public override bool TryImportWsspSpnegoContextTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters)
{
SecurityTokenInclusionMode mode;
parameters = null;
if (this.IsWsspAssertion(assertion, "SpnegoContextToken") && this.TryGetIncludeTokenValue(assertion, out mode))
{
Collection <Collection <XmlElement> > collection;
if (this.TryGetNestedPolicyAlternatives(importer, assertion, out collection))
{
foreach (Collection <XmlElement> collection2 in collection)
{
bool flag;
bool flag2;
SspiSecurityTokenParameters parameters2 = new SspiSecurityTokenParameters();
parameters = parameters2;
if (((this.TryImportWsspRequireDerivedKeysAssertion(collection2, parameters2) && this.TryImportWsspMustNotSendCancelAssertion(collection2, out flag)) && (this.TryImportWsspMustNotSendAmendAssertion(collection2) && this.TryImportWsspMustNotSendRenewAssertion(collection2, out flag2))) && (collection2.Count == 0))
{
parameters2.RequireCancellation = true;
parameters2.InclusionMode = mode;
break;
}
parameters = null;
}
}
else
{
parameters = new SspiSecurityTokenParameters();
parameters.RequireDerivedKeys = false;
parameters.InclusionMode = mode;
}
}
return(parameters != null);
}
void CheckForCookie(SecurityTokenParameters tokenParameters, ServiceEndpoint endpoint)
{
bool cookie = false;
SecureConversationSecurityTokenParameters sc = tokenParameters as SecureConversationSecurityTokenParameters;
if (sc != null && sc.RequireCancellation == false)
{
cookie = true;
}
SspiSecurityTokenParameters sspi = tokenParameters as SspiSecurityTokenParameters;
if (sspi != null && sspi.RequireCancellation == false)
{
cookie = true;
}
SspiSecurityTokenParameters ssl = tokenParameters as SspiSecurityTokenParameters;
if (ssl != null && ssl.RequireCancellation == false)
{
cookie = true;
}
if (cookie)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.RequireNonCookieMode, endpoint.Binding.Name, endpoint.Binding.Namespace)));
}
}
private void CheckForCookie(SecurityTokenParameters tokenParameters, ServiceEndpoint endpoint)
{
bool flag = false;
SecureConversationSecurityTokenParameters parameters = tokenParameters as SecureConversationSecurityTokenParameters;
if ((parameters != null) && !parameters.RequireCancellation)
{
flag = true;
}
SspiSecurityTokenParameters parameters2 = tokenParameters as SspiSecurityTokenParameters;
if ((parameters2 != null) && !parameters2.RequireCancellation)
{
flag = true;
}
SspiSecurityTokenParameters parameters3 = tokenParameters as SspiSecurityTokenParameters;
if ((parameters3 != null) && !parameters3.RequireCancellation)
{
flag = true;
}
if (flag)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("RequireNonCookieMode", new object[] { endpoint.Binding.Name, endpoint.Binding.Namespace })));
}
}
public override bool TryImportWsspSpnegoContextTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters)
{
parameters = null;
SecurityTokenInclusionMode inclusionMode;
Collection <Collection <XmlElement> > alternatives;
if (IsWsspAssertion(assertion, SpnegoContextTokenName) &&
TryGetIncludeTokenValue(assertion, out inclusionMode))
{
if (TryGetNestedPolicyAlternatives(importer, assertion, out alternatives))
{
foreach (Collection <XmlElement> alternative in alternatives)
{
SspiSecurityTokenParameters sspi = new SspiSecurityTokenParameters();
parameters = sspi;
bool requireCancellation;
bool canRenewSession;
if (TryImportWsspRequireDerivedKeysAssertion(alternative, sspi) &&
TryImportWsspMustNotSendCancelAssertion(alternative, out requireCancellation) &&
TryImportWsspMustNotSendAmendAssertion(alternative)
// We do not support Renew for spnego and sslnego. Read the
// assertion if present and ignore it.
&& TryImportWsspMustNotSendRenewAssertion(alternative, out canRenewSession) &&
alternative.Count == 0)
{
// Client always set this to true to match the standardbinding.
// This setting on client has no effect for spnego and sslnego.
sspi.RequireCancellation = true;
sspi.InclusionMode = inclusionMode;
break;
}
else
{
parameters = null;
}
}
}
else
{
parameters = new SspiSecurityTokenParameters();
parameters.RequireDerivedKeys = false;
parameters.InclusionMode = inclusionMode;
}
}
return(parameters != null);
}
// If any changes are made to this method, please make sure that they are
// reflected in the corresponding IsSspiNegotiationOverTransportBinding() method.
