Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / TransactionBridge / Microsoft / Transactions / Wsat / Messaging / Security.cs / 1 / Security.cs
//------------------------------------------------------------------------------ // Copyright (c) Microsoft Corporation. All rights reserved. //----------------------------------------------------------------------------- // Define some helper functions used for security using System; using System.ServiceModel; using System.Collections.Generic; using System.Collections.ObjectModel; using System.Diagnostics; using System.DirectoryServices.ActiveDirectory; using System.Globalization; using System.Net; using System.Net.Security; using System.IdentityModel.Claims; using System.IdentityModel.Policy; using System.IdentityModel.Tokens; using System.IdentityModel.Selectors; using System.Security.Cryptography; using System.Security.Cryptography.X509Certificates; using System.Security.Permissions; using System.Security.Principal; using System.Runtime.Serialization; using System.ServiceModel.Channels; using System.ServiceModel.Security; using System.ServiceModel.Security.Tokens; using System.ServiceModel.Transactions; using System.Text; using System.Transactions; using System.Xml; using DiagnosticUtility = Microsoft.Transactions.Bridge.DiagnosticUtility; using Microsoft.Transactions.Wsat.Protocol; namespace Microsoft.Transactions.Wsat.Messaging { class CoordinationServiceSecurity { IdentityVerifier identityVerifier = IdentityVerifier.CreateDefault(); static SecurityContextSecurityTokenParameters securityContextSecurityTokenParameters; public static SecurityContextSecurityTokenParameters SecurityContextSecurityTokenParameters { get { if (securityContextSecurityTokenParameters == null) securityContextSecurityTokenParameters = new SecurityContextSecurityTokenParameters(); return securityContextSecurityTokenParameters; } } static DataContractSerializer identifierElementSerializer10; static DataContractSerializer identifierElementSerializer11; static DataContractSerializer IdentifierElementSerializer(ProtocolVersion protocolVersion) { ProtocolVersionHelper.AssertProtocolVersion(protocolVersion, typeof(CoordinationServiceSecurity), "IdentifierElementSerializer"); //assert valid protocol version switch (protocolVersion) { case ProtocolVersion.Version10 : if (identifierElementSerializer10 == null) identifierElementSerializer10 = new DataContractSerializer(typeof(IdentifierElement10)); return identifierElementSerializer10; case ProtocolVersion.Version11 : if (identifierElementSerializer11 == null) identifierElementSerializer11 = new DataContractSerializer(typeof(IdentifierElement11)); return identifierElementSerializer11; default: return null; // inaccessible path because we have asserted the protocol version } } // // Issued tokens / supporting tokens // static byte[] Label = Encoding.UTF8.GetBytes("WS-AT Supporting Token"); static SecurityStandardsManager SecurityStandardsManager2007 = CreateStandardsManager(MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12); static SecurityStandardsManager CreateStandardsManager(MessageSecurityVersion securityVersion) { return new SecurityStandardsManager( securityVersion, new WSSecurityTokenSerializer(securityVersion.SecurityVersion, securityVersion.TrustVersion, securityVersion.SecureConversationVersion, false, null, null, null)); } static SecurityStandardsManager CreateStandardsManager(ProtocolVersion protocolVersion) { ProtocolVersionHelper.AssertProtocolVersion(protocolVersion, typeof(CoordinationServiceSecurity), "CreateStandardsManager"); switch (protocolVersion) { case ProtocolVersion.Version10: return SecurityStandardsManager.DefaultInstance; case ProtocolVersion.Version11: return CoordinationServiceSecurity.SecurityStandardsManager2007; default: return null; // inaccessible path because we have asserted the protocol version } } //======================================================================================= public static byte[] DeriveIssuedTokenKey(Guid transactionId, string sctId) { return Psha1DerivedKeyGeneratorHelper.GenerateDerivedKey(transactionId.ToByteArray(), Label, Encoding.UTF8.GetBytes(sctId), SecurityAlgorithmSuite.Default.DefaultSymmetricKeyLength, 0); } //======================================================================================= public static void CreateIssuedToken(Guid transactionId, string coordinationContextId, ProtocolVersion protocolVersion, out RequestSecurityTokenResponse issuedToken, out string sctId) { sctId = CoordinationContext.CreateNativeIdentifier(Guid.NewGuid()); byte[] derivedKey = DeriveIssuedTokenKey(transactionId, sctId); DateTime now = DateTime.UtcNow; SecurityContextSecurityToken sct = new SecurityContextSecurityToken(new UniqueId(sctId), derivedKey, now, now + TimeSpan.FromDays(100 * 365)); BinarySecretSecurityToken proof = new BinarySecretSecurityToken(derivedKey); SecurityStandardsManager standardsManager = CreateStandardsManager(protocolVersion); RequestSecurityTokenResponse rstr = new RequestSecurityTokenResponse(standardsManager); rstr.TokenType = standardsManager.SecureConversationDriver.TokenTypeUri; rstr.RequestedUnattachedReference = SecurityContextSecurityTokenParameters.CreateKeyIdentifierClause(sct, SecurityTokenReferenceStyle.External); rstr.RequestedAttachedReference = SecurityContextSecurityTokenParameters.CreateKeyIdentifierClause(sct, SecurityTokenReferenceStyle.Internal); rstr.RequestedSecurityToken = sct; rstr.RequestedProofToken = proof; DataContractSerializer identifierElementSerializer = IdentifierElementSerializer(protocolVersion); ProtocolVersionHelper.AssertProtocolVersion(protocolVersion, typeof(CoordinationServiceSecurity), "CreateIssuedToken"); //assert valid protocol version switch(protocolVersion) { case ProtocolVersion.Version10 : rstr.SetAppliesTo(new IdentifierElement10(coordinationContextId), identifierElementSerializer); break; case ProtocolVersion.Version11 : rstr.SetAppliesTo (new IdentifierElement11(coordinationContextId), identifierElementSerializer); break; default : break; // inaccessible path because we have asserted the protocol version } rstr.MakeReadOnly(); if (DebugTrace.Verbose) { DebugTrace.Trace(TraceLevel.Verbose, "Created issued token with id {0} for transaction {1}", sctId, transactionId); } issuedToken = rstr; } //======================================================================================== public static void AddIssuedToken(Message message, RequestSecurityTokenResponse rstr) { TransactionFlowProperty transactionFlowProp = TransactionFlowProperty.Ensure(message); transactionFlowProp.IssuedTokens.Add(rstr); if (DebugTrace.Verbose) { DebugTrace.Trace(TraceLevel.Verbose, "Added issued token to message"); } } //======================================================================================= // This function can throw XmlException public static RequestSecurityTokenResponse GetIssuedToken(Message message, string identifier, ProtocolVersion protocolVersion) { ICollection rstrCollection = TransactionFlowProperty.TryGetIssuedTokens(message); if (rstrCollection == null) { if (DebugTrace.Verbose) DebugTrace.Trace(TraceLevel.Verbose, "No issued tokens found in message"); return null; } string coordIdentifier = CoordinationStrings.Version(protocolVersion).Identifier; string coordNamespace = CoordinationStrings.Version(protocolVersion).Namespace; foreach (RequestSecurityTokenResponse rstr in rstrCollection) { string name, ns; rstr.GetAppliesToQName(out name, out ns); if (name == coordIdentifier && ns == coordNamespace) { if (DebugTrace.Verbose) DebugTrace.Trace(TraceLevel.Verbose, "Found issued token in message"); try { IdentifierElement id = null; DataContractSerializer identifierElementSerializer = IdentifierElementSerializer(protocolVersion); ProtocolVersionHelper.AssertProtocolVersion(protocolVersion, typeof(CoordinationServiceSecurity), "GetIssuedToken"); //assert valid protocol version switch (protocolVersion) { case ProtocolVersion.Version10 : id = rstr.GetAppliesTo (identifierElementSerializer); break; case ProtocolVersion.Version11 : id = rstr.GetAppliesTo (identifierElementSerializer); break; // no default - we have asserted the protocol version } // Make sure the identifier matches the expected value if (id.Identifier != identifier) { if (DebugTrace.Error) DebugTrace.Trace(TraceLevel.Error, "Issued token identifier does not match expected {0}", identifier); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new XmlException(SR.GetString(SR.IssuedTokenIdentifierMismatch))); } } catch (SerializationException e) { if (DebugTrace.Error) DebugTrace.Trace(TraceLevel.Error, "Issued token AppliesTo element could not be deserialized: {0}", e.Message); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new XmlException(e.Message, e)); } return rstr; } } if (DebugTrace.Verbose) DebugTrace.Trace(TraceLevel.Verbose, "No matching issued token found in message"); return null; } //======================================================================================== public static void AddSupportingToken(Message message, RequestSecurityTokenResponse rstr) { // Currently, we only support a binary secret as the proof of RSTR GenericXmlSecurityToken supportingToken = rstr.GetIssuedToken(null, null, SecurityKeyEntropyMode.ServerEntropy, null, null, null); SecurityMessageProperty property = new SecurityMessageProperty(); SupportingTokenSpecification spec = new SupportingTokenSpecification(supportingToken, new List ().AsReadOnly(), SecurityTokenAttachmentMode.Endorsing, SecurityContextSecurityTokenParameters); property.OutgoingSupportingTokens.Add(spec); message.Properties.Security = property; if (DebugTrace.Verbose) { DebugTrace.Trace (TraceLevel.Verbose, "Attached supporting token {0} to register message", rstr.Context); } } // // Per-enlistment security // //======================================================================================== public static string GetSenderName (Message message) { return GetSenderName(message.Properties); } //======================================================================================= public static string GetSenderName (MessageProperties messageProperties) { SecurityMessageProperty securityMessageProperty = messageProperties.Security; if (securityMessageProperty == null) { return "anonymous"; } ServiceSecurityContext securityContext = securityMessageProperty.ServiceSecurityContext; if (securityContext == null || securityContext.IsAnonymous) { return "anonymous"; } IIdentity identity = securityContext.PrimaryIdentity; if (identity != null) { return identity.Name; } return securityContext.PrimaryIdentity.ToString(); } //======================================================================================== public bool CheckIdentity(Proxy proxy, Message message) { EndpointAddress service = proxy.To; bool access = this.identityVerifier.CheckAccess(service, message); TraceCheckIdentityResult(access, service, message); return access; } //======================================================================================= void TraceCheckIdentityResult(bool access, EndpointAddress service, Message message) { if (DebugTrace.Verbose) { if (DebugTrace.Pii) { string sender = GetSenderName(message); if (access) { DebugTrace.Trace(TraceLevel.Verbose, "Access granted by identity verifier to {0}", sender); } else { DebugTrace.Trace(TraceLevel.Verbose, "Access denied by identity verifier to {0}, expected {1}", sender, service.Identity == null ? service.Uri.AbsoluteUri : service.Identity.ToString()); } } else { if (access) { DebugTrace.Trace(TraceLevel.Verbose, "Access granted by identity verifier"); } else { DebugTrace.Trace(TraceLevel.Verbose, "Access denied by identity verifier"); } } } } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- UpdateRecord.cs
- LinearKeyFrames.cs
- DurationConverter.cs
- OleDbCommandBuilder.cs
- ContentFilePart.cs
- StreamReader.cs
- DataGridViewCellConverter.cs
- IndependentAnimationStorage.cs
- TextTreeNode.cs
- PageHandlerFactory.cs
- DbConnectionPoolGroupProviderInfo.cs
- KnownTypesProvider.cs
- codemethodreferenceexpression.cs
- DragEvent.cs
- FilterEventArgs.cs
- AttachedAnnotationChangedEventArgs.cs
- TextTrailingWordEllipsis.cs
- SoapServerMethod.cs
- FeatureManager.cs
- ObjectResult.cs
- StandardOleMarshalObject.cs
- XmlSchemaRedefine.cs
- InfocardInteractiveChannelInitializer.cs
- SharedConnectionWorkflowTransactionService.cs
- Margins.cs
- TextRangeBase.cs
- Exceptions.cs
- DataGridViewCellStyleContentChangedEventArgs.cs
- Icon.cs
- UiaCoreTypesApi.cs
- WebPartZoneBase.cs
- FormViewUpdatedEventArgs.cs
- Composition.cs
- TransactedReceiveData.cs
- HiddenFieldPageStatePersister.cs
- documentsequencetextview.cs
- MemberAccessException.cs
- ControlTemplate.cs
- AuthorizationSection.cs
- PeekCompletedEventArgs.cs
- GenericEnumConverter.cs
- UserPersonalizationStateInfo.cs
- XmlSchemaImport.cs
- UdpDiscoveryMessageFilter.cs
- DataRow.cs
- AdapterUtil.cs
- BamlResourceSerializer.cs
- ButtonField.cs
- ExceptionRoutedEventArgs.cs
- SHA384.cs
- DataControlImageButton.cs
- ValueProviderWrapper.cs
- StrongNameMembershipCondition.cs
- JsonSerializer.cs
- JsonSerializer.cs
- InteropEnvironment.cs
- UIElement3DAutomationPeer.cs
- Boolean.cs
- ComPlusTypeValidator.cs
- TreeViewImageIndexConverter.cs
- DataGridViewTextBoxCell.cs
- CalendarDay.cs
- DoubleStorage.cs
- HtmlLink.cs
- WebControlAdapter.cs
- PrivilegedConfigurationManager.cs
- SiteMapDataSourceDesigner.cs
- WindowShowOrOpenTracker.cs
- LinkLabel.cs
- ColumnMapProcessor.cs
- ValueSerializerAttribute.cs
- IntegerValidatorAttribute.cs
- ErrorTableItemStyle.cs
- CompilerCollection.cs
- AutomationFocusChangedEventArgs.cs
- ComplexBindingPropertiesAttribute.cs
- BuildResultCache.cs
- MULTI_QI.cs
- EntityExpressionVisitor.cs
- DelayedRegex.cs
- AttributeQuery.cs
- Matrix.cs
- HeaderCollection.cs
- Int32CAMarshaler.cs
- ListBindableAttribute.cs
- ReflectionPermission.cs
- DesigntimeLicenseContext.cs
- CodeMethodInvokeExpression.cs
- ExpressionPrefixAttribute.cs
- OledbConnectionStringbuilder.cs
- LoginCancelEventArgs.cs
- FontUnit.cs
- LinearQuaternionKeyFrame.cs
- ZoneButton.cs
- CodeEventReferenceExpression.cs
- EventTrigger.cs
- PanningMessageFilter.cs
- SafeNativeMethods.cs
- IdentityModelStringsVersion1.cs
- ListViewAutomationPeer.cs