSecurityTokenParameters(); return securityContextSecurityTokenParameters; } } static DataContractSerializer identifierElementSerializer10; static DataContractSerializer identifierElementSerializer11; static DataContractSerializer IdentifierElementSerializer(ProtocolVersion protocolVersion) { ProtocolVersionHelper.AssertProtocolVersion(protocolVersion, typeof(CoordinationServiceSecurity), "IdentifierElementSerializer"); //assert valid protocol version switch (protocolVersion) { case ProtocolVersion.Version10 : if (identifierElementSerializer10 == null) identifierElementSerializer10 = new DataContractSerializer(typeof(IdentifierElement10)); return identifierElementSerializer10; case ProtocolVersion.Version11 : if (identifierElementSerializer11 == null) identifierElementSerializer11 = new DataContractSerializer(typeof(IdentifierElement11)); return identifierElementSerializer11; default: return null; // inaccessible path because we have asserted the protocol version } } // // Issued tokens / supporting tokens // static byte[] Label = Encoding.UTF8.GetBytes("WS-AT Supporting Token"); static SecurityStandardsManager SecurityStandardsManager2007 = CreateStandardsManager(MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12); static SecurityStandardsManager CreateStandardsManager(MessageSecurityVersion securityVersion) { return new SecurityStandardsManager( securityVersion, new WSSecurityTokenSerializer(securityVersion.SecurityVersion, securityVersion.TrustVersion, securityVersion.SecureConversationVersion, false, null, null, null)); } static SecurityStandardsManager CreateStandardsManager(ProtocolVersion protocolVersion) { ProtocolVersionHelper.AssertProtocolVersion(protocolVersion, typeof(CoordinationServiceSecurity), "CreateStandardsManager"); switch (protocolVersion) { case ProtocolVersion.Version10: return SecurityStandardsManager.DefaultInstance; case ProtocolVersion.Version11: return CoordinationServiceSecurity.SecurityStandardsManager2007; default: return null; // inaccessible path because we have asserted the protocol version } } //======================================================================================= public static byte[] DeriveIssuedTokenKey(Guid transactionId, string sctId) { return Psha1DerivedKeyGeneratorHelper.GenerateDerivedKey(transactionId.ToByteArray(), Label, Encoding.UTF8.GetBytes(sctId), SecurityAlgorithmSuite.Default.DefaultSymmetricKeyLength, 0); } //======================================================================================= public static void CreateIssuedToken(Guid transactionId, string coordinationContextId, ProtocolVersion protocolVersion, out RequestSecurityTokenResponse issuedToken, out string sctId) { sctId = CoordinationContext.CreateNativeIdentifier(Guid.NewGuid()); byte[] derivedKey = DeriveIssuedTokenKey(transactionId, sctId); DateTime now = DateTime.UtcNow; SecurityContextSecurityToken sct = new SecurityContextSecurityToken(new UniqueId(sctId), derivedKey, now, now + TimeSpan.FromDays(100 * 365)); BinarySecretSecurityToken proof = new BinarySecretSecurityToken(derivedKey); SecurityStandardsManager standardsManager = CreateStandardsManager(protocolVersion); RequestSecurityTokenResponse rstr = new RequestSecurityTokenResponse(standardsManager); rstr.TokenType = standardsManager.SecureConversationDriver.TokenTypeUri; rstr.RequestedUnattachedReference = SecurityContextSecurityTokenParameters.CreateKeyIdentifierClause(sct, SecurityTokenReferenceStyle.External); rstr.RequestedAttachedReference = SecurityContextSecurityTokenParameters.CreateKeyIdentifierClause(sct, SecurityTokenReferenceStyle.Internal); rstr.RequestedSecurityToken = sct; rstr.RequestedProofToken = proof; DataContractSerializer identifierElementSerializer = IdentifierElementSerializer(protocolVersion); ProtocolVersionHelper.AssertProtocolVersion(protocolVersion, typeof(CoordinationServiceSecurity), "CreateIssuedToken"); //assert valid protocol version switch(protocolVersion) { case ProtocolVersion.Version10 : rstr.SetAppliesTo(new IdentifierElement10(coordinationContextId), identifierElementSerializer); break; case