Code:
/ 4.0 / 4.0 / DEVDIV_TFS / Dev10 / Releases / RTMRel / wpf / src / Core / CSharp / MS / Internal / AppModel / CustomCredentialPolicy.cs / 1305600 / CustomCredentialPolicy.cs
//------------------------------------------------------------------------------
//
//
// Copyright (C) Microsoft Corporation. All rights reserved.
//
//
// Description:
//
// This creates and registers a custom ICredentialPolicy that will be used
// whenever a server sends a 401 UNAUTHORIZED in response to a WebRequest. The
// .NET framework will call ShouldSendCredential to determine if credentials
// should be sent.
//
// Our policy is to go ahead and send whatever credentials there might be,
// EXCEPT if we are using default credentials and the request is not going to
// an Intranet, Local Machine or Trusted domain.
//
//!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
// IMPORTANT: We are creating an instance of IInternetSecurityManager here. This
// is currently also done in the AppSecurityManager at the Framework level. Any
// modification to either of these classes--especially concerning MapUrlToZone--
// should be considered for both classes.
//!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
//
// An IInternetSecurityManagerSite is not currently needed here, because the
// only method of IInternetSecurityManager that we are calling is MapUrlToZone,
// and that does not prompt the user.
//
// History:
// 03/15/2006: [....] - Initial creation.
//-----------------------------------------------------------------------------
using System;
using System.Collections.Generic;
using System.Net;
using System.Runtime.InteropServices;
using System.Security;
using System.Security.Permissions;
using MS.Internal.PresentationCore;
using MS.Win32;
namespace MS.Internal.AppModel
{
[FriendAccessAllowed]
internal class CustomCredentialPolicy : ICredentialPolicy
{
///
/// Critical - Accesses critical members
/// PublicOK - Nothing is exposed, and nothing depends on user input. We're just creating objects for use later.
///
[SecurityCritical, SecurityTreatAsSafe]
static CustomCredentialPolicy()
{
_lockObj = new object();
_initialized = false;
}
///
/// Critical - Access critical member _environmentPermissionSet
/// PublicOK - Nothing is exposed, and nothing depends on user input. We're just creating objects for use later.
///
[SecurityCritical, SecurityTreatAsSafe]
public CustomCredentialPolicy()
{
_environmentPermissionSet = new PermissionSet(null);
_environmentPermissionSet.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERDOMAIN"));
_environmentPermissionSet.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME"));
}
///
/// Critical - Asserts for permission to set the credential policy.
/// TreatAsSafe - Nothing is exposed. This method is safe to call at any time.
///
[SecurityCritical, SecurityTreatAsSafe]
static internal void EnsureCustomCredentialPolicy()
{
if (!_initialized)
{
lock (_lockObj)
{
if (!_initialized)
{
new SecurityPermission(SecurityPermissionFlag.ControlPolicy).Assert(); // BlessedAssert:
try
{
// We should allow an application to set its own credential policy, if it has permssion to.
// We do not want to overwrite the application's setting.
// Check whether it is already set before setting it.
// The default of this property is null. It demands ControlPolicy permission to be set.
if (AuthenticationManager.CredentialPolicy == null)
{
AuthenticationManager.CredentialPolicy = new CustomCredentialPolicy();
}
_initialized = true;
}
finally
{
CodeAccessPermission.RevertAssert();
}
}
}
}
}
#region ICredentialPolicy Members
///
/// Critical - Calls SecurityCritical method IsDefaultCredentials.
/// TreatAsSafe - This is called by the framework to determine if credentials should be sent
/// in response to the server sending a 401. The challengUri and request are
/// coming from the app; the credential and authenticationModule are coming
/// from the framework. The only ouput is whether or not credentials should
/// be sent, which is not critical.
///
[SecurityCritical, SecurityTreatAsSafe]
public bool ShouldSendCredential(Uri challengeUri, WebRequest request, NetworkCredential credential, IAuthenticationModule authenticationModule)
{
switch (MapUrlToZone(challengeUri))
{
// Always send credentials (including default credentials) to these zones
case SecurityZone.Intranet:
case SecurityZone.Trusted:
case SecurityZone.MyComputer:
return true;
// Don't send default credentials to any of these zones
case SecurityZone.Internet:
case SecurityZone.Untrusted:
default:
return !IsDefaultCredentials(credential);
}
}
#endregion
///
/// Critical - Asserts for permission to examine the user name and password. They are
/// only checked to see if they are non-null, and not exposed, but the
/// fact that default credential are being used and are available might
/// something we would not want revealed, which is why it is not TAS.
