public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver)
{
if (tokenRequirement == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenRequirement");
}
outOfBandTokenResolver = null;
SecurityTokenAuthenticator authenticator = null;
InitiatorServiceModelSecurityTokenRequirement requirement = tokenRequirement as InitiatorServiceModelSecurityTokenRequirement;
if (requirement != null)
{
string tokenType = requirement.TokenType;
if (this.IsIssuedSecurityTokenRequirement(requirement))
{
return(new GenericXmlSecurityTokenAuthenticator());
}
if (tokenType == SecurityTokenTypes.X509Certificate)
{
if (requirement.IsOutOfBandToken)
{
authenticator = new X509SecurityTokenAuthenticator(X509CertificateValidator.None);
}
else
{
authenticator = this.CreateServerX509TokenAuthenticator();
}
}
else if (tokenType == SecurityTokenTypes.Rsa)
{
authenticator = new RsaSecurityTokenAuthenticator();
}
else if (tokenType == SecurityTokenTypes.Kerberos)
{
authenticator = new KerberosRequestorSecurityTokenAuthenticator();
}
else if (((tokenType == ServiceModelSecurityTokenTypes.SecureConversation) || (tokenType == ServiceModelSecurityTokenTypes.MutualSslnego)) || ((tokenType == ServiceModelSecurityTokenTypes.AnonymousSslnego) || (tokenType == ServiceModelSecurityTokenTypes.Spnego)))
{
authenticator = new GenericXmlSecurityTokenAuthenticator();
}
}
else if ((tokenRequirement is RecipientServiceModelSecurityTokenRequirement) && (tokenRequirement.TokenType == SecurityTokenTypes.X509Certificate))
{
authenticator = this.CreateServerX509TokenAuthenticator();
}
if (authenticator == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(System.ServiceModel.SR.GetString("SecurityTokenManagerCannotCreateAuthenticatorForRequirement", new object[] { tokenRequirement })));
}
return(authenticator);
}
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver)
{
if (tokenRequirement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenRequirement");
}
outOfBandTokenResolver = null;
SecurityTokenAuthenticator result = null;
InitiatorServiceModelSecurityTokenRequirement initiatorRequirement = tokenRequirement as InitiatorServiceModelSecurityTokenRequirement;
if (initiatorRequirement != null)
{
string tokenType = initiatorRequirement.TokenType;
if (IsIssuedSecurityTokenRequirement(initiatorRequirement))
{
return(new GenericXmlSecurityTokenAuthenticator());
}
else if (tokenType == SecurityTokenTypes.X509Certificate)
{
if (initiatorRequirement.IsOutOfBandToken)
{
// when the client side soap security asks for a token authenticator, its for doing
// identity checks on the out of band server certificate
result = new X509SecurityTokenAuthenticator(X509CertificateValidator.None);
}
else if (initiatorRequirement.PreferSslCertificateAuthenticator)
{
result = CreateServerSslX509TokenAuthenticator();
}
else
{
result = CreateServerX509TokenAuthenticator();
}
}
else if (tokenType == SecurityTokenTypes.Rsa)
{
result = new RsaSecurityTokenAuthenticator();
}
else if (tokenType == SecurityTokenTypes.Kerberos)
{
result = new KerberosRequestorSecurityTokenAuthenticator();
}
else if (tokenType == ServiceModelSecurityTokenTypes.SecureConversation ||
tokenType == ServiceModelSecurityTokenTypes.MutualSslnego ||
tokenType == ServiceModelSecurityTokenTypes.AnonymousSslnego ||
tokenType == ServiceModelSecurityTokenTypes.Spnego)
{
result = new GenericXmlSecurityTokenAuthenticator();
}
}
else if ((tokenRequirement is RecipientServiceModelSecurityTokenRequirement) && tokenRequirement.TokenType == SecurityTokenTypes.X509Certificate)
{
// uncorrelated duplex case
result = CreateServerX509TokenAuthenticator();
}
if (result == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.SecurityTokenManagerCannotCreateAuthenticatorForRequirement, tokenRequirement)));
}
return(result);
}