ProtocolVersion.Version11 : rstr.SetAppliesTo (new IdentifierElement11(coordinationContextId), identifierElementSerializer); break; default : break; // inaccessible path because we have asserted the protocol version } rstr.MakeReadOnly(); if (DebugTrace.Verbose) { DebugTrace.Trace(TraceLevel.Verbose, "Created issued token with id {0} for transaction {1}", sctId, transactionId); } issuedToken = rstr; } //======================================================================================== public static void AddIssuedToken(Message message, RequestSecurityTokenResponse rstr) { TransactionFlowProperty transactionFlowProp = TransactionFlowProperty.Ensure(message); transactionFlowProp.IssuedTokens.Add(rstr); if (DebugTrace.Verbose) { DebugTrace.Trace(TraceLevel.Verbose, "Added issued token to message"); } } //======================================================================================= // This function can throw XmlException public static RequestSecurityTokenResponse GetIssuedToken(Message message, string identifier, ProtocolVersion protocolVersion) { ICollection rstrCollection = TransactionFlowProperty.TryGetIssuedTokens(message); if (rstrCollection == null) { if (DebugTrace.Verbose) DebugTrace.Trace(TraceLevel.Verbose, "No issued tokens found in message"); return null; } string coordIdentifier = CoordinationStrings.Version(protocolVersion).Identifier; string coordNamespace = CoordinationStrings.Version(protocolVersion).Namespace; foreach (RequestSecurityTokenResponse rstr in rstrCollection) { string name, ns; rstr.GetAppliesToQName(out name, out ns); if (name == coordIdentifier && ns == coordNamespace) { if (DebugTrace.Verbose) DebugTrace.Trace(TraceLevel.Verbose, "Found issued token in message"); try { IdentifierElement id = null; DataContractSerializer identifierElementSerializer = IdentifierElementSerializer(protocolVersion); ProtocolVersionHelper.AssertProtocolVersion(protocolVersion, typeof(CoordinationServiceSecurity), "GetIssuedToken"); //assert valid protocol version switch (protocolVersion) { case ProtocolVersion.Version10 : id = rstr.GetAppliesTo (identifierElementSerializer); break; case ProtocolVersion.Version11 : id = rstr.GetAppliesTo (identifierElementSerializer); break; // no default - we have asserted the protocol version } // Make sure the identifier matches the expected value if (id.Identifier != identifier) { if (DebugTrace.Error) DebugTrace.Trace(TraceLevel.Error, "Issued token identifier does not match expected {0}", identifier); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new XmlException(SR.GetString(SR.IssuedTokenIdentifierMismatch))); } } catch (SerializationException e) { if (DebugTrace.Error) DebugTrace.Trace(TraceLevel.Error, "Issued token AppliesTo element could not be deserialized: {0}", e.Message); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new XmlException(e.Message, e)); } return rstr; } } if (DebugTrace.Verbose) DebugTrace.Trace(TraceLevel.Verbose, "No matching issued token found in message"); return null; } //======================================================================================== public static void AddSupportingToken(Message message, RequestSecurityTokenResponse rstr) { // Currently, we only support a binary secret as the proof of RSTR GenericXmlSecurityToken supportingToken = rstr.GetIssuedToken(null, null, SecurityKeyEntropyMode.ServerEntropy, null, null, null); SecurityMessageProperty property = new SecurityMessageProperty(); SupportingTokenSpecification spec = new SupportingTokenSpecification(supportingToken, new List ().AsReadOnly(), SecurityTokenAttachmentMode.Endorsing, SecurityContextSecurityTokenParameters); property.OutgoingSupportingTokens.Add(spec); message.Properties.Security = property; if (DebugTrace.Verbose) { DebugTrace.Trace (TraceLevel.Verbose, "Attached supporting token {0} to register message", rstr.Context); } } // // Per-enlistment security // //======================================================================================== public static string GetSenderName (Message message) { return