Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / ServiceModel / System / ServiceModel / Security / SpnegoTokenProvider.cs / 4 / SpnegoTokenProvider.cs
//------------------------------------------------------------------------------
// Copyright (c) Microsoft Corporation. All rights reserved.
//-----------------------------------------------------------------------------
namespace System.ServiceModel.Security
{
using System;
using System.Collections;
using System.Xml;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.Net;
using System.Security.Principal;
using System.IdentityModel.Claims;
using System.IdentityModel.Policy;
using System.ServiceModel;
using System.ServiceModel.Security.Tokens;
using System.Globalization;
using System.Runtime.Serialization;
using System.ServiceModel.Diagnostics;
using SafeFreeCredentials = System.IdentityModel.SafeFreeCredentials;
class SpnegoTokenProvider : SspiNegotiationTokenProvider
{
TokenImpersonationLevel allowedImpersonationLevel = TokenImpersonationLevel.Identification;
ICredentials clientCredential;
IdentityVerifier identityVerifier = IdentityVerifier.CreateDefault();
bool allowNtlm = true;
bool authenticateServer = true;
SafeFreeCredentials credentialsHandle;
bool ownCredentialsHandle = false;
public SpnegoTokenProvider(SafeFreeCredentials credentialsHandle)
: base()
{
this.credentialsHandle = credentialsHandle;
}
// settings
public IdentityVerifier IdentityVerifier
{
get
{
return this.identityVerifier;
}
set
{
this.CommunicationObject.ThrowIfDisposedOrImmutable();
this.identityVerifier = value;
}
}
public TokenImpersonationLevel AllowedImpersonationLevel
{
get
{
return this.allowedImpersonationLevel;
}
set
{
this.CommunicationObject.ThrowIfDisposedOrImmutable();
TokenImpersonationLevelHelper.Validate(value);
if (value == TokenImpersonationLevel.None)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value",
String.Format(CultureInfo.InvariantCulture, SR.GetString(SR.SpnegoImpersonationLevelCannotBeSetToNone))));
}
this.allowedImpersonationLevel = value;
}
}
public ICredentials ClientCredential
{
get
{
return this.clientCredential;
}
set
{
this.CommunicationObject.ThrowIfDisposedOrImmutable();
this.clientCredential = value;
}
}
public bool AllowNtlm
{
get
{
return this.allowNtlm;
}
set
{
this.CommunicationObject.ThrowIfDisposedOrImmutable();
this.allowNtlm = value;
}
}
public bool AuthenticateServer
{
get
{
return this.authenticateServer;
}
set
{
this.CommunicationObject.ThrowIfDisposedOrImmutable();
this.authenticateServer = value;
}
}
// overrides
public override XmlDictionaryString NegotiationValueType
{
get
{
return XD.TrustApr2004Dictionary.SpnegoValueTypeUri;
}
}
public override void OnOpening()
{
bool osIsGreaterThanXP = SecurityUtils.IsOsGreaterThanXP();
base.OnOpening();
if (this.credentialsHandle == null)
{
string packageName;
if ( !this.allowNtlm && !osIsGreaterThanXP )
{
packageName = "Kerberos";
}
else
{
packageName = "Negotiate";
}
NetworkCredential credential = null;
if (this.clientCredential != null)
{
credential = this.clientCredential.GetCredential(this.TargetAddress.Uri, packageName);
}
// if OS is less than 2k3 !NTLM is not supported, Windows SE 142400
if (!this.allowNtlm && osIsGreaterThanXP)
{
this.credentialsHandle = SecurityUtils.GetCredentialsHandle(packageName, credential, false, "!NTLM");
}
else
{
this.credentialsHandle = SecurityUtils.GetCredentialsHandle(packageName, credential, false);
}
this.ownCredentialsHandle = true;
}
}
public override void OnClose(TimeSpan timeout)
{
base.OnClose(timeout);
FreeCredentialsHandle();
}
public override void OnAbort()
{
base.OnAbort();
FreeCredentialsHandle();
}
void FreeCredentialsHandle()
{
if (this.credentialsHandle != null)
{
if (this.ownCredentialsHandle)
{
this.credentialsHandle.Close();
}
this.credentialsHandle = null;
}
}
protected override bool CreateNegotiationStateCompletesSynchronously(EndpointAddress target, Uri via)
{
return true;
}
protected override IAsyncResult BeginCreateNegotiationState(EndpointAddress target, Uri via, TimeSpan timeout, AsyncCallback callback, object state)
{
SspiNegotiationTokenProviderState sspiState = this.CreateNegotiationState(target, via, timeout);
return new TypedCompletedAsyncResult(sspiState, callback, state);
}
protected override SspiNegotiationTokenProviderState EndCreateNegotiationState(IAsyncResult result)
{
