void ProcessSecurityAccess(string siteName, string virtualPath, ref HostedServiceTransportSettings transportSettings)
{
ConfigurationSection section = WebConfigurationManagerWrapper.WebConfigGetSection(siteName, virtualPath, MetabaseSettingsIis7Constants.SecurityAccessSectionName);
// Check SSL Flags.
if (section != null)
{
int sslFlags = (int)WebConfigurationManagerWrapper.GetValue(section, MetabaseSettingsIis7Constants.SslFlagsAttributeName);
transportSettings.AccessSslFlags = (HttpAccessSslFlags)sslFlags;
// Clear SslMapCert field, which should not contain any useful data now.
transportSettings.AccessSslFlags &= ~(HttpAccessSslFlags.SslMapCert);
}
// Check whether IIS client certificate mapping is enabled.
section = WebConfigurationManagerWrapper.WebConfigGetSection(siteName, virtualPath, MetabaseSettingsIis7Constants.IisClientCertMapAuthenticationName);
if ((section != null) &&
((bool)WebConfigurationManagerWrapper.GetValue(section, MetabaseSettingsIis7Constants.EnabledAttributeName))
)
{
transportSettings.AccessSslFlags |= HttpAccessSslFlags.SslMapCert;
}
else
{
// Check whether Active Directory client certification mapping is enabled.
section = WebConfigurationManagerWrapper.WebConfigGetSection(siteName, virtualPath, MetabaseSettingsIis7Constants.ClientCertMapAuthenticationName);
if ((section != null) &&
((bool)WebConfigurationManagerWrapper.GetValue(section, MetabaseSettingsIis7Constants.EnabledAttributeName))
)
{
transportSettings.AccessSslFlags |= HttpAccessSslFlags.SslMapCert;
}
}
}
void ProcessDigestAuthentication(string siteName, string virtualPath, ref HostedServiceTransportSettings transportSettings)
{
ConfigurationSection section = WebConfigurationManagerWrapper.WebConfigGetSection(siteName, virtualPath, MetabaseSettingsIis7Constants.DigestAuthenticationSectionName);
if ((section != null) &&
((bool)WebConfigurationManagerWrapper.GetValue(section, MetabaseSettingsIis7Constants.EnabledAttributeName))
)
{
transportSettings.AuthFlags = transportSettings.AuthFlags | AuthFlags.AuthMD5;
}
}
void ProcessDigestAuthentication(Configuration config, ref HostedServiceTransportSettings transportSettings)
{
ConfigurationSection section = ServerManagerWrapper.GetSection(config, MetabaseSettingsIis7Constants.DigestAuthenticationSectionName);
if ((section != null) &&
((bool)ServerManagerWrapper.GetAttributeValue(section, MetabaseSettingsIis7Constants.EnabledAttributeName))
)
{
transportSettings.AuthFlags = transportSettings.AuthFlags | AuthFlags.AuthMD5;
}
}
protected override HostedServiceTransportSettings CreateTransportSettings(string relativeVirtualPath)
{
Debug.Print("MetabaseSettingsIis7.CreateTransportSettings() calling ServerManager.GetWebConfiguration() virtualPath: " + relativeVirtualPath);
string absolutePath = VirtualPathUtility.ToAbsolute(relativeVirtualPath, HostingEnvironment.ApplicationVirtualPath);
HostedServiceTransportSettings transportSettings = new HostedServiceTransportSettings();
string siteName = HostingEnvironment.SiteName;
ProcessAnonymousAuthentication(siteName, absolutePath, ref transportSettings);
ProcessBasicAuthentication(siteName, absolutePath, ref transportSettings);
ProcessWindowsAuthentication(siteName, absolutePath, ref transportSettings);
ProcessDigestAuthentication(siteName, absolutePath, ref transportSettings);
ProcessSecurityAccess(siteName, absolutePath, ref transportSettings);
return(transportSettings);
}
void ProcessWindowsAuthentication(string siteName, string virtualPath, ref HostedServiceTransportSettings transportSettings)
{
ConfigurationSection section = WebConfigurationManagerWrapper.WebConfigGetSection(siteName, virtualPath, MetabaseSettingsIis7Constants.WindowsAuthenticationSectionName);
if ((section != null) &&
((bool)WebConfigurationManagerWrapper.GetValue(section, MetabaseSettingsIis7Constants.EnabledAttributeName))
)
{
transportSettings.AuthFlags = transportSettings.AuthFlags | AuthFlags.AuthNTLM;
List <string> providerList = WebConfigurationManagerWrapper.GetProviderList(section);
if (providerList.Count != 0)
{
transportSettings.AuthProviders = providerList.ToArray();
}
// Check the CBT configuration
try
{
ConfigurationElement element = section.GetChildElement(MetabaseSettingsIis7Constants.ExtendedProtectionElementName);
if (element != null)
{
ExtendedProtectionTokenChecking tokenChecking;
ExtendedProtectionFlags flags;
List <string> spnList;
WebConfigurationManagerWrapper.ReadIisExtendedProtectionPolicy(element, out tokenChecking, out flags, out spnList);
transportSettings.IisExtendedProtectionPolicy = BuildExtendedProtectionPolicy(tokenChecking, flags, spnList);
}
}
catch (COMException e)
{
// hit this exception only when IIS does not support CBT
// safe for us to igore this COMException so that services not using CBT still can be activated
// if a service does use CBT in binding, channel listener will catch it when comparing IIS setting against WCF (on CBT) and throw exception
if (DiagnosticUtility.ShouldTraceWarning)
{
TraceUtility.TraceEvent(TraceEventType.Warning, TraceCode.WebHostNoCBTSupport,
SR.TraceCodeWebHostNoCBTSupport, this, e);
}
}
}
}
