Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / ServiceModel / System / ServiceModel / Security / Tokens / WindowsUserNameCachingSecurityTokenAuthenticator.cs / 1 / WindowsUserNameCachingSecurityTokenAuthenticator.cs
//------------------------------------------------------------------------------
// Copyright (c) Microsoft Corporation. All rights reserved.
//-----------------------------------------------------------------------------
namespace System.ServiceModel.Security.Tokens
{
using System.Collections;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.IdentityModel.Policy;
using System.IdentityModel.Selectors;
using System.IdentityModel.Tokens;
using System.Security.Cryptography;
using System.Text;
public interface ILogonTokenCacheManager
{
bool RemoveCachedLogonToken(string username);
void FlushLogonTokenCache();
}
class LogonTokenCache : TimeBoundedCache
{
const int lowWaterMarkFactor = 75;
const int saltSize = 4;
TimeSpan cachedLogonTokenLifetime;
RNGCryptoServiceProvider random;
public LogonTokenCache(int maxCachedLogonTokens, TimeSpan cachedLogonTokenLifetime)
: base((maxCachedLogonTokens * lowWaterMarkFactor) / 100, maxCachedLogonTokens, StringComparer.OrdinalIgnoreCase, PurgingMode.TimerBasedPurge, TimeSpan.FromTicks(cachedLogonTokenLifetime.Ticks >> 2), true)
{
this.cachedLogonTokenLifetime = cachedLogonTokenLifetime;
this.random = new RNGCryptoServiceProvider();
}
public bool TryGetTokenCache(string userName, out LogonToken token)
{
token = (LogonToken)GetItem(userName);
return token != null;
}
public bool TryAddTokenCache(string userName, string password, ReadOnlyCollection authorizationPolicies)
{
byte[] salt = new byte[saltSize];
this.random.GetBytes(salt);
LogonToken token = new LogonToken(userName, password, salt, authorizationPolicies);
DateTime expirationTime = DateTime.UtcNow.Add(this.cachedLogonTokenLifetime);
return TryAddItem(userName, token, expirationTime, true);
}
// Remove those about to expire
protected override ArrayList OnQuotaReached(Hashtable cacheTable)
{
List items = new List(cacheTable.Count);
foreach (IExpirableItem value in cacheTable.Values)
{
items.Add(value);
}
// Those expired soon in front
items.Sort(ExpirableItemComparer.Default);
int pruningAmount = (items.Count * (100 - lowWaterMarkFactor)) / 100;
// edge case
pruningAmount = pruningAmount <= 0 ? items.Count : pruningAmount;
ArrayList keys = new ArrayList(pruningAmount);
for (int i = 0; i < pruningAmount; ++i)
{
LogonToken token = (LogonToken)ExtractItem(items[i]);
keys.Add(token.UserName);
OnRemove(token);
}
return keys;
}
public bool TryRemoveTokenCache(string userName)
{
return this.TryRemoveItem(userName);
}
public void Flush()
{
this.ClearItems();
}
protected override void OnRemove(object item)
{
((LogonToken)item).Dispose();
base.OnRemove(item);
}
}
class LogonToken : IDisposable
{
string userName;
byte[] passwordHash;
byte[] salt;
ReadOnlyCollection authorizationPolicies;
public LogonToken(string userName, string password, byte[] salt, ReadOnlyCollection authorizationPolicies)
{
this.userName = userName;
this.passwordHash = ComputeHash(password, salt);
this.salt = salt;
this.authorizationPolicies = System.IdentityModel.SecurityUtils.CloneAuthorizationPoliciesIfNecessary(authorizationPolicies);
}
public bool PasswordEquals(string password)
{
byte[] passwordHash = ComputeHash(password, this.salt);
return CryptoHelper.IsEqual(this.passwordHash, passwordHash);
}
public string UserName
{
get { return this.userName; }
}
public ReadOnlyCollection GetAuthorizationPolicies()
{
return System.IdentityModel.SecurityUtils.CloneAuthorizationPoliciesIfNecessary(this.authorizationPolicies);
}
public void Dispose()
{
System.IdentityModel.SecurityUtils.DisposeAuthorizationPoliciesIfNecessary(this.authorizationPolicies);
}
static byte[] ComputeHash(string password, byte[] salt)
{
if (String.IsNullOrEmpty(password))
{
return salt;
}
byte[] bytes = Encoding.Unicode.GetBytes(password);
int saltSize = salt.Length;
for (int i = 0; i < bytes.Length; ++i)
{
bytes[i] ^= salt[i % saltSize];
}
using (SHA1 sha1 = CryptoHelper.NewSha1HashAlgorithm())
{
return sha1.ComputeHash(bytes);
}
}
}
class WindowsUserNameCachingSecurityTokenAuthenticator : WindowsUserNameSecurityTokenAuthenticator, ILogonTokenCacheManager, IDisposable
{
LogonTokenCache logonTokenCache;
public WindowsUserNameCachingSecurityTokenAuthenticator(bool includeWindowsGroups, int maxCachedLogonTokens, TimeSpan cachedLogonTokenLifetime)
: base(includeWindowsGroups)
{
this.logonTokenCache = new LogonTokenCache(maxCachedLogonTokens, cachedLogonTokenLifetime);
}
public void Dispose()
{
FlushLogonTokenCache();
}
protected override ReadOnlyCollection ValidateUserNamePasswordCore(string userName, string password)
{
LogonToken token;
if (this.logonTokenCache.TryGetTokenCache(userName, out token))
{
if (token.PasswordEquals(password))
{
return token.GetAuthorizationPolicies();
}
else
{
// this prevents logon with old password.