return TypedCompletedAsyncResult.End(result);
}
protected override SspiNegotiationTokenProviderState CreateNegotiationState(EndpointAddress target, Uri via, TimeSpan timeout)
{
EnsureEndpointAddressDoesNotRequireEncryption(target);
EndpointIdentity identity = null;
if (this.identityVerifier == null)
{
identity = target.Identity;
}
else
{
this.identityVerifier.TryGetIdentity(target, out identity);
}
string spn;
if (this.AuthenticateServer || !this.AllowNtlm)
{
spn = SecurityUtils.GetSpnFromIdentity(identity, target);
}
else
{
// if an SPN or UPN identity is configured (for example, in mixed mode SSPI), then
// use that identity for Negotiate
Claim identityClaim = identity.IdentityClaim;
if (identityClaim != null && (identityClaim.ClaimType == ClaimTypes.Spn || identityClaim.ClaimType == ClaimTypes.Upn))
{
spn = identityClaim.Resource.ToString();
}
else
{
spn = "host/" + target.Uri.DnsSafeHost;
}
}
string packageName;
if ( !this.allowNtlm && !SecurityUtils.IsOsGreaterThanXP() )
{
packageName = "Kerberos";
}
else
{
packageName = "Negotiate";
}
WindowsSspiNegotiation sspiNegotiation = new WindowsSspiNegotiation(packageName, this.credentialsHandle,
this.AllowedImpersonationLevel, spn, true);
return new SspiNegotiationTokenProviderState(sspiNegotiation);
}
protected override ReadOnlyCollection ValidateSspiNegotiation(ISspiNegotiation sspiNegotiation)
{
WindowsSspiNegotiation windowsNegotiation = (WindowsSspiNegotiation)sspiNegotiation;
if (windowsNegotiation.IsValidContext == false)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.InvalidSspiNegotiation)));
}
if (this.AuthenticateServer && windowsNegotiation.IsMutualAuthFlag == false)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.CannotAuthenticateServer)));
}
SecurityTraceRecordHelper.TraceClientSpnego(windowsNegotiation);
return SecurityUtils.CreatePrincipalNameAuthorizationPolicies(windowsNegotiation.ServicePrincipalName);
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- ExpressionBindingCollection.cs
- DiscoveryOperationContextExtension.cs
- ImageDrawing.cs
- OdbcConnectionHandle.cs
- BrowserCapabilitiesCompiler.cs
- BamlRecordReader.cs
- InstanceCollisionException.cs
- XmlSecureResolver.cs
- XmlDeclaration.cs
- GeneralTransform2DTo3D.cs
- XamlFilter.cs
- CodeTypeReference.cs
- QueuePathEditor.cs
- CopyAttributesAction.cs
- FactoryMaker.cs
- AttributeEmitter.cs
- AssociativeAggregationOperator.cs
- ApplicationManager.cs
- RTLAwareMessageBox.cs
- _BufferOffsetSize.cs
- ServiceContractAttribute.cs
- SqlCacheDependency.cs
- XmlDataSourceView.cs
- Vector3DKeyFrameCollection.cs
- FilterException.cs
- ReliableMessagingVersionConverter.cs
- ButtonColumn.cs
- EntityDataSourceChangedEventArgs.cs
- FileSystemWatcher.cs
- DrawItemEvent.cs
- AnnotationMap.cs
- TextRangeEditTables.cs
- CLRBindingWorker.cs
- ChannelBinding.cs
- ConnectionStringSettingsCollection.cs
- DbSetClause.cs
- MemberMaps.cs
- FlagsAttribute.cs
- CodeMemberField.cs
- StrongNameUtility.cs
- SafeLocalMemHandle.cs
- DelegatingConfigHost.cs
- Automation.cs
- DataRecordInfo.cs
- XPathMultyIterator.cs
- StringWriter.cs
- CodeTryCatchFinallyStatement.cs
- WriteTimeStream.cs
- BitmapEffectCollection.cs
- SpStreamWrapper.cs
- Asn1Utilities.cs
- TraceData.cs
- QualifiedCellIdBoolean.cs
- DataColumnMapping.cs
- GeneralTransform2DTo3DTo2D.cs
- ReadOnlyMetadataCollection.cs
- WorkerRequest.cs
- GraphicsContext.cs
- WebPartCollection.cs
- ContentDisposition.cs
- ExtractedStateEntry.cs
- ConfigXmlReader.cs
- SQLByteStorage.cs
- DataGridCellEditEndingEventArgs.cs
- METAHEADER.cs
- RootBuilder.cs
- PrePrepareMethodAttribute.cs
- HostExecutionContextManager.cs
- WindowsRichEditRange.cs
- OdbcDataAdapter.cs
- ItemsControl.cs
- ReturnValue.cs
- ContextMenuAutomationPeer.cs
- ClientSession.cs
- SafeRightsManagementHandle.cs
- RegexStringValidatorAttribute.cs
- DoubleCollectionValueSerializer.cs
- Font.cs
- DataGridViewDataConnection.cs
- X509InitiatorCertificateClientElement.cs
- CompilerInfo.cs
- OleDbWrapper.cs
- XmlSchemaAttributeGroupRef.cs
- SetStoryboardSpeedRatio.cs
- Match.cs
- PopOutPanel.cs
- HttpDictionary.cs
- RadialGradientBrush.cs
- CodeCatchClause.cs
- PrintController.cs
- RoutingUtilities.cs
- KeyValuePairs.cs
- WindowsUpDown.cs
- Package.cs
- DefaultHttpHandler.cs
- ClipboardProcessor.cs
- ZoneMembershipCondition.cs
- TextFindEngine.cs
- ImageAnimator.cs
- _LazyAsyncResult.cs