Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / ServiceModel / System / ServiceModel / Configuration / SecurityElementBase.cs / 1 / SecurityElementBase.cs
//------------------------------------------------------------------------------ // Copyright (c) Microsoft Corporation. All rights reserved. //----------------------------------------------------------------------------- namespace System.ServiceModel.Configuration { using System.ComponentModel; using System.ServiceModel.Channels; using System.Configuration; using System.Globalization; using System.Net.Security; using System.ServiceModel.Security; using System.ServiceModel.Security.Tokens; using System.Runtime.Remoting.Messaging; using System.Xml; using System.Collections.ObjectModel; using System.Collections.Generic; using System.IO; using System.IdentityModel.Tokens; public partial class SecurityElementBase : BindingElementExtensionElement { internal const AuthenticationMode defaultAuthenticationMode = AuthenticationMode.SspiNegotiated; SecurityBindingElement failedSecurityBindingElement = null; SecurityKeyType templateKeyType = IssuedSecurityTokenParameters.defaultKeyType; internal SecurityElementBase() { } internal bool HasImportFailed { get { return this.failedSecurityBindingElement != null; } } [ConfigurationProperty(ConfigurationStrings.DefaultAlgorithmSuite, DefaultValue = SecurityBindingElement.defaultAlgorithmSuiteString)] [TypeConverter(typeof(SecurityAlgorithmSuiteConverter))] public SecurityAlgorithmSuite DefaultAlgorithmSuite { get { return (SecurityAlgorithmSuite)base[ConfigurationStrings.DefaultAlgorithmSuite]; } set { base[ConfigurationStrings.DefaultAlgorithmSuite] = value; } } [ConfigurationProperty(ConfigurationStrings.AllowSerializedSigningTokenOnReply, DefaultValue = AsymmetricSecurityBindingElement.defaultAllowSerializedSigningTokenOnReply)] public bool AllowSerializedSigningTokenOnReply { get { return (bool)base[ConfigurationStrings.AllowSerializedSigningTokenOnReply]; } set { base[ConfigurationStrings.AllowSerializedSigningTokenOnReply] = value; } } [ConfigurationProperty(ConfigurationStrings.AuthenticationMode, DefaultValue = defaultAuthenticationMode)] [ServiceModelEnumValidator(typeof(AuthenticationModeHelper))] public AuthenticationMode AuthenticationMode { get { return (AuthenticationMode)base[ConfigurationStrings.AuthenticationMode]; } set { base[ConfigurationStrings.AuthenticationMode] = value; } } public override Type BindingElementType { get { return typeof(SecurityBindingElement); } } [ConfigurationProperty(ConfigurationStrings.RequireDerivedKeys, DefaultValue = SecurityTokenParameters.defaultRequireDerivedKeys)] public bool RequireDerivedKeys { get { return (bool)base[ConfigurationStrings.RequireDerivedKeys]; } set { base[ConfigurationStrings.RequireDerivedKeys] = value; } } [ConfigurationProperty(ConfigurationStrings.SecurityHeaderLayout, DefaultValue = SecurityProtocolFactory.defaultSecurityHeaderLayout)] [ServiceModelEnumValidator(typeof(SecurityHeaderLayoutHelper))] public SecurityHeaderLayout SecurityHeaderLayout { get { return (SecurityHeaderLayout)base[ConfigurationStrings.SecurityHeaderLayout]; } set { base[ConfigurationStrings.SecurityHeaderLayout] = value; } } [ConfigurationProperty(ConfigurationStrings.IncludeTimestamp, DefaultValue = SecurityBindingElement.defaultIncludeTimestamp)] public bool IncludeTimestamp { get { return (bool)base[ConfigurationStrings.IncludeTimestamp]; } set { base[ConfigurationStrings.IncludeTimestamp] = value; } } [ConfigurationProperty(ConfigurationStrings.KeyEntropyMode, DefaultValue = System.ServiceModel.Security.AcceleratedTokenProvider.defaultKeyEntropyMode)] [ServiceModelEnumValidator(typeof(SecurityKeyEntropyModeHelper))] public SecurityKeyEntropyMode KeyEntropyMode { get { return (SecurityKeyEntropyMode)base[ConfigurationStrings.KeyEntropyMode]; } set { base[ConfigurationStrings.KeyEntropyMode] = value; } } [ConfigurationProperty(ConfigurationStrings.IssuedTokenParameters)] public