///
[SecurityCritical]
private bool IsDefaultCredentials(NetworkCredential credential)
{
_environmentPermissionSet.Assert(); // BlessedAssert:
try
{
return credential == CredentialCache.DefaultCredentials;
}
finally
{
CodeAccessPermission.RevertAssert();
}
}
///
/// Critical - Call critical method MapUrlToZone.
/// TreatAsSafe - Returns the zone of the uri, which is not critical.
///
[SecurityCritical, SecurityTreatAsSafe]
internal static SecurityZone MapUrlToZone(Uri uri)
{
EnsureSecurityManager();
int targetZone;
_securityManager.MapUrlToZone(BindUriHelper.UriToString(uri), out targetZone, 0);
// The enum is directly mappable, but taking no chances...
switch (targetZone)
{
case NativeMethods.URLZONE_LOCAL_MACHINE:
return SecurityZone.MyComputer;
case NativeMethods.URLZONE_INTERNET:
return SecurityZone.Internet;
case NativeMethods.URLZONE_INTRANET:
return SecurityZone.Intranet;
case NativeMethods.URLZONE_TRUSTED:
return SecurityZone.Trusted;
case NativeMethods.URLZONE_UNTRUSTED:
return SecurityZone.Untrusted;
}
return SecurityZone.NoZone;
}
///
/// Critical - Accesses critical member _securityManager and calls the SUC'd MapUrlToZone.
/// TreatAsSafe - Doesn't expose anything, doesn't take user input, safe to call at any time.
///
[SecurityCritical, SecurityTreatAsSafe]
private static void EnsureSecurityManager()
{
// IMPORTANT: See comments in header r.e. IInternetSecurityManager
if (_securityManager == null)
{
lock (_lockObj)
{
if (_securityManager == null)
{
_securityManager = (UnsafeNativeMethods.IInternetSecurityManager)new InternetSecurityManager();
}
}
}
}
[ComImport, ComVisible(false), Guid("7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4")]
private class InternetSecurityManager
{
}
///
/// Critical - requires an elevation to create.
///
[SecurityCritical]
private static UnsafeNativeMethods.IInternetSecurityManager _securityManager;
[SecurityCritical]
private static object _lockObj;
[SecurityCritical]
private static bool _initialized;
[SecurityCritical]
PermissionSet _environmentPermissionSet;
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// Copyright (c) Microsoft Corporation. All rights reserved.
//------------------------------------------------------------------------------
//
//
// Copyright (C) Microsoft Corporation. All rights reserved.
//
//
// Description:
//
// This creates and registers a custom ICredentialPolicy that will be used
// whenever a server sends a 401 UNAUTHORIZED in response to a WebRequest. The
// .NET framework will call ShouldSendCredential to determine if credentials
// should be sent.
//
// Our policy is to go ahead and send whatever credentials there might be,
// EXCEPT if we are using default credentials and the request is not going to
// an Intranet, Local Machine or Trusted domain.
//
//!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
// IMPORTANT: We are creating an instance of IInternetSecurityManager here. This
// is currently also done in the AppSecurityManager at the Framework level. Any
// modification to either of these classes--especially concerning MapUrlToZone--
// should be considered for both classes.
//!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
//
// An IInternetSecurityManagerSite is not currently needed here, because the
// only method of IInternetSecurityManager that we are calling is MapUrlToZone,
// and that does not prompt the user.
//
// History:
// 03/15/2006: [....] - Initial creation.
//-----------------------------------------------------------------------------
using System;
using System.Collections.Generic;
using System.Net;
using System.Runtime.InteropServices;
using System.Security;
using System.Security.Permissions;
using MS.Internal.PresentationCore;
using MS.Win32;
namespace MS.Internal.AppModel
{
[FriendAccessAllowed]
internal class CustomCredentialPolicy : ICredentialPolicy
{
///
/// Critical - Accesses critical members
/// PublicOK - Nothing is exposed, and nothing depends on user input. We're just creating objects for use later.
