Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / IdentityModel / System / IdentityModel / Tokens / SamlSubject.cs / 1 / SamlSubject.cs
//------------------------------------------------------------------------------ // Copyright (c) Microsoft Corporation. All rights reserved. //----------------------------------------------------------------------------- namespace System.IdentityModel.Tokens { using System.Collections; using System.Collections.Generic; using System.Collections.ObjectModel; using System.IdentityModel.Claims; using System.IdentityModel.Selectors; using System.Runtime.Serialization; using System.Security.Cryptography; using System.Security.Cryptography.Xml; using System.Security.Principal; using System.Security; using System.Xml; using System.Xml.Serialization; public class SamlSubject { // Saml SubjectConfirmation parts. readonly ImmutableCollectionconfirmationMethods = new ImmutableCollection (); string confirmationData; SecurityKeyIdentifier securityKeyIdentifier; SecurityKey crypto; SecurityToken subjectToken; // Saml NameIdentifier element parts. string name; string nameFormat; string nameQualifier; List claims; IIdentity identity; ClaimSet subjectKeyClaimset; bool isReadOnly = false; public SamlSubject() { } public SamlSubject(string nameFormat, string nameQualifier, string name) : this(nameFormat, nameQualifier, name, null, null, null) { } public SamlSubject(string nameFormat, string nameQualifier, string name, IEnumerable confirmations, string confirmationData, SecurityKeyIdentifier securityKeyIdentifier) { if (confirmations != null) { foreach (string method in confirmations) { if (String.IsNullOrEmpty(method)) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.SAMLEntityCannotBeNullOrEmpty, XD.SamlDictionary.SubjectConfirmationMethod.Value)); this.confirmationMethods.Add(method); } } if ((this.confirmationMethods.Count == 0) && (String.IsNullOrEmpty(name))) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.SAMLSubjectRequiresNameIdentifierOrConfirmationMethod)); if ((this.confirmationMethods.Count == 0) && ((confirmationData != null) || (securityKeyIdentifier != null))) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.SAMLSubjectRequiresConfirmationMethodWhenConfirmationDataOrKeyInfoIsSpecified)); this.name = name; this.nameFormat = nameFormat; this.nameQualifier = nameQualifier; this.confirmationData = confirmationData; this.securityKeyIdentifier = securityKeyIdentifier; } public string Name { get { return this.name; } set { if (isReadOnly) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ObjectIsReadOnly))); if (String.IsNullOrEmpty(value)) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.SAMLSubjectNameIdentifierRequiresNameValue)); this.name = value; } } public string NameFormat { get { return this.nameFormat; } set { if (isReadOnly) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ObjectIsReadOnly))); this.nameFormat = value; } } public string NameQualifier { get { return this.nameQualifier; } set { if (isReadOnly) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ObjectIsReadOnly))); this.nameQualifier = value; } } public static string NameClaimType { get { return ClaimTypes.NameIdentifier; } } public IList ConfirmationMethods { get { return this.confirmationMethods; } } internal IIdentity Identity { get { return this.identity; } } public string SubjectConfirmationData { get { return this.confirmationData; } set { if (value == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value"); this.confirmationData = value; } } public SecurityKeyIdentifier KeyIdentifier { get { return this.securityKeyIdentifier; } set { if (isReadOnly) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ObjectIsReadOnly))); if (value == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value"); this.securityKeyIdentifier = value; } } public SecurityKey Crypto { get { return this.crypto; } set { if (isReadOnly) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ObjectIsReadOnly))); if (value == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value"); this.crypto = value; } } public bool IsReadOnly { get { return this.isReadOnly; } } public void MakeReadOnly() { if (!this.isReadOnly) { if (securityKeyIdentifier != null) securityKeyIdentifier.MakeReadOnly(); this.confirmationMethods.MakeReadOnly(); this.isReadOnly = true; } } void CheckObjectValidity() { if ((this.confirmationMethods.Count == 0) && (String.IsNullOrEmpty(name))) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLSubjectRequiresNameIdentifierOrConfirmationMethod))); if ((this.confirmationMethods.Count == 0) && ((this.confirmationData != null) || (this.securityKeyIdentifier != null))) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLSubjectRequiresConfirmationMethodWhenConfirmationDataOrKeyInfoIsSpecified))); } public virtual ReadOnlyCollection ExtractClaims() { if (this.claims == null) { this.claims = new List (); if (!String.IsNullOrEmpty(this.name)) { this.claims.Add(new Claim(ClaimTypes.NameIdentifier, new SamlNameIdentifierClaimResource(this.name, this.nameQualifier, this.nameFormat), Rights.Identity)); this.claims.Add(new Claim(ClaimTypes.NameIdentifier, new SamlNameIdentifierClaimResource(this.name, this.nameQualifier, this.nameFormat), Rights.PossessProperty)); } } return this.claims.AsReadOnly(); } public virtual ClaimSet ExtractSubjectKeyClaimSet(SamlSecurityTokenAuthenticator samlAuthenticator) { if ((this.subjectKeyClaimset == null) && (this.securityKeyIdentifier != null)) { if (samlAuthenticator == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("samlAuthenticator"); if (this.subjectToken != null) { this.subjectKeyClaimset = samlAuthenticator.ResolveClaimSet(this.subjectToken); this.identity = samlAuthenticator.ResolveIdentity(this.subjectToken); if ((this.identity == null) && (this.subjectKeyClaimset != null)) { Claim identityClaim = null; foreach (Claim claim in this.subjectKeyClaimset.FindClaims(null, Rights.Identity)) { identityClaim = claim; break; } if (identityClaim != null) { this.identity = SecurityUtils.CreateIdentity(identityClaim.Resource.ToString(), this.GetType().Name); } } } if (this.subjectKeyClaimset == null) { // Add the type of the primary claim as the Identity claim. this.subjectKeyClaimset = samlAuthenticator.ResolveClaimSet(this.securityKeyIdentifier); this.identity = samlAuthenticator.ResolveIdentity(this.securityKeyIdentifier); } } return this.subjectKeyClaimset; } public virtual void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver) { if (reader == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader")); if (samlSerializer == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("samlSerializer"); #pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null. SamlDictionary dictionary = samlSerializer.DictionaryManager.SamlDictionary; reader.MoveToContent(); reader.Read(); if (reader.IsStartElement(dictionary.NameIdentifier, dictionary.Namespace)) { this.nameFormat = reader.GetAttribute(dictionary.NameIdentifierFormat, null); this.nameQualifier = reader.GetAttribute(dictionary.NameIdentifierNameQualifier, null); reader.MoveToContent(); this.name = reader.ReadString(); if (this.name == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLNameIdentifierMissingIdentifierValueOnRead))); reader.MoveToContent(); reader.ReadEndElement(); } if (reader.IsStartElement(dictionary.SubjectConfirmation, dictionary.Namespace)) { reader.MoveToContent(); reader.Read(); while (reader.IsStartElement(dictionary.SubjectConfirmationMethod, dictionary.Namespace)) { string method = reader.ReadString(); if (string.IsNullOrEmpty(method)) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLBadSchema, dictionary.SubjectConfirmationMethod.Value))); this.confirmationMethods.Add(method); reader.MoveToContent(); reader.ReadEndElement(); } if (this.confirmationMethods.Count == 0) { // A SubjectConfirmaton clause should specify at least one // ConfirmationMethod. throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLSubjectConfirmationClauseMissingConfirmationMethodOnRead))); } if (reader.IsStartElement(dictionary.SubjectConfirmationData, dictionary.Namespace)) { reader.MoveToContent(); // An Authentication protocol specified in the confirmation method might need this // data. Just store this content value as string. this.confirmationData = reader.ReadString(); reader.MoveToContent(); reader.ReadEndElement(); } #pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null. if (reader.IsStartElement(samlSerializer.DictionaryManager.XmlSignatureDictionary.KeyInfo, samlSerializer.DictionaryManager.XmlSignatureDictionary.Namespace)) { XmlDictionaryReader dictionaryReader = XmlDictionaryReader.CreateDictionaryReader(reader); this.securityKeyIdentifier = SamlSerializer.ReadSecurityKeyIdentifier(dictionaryReader, keyInfoSerializer); this.crypto = SamlSerializer.ResolveSecurityKey(this.securityKeyIdentifier, outOfBandTokenResolver); if (this.crypto == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SamlUnableToExtractSubjectKey))); } this.subjectToken = SamlSerializer.ResolveSecurityToken(this.securityKeyIdentifier, outOfBandTokenResolver); } if ((this.confirmationMethods.Count == 0) && (String.IsNullOrEmpty(name))) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLSubjectRequiresNameIdentifierOrConfirmationMethodOnRead))); reader.MoveToContent(); reader.ReadEndElement(); } reader.MoveToContent(); reader.ReadEndElement(); } public virtual void WriteXml(XmlDictionaryWriter writer, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer) { CheckObjectValidity(); if (writer == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("writer")); if (samlSerializer == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer")); #pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null. SamlDictionary dictionary = samlSerializer.DictionaryManager.SamlDictionary; writer.WriteStartElement(dictionary.PreferredPrefix.Value, dictionary.Subject, dictionary.Namespace); if (this.name != null) { writer.WriteStartElement(dictionary.PreferredPrefix.Value, dictionary.NameIdentifier, dictionary.Namespace); if (this.nameFormat != null) { writer.WriteStartAttribute(dictionary.NameIdentifierFormat, null); writer.WriteString(this.nameFormat); writer.WriteEndAttribute(); } if (this.nameQualifier != null) { writer.WriteStartAttribute(dictionary.NameIdentifierNameQualifier, null); writer.WriteString(this.nameQualifier); writer.WriteEndAttribute(); } writer.WriteString(this.name); writer.WriteEndElement(); } if (this.confirmationMethods.Count > 0) { writer.WriteStartElement(dictionary.PreferredPrefix.Value, dictionary.SubjectConfirmation, dictionary.Namespace); foreach (string method in this.confirmationMethods) writer.WriteElementString(dictionary.SubjectConfirmationMethod, dictionary.Namespace, method); if (!string.IsNullOrEmpty(this.confirmationData)) writer.WriteElementString(dictionary.SubjectConfirmationData, dictionary.Namespace, this.confirmationData); if (this.securityKeyIdentifier != null) { XmlDictionaryWriter dictionaryWriter = XmlDictionaryWriter.CreateDictionaryWriter(writer); SamlSerializer.WriteSecurityKeyIdentifier(dictionaryWriter, this.securityKeyIdentifier, keyInfoSerializer); } writer.WriteEndElement(); } writer.WriteEndElement(); } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- PropertyRef.cs
- LoadGrammarCompletedEventArgs.cs
- AppModelKnownContentFactory.cs
- SqlCharStream.cs
- TrackBarRenderer.cs
- ValueTypeIndexerReference.cs
- View.cs
- TrackingProfile.cs
- VirtualizingPanel.cs
- SafeRegistryKey.cs
- ExecutedRoutedEventArgs.cs
- EncodingInfo.cs
- AuthenticationModulesSection.cs
- TextFormatterContext.cs
- ChannelSinkStacks.cs
- UnsafeNativeMethods.cs
- _Win32.cs
- _LocalDataStore.cs
- VarRefManager.cs
- ConfigXmlDocument.cs
- VisualStyleInformation.cs
- InheritanceRules.cs
- DynamicMethod.cs
- DataGridHeadersVisibilityToVisibilityConverter.cs
- ToolStripContentPanel.cs
- ControlEvent.cs
- SQLInt16Storage.cs
- WebPartDisplayModeCancelEventArgs.cs
- TextServicesContext.cs
- Resources.Designer.cs
- Tag.cs
- XsdBuilder.cs
- DoubleCollection.cs
- ByteAnimation.cs
- UnsafeNativeMethods.cs
- ApplicationSettingsBase.cs
- QilDataSource.cs
- GregorianCalendarHelper.cs
- RoleService.cs
- DbResourceAllocator.cs
- PeerHopCountAttribute.cs
- TemplatedMailWebEventProvider.cs
- SqlStatistics.cs
- XPathNodeHelper.cs
- ParseElement.cs
- ConsumerConnectionPointCollection.cs
- HttpServerUtilityBase.cs
- InterleavedZipPartStream.cs
- ParallelTimeline.cs
- DataGridViewButtonCell.cs
- AnimatedTypeHelpers.cs
- BrowserInteropHelper.cs
- HtmlTableCell.cs
- StorageComplexPropertyMapping.cs
- _SafeNetHandles.cs
- Geometry.cs
- TimeSpan.cs
- MenuItem.cs
- ScrollPattern.cs
- EventLogEntry.cs
- ImageListStreamer.cs
- DataSourceControlBuilder.cs
- TraceLevelHelper.cs
- MenuRendererClassic.cs
- SpanIndex.cs
- PermissionListSet.cs
- SecurityKeyIdentifierClause.cs
- LabelInfo.cs
- ProxyGenerator.cs
- JoinTreeSlot.cs
- MDIControlStrip.cs
- COAUTHIDENTITY.cs
- EdmItemError.cs
- DbReferenceCollection.cs
- BaseComponentEditor.cs
- ListViewSelectEventArgs.cs
- ContextProperty.cs
- CodeParameterDeclarationExpressionCollection.cs
- DateTimeFormatInfo.cs
- Error.cs
- Mappings.cs
- ObjectStateManagerMetadata.cs
- AccessDataSource.cs
- UIElementCollection.cs
- Command.cs
- ReadOnlyDictionary.cs
- XPathItem.cs
- NullableDecimalAverageAggregationOperator.cs
- NamespaceCollection.cs
- CodeGenHelper.cs
- xsdvalidator.cs
- FileSystemEventArgs.cs
- InfoCardBaseException.cs
- _IPv4Address.cs
- CompareValidator.cs
- DurableTimerExtension.cs
- ProxyElement.cs
- PartialList.cs
- GenericTextProperties.cs
- XomlDesignerLoader.cs