GetSenderName(message.Properties); } //======================================================================================= public static string GetSenderName (MessageProperties messageProperties) { SecurityMessageProperty securityMessageProperty = messageProperties.Security; if (securityMessageProperty == null) { return "anonymous"; } ServiceSecurityContext securityContext = securityMessageProperty.ServiceSecurityContext; if (securityContext == null || securityContext.IsAnonymous) { return "anonymous"; } IIdentity identity = securityContext.PrimaryIdentity; if (identity != null) { return identity.Name; } return securityContext.PrimaryIdentity.ToString(); } //======================================================================================== public bool CheckIdentity(Proxy proxy, Message message) { EndpointAddress service = proxy.To; bool access = this.identityVerifier.CheckAccess(service, message); TraceCheckIdentityResult(access, service, message); return access; } //======================================================================================= void TraceCheckIdentityResult(bool access, EndpointAddress service, Message message) { if (DebugTrace.Verbose) { if (DebugTrace.Pii) { string sender = GetSenderName(message); if (access) { DebugTrace.Trace(TraceLevel.Verbose, "Access granted by identity verifier to {0}", sender); } else { DebugTrace.Trace(TraceLevel.Verbose, "Access denied by identity verifier to {0}, expected {1}", sender, service.Identity == null ? service.Uri.AbsoluteUri : service.Identity.ToString()); } } else { if (access) { DebugTrace.Trace(TraceLevel.Verbose, "Access granted by identity verifier"); } else { DebugTrace.Trace(TraceLevel.Verbose, "Access denied by identity verifier"); } } } } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- BitmapVisualManager.cs
- TableCellCollection.cs
- Int16.cs
- Rss20ItemFormatter.cs
- Authorization.cs
- CodeObject.cs
- WebResponse.cs
- FlatButtonAppearance.cs
- ScriptingWebServicesSectionGroup.cs
- EntityViewGenerator.cs
- ParseElementCollection.cs
- CharEnumerator.cs
- Clipboard.cs
- TaiwanLunisolarCalendar.cs
- DataGridViewCellStateChangedEventArgs.cs
- PerfCounterSection.cs
- PropertyToken.cs
- OfTypeExpression.cs
- HeaderPanel.cs
- ImageKeyConverter.cs
- EnumMemberAttribute.cs
- ClientSettingsProvider.cs
- WebPartDisplayModeCancelEventArgs.cs
- OracleCommandBuilder.cs
- ListItemConverter.cs
- StringKeyFrameCollection.cs
- TryCatch.cs
- Label.cs
- StringFormat.cs
- SplineKeyFrames.cs
- QilIterator.cs
- AppDomainFactory.cs
- RangeValidator.cs
- HtmlControlPersistable.cs
- ReachFixedPageSerializer.cs
- Mutex.cs
- CounterSetInstance.cs
- ValidationEventArgs.cs
- TransformCollection.cs
- ToolStripManager.cs
- XmlElementAttribute.cs
- SmiEventSink_DeferedProcessing.cs
- UIElementIsland.cs
- DateTimeConverter2.cs
- AssemblySettingAttributes.cs
- Application.cs
- LocalizationComments.cs
- xmlfixedPageInfo.cs
- StaticResourceExtension.cs
- Timer.cs
- TransactionScope.cs
- SchemaElementLookUpTable.cs
- HiddenFieldPageStatePersister.cs
- FontUnit.cs
- SecurityStateEncoder.cs
- GradientBrush.cs
- UnauthorizedWebPart.cs
- PiiTraceSource.cs
- AutomationPropertyInfo.cs
- EntityContainerEmitter.cs
- ColumnResizeUndoUnit.cs
- SchemaEntity.cs
- SplitterEvent.cs
- RenderTargetBitmap.cs
- TextRangeSerialization.cs
- Run.cs
- WSFederationHttpSecurityElement.cs
- DataGridViewButtonColumn.cs
- NewExpression.cs
- MatrixCamera.cs
- GridViewPageEventArgs.cs
- Attributes.cs
- ConfigXmlDocument.cs
- XmlSerializerAssemblyAttribute.cs
- HtmlInputButton.cs
- TransactionManager.cs
- ToolStripDropDownItem.cs
- GiveFeedbackEventArgs.cs
- VirtualPathProvider.cs
- InternalControlCollection.cs
- FormConverter.cs
- MessageCredentialType.cs
- FontInfo.cs
- BamlResourceContent.cs
- DataGridViewIntLinkedList.cs
- XmlNamespaceDeclarationsAttribute.cs
- FontTypeConverter.cs
- CapabilitiesSection.cs
- CompatibleIComparer.cs
- SslStream.cs
- DocumentViewer.cs
- FeatureAttribute.cs
- ValueQuery.cs
- RotateTransform3D.cs
- MimeParameterWriter.cs
- ClrProviderManifest.cs
- DocumentOrderQuery.cs
- DatatypeImplementation.cs
- CssStyleCollection.cs
- SqlColumnizer.cs