public static TransportSecurityBindingElement CreateSspiNegotiationOverTransportBindingElement(bool requireCancellation)
{
TransportSecurityBindingElement result = new TransportSecurityBindingElement();
SspiSecurityTokenParameters sspiParameters = new SspiSecurityTokenParameters(requireCancellation)
{
RequireDerivedKeys = false
};
result.EndpointSupportingTokenParameters.Endorsing.Add(
sspiParameters);
result.IncludeTimestamp = true;
// result.LocalClientSettings.DetectReplays = false;
result.LocalServiceSettings.DetectReplays = false;
result.SupportsExtendedProtectionPolicy = true;
return(result);
}
public void MessageSecuritySPNego()
{
WSHttpBinding binding = new WSHttpBinding();
SymmetricSecurityBindingElement sbe =
binding.CreateBindingElements().Find <SymmetricSecurityBindingElement> ();
Assert.IsNotNull(sbe, "#1");
Assert.AreEqual(false, sbe.RequireSignatureConfirmation, "#1-2");
SecureConversationSecurityTokenParameters sp =
sbe.ProtectionTokenParameters
as SecureConversationSecurityTokenParameters;
Assert.IsNotNull(sp, "#2");
SymmetricSecurityBindingElement spbe =
sp.BootstrapSecurityBindingElement
as SymmetricSecurityBindingElement;
Assert.IsNotNull(spbe, "#3");
SspiSecurityTokenParameters p =
spbe.ProtectionTokenParameters
as SspiSecurityTokenParameters;
Assert.IsNotNull(p, "#4");
Assert.AreEqual(SecurityTokenReferenceStyle.Internal,
p.ReferenceStyle, "#5");
Assert.AreEqual(SecurityTokenInclusionMode.AlwaysToRecipient,
p.InclusionMode, "#6");
Assert.AreEqual(0, sbe.EndpointSupportingTokenParameters.Signed.Count, "#7");
Assert.AreEqual(0, sbe.EndpointSupportingTokenParameters.SignedEncrypted.Count, "#8");
Assert.AreEqual(0, sbe.EndpointSupportingTokenParameters.Endorsing.Count, "#9");
Assert.AreEqual(0, sbe.EndpointSupportingTokenParameters.SignedEndorsing.Count, "#10");
Assert.AreEqual(0, spbe.EndpointSupportingTokenParameters.Signed.Count, "#11");
Assert.AreEqual(0, spbe.EndpointSupportingTokenParameters.SignedEncrypted.Count, "#12");
Assert.AreEqual(0, spbe.EndpointSupportingTokenParameters.Endorsing.Count, "#13");
Assert.AreEqual(0, spbe.EndpointSupportingTokenParameters.SignedEndorsing.Count, "#14");
Assert.AreEqual(0, sbe.OptionalEndpointSupportingTokenParameters.Signed.Count, "#17");
Assert.AreEqual(0, sbe.OptionalEndpointSupportingTokenParameters.SignedEncrypted.Count, "#18");
Assert.AreEqual(0, sbe.OptionalEndpointSupportingTokenParameters.Endorsing.Count, "#19");
Assert.AreEqual(0, sbe.OptionalEndpointSupportingTokenParameters.SignedEndorsing.Count, "#110");
Assert.AreEqual(0, spbe.OptionalEndpointSupportingTokenParameters.Signed.Count, "#21");
Assert.AreEqual(0, spbe.OptionalEndpointSupportingTokenParameters.SignedEncrypted.Count, "#22");
Assert.AreEqual(0, spbe.OptionalEndpointSupportingTokenParameters.Endorsing.Count, "#23");
Assert.AreEqual(0, spbe.OptionalEndpointSupportingTokenParameters.SignedEndorsing.Count, "#24");
}
public override XmlElement CreateWsspSpnegoContextTokenAssertion(MetadataExporter exporter, SspiSecurityTokenParameters parameters)
{
XmlElement tokenAssertion = this.CreateWsspAssertion("SpnegoContextToken");
this.SetIncludeTokenValue(tokenAssertion, parameters.InclusionMode);
tokenAssertion.AppendChild(this.CreateWspPolicyWrapper(exporter, new XmlElement[] { this.CreateWsspRequireDerivedKeysAssertion(parameters.RequireDerivedKeys), this.CreateWsspMustNotSendCancelAssertion(false), this.CreateWsspMustNotSendAmendAssertion(), this.CreateWsspMustNotSendRenewAssertion() }));
return(tokenAssertion);
}
public override XmlElement CreateWsspSpnegoContextTokenAssertion(MetadataExporter exporter, SspiSecurityTokenParameters parameters)
{
XmlElement result = CreateWsspAssertion(SpnegoContextTokenName);
SetIncludeTokenValue(result, parameters.InclusionMode);
result.AppendChild(
CreateWspPolicyWrapper(
exporter,
CreateWsspRequireDerivedKeysAssertion(parameters.RequireDerivedKeys),
// Always emit <sp:MustNotSendCancel/> for spnego and sslnego
CreateWsspMustNotSendCancelAssertion(false),
CreateWsspMustNotSendAmendAssertion(),
CreateWsspMustNotSendRenewAssertion()
));
return(result);
}
