Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / ServiceModel / System / ServiceModel / Configuration / SecurityElementBase.cs / 1 / SecurityElementBase.cs
//------------------------------------------------------------------------------ // Copyright (c) Microsoft Corporation. All rights reserved. //----------------------------------------------------------------------------- namespace System.ServiceModel.Configuration { using System.ComponentModel; using System.ServiceModel.Channels; using System.Configuration; using System.Globalization; using System.Net.Security; using System.ServiceModel.Security; using System.ServiceModel.Security.Tokens; using System.Runtime.Remoting.Messaging; using System.Xml; using System.Collections.ObjectModel; using System.Collections.Generic; using System.IO; using System.IdentityModel.Tokens; public partial class SecurityElementBase : BindingElementExtensionElement { internal const AuthenticationMode defaultAuthenticationMode = AuthenticationMode.SspiNegotiated; SecurityBindingElement failedSecurityBindingElement = null; SecurityKeyType templateKeyType = IssuedSecurityTokenParameters.defaultKeyType; internal SecurityElementBase() { } internal bool HasImportFailed { get { return this.failedSecurityBindingElement != null; } } [ConfigurationProperty(ConfigurationStrings.DefaultAlgorithmSuite, DefaultValue = SecurityBindingElement.defaultAlgorithmSuiteString)] [TypeConverter(typeof(SecurityAlgorithmSuiteConverter))] public SecurityAlgorithmSuite DefaultAlgorithmSuite { get { return (SecurityAlgorithmSuite)base[ConfigurationStrings.DefaultAlgorithmSuite]; } set { base[ConfigurationStrings.DefaultAlgorithmSuite] = value; } } [ConfigurationProperty(ConfigurationStrings.AllowSerializedSigningTokenOnReply, DefaultValue = AsymmetricSecurityBindingElement.defaultAllowSerializedSigningTokenOnReply)] public bool AllowSerializedSigningTokenOnReply { get { return (bool)base[ConfigurationStrings.AllowSerializedSigningTokenOnReply]; } set { base[ConfigurationStrings.AllowSerializedSigningTokenOnReply] = value; } } [ConfigurationProperty(ConfigurationStrings.AuthenticationMode, DefaultValue = defaultAuthenticationMode)] [ServiceModelEnumValidator(typeof(AuthenticationModeHelper))] public AuthenticationMode AuthenticationMode { get { return (AuthenticationMode)base[ConfigurationStrings.AuthenticationMode]; } set { base[ConfigurationStrings.AuthenticationMode] = value; } } public override Type BindingElementType { get { return typeof(SecurityBindingElement); } } [ConfigurationProperty(ConfigurationStrings.RequireDerivedKeys, DefaultValue = SecurityTokenParameters.defaultRequireDerivedKeys)] public bool RequireDerivedKeys { get { return (bool)base[ConfigurationStrings.RequireDerivedKeys]; } set { base[ConfigurationStrings.RequireDerivedKeys] = value; } } [ConfigurationProperty(ConfigurationStrings.SecurityHeaderLayout, DefaultValue = SecurityProtocolFactory.defaultSecurityHeaderLayout)] [ServiceModelEnumValidator(typeof(SecurityHeaderLayoutHelper))] public SecurityHeaderLayout SecurityHeaderLayout { get { return (SecurityHeaderLayout)base[ConfigurationStrings.SecurityHeaderLayout]; } set { base[ConfigurationStrings.SecurityHeaderLayout] = value; } } [ConfigurationProperty(ConfigurationStrings.IncludeTimestamp, DefaultValue = SecurityBindingElement.defaultIncludeTimestamp)] public bool IncludeTimestamp { get { return (bool)base[ConfigurationStrings.IncludeTimestamp]; } set { base[ConfigurationStrings.IncludeTimestamp] = value; } } [ConfigurationProperty(ConfigurationStrings.KeyEntropyMode, DefaultValue = System.ServiceModel.Security.AcceleratedTokenProvider.defaultKeyEntropyMode)] [ServiceModelEnumValidator(typeof(SecurityKeyEntropyModeHelper))] public SecurityKeyEntropyMode KeyEntropyMode { get { return (SecurityKeyEntropyMode)base[ConfigurationStrings.KeyEntropyMode]; } set { base[ConfigurationStrings.KeyEntropyMode] = value; } } [ConfigurationProperty(ConfigurationStrings.IssuedTokenParameters)] public IssuedTokenParametersElement IssuedTokenParameters { get { return (IssuedTokenParametersElement)base[ConfigurationStrings.IssuedTokenParameters]; } } [ConfigurationProperty(ConfigurationStrings.LocalClientSettings)] public LocalClientSecuritySettingsElement LocalClientSettings { get { return (LocalClientSecuritySettingsElement)base[ConfigurationStrings.LocalClientSettings]; } } [ConfigurationProperty(ConfigurationStrings.LocalServiceSettings)] public LocalServiceSecuritySettingsElement LocalServiceSettings { get { return (LocalServiceSecuritySettingsElement)base[ConfigurationStrings.LocalServiceSettings]; } } [ConfigurationProperty(ConfigurationStrings.MessageProtectionOrder, DefaultValue = SecurityBindingElement.defaultMessageProtectionOrder)] [ServiceModelEnumValidator(typeof(MessageProtectionOrderHelper))] public MessageProtectionOrder MessageProtectionOrder { get { return (MessageProtectionOrder)base[ConfigurationStrings.MessageProtectionOrder]; } set { base[ConfigurationStrings.MessageProtectionOrder] = value; } } [ConfigurationProperty(ConfigurationStrings.MessageSecurityVersion, DefaultValue = ConfigurationStrings.Default)] [TypeConverter(typeof(MessageSecurityVersionConverter))] public MessageSecurityVersion MessageSecurityVersion { get { return (MessageSecurityVersion)base[ConfigurationStrings.MessageSecurityVersion]; } set { base[ConfigurationStrings.MessageSecurityVersion] = value; } } [ConfigurationProperty(ConfigurationStrings.RequireSecurityContextCancellation, DefaultValue = SecureConversationSecurityTokenParameters.defaultRequireCancellation)] public bool RequireSecurityContextCancellation { get { return (bool)base[ConfigurationStrings.RequireSecurityContextCancellation]; } set { base[ConfigurationStrings.RequireSecurityContextCancellation] = value; } } [ConfigurationProperty(ConfigurationStrings.RequireSignatureConfirmation, DefaultValue = SecurityBindingElement.defaultRequireSignatureConfirmation)] public bool RequireSignatureConfirmation { get { return (bool)base[ConfigurationStrings.RequireSignatureConfirmation]; } set { base[ConfigurationStrings.RequireSignatureConfirmation] = value; } } public override void ApplyConfiguration(BindingElement bindingElement) { base.ApplyConfiguration(bindingElement); SecurityBindingElement sbe = (SecurityBindingElement)bindingElement; #pragma warning disable 56506 //[....]; base.CopyFrom() checks for 'from' being null if (PropertyValueOrigin.Default != this.ElementInformation.Properties[ConfigurationStrings.DefaultAlgorithmSuite].ValueOrigin) sbe.DefaultAlgorithmSuite = this.DefaultAlgorithmSuite; if (PropertyValueOrigin.Default != this.ElementInformation.Properties[ConfigurationStrings.IncludeTimestamp].ValueOrigin) sbe.IncludeTimestamp = this.IncludeTimestamp; if (PropertyValueOrigin.Default != this.ElementInformation.Properties[ConfigurationStrings.MessageSecurityVersion].ValueOrigin) sbe.MessageSecurityVersion = this.MessageSecurityVersion; if (PropertyValueOrigin.Default != this.ElementInformation.Properties[ConfigurationStrings.KeyEntropyMode].ValueOrigin) sbe.KeyEntropyMode = this.KeyEntropyMode; if (PropertyValueOrigin.Default != this.ElementInformation.Properties[ConfigurationStrings.SecurityHeaderLayout].ValueOrigin) sbe.SecurityHeaderLayout = this.SecurityHeaderLayout; if (PropertyValueOrigin.Default != this.ElementInformation.Properties[ConfigurationStrings.RequireDerivedKeys].ValueOrigin) sbe.SetKeyDerivation(this.RequireDerivedKeys); #pragma warning restore SymmetricSecurityBindingElement ssbe = sbe as SymmetricSecurityBindingElement; if (ssbe != null) { if (PropertyValueOrigin.Default != this.ElementInformation.Properties[ConfigurationStrings.MessageProtectionOrder].ValueOrigin) ssbe.MessageProtectionOrder = this.MessageProtectionOrder; if (PropertyValueOrigin.Default != this.ElementInformation.Properties[ConfigurationStrings.RequireSignatureConfirmation].ValueOrigin) ssbe.RequireSignatureConfirmation = this.RequireSignatureConfirmation; } AsymmetricSecurityBindingElement asbe = sbe as AsymmetricSecurityBindingElement; if (asbe != null) { if (PropertyValueOrigin.Default != this.ElementInformation.Properties[ConfigurationStrings.MessageProtectionOrder].ValueOrigin) asbe.MessageProtectionOrder = this.MessageProtectionOrder; if (PropertyValueOrigin.Default != this.ElementInformation.Properties[ConfigurationStrings.RequireSignatureConfirmation].ValueOrigin) asbe.RequireSignatureConfirmation = this.RequireSignatureConfirmation; if (PropertyValueOrigin.Default != this.ElementInformation.Properties[ConfigurationStrings.AllowSerializedSigningTokenOnReply].ValueOrigin) asbe.AllowSerializedSigningTokenOnReply = this.AllowSerializedSigningTokenOnReply; } if (PropertyValueOrigin.Default != this.ElementInformation.Properties[ConfigurationStrings.LocalClientSettings].ValueOrigin) { this.LocalClientSettings.ApplyConfiguration(sbe.LocalClientSettings); } if (PropertyValueOrigin.Default != this.ElementInformation.Properties[ConfigurationStrings.LocalServiceSettings].ValueOrigin) { this.LocalServiceSettings.ApplyConfiguration(sbe.LocalServiceSettings); } } public override void CopyFrom(ServiceModelExtensionElement from) { base.CopyFrom(from); SecurityElementBase source = (SecurityElementBase)from; if (PropertyValueOrigin.Default != source.ElementInformation.Properties[ConfigurationStrings.AllowSerializedSigningTokenOnReply].ValueOrigin) this.AllowSerializedSigningTokenOnReply = source.AllowSerializedSigningTokenOnReply; if (PropertyValueOrigin.Default != source.ElementInformation.Properties[ConfigurationStrings.DefaultAlgorithmSuite].ValueOrigin) this.DefaultAlgorithmSuite = source.DefaultAlgorithmSuite; if (PropertyValueOrigin.Default != source.ElementInformation.Properties[ConfigurationStrings.RequireDerivedKeys].ValueOrigin) this.RequireDerivedKeys = source.RequireDerivedKeys; if (PropertyValueOrigin.Default != source.ElementInformation.Properties[ConfigurationStrings.IncludeTimestamp].ValueOrigin) this.IncludeTimestamp = source.IncludeTimestamp; if (PropertyValueOrigin.Default != source.ElementInformation.Properties[ConfigurationStrings.IssuedTokenParameters].ValueOrigin) this.IssuedTokenParameters.Copy(source.IssuedTokenParameters); if (PropertyValueOrigin.Default != source.ElementInformation.Properties[ConfigurationStrings.MessageProtectionOrder].ValueOrigin) this.MessageProtectionOrder = source.MessageProtectionOrder; if (PropertyValueOrigin.Default != source.ElementInformation.Properties[ConfigurationStrings.MessageSecurityVersion].ValueOrigin) this.MessageSecurityVersion = source.MessageSecurityVersion; if (PropertyValueOrigin.Default != source.ElementInformation.Properties[ConfigurationStrings.RequireSignatureConfirmation].ValueOrigin) this.RequireSignatureConfirmation = source.RequireSignatureConfirmation; if (PropertyValueOrigin.Default != source.ElementInformation.Properties[ConfigurationStrings.RequireSecurityContextCancellation].ValueOrigin) this.RequireSecurityContextCancellation = source.RequireSecurityContextCancellation; if (PropertyValueOrigin.Default != source.ElementInformation.Properties[ConfigurationStrings.KeyEntropyMode].ValueOrigin) this.KeyEntropyMode = source.KeyEntropyMode; if (PropertyValueOrigin.Default != source.ElementInformation.Properties[ConfigurationStrings.SecurityHeaderLayout].ValueOrigin) this.SecurityHeaderLayout = source.SecurityHeaderLayout; if (PropertyValueOrigin.Default != source.ElementInformation.Properties[ConfigurationStrings.LocalClientSettings].ValueOrigin) this.LocalClientSettings.CopyFrom(source.LocalClientSettings); if (PropertyValueOrigin.Default != source.ElementInformation.Properties[ConfigurationStrings.LocalServiceSettings].ValueOrigin) this.LocalServiceSettings.CopyFrom(source.LocalServiceSettings); if (source