Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / ServiceModel / System / ServiceModel / MessageSecurityOverHttp.cs / 1 / MessageSecurityOverHttp.cs
//------------------------------------------------------------ // Copyright (c) Microsoft Corporation. All rights reserved. //----------------------------------------------------------- namespace System.ServiceModel { using System.Net.Security; using System.ServiceModel.Channels; using System.ServiceModel.Security; using System.ServiceModel.Security.Tokens; using System.Runtime.CompilerServices; public class MessageSecurityOverHttp { internal const MessageCredentialType DefaultClientCredentialType = MessageCredentialType.Windows; internal const bool DefaultNegotiateServiceCredential = true; MessageCredentialType clientCredentialType; bool negotiateServiceCredential; SecurityAlgorithmSuite algorithmSuite; bool wasAlgorithmSuiteSet; internal MessageSecurityOverHttp() { clientCredentialType = DefaultClientCredentialType; negotiateServiceCredential = DefaultNegotiateServiceCredential; algorithmSuite = SecurityAlgorithmSuite.Default; } public MessageCredentialType ClientCredentialType { get { return this.clientCredentialType; } set { if (!MessageCredentialTypeHelper.IsDefined(value)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value")); } this.clientCredentialType = value; } } public bool NegotiateServiceCredential { get { return this.negotiateServiceCredential; } set { this.negotiateServiceCredential = value; } } public SecurityAlgorithmSuite AlgorithmSuite { get { return this.algorithmSuite; } set { if (value == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value"); } this.algorithmSuite = value; wasAlgorithmSuiteSet = true; } } internal bool WasAlgorithmSuiteSet { get { return this.wasAlgorithmSuiteSet; } } protected virtual bool IsSecureConversationEnabled() { return true; } [MethodImpl(MethodImplOptions.NoInlining)] internal SecurityBindingElement CreateSecurityBindingElement(bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version) { if (isReliableSession && !this.IsSecureConversationEnabled()) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SecureConversationRequiredByReliableSession))); } SecurityBindingElement result; SecurityBindingElement oneShotSecurity; bool isKerberosSelected = false; bool emitBspAttributes = true; if (isSecureTransportMode) { switch (this.clientCredentialType) { case MessageCredentialType.None: throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ClientCredentialTypeMustBeSpecifiedForMixedMode))); case MessageCredentialType.UserName: oneShotSecurity = SecurityBindingElement.CreateUserNameOverTransportBindingElement(); break; case MessageCredentialType.Certificate: oneShotSecurity = SecurityBindingElement.CreateCertificateOverTransportBindingElement(); break; case MessageCredentialType.Windows: oneShotSecurity = SecurityBindingElement.CreateSspiNegotiationOverTransportBindingElement(true); break; case MessageCredentialType.IssuedToken: oneShotSecurity = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(new WSSecurityTokenSerializer(emitBspAttributes)), this.algorithmSuite)); break; default: DiagnosticUtility.DebugAssert("unknown ClientCredentialType"); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException()); } if (this.IsSecureConversationEnabled()) { result = SecurityBindingElement.CreateSecureConversationBindingElement(oneShotSecurity, true); } else { result = oneShotSecurity; } } else { if (negotiateServiceCredential) { switch (this.clientCredentialType) { case MessageCredentialType.None: oneShotSecurity = SecurityBindingElement.CreateSslNegotiationBindingElement(false, true); break; case MessageCredentialType.UserName: oneShotSecurity = SecurityBindingElement.CreateUserNameForSslBindingElement(true); break; case MessageCredentialType.Certificate: oneShotSecurity = SecurityBindingElement.CreateSslNegotiationBindingElement(true, true); break; case MessageCredentialType.Windows: oneShotSecurity = SecurityBindingElement.CreateSspiNegotiationBindingElement(true); break; case MessageCredentialType.IssuedToken: oneShotSecurity = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(new WSSecurityTokenSerializer(emitBspAttributes)), this.algorithmSuite), true); break; default: DiagnosticUtility.DebugAssert("unknown ClientCredentialType"); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException()); } } else { switch (this.clientCredentialType) { case MessageCredentialType.None: oneShotSecurity = SecurityBindingElement.CreateAnonymousForCertificateBindingElement(); break; case MessageCredentialType.UserName: oneShotSecurity = SecurityBindingElement.CreateUserNameForCertificateBindingElement(); break; case MessageCredentialType.Certificate: oneShotSecurity = SecurityBindingElement.CreateMutualCertificateBindingElement(); break; case MessageCredentialType.Windows: oneShotSecurity = SecurityBindingElement.CreateKerberosBindingElement(); isKerberosSelected = true; break; case MessageCredentialType.IssuedToken: oneShotSecurity = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(new WSSecurityTokenSerializer(emitBspAttributes)), this.algorithmSuite)); break; default: DiagnosticUtility.DebugAssert("unknown ClientCredentialType"); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException()); } } if (this.IsSecureConversationEnabled()) { result = SecurityBindingElement.CreateSecureConversationBindingElement(oneShotSecurity, true); } else { result = oneShotSecurity; } } // set the algorithm suite and issued token params if required if (wasAlgorithmSuiteSet || (!isKerberosSelected)) { result.DefaultAlgorithmSuite = oneShotSecurity.DefaultAlgorithmSuite = this.AlgorithmSuite; } else if (isKerberosSelected) { result.DefaultAlgorithmSuite = oneShotSecurity.DefaultAlgorithmSuite = SecurityAlgorithmSuite.KerberosDefault; } result.IncludeTimestamp = true; oneShotSecurity.MessageSecurityVersion = version; result.MessageSecurityVersion = version; if (!isReliableSession) { result.LocalServiceSettings.ReconnectTransportOnFailure = false; result.LocalClientSettings.ReconnectTransportOnFailure = false; } else { result.LocalServiceSettings.ReconnectTransportOnFailure = true; result.LocalClientSettings.ReconnectTransportOnFailure = true; } if (this.IsSecureConversationEnabled()) { // issue the transition SCT for a short duration only oneShotSecurity.LocalServiceSettings.IssuedCookieLifetime = SpnegoTokenAuthenticator.defaultServerIssuedTransitionTokenLifetime; } return result; } internal static bool TryCreate(SecurityBindingElement sbe, bool isSecureTransportMode, bool isReliableSession, out TSecurity messageSecurity) where TSecurity : MessageSecurityOverHttp { DiagnosticUtility.DebugAssert(null != sbe, string.Empty); messageSecurity = null; // do not check local settings: sbe.LocalServiceSettings and sbe.LocalClientSettings if (!sbe.IncludeTimestamp) { return false; } // Do not check MessageSecurityVersion: it maybe changed by the wrapper element and gets checked later in the SecuritySection.AreBindingsMatching() if (sbe.SecurityHeaderLayout != SecurityProtocolFactory.defaultSecurityHeaderLayout) { return false; } bool negotiateServiceCredential = DefaultNegotiateServiceCredential; MessageCredentialType clientCredentialType; SecurityAlgorithmSuite algorithmSuite = SecurityAlgorithmSuite.Default; bool isSecureConversation; SecurityBindingElement bootstrapSecurity; if (!SecurityBindingElement.IsSecureConversationBinding(sbe, true, out bootstrapSecurity)) { isSecureConversation = false; bootstrapSecurity = sbe; } else { isSecureConversation = true; } if (!isSecureConversation && typeof(TSecurity).Equals(typeof(MessageSecurityOverHttp))) { return false; } if (!isSecureConversation && isReliableSession) { return false; } if (isSecureTransportMode && !(bootstrapSecurity is TransportSecurityBindingElement)) { return false; } IssuedSecurityTokenParameters infocardParameters; if (isSecureTransportMode) { if (SecurityBindingElement.IsUserNameOverTransportBinding(bootstrapSecurity)) { clientCredentialType = MessageCredentialType.UserName; } else if (SecurityBindingElement.IsCertificateOverTransportBinding(bootstrapSecurity)) { clientCredentialType = MessageCredentialType.Certificate; } else if (SecurityBindingElement.IsSspiNegotiationOverTransportBinding(bootstrapSecurity, true)) { clientCredentialType = MessageCredentialType.Windows; } else if (SecurityBindingElement.IsIssuedTokenOverTransportBinding(bootstrapSecurity, out infocardParameters)) { if (!IssuedSecurityTokenParameters.IsInfoCardParameters(infocardParameters)) { return false; } clientCredentialType = MessageCredentialType.IssuedToken; } else { // the standard binding does not support None client credential type in mixed mode return false; } } else { if (SecurityBindingElement.IsSslNegotiationBinding(bootstrapSecurity, false, true)) { negotiateServiceCredential = true; clientCredentialType = MessageCredentialType.None; } else if (SecurityBindingElement.IsUserNameForSslBinding(bootstrapSecurity, true)) { negotiateServiceCredential = true; clientCredentialType = MessageCredentialType.UserName; } else if (SecurityBindingElement.IsSslNegotiationBinding(bootstrapSecurity, true, true)) { negotiateServiceCredential = true; clientCredentialType = MessageCredentialType.Certificate; } else if (SecurityBindingElement.IsSspiNegotiationBinding(bootstrapSecurity, true)) { negotiateServiceCredential = true; clientCredentialType = MessageCredentialType.Windows; } else if (SecurityBindingElement.IsIssuedTokenForSslBinding(bootstrapSecurity, true, out infocardParameters)) { if (!IssuedSecurityTokenParameters.IsInfoCardParameters(infocardParameters)) { return false; } negotiateServiceCredential = true; clientCredentialType = MessageCredentialType.IssuedToken; } else if (SecurityBindingElement.IsUserNameForCertificateBinding(bootstrapSecurity)) { negotiateServiceCredential = false; clientCredentialType = MessageCredentialType.UserName; } else if (SecurityBindingElement.IsMutualCertificateBinding(bootstrapSecurity)) { negotiateServiceCredential = false; clientCredentialType = MessageCredentialType.Certificate; } else if (SecurityBindingElement.IsKerberosBinding(bootstrapSecurity)) { negotiateServiceCredential = false; clientCredentialType = MessageCredentialType.Windows; } else if (SecurityBindingElement.IsIssuedTokenForCertificateBinding(bootstrapSecurity, out infocardParameters)) { if (!IssuedSecurityTokenParameters.IsInfoCardParameters(infocardParameters)) { return false; } negotiateServiceCredential = false; clientCredentialType = MessageCredentialType.IssuedToken; } else if (SecurityBindingElement.IsAnonymousForCertificateBinding(bootstrapSecurity)) { negotiateServiceCredential = false; clientCredentialType = MessageCredentialType.None; } else { return false; } } // Do not check any Local* settings // Do not check DefaultAlgorithmSuite: is it often changed after the Security element is created, it will verified by SecuritySectionBase.AreBindingsMatching(). if (typeof(NonDualMessageSecurityOverHttp).Equals(typeof(TSecurity))) { messageSecurity = (TSecurity)(object)new NonDualMessageSecurityOverHttp(); ((NonDualMessageSecurityOverHttp)(object)messageSecurity).EstablishSecurityContext = isSecureConversation; } else { messageSecurity = (TSecurity)(object)new MessageSecurityOverHttp(); } messageSecurity.ClientCredentialType = clientCredentialType; messageSecurity.NegotiateServiceCredential = negotiateServiceCredential; messageSecurity.AlgorithmSuite = sbe.DefaultAlgorithmSuite; return true; } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu

This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- BitHelper.cs
- WebPartDisplayModeEventArgs.cs
- TableRow.cs
- ClientOptions.cs
- RuntimeIdentifierPropertyAttribute.cs
- ElementNotAvailableException.cs
- CacheDependency.cs
- HttpServerVarsCollection.cs
- EntityProviderServices.cs
- PropertyKey.cs
- MessageQueueCriteria.cs
- XmlDocumentType.cs
- TypeUtils.cs
- CharKeyFrameCollection.cs
- ProfessionalColors.cs
- Material.cs
- EntityDataSourceState.cs
- KeySplineConverter.cs
- DebugView.cs
- WebBrowserDesigner.cs
- EntityTypeEmitter.cs
- ObservableCollection.cs
- SmuggledIUnknown.cs
- AnnotationAdorner.cs
- PackageDigitalSignature.cs
- CalendarDay.cs
- AmbientLight.cs
- PointLightBase.cs
- AccessKeyManager.cs
- DataPointer.cs
- SystemWebExtensionsSectionGroup.cs
- QueryUtil.cs
- CodeMethodInvokeExpression.cs
- DbTypeMap.cs
- _LazyAsyncResult.cs
- GridPattern.cs
- TemplateBindingExtension.cs
- ConnectionProviderAttribute.cs
- Stream.cs
- ModelItemCollection.cs
- DesignRelation.cs
- ResourceDescriptionAttribute.cs
- Interop.cs
- Matrix.cs
- UpdateProgress.cs
- ContextProperty.cs
- EnumValAlphaComparer.cs
- EntitySetDataBindingList.cs
- HttpResponse.cs
- TextDecorationLocationValidation.cs
- ErasingStroke.cs
- FileNotFoundException.cs
- HandleRef.cs
- ManifestResourceInfo.cs
- ScrollItemPattern.cs
- nulltextnavigator.cs
- PassportAuthenticationEventArgs.cs
- QilExpression.cs
- FrameworkContextData.cs
- ServerTooBusyException.cs
- EntityCommandCompilationException.cs
- DirectionalLight.cs
- webclient.cs
- Buffer.cs
- PkcsMisc.cs
- ReturnValue.cs
- XslTransform.cs
- RawKeyboardInputReport.cs
- MethodToken.cs
- CodePageEncoding.cs
- ProjectionPlan.cs
- BCryptHashAlgorithm.cs
- DataGridViewMethods.cs
- Quad.cs
- SafeArchiveContext.cs
- BypassElement.cs
- Cursor.cs
- TraceData.cs
- GenericTypeParameterConverter.cs
- NameNode.cs
- PerformanceCounters.cs
- DiffuseMaterial.cs
- SafeNativeMethods.cs
- DmlSqlGenerator.cs
- TabControlDesigner.cs
- StringBlob.cs
- RewritingPass.cs
- AbstractSvcMapFileLoader.cs
- SourceInterpreter.cs
- ILGenerator.cs
- HTTPNotFoundHandler.cs
- HMACSHA256.cs
- XPathNode.cs
- WinFormsSecurity.cs
- HwndSource.cs
- TreeNode.cs
- StrokeCollection.cs
- RunClient.cs
- EmptyImpersonationContext.cs
- ActivityExecutionFilter.cs