/// <summary> /// Serializes the SecurityToken to the XmlWriter. /// </summary> /// <param name="writer">XmlWriter to write to.</param> /// <param name="token">The SecurityToken to serializer.</param> /// <exception cref="ArgumentNullException">The input parameter 'writer' or 'token' is null.</exception> protected override void WriteTokenCore(XmlWriter writer, SecurityToken token) { if (writer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); } if (token == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token"); } try { // // Wire the session handler for SCT // SecurityContextSecurityToken sct = token as SecurityContextSecurityToken; if (sct != null) { // // Bare SCT tokens are wrapped with a SessionSecurityToken. // The property SessionSecurityToken.IsSecurityContextSecurityTokenWrapper will be true. // token = SecurityContextSecurityTokenHelper.ConvertSctToSessionToken(sct, _scVersion); } SecurityTokenHandler securityTokenHandler = _securityTokenHandlers[token]; if ((securityTokenHandler != null) && (securityTokenHandler.CanWriteToken)) { securityTokenHandler.WriteToken(writer, token); return; } base.WriteTokenCore(writer, token); } catch (Exception ex) { if (!(MapExceptionsToSoapFaults && _exceptionMapper.HandleSecurityTokenProcessingException(ex))) { throw; } Fx.Assert(false, "ExceptionMapper did not handle an exception correctly."); // This should never happen. ExceptionMapper will handle the exception, in which case, // a fault exception is thrown or the original exception gets thrown. } }
public void AddContext(SecurityContextSecurityToken token) { // // WCF will cache the token first before calling the WrappedSessionSecurityTokenHandler.OnTokenIssued. // We need to map the claims here so we will be caching the correct token with Geneva Claims substitued // in place of the WCF claims. // _claimsHandler.SetPrincipalBootstrapTokensAndBindIdfxAuthPolicy(token); SessionSecurityTokenCacheKey key = new SessionSecurityTokenCacheKey(_claimsHandler.EndpointId, token.ContextId, token.KeyGeneration); SessionSecurityToken sessionToken = SecurityContextSecurityTokenHelper.ConvertSctToSessionToken(token, SecureConversationVersion.Default); DateTime expiryTime = DateTimeUtil.Add(sessionToken.ValidTo, _claimsHandler.SecurityTokenHandlerCollection.Configuration.MaxClockSkew); _tokenCache.AddOrUpdate(key, sessionToken, expiryTime); }
public SecurityContextSecurityToken GetContext(System.Xml.UniqueId contextId, System.Xml.UniqueId generation) { SessionSecurityToken token = null; SessionSecurityTokenCacheKey key = new SessionSecurityTokenCacheKey(_claimsHandler.EndpointId, contextId, generation); token = _tokenCache.Get(key); SecurityContextSecurityToken sctToken = null; if (token != null && token.IsSecurityContextSecurityTokenWrapper) { sctToken = SecurityContextSecurityTokenHelper.ConvertSessionTokenToSecurityContextSecurityToken(token); } return(sctToken); }
/// <summary> /// Deserializes the SecurityToken from the given XmlReader. /// </summary> /// <param name="reader">Reader to a Security token.</param> /// <param name="tokenResolver">Instance of SecurityTokenResolver.</param> /// <returns>'True' if the serializer can read the given Security Token.</returns> /// <exception cref="ArgumentNullException">The input parameter 'reader' is null.</exception> protected override SecurityToken ReadTokenCore(XmlReader reader, SecurityTokenResolver tokenResolver) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); } try { foreach (SecurityTokenHandler securityTokenHandler in _securityTokenHandlers) { if (securityTokenHandler.CanReadToken(reader)) { SecurityToken token = securityTokenHandler.ReadToken(reader, tokenResolver); SessionSecurityToken sessionToken = token as SessionSecurityToken; if (sessionToken != null) { if (sessionToken.SecureConversationVersion.AbsoluteUri != _scVersion.Namespace.Value) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID4053, sessionToken.SecureConversationVersion, _scVersion)); } return(SecurityContextSecurityTokenHelper.ConvertSessionTokenToSecurityContextSecurityToken(sessionToken)); } else { return(token); } } } return(base.ReadTokenCore(reader, tokenResolver)); } catch (Exception ex) { if (!(MapExceptionsToSoapFaults && _exceptionMapper.HandleSecurityTokenProcessingException(ex))) { throw; } Fx.Assert(false, "ExceptionMapper did not handle an exception correctly."); // This should never happen. ExceptionMapper will handle the exception, in which case, // a fault exception is thrown or the original exception gets thrown. } return(null); }
public void UpdateContextCachingTime(SecurityContextSecurityToken token, DateTime expirationTime) { if (token.ValidTo <= expirationTime.ToUniversalTime()) { return; } SessionSecurityTokenCacheKey key = new SessionSecurityTokenCacheKey(_claimsHandler.EndpointId, token.ContextId, token.KeyGeneration); SessionSecurityToken sessionToken = SecurityContextSecurityTokenHelper.ConvertSctToSessionToken(token, SecureConversationVersion.Default); DateTime expiryTime = DateTimeUtil.Add(sessionToken.ValidTo, _claimsHandler.SecurityTokenHandlerCollection.Configuration.MaxClockSkew); if (_tokenCache.Get(key) == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID4285, sessionToken.ContextId.ToString())); } _tokenCache.AddOrUpdate(key, sessionToken, expiryTime); }
/// <summary> /// Called to retrieve all tokens that match a particular contextId. WCF will call this /// </summary> /// <param name="contextId"></param> /// <returns></returns> public Collection <SecurityContextSecurityToken> GetAllContexts(System.Xml.UniqueId contextId) { Collection <SecurityContextSecurityToken> tokens = new Collection <SecurityContextSecurityToken>(); IEnumerable <SessionSecurityToken> cachedTokens = _tokenCache.GetAll(_claimsHandler.EndpointId, contextId); if (cachedTokens != null) { foreach (SessionSecurityToken sessionSct in cachedTokens) { if (sessionSct != null && sessionSct.IsSecurityContextSecurityTokenWrapper) { SecurityContextSecurityToken sctToken = SecurityContextSecurityTokenHelper.ConvertSessionTokenToSecurityContextSecurityToken(sessionSct); tokens.Add(sctToken); } } } return(tokens); }
/// <summary> /// Validates the token using the wrapped token handler and generates IAuthorizationPolicy /// wrapping the returned ClaimsIdentities. /// </summary> /// <param name="token">Token to be validated. This is always a SecurityContextSecurityToken.</param> /// <returns>Read-only collection of IAuthorizationPolicy</returns> protected override ReadOnlyCollection <IAuthorizationPolicy> ValidateTokenCore(SecurityToken token) { SecurityContextSecurityToken sct = token as SecurityContextSecurityToken; SessionSecurityToken sessionToken = SecurityContextSecurityTokenHelper.ConvertSctToSessionToken(sct); IEnumerable <ClaimsIdentity> identities = null; try { identities = _sessionTokenHandler.ValidateToken(sessionToken, _sctClaimsHandler.EndpointId); } catch (Exception ex) { if (!_exceptionMapper.HandleSecurityTokenProcessingException(ex)) { throw; } } return(new List <IAuthorizationPolicy>(new AuthorizationPolicy[] { new AuthorizationPolicy(identities) }).AsReadOnly()); }