this.logonTokenCache.TryRemoveTokenCache(userName);
}
}
ReadOnlyCollection authorizationPolicies = base.ValidateUserNamePasswordCore(userName, password);
this.logonTokenCache.TryAddTokenCache(userName, password, authorizationPolicies);
return authorizationPolicies;
}
public bool RemoveCachedLogonToken(string username)
{
if (this.logonTokenCache == null)
return false;
return this.logonTokenCache.TryRemoveTokenCache(username);
}
public void FlushLogonTokenCache()
{
if (this.logonTokenCache != null)
this.logonTokenCache.Flush();
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- PublishLicense.cs
- ClientRoleProvider.cs
- WebPartEventArgs.cs
- ObjectResult.cs
- PlanCompilerUtil.cs
- SiteMapDataSourceView.cs
- IndicShape.cs
- HttpModuleCollection.cs
- TypefaceMap.cs
- MethodImplAttribute.cs
- RedirectionProxy.cs
- HttpRuntime.cs
- BitmapEffectOutputConnector.cs
- HealthMonitoringSection.cs
- BypassElement.cs
- PartialArray.cs
- LayoutInformation.cs
- RoutedEventArgs.cs
- DataPagerCommandEventArgs.cs
- TextEditorLists.cs
- Condition.cs
- Propagator.JoinPropagator.JoinPredicateVisitor.cs
- SmtpNetworkElement.cs
- ReceiveSecurityHeaderElementManager.cs
- _RequestCacheProtocol.cs
- RangeBaseAutomationPeer.cs
- DbBuffer.cs
- RegistryKey.cs
- Context.cs
- LocalServiceSecuritySettings.cs
- SqlBooleanizer.cs
- XmlLanguage.cs
- ProviderBase.cs
- FilterElement.cs
- SecurityAlgorithmSuiteConverter.cs
- TabPage.cs
- SelectionRange.cs
- Options.cs
- WSSecureConversationDec2005.cs
- LightweightCodeGenerator.cs
- TdsParserSessionPool.cs
- PrintingPermissionAttribute.cs
- MILUtilities.cs
- Pointer.cs
- RoutedEventConverter.cs
- RSACryptoServiceProvider.cs
- CodeSubDirectory.cs
- SqlDataRecord.cs
- DataRowComparer.cs
- VoiceInfo.cs
- Stackframe.cs
- AudioLevelUpdatedEventArgs.cs
- SmtpSpecifiedPickupDirectoryElement.cs
- DBConnectionString.cs
- SqlTrackingWorkflowInstance.cs
- InheritanceRules.cs
- GeometryCombineModeValidation.cs
- HtmlElement.cs
- MissingFieldException.cs
- EntityConnectionStringBuilder.cs
- AppSecurityManager.cs
- EventSourceCreationData.cs
- SettingsSection.cs
- DelegateBodyWriter.cs
- _CacheStreams.cs
- CoreSwitches.cs
- XmlAnyAttributeAttribute.cs
- TraversalRequest.cs
- _BasicClient.cs
- Decoder.cs
- ImageCodecInfoPrivate.cs
- WebPartHelpVerb.cs
- TransformationRules.cs
- RuleConditionDialog.cs
- TextTreeObjectNode.cs
- EventMappingSettings.cs
- ObjectSet.cs
- EndpointAddress.cs
- ModuleConfigurationInfo.cs
- URL.cs
- XmlSchemaAnnotated.cs
- PackageFilter.cs
- SplitterDesigner.cs
- RegisteredExpandoAttribute.cs
- ConfigurationLocationCollection.cs
- ReliableSessionBindingElementImporter.cs
- PersistenceException.cs
- LockCookie.cs
- _NetRes.cs
- TailCallAnalyzer.cs
- DataGridViewBand.cs
- PropertyDescriptor.cs
- FrameAutomationPeer.cs
- SafePointer.cs
- HighlightComponent.cs
- ColumnReorderedEventArgs.cs
- ShutDownListener.cs
- FontDifferentiator.cs
- DbConnectionHelper.cs
- Memoizer.cs