is SecurityElementBase) this.failedSecurityBindingElement = ((SecurityElementBase)source).failedSecurityBindingElement; } protected internal override BindingElement CreateBindingElement() { return this.CreateBindingElement(false); } protected internal virtual BindingElement CreateBindingElement(bool createTemplateOnly) { SecurityBindingElement result; switch (this.AuthenticationMode) { case AuthenticationMode.AnonymousForCertificate: result = SecurityBindingElement.CreateAnonymousForCertificateBindingElement(); break; case AuthenticationMode.AnonymousForSslNegotiated: result = SecurityBindingElement.CreateSslNegotiationBindingElement(false, this.RequireSecurityContextCancellation); break; case AuthenticationMode.CertificateOverTransport: result = SecurityBindingElement.CreateCertificateOverTransportBindingElement(this.MessageSecurityVersion); break; case AuthenticationMode.IssuedToken: result = SecurityBindingElement.CreateIssuedTokenBindingElement(this.IssuedTokenParameters.Create(createTemplateOnly, this.templateKeyType)); break; case AuthenticationMode.IssuedTokenForCertificate: result = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(this.IssuedTokenParameters.Create(createTemplateOnly, this.templateKeyType)); break; case AuthenticationMode.IssuedTokenForSslNegotiated: result = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(this.IssuedTokenParameters.Create(createTemplateOnly, this.templateKeyType), this.RequireSecurityContextCancellation); break; case AuthenticationMode.IssuedTokenOverTransport: result = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(this.IssuedTokenParameters.Create(createTemplateOnly, this.templateKeyType)); break; case AuthenticationMode.Kerberos: result = SecurityBindingElement.CreateKerberosBindingElement(); break; case AuthenticationMode.KerberosOverTransport: result = SecurityBindingElement.CreateKerberosOverTransportBindingElement(); break; case AuthenticationMode.MutualCertificateDuplex: result = SecurityBindingElement.CreateMutualCertificateDuplexBindingElement(this.MessageSecurityVersion); break; case AuthenticationMode.MutualCertificate: result = SecurityBindingElement.CreateMutualCertificateBindingElement(this.MessageSecurityVersion); break; case AuthenticationMode.MutualSslNegotiated: result = SecurityBindingElement.CreateSslNegotiationBindingElement(true, this.RequireSecurityContextCancellation); break; case AuthenticationMode.SspiNegotiated: result = SecurityBindingElement.CreateSspiNegotiationBindingElement(this.RequireSecurityContextCancellation); break; case AuthenticationMode.UserNameForCertificate: result = SecurityBindingElement.CreateUserNameForCertificateBindingElement(); break; case AuthenticationMode.UserNameForSslNegotiated: result = SecurityBindingElement.CreateUserNameForSslBindingElement(this.RequireSecurityContextCancellation); break; case AuthenticationMode.UserNameOverTransport: result = SecurityBindingElement.CreateUserNameOverTransportBindingElement(); break; case AuthenticationMode.SspiNegotiatedOverTransport: result = SecurityBindingElement.CreateSspiNegotiationOverTransportBindingElement(this.RequireSecurityContextCancellation); break; default: throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidEnumArgumentException("AuthenticationMode", (int)this.AuthenticationMode, typeof(AuthenticationMode))); } this.ApplyConfiguration(result); return result; } protected void AddBindingTemplate(DictionarybindingTemplates, AuthenticationMode mode) { this.AuthenticationMode = mode; try { bindingTemplates[mode] = (SecurityBindingElement)this.CreateBindingElement(true); } #pragma warning suppress 56500 // covered by FxCOP catch (Exception e) { if (DiagnosticUtility.IsFatal(e)) { throw; } } } static bool AreTokenParametersMatching(SecurityTokenParameters p1, SecurityTokenParameters p2, bool skipRequireDerivedKeysComparison, bool exactMessageSecurityVersion) { if (p1 == null || p2 == null) return false; if (p1.GetType() != p2.GetType()) return false; if (p1.InclusionMode != p2.InclusionMode) return false; if (skipRequireDerivedKeysComparison == false && p1.RequireDerivedKeys != p2.RequireDerivedKeys) return false; if (p1.ReferenceStyle != p2.ReferenceStyle) return false; // mutual ssl and anonymous ssl differ in the client cert requirement if (p1 is SslSecurityTokenParameters) { if (((SslSecurityTokenParameters)p1).RequireClientCertificate != ((SslSecurityTokenParameters)p2).RequireClientCertificate) return false; } else if (p1 is SecureConversationSecurityTokenParameters) { SecureConversationSecurityTokenParameters sc1 = (SecureConversationSecurityTokenParameters)p1; SecureConversationSecurityTokenParameters sc2 = (SecureConversationSecurityTokenParameters)p2; if (sc1.RequireCancellation != sc2.RequireCancellation) return false; if (!AreBindingsMatching(sc1.BootstrapSecurityBindingElement, sc2.BootstrapSecurityBindingElement, exactMessageSecurityVersion)) return false; } else if (p1 is IssuedSecurityTokenParameters) { if (((IssuedSecurityTokenParameters)p1).KeyType != ((IssuedSecurityTokenParameters)p2).KeyType) return false; } return true; } static bool AreTokenParameterCollectionsMatching(Collection c1, Collection c2, bool exactMessageSecurityVersion) { if (c1.Count != c2.Count) return false; for (int i = 0; i < c1.Count; i++) if (!AreTokenParametersMatching(c1[i], c2[i], true, exactMessageSecurityVersion)) return false; return true; } internal static bool AreBindingsMatching(SecurityBindingElement b1, SecurityBindingElement b2) { return AreBindingsMatching(b1, b2, true); } internal static bool AreBindingsMatching(SecurityBindingElement b1, SecurityBindingElement b2, bool exactMessageSecurityVersion) { if (b1 == null || b2 == null) return b1 == b2; if (b1.GetType() != b2.GetType()) return false; if (b1.MessageSecurityVersion != b2.MessageSecurityVersion) { // exactMessageSecurityVersion meant that BSP mismatch could be ignored if (exactMessageSecurityVersion) return false; if (b1.MessageSecurityVersion.SecurityVersion != b2.MessageSecurityVersion.SecurityVersion || b1.MessageSecurityVersion.TrustVersion != b2.MessageSecurityVersion.TrustVersion || b1.MessageSecurityVersion.SecureConversationVersion != b2.MessageSecurityVersion.SecureConversationVersion || b1.MessageSecurityVersion.SecurityPolicyVersion != b2.MessageSecurityVersion.SecurityPolicyVersion) { return false; } } if (b1.SecurityHeaderLayout != b2.SecurityHeaderLayout) return false; if (b1.DefaultAlgorithmSuite != b2.DefaultAlgorithmSuite) return false; if (b1.IncludeTimestamp != b2.IncludeTimestamp) return false; if (b1.SecurityHeaderLayout != b2.SecurityHeaderLayout) return false; if (b1.KeyEntropyMode != b2.KeyEntropyMode) return false; if (!AreTokenParameterCollectionsMatching(b1.EndpointSupportingTokenParameters.Endorsing, b2.EndpointSupportingTokenParameters.Endorsing, exactMessageSecurityVersion)) return false; if (!AreTokenParameterCollectionsMatching(b1.EndpointSupportingTokenParameters.SignedEncrypted, b2.EndpointSupportingTokenParameters.SignedEncrypted, exactMessageSecurityVersion)) return false; if (!AreTokenParameterCollectionsMatching(b1.EndpointSupportingTokenParameters.Signed, b2.EndpointSupportingTokenParameters.Signed, exactMessageSecurityVersion)) return false; if (!AreTokenParameterCollectionsMatching(b1.EndpointSupportingTokenParameters.SignedEndorsing, b2.EndpointSupportingTokenParameters.SignedEndorsing, exactMessageSecurityVersion)) return false; if (b1.OperationSupportingTokenParameters.Count != b2.OperationSupportingTokenParameters.Count) return false; foreach (KeyValuePair operation1 in b1.OperationSupportingTokenParameters) { if (!b2.OperationSupportingTokenParameters.ContainsKey(operation1.Key)) return false; SupportingTokenParameters stp2 = b2.OperationSupportingTokenParameters[operation1.Key]; if (!AreTokenParameterCollectionsMatching(operation1.Value.Endorsing, stp2.Endorsing, exactMessageSecurityVersion)) return false; if (!AreTokenParameterCollectionsMatching(operation1.Value.SignedEncrypted, stp2.SignedEncrypted, exactMessageSecurityVersion)) return false; if (!AreTokenParameterCollectionsMatching(operation1.Value.Signed, stp2.Signed, exactMessageSecurityVersion)) return false; if (!AreTokenParameterCollectionsMatching(operation1.Value.SignedEndorsing, stp2.SignedEndorsing, exactMessageSecurityVersion)) return false; } SymmetricSecurityBindingElement ssbe1 = b1 as SymmetricSecurityBindingElement; if (ssbe1 != null) { SymmetricSecurityBindingElement ssbe2 = (SymmetricSecurityBindingElement)b2; if (ssbe1.MessageProtectionOrder != ssbe2.MessageProtectionOrder) return false; if (!AreTokenParametersMatching(ssbe1.ProtectionTokenParameters, ssbe2.ProtectionTokenParameters, false, exactMessageSecurityVersion)) return false; } AsymmetricSecurityBindingElement asbe1 = b1 as AsymmetricSecurityBindingElement; if (asbe1 != null) { AsymmetricSecurityBindingElement asbe2 = (AsymmetricSecurityBindingElement)b2; if (asbe1.MessageProtectionOrder != asbe2.MessageProtectionOrder) return false; if (asbe1.RequireSignatureConfirmation != asbe2.RequireSignatureConfirmation) return false; if (!AreTokenParametersMatching(asbe1.InitiatorTokenParameters, asbe2.InitiatorTokenParameters, true, exactMessageSecurityVersion) || !AreTokenParametersMatching(asbe1.RecipientTokenParameters, asbe2.RecipientTokenParameters, true, exactMessageSecurityVersion)) return false; } return true; } protected virtual void AddBindingTemplates(Dictionary bindingTemplates) { AddBindingTemplate(bindingTemplates, AuthenticationMode.AnonymousForCertificate); AddBindingTemplate(bindingTemplates, AuthenticationMode.AnonymousForSslNegotiated); AddBindingTemplate(bindingTemplates, AuthenticationMode.CertificateOverTransport); if (this.templateKeyType == SecurityKeyType.SymmetricKey) { AddBindingTemplate(bindingTemplates, AuthenticationMode.IssuedToken); } AddBindingTemplate(bindingTemplates, AuthenticationMode.IssuedTokenForCertificate); AddBindingTemplate(bindingTemplates, AuthenticationMode.IssuedTokenForSslNegotiated); AddBindingTemplate(bindingTemplates, AuthenticationMode.IssuedTokenOverTransport); AddBindingTemplate(bindingTemplates, AuthenticationMode.Kerberos); AddBindingTemplate(bindingTemplates, AuthenticationMode.KerberosOverTransport); AddBindingTemplate(bindingTemplates, AuthenticationMode.MutualCertificate); AddBindingTemplate(bindingTemplates, AuthenticationMode.MutualCertificateDuplex); AddBindingTemplate(bindingTemplates, AuthenticationMode.MutualSslNegotiated); AddBindingTemplate(bindingTemplates, AuthenticationMode.SspiNegotiated); AddBindingTemplate(bindingTemplates, AuthenticationMode.UserNameForCertificate); AddBindingTemplate(bindingTemplates, AuthenticationMode.UserNameForSslNegotiated); AddBindingTemplate(bindingTemplates, AuthenticationMode.UserNameOverTransport); AddBindingTemplate(bindingTemplates, AuthenticationMode.SspiNegotiatedOverTransport); } bool TryInitializeAuthenticationMode(SecurityBindingElement sbe) { bool result; if (sbe.OperationSupportingTokenParameters.Count > 0) result = false; else { SetIssuedTokenKeyType(sbe); Dictionary bindingTemplates = new Dictionary (); this.AddBindingTemplates(bindingTemplates); result = false; foreach (AuthenticationMode mode in bindingTemplates.Keys) { SecurityBindingElement candidate = bindingTemplates[mode]; if (AreBindingsMatching(sbe, candidate)) { this.AuthenticationMode = mode; result = true; break; } } } return result; } void SetIssuedTokenKeyType(SecurityBindingElement sbe) { // Set the keyType for building the template for IssuedToken binding. // The reason is the different supporting token is defined depending on keyType. if (sbe.EndpointSupportingTokenParameters.Endorsing.Count > 0 && sbe.EndpointSupportingTokenParameters.Endorsing[0] is