IssuedTokenParametersElement IssuedTokenParameters { get { return (IssuedTokenParametersElement)base[ConfigurationStrings.IssuedTokenParameters]; } } [ConfigurationProperty(ConfigurationStrings.LocalClientSettings)] public LocalClientSecuritySettingsElement LocalClientSettings { get { return (LocalClientSecuritySettingsElement)base[ConfigurationStrings.LocalClientSettings]; } } [ConfigurationProperty(ConfigurationStrings.LocalServiceSettings)] public LocalServiceSecuritySettingsElement LocalServiceSettings { get { return (LocalServiceSecuritySettingsElement)base[ConfigurationStrings.LocalServiceSettings]; } } [ConfigurationProperty(ConfigurationStrings.MessageProtectionOrder, DefaultValue = SecurityBindingElement.defaultMessageProtectionOrder)] [ServiceModelEnumValidator(typeof(MessageProtectionOrderHelper))] public MessageProtectionOrder MessageProtectionOrder { get { return (MessageProtectionOrder)base[ConfigurationStrings.MessageProtectionOrder]; } set { base[ConfigurationStrings.MessageProtectionOrder] = value; } } [ConfigurationProperty(ConfigurationStrings.MessageSecurityVersion, DefaultValue = ConfigurationStrings.Default)] [TypeConverter(typeof(MessageSecurityVersionConverter))] public MessageSecurityVersion MessageSecurityVersion { get { return (MessageSecurityVersion)base[ConfigurationStrings.MessageSecurityVersion]; } set { base[ConfigurationStrings.MessageSecurityVersion] = value; } } [ConfigurationProperty(ConfigurationStrings.RequireSecurityContextCancellation, DefaultValue = SecureConversationSecurityTokenParameters.defaultRequireCancellation)] public bool RequireSecurityContextCancellation { get { return (bool)base[ConfigurationStrings.RequireSecurityContextCancellation]; } set { base[ConfigurationStrings.RequireSecurityContextCancellation] = value; } } [ConfigurationProperty(ConfigurationStrings.RequireSignatureConfirmation, DefaultValue = SecurityBindingElement.defaultRequireSignatureConfirmation)] public bool RequireSignatureConfirmation { get { return (bool)base[ConfigurationStrings.RequireSignatureConfirmation]; } set { base[ConfigurationStrings.RequireSignatureConfirmation] = value; } } public override void ApplyConfiguration(BindingElement bindingElement) { base.ApplyConfiguration(bindingElement); SecurityBindingElement sbe = (SecurityBindingElement)bindingElement; #pragma warning disable 56506 //[....]; base.CopyFrom() checks for 'from' being null if (PropertyValueOrigin.Default != this.ElementInformation.Properties[ConfigurationStrings.DefaultAlgorithmSuite].ValueOrigin) sbe.DefaultAlgorithmSuite = this.DefaultAlgorithmSuite; if (PropertyValueOrigin.Default != this.ElementInformation.Properties[ConfigurationStrings.IncludeTimestamp].ValueOrigin) sbe.IncludeTimestamp = this.IncludeTimestamp; if (PropertyValueOrigin.Default != this.ElementInformation.Properties[ConfigurationStrings.MessageSecurityVersion].ValueOrigin) sbe.MessageSecurityVersion = this.MessageSecurityVersion; if (PropertyValueOrigin.Default != this.ElementInformation.Properties[ConfigurationStrings.KeyEntropyMode].ValueOrigin) sbe.KeyEntropyMode = this.KeyEntropyMode; if (PropertyValueOrigin.Default != this.ElementInformation.Properties[ConfigurationStrings.SecurityHeaderLayout].ValueOrigin) sbe.SecurityHeaderLayout = this.SecurityHeaderLayout; if (PropertyValueOrigin.Default != this.ElementInformation.Properties[ConfigurationStrings.RequireDerivedKeys].ValueOrigin) sbe.SetKeyDerivation(this.RequireDerivedKeys); #pragma warning restore SymmetricSecurityBindingElement ssbe = sbe as SymmetricSecurityBindingElement; if (ssbe != null) { if (PropertyValueOrigin.Default != this.ElementInformation.Properties[ConfigurationStrings.MessageProtectionOrder].ValueOrigin) ssbe.MessageProtectionOrder = this.MessageProtectionOrder; if (PropertyValueOrigin.Default != this.ElementInformation.Properties[ConfigurationStrings.RequireSignatureConfirmation].ValueOrigin) ssbe.RequireSignatureConfirmation = this.RequireSignatureConfirmation; } AsymmetricSecurityBindingElement asbe = sbe as AsymmetricSecurityBindingElement; if (asbe != null) { if (PropertyValueOrigin.Default != this.ElementInformation.Properties[ConfigurationStrings.MessageProtectionOrder].ValueOrigin) asbe.MessageProtectionOrder = this.MessageProtectionOrder; if (PropertyValueOrigin.Default != this.ElementInformation.Properties[ConfigurationStrings.RequireSignatureConfirmation].ValueOrigin) asbe.RequireSignatureConfirmation = this.RequireSignatureConfirmation; if (PropertyValueOrigin.Default != this.ElementInformation.Properties[ConfigurationStrings.AllowSerializedSigningTokenOnReply].ValueOrigin) asbe.AllowSerializedSigningTokenOnReply = this.AllowSerializedSigningTokenOnReply; } if (PropertyValueOrigin.Default != this.ElementInformation.Properties[ConfigurationStrings.LocalClientSettings].ValueOrigin) { this.LocalClientSettings.ApplyConfiguration(sbe.LocalClientSettings); } if (PropertyValueOrigin.Default != this.ElementInformation.Properties[ConfigurationStrings.LocalServiceSettings].ValueOrigin) { this.LocalServiceSettings.ApplyConfiguration(sbe.LocalServiceSettings); } } public override void CopyFrom(ServiceModelExtensionElement from) { base.CopyFrom(from); SecurityElementBase source = (SecurityElementBase)from; if (PropertyValueOrigin.Default != source.ElementInformation.Properties[ConfigurationStrings.AllowSerializedSigningTokenOnReply].ValueOrigin) this.AllowSerializedSigningTokenOnReply = source.AllowSerializedSigningTokenOnReply; if (PropertyValueOrigin.Default != source.ElementInformation.Properties[ConfigurationStrings.DefaultAlgorithmSuite].ValueOrigin) this.DefaultAlgorithmSuite = source.DefaultAlgorithmSuite; if (PropertyValueOrigin.Default != source.ElementInformation.Properties[ConfigurationStrings.RequireDerivedKeys].ValueOrigin) this.RequireDerivedKeys = source.RequireDerivedKeys; if (PropertyValueOrigin.Default != source.ElementInformation.Properties[ConfigurationStrings.IncludeTimestamp].ValueOrigin) this.IncludeTimestamp = source.IncludeTimestamp; if (PropertyValueOrigin.Default != source.ElementInformation.Properties[ConfigurationStrings.IssuedTokenParameters].ValueOrigin) this.IssuedTokenParameters.Copy(source.IssuedTokenParameters); if (PropertyValueOrigin.Default != source.ElementInformation.Properties[ConfigurationStrings.MessageProtectionOrder].ValueOrigin) this.MessageProtectionOrder = source.MessageProtectionOrder; if (PropertyValueOrigin.Default != source.ElementInformation.Properties[ConfigurationStrings.MessageSecurityVersion].ValueOrigin) this.MessageSecurityVersion = source.MessageSecurityVersion; if (PropertyValueOrigin.Default != source.ElementInformation.Properties[ConfigurationStrings.RequireSignatureConfirmation].ValueOrigin) this.RequireSignatureConfirmation = source.RequireSignatureConfirmation; if (PropertyValueOrigin.Default != source.ElementInformation.Properties[ConfigurationStrings.RequireSecurityContextCancellation].ValueOrigin) this.RequireSecurityContextCancellation = source.RequireSecurityContextCancellation; if (PropertyValueOrigin.Default != source.ElementInformation.Properties[ConfigurationStrings.KeyEntropyMode].ValueOrigin) this.KeyEntropyMode = source.KeyEntropyMode; if (PropertyValueOrigin.Default != source.ElementInformation.Properties[ConfigurationStrings.SecurityHeaderLayout].ValueOrigin) this.SecurityHeaderLayout = source.SecurityHeaderLayout; if (PropertyValueOrigin.Default != source.ElementInformation.Properties[ConfigurationStrings.LocalClientSettings].ValueOrigin) this.LocalClientSettings.CopyFrom(source.LocalClientSettings); if (PropertyValueOrigin.Default != source.ElementInformation.Properties[ConfigurationStrings.LocalServiceSettings].ValueOrigin) this.LocalServiceSettings.CopyFrom(source.LocalServiceSettings); if (source is SecurityElementBase) this.failedSecurityBindingElement = ((SecurityElementBase)source).failedSecurityBindingElement; } protected internal override BindingElement CreateBindingElement() { return this.CreateBindingElement(false); } protected internal virtual BindingElement CreateBindingElement(bool createTemplateOnly) { SecurityBindingElement result; switch (this.AuthenticationMode) { case AuthenticationMode.AnonymousForCertificate: result = SecurityBindingElement.CreateAnonymousForCertificateBindingElement(); break; case AuthenticationMode.AnonymousForSslNegotiated: result = SecurityBindingElement.CreateSslNegotiationBindingElement(false, this.RequireSecurityContextCancellation); break; case AuthenticationMode.CertificateOverTransport: result = SecurityBindingElement.CreateCertificateOverTransportBindingElement(this.MessageSecurityVersion); break; case AuthenticationMode.IssuedToken: result = SecurityBindingElement.CreateIssuedTokenBindingElement(this.IssuedTokenParameters.Create(createTemplateOnly, this.templateKeyType)); break; case AuthenticationMode.IssuedTokenForCertificate: result = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(this.IssuedTokenParameters.Create(createTemplateOnly, this.templateKeyType)); break; case AuthenticationMode.IssuedTokenForSslNegotiated: result = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(this.IssuedTokenParameters.Create(createTemplateOnly, this.templateKeyType), this.RequireSecurityContextCancellation); break; case AuthenticationMode.IssuedTokenOverTransport: result = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(this.IssuedTokenParameters.Create(createTemplateOnly, this.templateKeyType)); break; case AuthenticationMode.Kerberos: result = SecurityBindingElement.CreateKerberosBindingElement(); break; case AuthenticationMode.KerberosOverTransport: result = SecurityBindingElement.CreateKerberosOverTransportBindingElement(); break; case AuthenticationMode.MutualCertificateDuplex: result = SecurityBindingElement.CreateMutualCertificateDuplexBindingElement(this.MessageSecurityVersion); break; case AuthenticationMode.MutualCertificate: result = SecurityBindingElement.CreateMutualCertificateBindingElement(this.MessageSecurityVersion); break; case AuthenticationMode.MutualSslNegotiated: result = SecurityBindingElement.CreateSslNegotiationBindingElement(true, this.RequireSecurityContextCancellation); break; case AuthenticationMode.SspiNegotiated: result = SecurityBindingElement.CreateSspiNegotiationBindingElement(this.RequireSecurityContextCancellation); break; case AuthenticationMode.UserNameForCertificate: result = SecurityBindingElement.CreateUserNameForCertificateBindingElement(); break; case AuthenticationMode.UserNameForSslNegotiated: result = SecurityBindingElement.CreateUserNameForSslBindingElement(this.RequireSecurityContextCancellation); break; case AuthenticationMode.UserNameOverTransport: result = SecurityBindingElement.CreateUserNameOverTransportBindingElement(); break; case AuthenticationMode.SspiNegotiatedOverTransport: result = SecurityBindingElement.CreateSspiNegotiationOverTransportBindingElement(this.RequireSecurityContextCancellation); break; default: throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidEnumArgumentException("AuthenticationMode", (int)this.AuthenticationMode, typeof(AuthenticationMode))); } this.ApplyConfiguration(result); return result; } protected void AddBindingTemplate(DictionarybindingTemplates, AuthenticationMode mode) { this.AuthenticationMode = mode; try { bindingTemplates[mode] = (SecurityBindingElement)this.CreateBindingElement(true); } #pragma warning suppress 56500 // covered by FxCOP catch (Exception e) { if (DiagnosticUtility.IsFatal(e)) { throw; } } } static bool AreTokenParametersMatching(SecurityTokenParameters p1, SecurityTokenParameters p2, bool skipRequireDerivedKeysComparison, bool exactMessageSecurityVersion) { if (p1 == null || p2 == null) return false; if (p1.GetType() != p2.GetType()) return false; if (p1.InclusionMode != p2.InclusionMode) return false; if (skipRequireDerivedKeysComparison == false && p1.RequireDerivedKeys != p2.RequireDerivedKeys) return false; if (p1.ReferenceStyle != p2.ReferenceStyle) return false; // mutual ssl and anonymous ssl differ in the client cert requirement if (p1 is SslSecurityTokenParameters) { if (((SslSecurityTokenParameters)p1).RequireClientCertificate != ((SslSecurityTokenParameters)p2).RequireClientCertificate) return false; } else if (p1 is SecureConversationSecurityTokenParameters) { SecureConversationSecurityTokenParameters sc1 = (SecureConversationSecurityTokenParameters)p1; SecureConversationSecurityTokenParameters sc2 = (SecureConversationSecurityTokenParameters)p2; if (sc1.RequireCancellation != sc2.RequireCancellation) return false; if (!AreBindingsMatching(sc1.BootstrapSecurityBindingElement, sc2.BootstrapSecurityBindingElement, exactMessageSecurityVersion)) return false; } else if (p1 is IssuedSecurityTokenParameters) { if (((IssuedSecurityTokenParameters)p1).KeyType != ((IssuedSecurityTokenParameters)p2).KeyType) return false; } return true; } static bool AreTokenParameterCollectionsMatching(Collection c1, Collection c2, bool exactMessageSecurityVersion) { if (c1.Count != c2.Count) return false; for (int i = 0; i < c1.Count; i++) if (!AreTokenParametersMatching(c1[i], c2[i], true, exactMessageSecurityVersion)) return false; return true; } internal static bool AreBindingsMatching(SecurityBindingElement b1, SecurityBindingElement b2) { return AreBindingsMatching(b1, b2, true); } internal static bool AreBindingsMatching(SecurityBindingElement b1, SecurityBindingElement b2, bool exactMessageSecurityVersion) { if (b1 == null || b2 == null) return b1 == b2; if (b1.GetType() != b2.GetType()) return false; if (b1.MessageSecurityVersion != b2.MessageSecurityVersion) { // exactMessageSecurityVersion meant that BSP mismatch could be ignored if (exactMessageSecurityVersion) return false; if (b1.MessageSecurityVersion.SecurityVersion != b2.MessageSecurityVersion.SecurityVersion || b1.MessageSecurityVersion.TrustVersion != b2.MessageSecurityVersion.TrustVersion || b1.MessageSecurityVersion.SecureConversationVersion != b2.MessageSecurityVersion.SecureConversationVersion || b1.MessageSecurityVersion.SecurityPolicyVersion != b2.MessageSecurityVersion.SecurityPolicyVersion) { return false; } } if (b1.SecurityHeaderLayout != b2.SecurityHeaderLayout) return false; if (b1.DefaultAlgorithmSuite != b2.DefaultAlgorithmSuite) return false; if (b1.IncludeTimestamp != b2.IncludeTimestamp) return false; if (b1.SecurityHeaderLayout != b2.SecurityHeaderLayout) return false; if (b1.KeyEntropyMode != b2.KeyEntropyMode) return false; if (!AreTokenParameterCollectionsMatching(b1.EndpointSupportingTokenParameters.Endorsing, b2.EndpointSupportingTokenParameters.Endorsing, exactMessageSecurityVersion)) return false; if (!AreTokenParameterCollectionsMatching(b1.EndpointSupportingTokenParameters.SignedEncrypted, b2.EndpointSupportingTokenParameters.SignedEncrypted, exactMessageSecurityVersion)) return false; if (!AreTokenParameterCollectionsMatching(b1.EndpointSupportingTokenParameters.Signed, b2.EndpointSupportingTokenParameters.Signed, exactMessageSecurityVersion)) return false; if (!AreTokenParameterCollectionsMatching(b1.EndpointSupportingTokenParameters.SignedEndorsing, b2.EndpointSupportingTokenParameters.SignedEndorsing, exactMessageSecurityVersion)) return false; if (b1.OperationSupportingTokenParameters.Count != b2.OperationSupportingTokenParameters.Count) return false; foreach (KeyValuePair operation1 in b1.OperationSupportingTokenParameters) { if (!b2.OperationSupportingTokenParameters.ContainsKey(operation1.Key)) return false; SupportingTokenParameters stp2 = b2.OperationSupportingTokenParameters[operation1.Key]; if (!AreTokenParameterCollectionsMatching(operation1.Value.Endorsing, stp2.Endorsing, exactMessageSecurityVersion)) return false; if (!AreTokenParameterCollectionsMatching(operation1.Value.SignedEncrypted, stp2.SignedEncrypted, exactMessageSecurityVersion)) return false; if (!AreTokenParameterCollectionsMatching(operation1.Value.Signed, stp2.Signed, exactMessageSecurityVersion)) return false; if (!AreTokenParameterCollectionsMatching(operation1.Value.SignedEndorsing, stp2.SignedEndorsing, exactMessageSecurityVersion)) return false; } SymmetricSecurityBindingElement ssbe1 = b1 as SymmetricSecurityBindingElement; if (ssbe1 != null) { SymmetricSecurityBindingElement ssbe2 = (SymmetricSecurityBindingElement)b2; if (ssbe1.MessageProtectionOrder != ssbe2.MessageProtectionOrder) return false; if (!AreTokenParametersMatching(ssbe1.ProtectionTokenParameters, ssbe2.ProtectionTokenParameters, false, exactMessageSecurityVersion)) return false; } AsymmetricSecurityBindingElement asbe1 = b1 as AsymmetricSecurityBindingElement; if (asbe1 != null) { AsymmetricSecurityBindingElement asbe2 = (AsymmetricSecurityBindingElement)b2; if (asbe1.MessageProtectionOrder != asbe2.MessageProtectionOrder) return false; if (asbe1.RequireSignatureConfirmation != asbe2.RequireSignatureConfirmation) return false; if (!AreTokenParametersMatching(asbe1.InitiatorTokenParameters, asbe2.InitiatorTokenParameters, true, exactMessageSecurityVersion) || !AreTokenParametersMatching(asbe1.RecipientTokenParameters, asbe2.RecipientTokenParameters, true, exactMessageSecurityVersion)) return false; } return true; } protected virtual void AddBindingTemplates(Dictionary bindingTemplates) { AddBindingTemplate(bindingTemplates, AuthenticationMode.AnonymousForCertificate); AddBindingTemplate(bindingTemplates, AuthenticationMode.AnonymousForSslNegotiated); AddBindingTemplate(bindingTemplates, AuthenticationMode.CertificateOverTransport); if (this.templateKeyType == SecurityKeyType.SymmetricKey) { AddBindingTemplate(bindingTemplates, AuthenticationMode.IssuedToken); } AddBindingTemplate(bindingTemplates, AuthenticationMode.IssuedTokenForCertificate); AddBindingTemplate(bindingTemplates, AuthenticationMode.IssuedTokenForSslNegotiated); AddBindingTemplate(bindingTemplates, AuthenticationMode.IssuedTokenOverTransport); AddBindingTemplate(bindingTemplates, AuthenticationMode.Kerberos); AddBindingTemplate(bindingTemplates, AuthenticationMode.KerberosOverTransport); AddBindingTemplate(bindingTemplates, AuthenticationMode.MutualCertificate); AddBindingTemplate(bindingTemplates, AuthenticationMode.MutualCertificateDuplex); AddBindingTemplate(bindingTemplates, AuthenticationMode.MutualSslNegotiated); AddBindingTemplate(bindingTemplates, AuthenticationMode.SspiNegotiated); AddBindingTemplate(bindingTemplates, AuthenticationMode.UserNameForCertificate); AddBindingTemplate(bindingTemplates, AuthenticationMode.UserNameForSslNegotiated); AddBindingTemplate(bindingTemplates, AuthenticationMode.UserNameOverTransport); AddBindingTemplate(bindingTemplates, AuthenticationMode.SspiNegotiatedOverTransport); } bool TryInitializeAuthenticationMode(SecurityBindingElement sbe) { bool result; if (sbe.OperationSupportingTokenParameters.Count > 0) result = false; else { SetIssuedTokenKeyType(sbe); Dictionary bindingTemplates = new Dictionary (); this.AddBindingTemplates(bindingTemplates); result = false; foreach (AuthenticationMode mode in bindingTemplates.Keys) { SecurityBindingElement candidate = bindingTemplates[mode]; if (AreBindingsMatching(sbe, candidate)) { this.AuthenticationMode = mode; result = true; break; } } } return result; } void SetIssuedTokenKeyType(SecurityBindingElement sbe) { // Set the keyType for building the template for IssuedToken binding. // The reason is the different supporting token is defined depending on keyType. if (sbe.EndpointSupportingTokenParameters.Endorsing.Count > 0 && sbe.EndpointSupportingTokenParameters.Endorsing[0] is IssuedSecurityTokenParameters) { this.templateKeyType = ((IssuedSecurityTokenParameters)sbe.EndpointSupportingTokenParameters.Endorsing[0]).KeyType; } else