///
[SecurityCritical, SecurityTreatAsSafe]
static CustomCredentialPolicy()
{
_lockObj = new object();
_initialized = false;
}
///
/// Critical - Access critical member _environmentPermissionSet
/// PublicOK - Nothing is exposed, and nothing depends on user input. We're just creating objects for use later.
///
[SecurityCritical, SecurityTreatAsSafe]
public CustomCredentialPolicy()
{
_environmentPermissionSet = new PermissionSet(null);
_environmentPermissionSet.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERDOMAIN"));
_environmentPermissionSet.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME"));
}
///
/// Critical - Asserts for permission to set the credential policy.
/// TreatAsSafe - Nothing is exposed. This method is safe to call at any time.
///
[SecurityCritical, SecurityTreatAsSafe]
static internal void EnsureCustomCredentialPolicy()
{
if (!_initialized)
{
lock (_lockObj)
{
if (!_initialized)
{
new SecurityPermission(SecurityPermissionFlag.ControlPolicy).Assert(); // BlessedAssert:
try
{
// We should allow an application to set its own credential policy, if it has permssion to.
// We do not want to overwrite the application's setting.
// Check whether it is already set before setting it.
// The default of this property is null. It demands ControlPolicy permission to be set.
if (AuthenticationManager.CredentialPolicy == null)
{
AuthenticationManager.CredentialPolicy = new CustomCredentialPolicy();
}
_initialized = true;
}
finally
{
CodeAccessPermission.RevertAssert();
}
}
}
}
}
#region ICredentialPolicy Members
///
/// Critical - Calls SecurityCritical method IsDefaultCredentials.
/// TreatAsSafe - This is called by the framework to determine if credentials should be sent
/// in response to the server sending a 401. The challengUri and request are
/// coming from the app; the credential and authenticationModule are coming
/// from the framework. The only ouput is whether or not credentials should
/// be sent, which is not critical.
///
[SecurityCritical, SecurityTreatAsSafe]
public bool ShouldSendCredential(Uri challengeUri, WebRequest request, NetworkCredential credential, IAuthenticationModule authenticationModule)
{
switch (MapUrlToZone(challengeUri))
{
// Always send credentials (including default credentials) to these zones
case SecurityZone.Intranet:
case SecurityZone.Trusted:
case SecurityZone.MyComputer:
return true;
// Don't send default credentials to any of these zones
case SecurityZone.Internet:
case SecurityZone.Untrusted:
default:
return !IsDefaultCredentials(credential);
}
}
#endregion
///
/// Critical - Asserts for permission to examine the user name and password. They are
/// only checked to see if they are non-null, and not exposed, but the
/// fact that default credential are being used and are available might
/// something we would not want revealed, which is why it is not TAS.
///
[SecurityCritical]
private bool IsDefaultCredentials(NetworkCredential credential)
{
_environmentPermissionSet.Assert(); // BlessedAssert:
try
{
return credential == CredentialCache.DefaultCredentials;
}
finally
{
CodeAccessPermission.RevertAssert();
}
}
///
/// Critical - Call critical method MapUrlToZone.
/// TreatAsSafe - Returns the zone of the uri, which is not critical.
///
[SecurityCritical, SecurityTreatAsSafe]
internal static SecurityZone MapUrlToZone(Uri uri)
{
EnsureSecurityManager();
int targetZone;
_securityManager.MapUrlToZone(BindUriHelper.UriToString(uri), out targetZone, 0);
// The enum is directly mappable, but taking no chances...
switch (targetZone)
{
case NativeMethods.URLZONE_LOCAL_MACHINE:
return SecurityZone.MyComputer;
case NativeMethods.URLZONE_INTERNET:
return SecurityZone.Internet;
case NativeMethods.URLZONE_INTRANET:
return SecurityZone.Intranet;
case NativeMethods.URLZONE_TRUSTED:
return SecurityZone.Trusted;
case NativeMethods.URLZONE_UNTRUSTED:
return SecurityZone.Untrusted;
}
return SecurityZone.NoZone;
}
///
/// Critical - Accesses critical member _securityManager and calls the SUC'd MapUrlToZone.
/// TreatAsSafe - Doesn't expose anything, doesn't take user input, safe to call at any time.