IssuedSecurityTokenParameters) { this.templateKeyType = ((IssuedSecurityTokenParameters)sbe.EndpointSupportingTokenParameters.Endorsing[0]).KeyType; } else if (sbe.EndpointSupportingTokenParameters.Signed.Count > 0 && sbe.EndpointSupportingTokenParameters.Signed[0] is IssuedSecurityTokenParameters) { this.templateKeyType = ((IssuedSecurityTokenParameters)sbe.EndpointSupportingTokenParameters.Signed[0]).KeyType; } else if (sbe.EndpointSupportingTokenParameters.SignedEncrypted.Count > 0 && sbe.EndpointSupportingTokenParameters.SignedEncrypted[0] is IssuedSecurityTokenParameters) { this.templateKeyType = ((IssuedSecurityTokenParameters)sbe.EndpointSupportingTokenParameters.SignedEncrypted[0]).KeyType; } else { this.templateKeyType = IssuedSecurityTokenParameters.defaultKeyType; } } protected virtual void InitializeNestedTokenParameterSettings(SecurityTokenParameters sp, bool initializeNestedBindings) { if (sp is SspiSecurityTokenParameters) this.RequireSecurityContextCancellation = ((SspiSecurityTokenParameters)sp).RequireCancellation; else if (sp is SslSecurityTokenParameters) this.RequireSecurityContextCancellation = ((SslSecurityTokenParameters)sp).RequireCancellation; else if (sp is IssuedSecurityTokenParameters) this.IssuedTokenParameters.InitializeFrom((IssuedSecurityTokenParameters)sp, initializeNestedBindings); } internal void InitializeFrom(BindingElement bindingElement, bool initializeNestedBindings) { if (bindingElement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("bindingElement"); } SecurityBindingElement sbe = (SecurityBindingElement)bindingElement; this.DefaultAlgorithmSuite = sbe.DefaultAlgorithmSuite; this.IncludeTimestamp = sbe.IncludeTimestamp; this.MessageSecurityVersion = sbe.MessageSecurityVersion; this.KeyEntropyMode = sbe.KeyEntropyMode; this.SecurityHeaderLayout = sbe.SecurityHeaderLayout; Nullable requireDerivedKeys = new Nullable (); if (sbe.EndpointSupportingTokenParameters.Endorsing.Count == 1) { this.InitializeNestedTokenParameterSettings(sbe.EndpointSupportingTokenParameters.Endorsing[0], initializeNestedBindings); } else if (sbe.EndpointSupportingTokenParameters.SignedEncrypted.Count == 1) { this.InitializeNestedTokenParameterSettings(sbe.EndpointSupportingTokenParameters.SignedEncrypted[0], initializeNestedBindings); } else if (sbe.EndpointSupportingTokenParameters.Signed.Count == 1) { this.InitializeNestedTokenParameterSettings(sbe.EndpointSupportingTokenParameters.Signed[0], initializeNestedBindings); } bool initializationFailure = false; foreach (SecurityTokenParameters t in sbe.EndpointSupportingTokenParameters.Endorsing) { if (t.HasAsymmetricKey == false) { if (requireDerivedKeys.HasValue && requireDerivedKeys.Value != t.RequireDerivedKeys) initializationFailure = true; else requireDerivedKeys = t.RequireDerivedKeys; } } SymmetricSecurityBindingElement ssbe = sbe as SymmetricSecurityBindingElement; if (ssbe != null) { this.MessageProtectionOrder = ssbe.MessageProtectionOrder; this.RequireSignatureConfirmation = ssbe.RequireSignatureConfirmation; if (ssbe.ProtectionTokenParameters != null) { this.InitializeNestedTokenParameterSettings(ssbe.ProtectionTokenParameters, initializeNestedBindings); if (requireDerivedKeys.HasValue && requireDerivedKeys.Value != ssbe.ProtectionTokenParameters.RequireDerivedKeys) initializationFailure = true; else requireDerivedKeys = ssbe.ProtectionTokenParameters.RequireDerivedKeys; } } AsymmetricSecurityBindingElement asbe = sbe as AsymmetricSecurityBindingElement; if (asbe != null) { this.MessageProtectionOrder = asbe.MessageProtectionOrder; this.RequireSignatureConfirmation = asbe.RequireSignatureConfirmation; if (asbe.InitiatorTokenParameters != null) { this.InitializeNestedTokenParameterSettings(asbe.InitiatorTokenParameters, initializeNestedBindings); // // Copy the derived key token bool flag from the token parameters. The token parameter was set from // importing WSDL during