if (sbe.EndpointSupportingTokenParameters.Signed.Count > 0 && sbe.EndpointSupportingTokenParameters.Signed[0] is IssuedSecurityTokenParameters) { this.templateKeyType = ((IssuedSecurityTokenParameters)sbe.EndpointSupportingTokenParameters.Signed[0]).KeyType; } else if (sbe.EndpointSupportingTokenParameters.SignedEncrypted.Count > 0 && sbe.EndpointSupportingTokenParameters.SignedEncrypted[0] is IssuedSecurityTokenParameters) { this.templateKeyType = ((IssuedSecurityTokenParameters)sbe.EndpointSupportingTokenParameters.SignedEncrypted[0]).KeyType; } else { this.templateKeyType = IssuedSecurityTokenParameters.defaultKeyType; } } protected virtual void InitializeNestedTokenParameterSettings(SecurityTokenParameters sp, bool initializeNestedBindings) { if (sp is SspiSecurityTokenParameters) this.RequireSecurityContextCancellation = ((SspiSecurityTokenParameters)sp).RequireCancellation; else if (sp is SslSecurityTokenParameters) this.RequireSecurityContextCancellation = ((SslSecurityTokenParameters)sp).RequireCancellation; else if (sp is IssuedSecurityTokenParameters) this.IssuedTokenParameters.InitializeFrom((IssuedSecurityTokenParameters)sp, initializeNestedBindings); } internal void InitializeFrom(BindingElement bindingElement, bool initializeNestedBindings) { if (bindingElement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("bindingElement"); } SecurityBindingElement sbe = (SecurityBindingElement)bindingElement; this.DefaultAlgorithmSuite = sbe.DefaultAlgorithmSuite; this.IncludeTimestamp = sbe.IncludeTimestamp; this.MessageSecurityVersion = sbe.MessageSecurityVersion; this.KeyEntropyMode = sbe.KeyEntropyMode; this.SecurityHeaderLayout = sbe.SecurityHeaderLayout; Nullable requireDerivedKeys = new Nullable (); if (sbe.EndpointSupportingTokenParameters.Endorsing.Count == 1) { this.InitializeNestedTokenParameterSettings(sbe.EndpointSupportingTokenParameters.Endorsing[0], initializeNestedBindings); } else if (sbe.EndpointSupportingTokenParameters.SignedEncrypted.Count == 1) { this.InitializeNestedTokenParameterSettings(sbe.EndpointSupportingTokenParameters.SignedEncrypted[0], initializeNestedBindings); } else if (sbe.EndpointSupportingTokenParameters.Signed.Count == 1) { this.InitializeNestedTokenParameterSettings(sbe.EndpointSupportingTokenParameters.Signed[0], initializeNestedBindings); } bool initializationFailure = false; foreach (SecurityTokenParameters t in sbe.EndpointSupportingTokenParameters.Endorsing) { if (t.HasAsymmetricKey == false) { if (requireDerivedKeys.HasValue && requireDerivedKeys.Value != t.RequireDerivedKeys) initializationFailure = true; else requireDerivedKeys = t.RequireDerivedKeys; } } SymmetricSecurityBindingElement ssbe = sbe as SymmetricSecurityBindingElement; if (ssbe != null) { this.MessageProtectionOrder = ssbe.MessageProtectionOrder; this.RequireSignatureConfirmation = ssbe.RequireSignatureConfirmation; if (ssbe.ProtectionTokenParameters != null) { this.InitializeNestedTokenParameterSettings(ssbe.ProtectionTokenParameters, initializeNestedBindings); if (requireDerivedKeys.HasValue && requireDerivedKeys.Value != ssbe.ProtectionTokenParameters.RequireDerivedKeys) initializationFailure = true; else requireDerivedKeys = ssbe.ProtectionTokenParameters.RequireDerivedKeys; } } AsymmetricSecurityBindingElement asbe = sbe as AsymmetricSecurityBindingElement; if (asbe != null) { this.MessageProtectionOrder = asbe.MessageProtectionOrder; this.RequireSignatureConfirmation = asbe.RequireSignatureConfirmation; if (asbe.InitiatorTokenParameters != null) { this.InitializeNestedTokenParameterSettings(asbe.InitiatorTokenParameters, initializeNestedBindings); // // Copy the derived key token bool flag from the token parameters. The token parameter was set from // importing WSDL during SecurityBindingElementImporter.ImportPolicy time // if (requireDerivedKeys.HasValue && requireDerivedKeys.Value != asbe.InitiatorTokenParameters.RequireDerivedKeys) initializationFailure = true; else requireDerivedKeys = asbe.InitiatorTokenParameters.RequireDerivedKeys; } } this.RequireDerivedKeys = requireDerivedKeys.GetValueOrDefault(SecurityTokenParameters.defaultRequireDerivedKeys); this.LocalClientSettings.InitializeFrom(sbe.LocalClientSettings); this.LocalServiceSettings.InitializeFrom(sbe.LocalServiceSettings); if (!initializationFailure) initializationFailure = !this.TryInitializeAuthenticationMode(sbe); if (initializationFailure) this.failedSecurityBindingElement = sbe; } protected internal override void InitializeFrom(BindingElement bindingElement) { this.InitializeFrom(bindingElement, true); } protected override bool SerializeToXmlElement(XmlWriter writer, String elementName) { bool result; if (this.failedSecurityBindingElement != null && writer != null) { writer.WriteComment(SR.GetString(SR.ConfigurationSchemaInsuffientForSecurityBindingElementInstance)); writer.WriteComment(this.failedSecurityBindingElement.ToString()); result = true; } else { result = base.SerializeToXmlElement(writer, elementName); } return result; } protected override void Unmerge(ConfigurationElement sourceElement, ConfigurationElement parentElement, ConfigurationSaveMode saveMode) { if (sourceElement is SecurityElementBase) this.failedSecurityBindingElement = ((SecurityElementBase)sourceElement).failedSecurityBindingElement; base.Unmerge(sourceElement, parentElement, saveMode); } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu

This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- XmlWriterTraceListener.cs
- IODescriptionAttribute.cs
- ClientType.cs
- WmpBitmapEncoder.cs
- ScrollChangedEventArgs.cs
- CompiledQueryCacheKey.cs
- LabelEditEvent.cs
- KeyGestureValueSerializer.cs
- HtmlUtf8RawTextWriter.cs
- CfgParser.cs
- CodeMethodReturnStatement.cs
- LowerCaseStringConverter.cs
- SqlFunctionAttribute.cs
- ColorDialog.cs
- regiisutil.cs
- CompositeScriptReferenceEventArgs.cs
- SHA1Managed.cs
- StringValidatorAttribute.cs
- DayRenderEvent.cs
- SQLBytesStorage.cs
- VideoDrawing.cs
- VariantWrapper.cs
- ProfilePropertyNameValidator.cs
- Tool.cs
- XmlSchemaAttributeGroup.cs
- UInt64Converter.cs
- XPathChildIterator.cs
- URLIdentityPermission.cs
- SizeAnimationClockResource.cs
- StickyNote.cs
- DbDataRecord.cs
- WCFModelStrings.Designer.cs
- ConfigurationManagerInternalFactory.cs
- KnownBoxes.cs
- ToolStripPanelCell.cs
- ServicePoint.cs
- ExpressionBuilder.cs
- X509CertificateInitiatorClientCredential.cs
- ValueQuery.cs
- CheckStoreFileValidityRequest.cs
- RepeatButtonAutomationPeer.cs
- DynamicActionMessageFilter.cs
- XmlSchemaSimpleTypeRestriction.cs
- Matrix3D.cs
- MeshGeometry3D.cs
- SplineQuaternionKeyFrame.cs
- AddressingVersion.cs
- ReadOnlyDataSourceView.cs
- ServiceOperationParameter.cs
- TraceData.cs
- CorrelationTokenTypeConvertor.cs
- ContentControl.cs
- PropertyInfoSet.cs
- CacheModeConverter.cs
- StyleCollection.cs
- DuplexChannel.cs
- SqlTypeConverter.cs
- EventLogTraceListener.cs
- securitycriticaldataClass.cs
- HttpApplicationStateWrapper.cs
- CalendarModeChangedEventArgs.cs
- Suspend.cs
- ImplicitInputBrush.cs
- PolyQuadraticBezierSegmentFigureLogic.cs
- EditingMode.cs
- XslException.cs
- XmlUtf8RawTextWriter.cs
- Stopwatch.cs
- CheckBoxList.cs
- FocusManager.cs
- DataTableNameHandler.cs
- PropagationProtocolsTracing.cs
- TimeSpanOrInfiniteConverter.cs
- SqlWebEventProvider.cs
- CompositeFontParser.cs
- ToolStripManager.cs
- DynamicExpression.cs
- EventPropertyMap.cs
- RangeValuePatternIdentifiers.cs
- Property.cs
- ObjectHandle.cs
- WebConfigurationHostFileChange.cs
- Bezier.cs
- XmlWrappingReader.cs
- Pair.cs
- AttributeXamlType.cs
- PageParserFilter.cs
- ImageList.cs
- ToolStripContentPanel.cs
- ContentType.cs
- CellIdBoolean.cs
- DesignTimeResourceProviderFactoryAttribute.cs
- IISUnsafeMethods.cs
- PingOptions.cs
- DesignTimeParseData.cs
- AdapterUtil.cs
- shaperfactory.cs
- OdbcUtils.cs
- EventMappingSettings.cs
- RegistryDataKey.cs