///
[SecurityCritical, SecurityTreatAsSafe]
private static void EnsureSecurityManager()
{
// IMPORTANT: See comments in header r.e. IInternetSecurityManager
if (_securityManager == null)
{
lock (_lockObj)
{
if (_securityManager == null)
{
_securityManager = (UnsafeNativeMethods.IInternetSecurityManager)new InternetSecurityManager();
}
}
}
}
[ComImport, ComVisible(false), Guid("7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4")]
private class InternetSecurityManager
{
}
///
/// Critical - requires an elevation to create.
///
[SecurityCritical]
private static UnsafeNativeMethods.IInternetSecurityManager _securityManager;
[SecurityCritical]
private static object _lockObj;
[SecurityCritical]
private static bool _initialized;
[SecurityCritical]
PermissionSet _environmentPermissionSet;
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- EntityTemplateFactory.cs
- Directory.cs
- ipaddressinformationcollection.cs
- XslNumber.cs
- EncryptedReference.cs
- FunctionImportMapping.ReturnTypeRenameMapping.cs
- TabPage.cs
- CommandManager.cs
- WebPartCatalogAddVerb.cs
- CharacterHit.cs
- BamlMapTable.cs
- HttpServerVarsCollection.cs
- DetailsViewPageEventArgs.cs
- ADMembershipProvider.cs
- RecognizedPhrase.cs
- TypeConverterHelper.cs
- UriTemplatePathPartiallyEquivalentSet.cs
- NodeFunctions.cs
- CssTextWriter.cs
- TextFormattingConverter.cs
- EntityKeyElement.cs
- SqlBulkCopyColumnMappingCollection.cs
- GestureRecognitionResult.cs
- MsmqIntegrationValidationBehavior.cs
- EnumUnknown.cs
- XNameTypeConverter.cs
- ConvertersCollection.cs
- LoginUtil.cs
- UnsafeNativeMethods.cs
- CapabilitiesAssignment.cs
- DataGridViewAddColumnDialog.cs
- AssemblyCache.cs
- SerializableAuthorizationContext.cs
- XmlUnspecifiedAttribute.cs
- FontStretch.cs
- FormViewUpdatedEventArgs.cs
- CopyAttributesAction.cs
- StrokeNodeData.cs
- XmlDataSourceView.cs
- NegotiationTokenAuthenticatorState.cs
- NonBatchDirectoryCompiler.cs
- QuaternionRotation3D.cs
- ExceptionCollection.cs
- HitTestWithGeometryDrawingContextWalker.cs
- DotExpr.cs
- sqlinternaltransaction.cs
- HttpException.cs
- OracleRowUpdatingEventArgs.cs
- DataGridView.cs
- sitestring.cs
- OdbcEnvironment.cs
- BaseTemplateCodeDomTreeGenerator.cs
- ComboBox.cs
- DataSourceSerializationException.cs
- TransactionBridge.cs
- Repeater.cs
- OleDbFactory.cs
- DateTimeConstantAttribute.cs
- DataColumnMapping.cs
- SessionSymmetricMessageSecurityProtocolFactory.cs
- XmlCharType.cs
- Compilation.cs
- PrintControllerWithStatusDialog.cs
- ReachPrintTicketSerializerAsync.cs
- Floater.cs
- StorageSetMapping.cs
- ListBindingConverter.cs
- ReflectionTypeLoadException.cs
- MenuItemStyle.cs
- GradientStopCollection.cs
- AdornerPresentationContext.cs
- IProvider.cs
- HandlerWithFactory.cs
- DataGridViewRowPrePaintEventArgs.cs
- SynchronizationContextHelper.cs
- ObjectDataSourceSelectingEventArgs.cs
- SoapIncludeAttribute.cs
- ServiceNameElement.cs
- StorageInfo.cs
- SqlDependency.cs
- storepermission.cs
- XamlTreeBuilder.cs
- NameSpaceExtractor.cs
- MultiDataTrigger.cs
- DataBinding.cs
- ScrollBar.cs
- bindurihelper.cs
- MailAddress.cs
- ThreadStartException.cs
- EventLog.cs
- DetailsViewPageEventArgs.cs
- CharAnimationUsingKeyFrames.cs
- DataGridViewSelectedRowCollection.cs
- FileVersionInfo.cs
- NativeCompoundFileAPIs.cs
- ObjectItemAssemblyLoader.cs
- ObjectCloneHelper.cs
- ValueChangedEventManager.cs
- SqlDataSourceCache.cs
- WhileDesigner.cs