SecurityBindingElementImporter.ImportPolicy time // if (requireDerivedKeys.HasValue && requireDerivedKeys.Value != asbe.InitiatorTokenParameters.RequireDerivedKeys) initializationFailure = true; else requireDerivedKeys = asbe.InitiatorTokenParameters.RequireDerivedKeys; } } this.RequireDerivedKeys = requireDerivedKeys.GetValueOrDefault(SecurityTokenParameters.defaultRequireDerivedKeys); this.LocalClientSettings.InitializeFrom(sbe.LocalClientSettings); this.LocalServiceSettings.InitializeFrom(sbe.LocalServiceSettings); if (!initializationFailure) initializationFailure = !this.TryInitializeAuthenticationMode(sbe); if (initializationFailure) this.failedSecurityBindingElement = sbe; } protected internal override void InitializeFrom(BindingElement bindingElement) { this.InitializeFrom(bindingElement, true); } protected override bool SerializeToXmlElement(XmlWriter writer, String elementName) { bool result; if (this.failedSecurityBindingElement != null && writer != null) { writer.WriteComment(SR.GetString(SR.ConfigurationSchemaInsuffientForSecurityBindingElementInstance)); writer.WriteComment(this.failedSecurityBindingElement.ToString()); result = true; } else { result = base.SerializeToXmlElement(writer, elementName); } return result; } protected override void Unmerge(ConfigurationElement sourceElement, ConfigurationElement parentElement, ConfigurationSaveMode saveMode) { if (sourceElement is SecurityElementBase) this.failedSecurityBindingElement = ((SecurityElementBase)sourceElement).failedSecurityBindingElement; base.Unmerge(sourceElement, parentElement, saveMode); } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu

This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- ToolbarAUtomationPeer.cs
- WinFormsSpinner.cs
- CqlParser.cs
- MediaElement.cs
- XPathSingletonIterator.cs
- Stylesheet.cs
- Point4DValueSerializer.cs
- TextMarkerSource.cs
- ProcessProtocolHandler.cs
- _Events.cs
- mil_commands.cs
- ISFTagAndGuidCache.cs
- EntityModelBuildProvider.cs
- Matrix3DValueSerializer.cs
- FixedSOMLineRanges.cs
- ServiceManagerHandle.cs
- XmlQualifiedNameTest.cs
- DataGridViewAccessibleObject.cs
- HwndProxyElementProvider.cs
- TextTreeNode.cs
- ReaderWriterLock.cs
- WinInetCache.cs
- HttpProcessUtility.cs
- XmlQuerySequence.cs
- UpdateException.cs
- ServiceEndpointAssociationProvider.cs
- ManagementOptions.cs
- StretchValidation.cs
- NamespaceList.cs
- Convert.cs
- HttpResponseInternalBase.cs
- FillErrorEventArgs.cs
- SqlVisitor.cs
- XmlTextReader.cs
- PerformanceCounter.cs
- TextPointerBase.cs
- EmbeddedMailObject.cs
- LinearKeyFrames.cs
- XmlSecureResolver.cs
- _PooledStream.cs
- HtmlTable.cs
- DesignerView.cs
- BooleanConverter.cs
- SQLDecimalStorage.cs
- BitmapMetadata.cs
- GridViewPageEventArgs.cs
- FloatUtil.cs
- ChildDocumentBlock.cs
- NullableBoolConverter.cs
- MsmqDecodeHelper.cs
- InternalPolicyElement.cs
- FormViewInsertEventArgs.cs
- XmlSchemaInfo.cs
- EventDescriptor.cs
- ThreadAttributes.cs
- TextWriterTraceListener.cs
- TypeConverterHelper.cs
- XmlReflectionImporter.cs
- DataBindingExpressionBuilder.cs
- DataGridViewHeaderCell.cs
- Camera.cs
- SoapIgnoreAttribute.cs
- Clipboard.cs
- Soap.cs
- SoapReflector.cs
- Helpers.cs
- ItemsPanelTemplate.cs
- DataGridItemEventArgs.cs
- TextDecorations.cs
- WebPartDescription.cs
- StringAttributeCollection.cs
- ResizeGrip.cs
- AffineTransform3D.cs
- OleDbStruct.cs
- _UriTypeConverter.cs
- XmlSignatureManifest.cs
- WorkItem.cs
- ThrowHelper.cs
- Exceptions.cs
- CloudCollection.cs
- HttpRawResponse.cs
- Catch.cs
- ButtonStandardAdapter.cs
- StringUtil.cs
- TreeWalkHelper.cs
- RegistrySecurity.cs
- PeerApplication.cs
- HtmlAnchor.cs
- DesignerCatalogPartChrome.cs
- Camera.cs
- SpnegoTokenAuthenticator.cs
- XmlILIndex.cs
- LinqMaximalSubtreeNominator.cs
- Win32Exception.cs
- RelationshipNavigation.cs
- XmlElementList.cs
- CodeNamespace.cs
- AdornedElementPlaceholder.cs
- StringUtil.cs
- MemberDescriptor.cs