public override bool TryImportWsspSpnegoContextTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters) { SecurityTokenInclusionMode mode; parameters = null; if (this.IsWsspAssertion(assertion, "SpnegoContextToken") && this.TryGetIncludeTokenValue(assertion, out mode)) { Collection <Collection <XmlElement> > collection; if (this.TryGetNestedPolicyAlternatives(importer, assertion, out collection)) { foreach (Collection <XmlElement> collection2 in collection) { bool flag; bool flag2; SspiSecurityTokenParameters parameters2 = new SspiSecurityTokenParameters(); parameters = parameters2; if (((this.TryImportWsspRequireDerivedKeysAssertion(collection2, parameters2) && this.TryImportWsspMustNotSendCancelAssertion(collection2, out flag)) && (this.TryImportWsspMustNotSendAmendAssertion(collection2) && this.TryImportWsspMustNotSendRenewAssertion(collection2, out flag2))) && (collection2.Count == 0)) { parameters2.RequireCancellation = true; parameters2.InclusionMode = mode; break; } parameters = null; } } else { parameters = new SspiSecurityTokenParameters(); parameters.RequireDerivedKeys = false; parameters.InclusionMode = mode; } } return(parameters != null); }
void CheckForCookie(SecurityTokenParameters tokenParameters, ServiceEndpoint endpoint) { bool cookie = false; SecureConversationSecurityTokenParameters sc = tokenParameters as SecureConversationSecurityTokenParameters; if (sc != null && sc.RequireCancellation == false) { cookie = true; } SspiSecurityTokenParameters sspi = tokenParameters as SspiSecurityTokenParameters; if (sspi != null && sspi.RequireCancellation == false) { cookie = true; } SspiSecurityTokenParameters ssl = tokenParameters as SspiSecurityTokenParameters; if (ssl != null && ssl.RequireCancellation == false) { cookie = true; } if (cookie) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.RequireNonCookieMode, endpoint.Binding.Name, endpoint.Binding.Namespace))); } }
private void CheckForCookie(SecurityTokenParameters tokenParameters, ServiceEndpoint endpoint) { bool flag = false; SecureConversationSecurityTokenParameters parameters = tokenParameters as SecureConversationSecurityTokenParameters; if ((parameters != null) && !parameters.RequireCancellation) { flag = true; } SspiSecurityTokenParameters parameters2 = tokenParameters as SspiSecurityTokenParameters; if ((parameters2 != null) && !parameters2.RequireCancellation) { flag = true; } SspiSecurityTokenParameters parameters3 = tokenParameters as SspiSecurityTokenParameters; if ((parameters3 != null) && !parameters3.RequireCancellation) { flag = true; } if (flag) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("RequireNonCookieMode", new object[] { endpoint.Binding.Name, endpoint.Binding.Namespace }))); } }
public override bool TryImportWsspSpnegoContextTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters) { parameters = null; SecurityTokenInclusionMode inclusionMode; Collection <Collection <XmlElement> > alternatives; if (IsWsspAssertion(assertion, SpnegoContextTokenName) && TryGetIncludeTokenValue(assertion, out inclusionMode)) { if (TryGetNestedPolicyAlternatives(importer, assertion, out alternatives)) { foreach (Collection <XmlElement> alternative in alternatives) { SspiSecurityTokenParameters sspi = new SspiSecurityTokenParameters(); parameters = sspi; bool requireCancellation; bool canRenewSession; if (TryImportWsspRequireDerivedKeysAssertion(alternative, sspi) && TryImportWsspMustNotSendCancelAssertion(alternative, out requireCancellation) && TryImportWsspMustNotSendAmendAssertion(alternative) // We do not support Renew for spnego and sslnego. Read the // assertion if present and ignore it. && TryImportWsspMustNotSendRenewAssertion(alternative, out canRenewSession) && alternative.Count == 0) { // Client always set this to true to match the standardbinding. // This setting on client has no effect for spnego and sslnego. sspi.RequireCancellation = true; sspi.InclusionMode = inclusionMode; break; } else { parameters = null; } } } else { parameters = new SspiSecurityTokenParameters(); parameters.RequireDerivedKeys = false; parameters.InclusionMode = inclusionMode; } } return(parameters != null); }
// If any changes are made to this method, please make sure that they are // reflected in the corresponding IsSspiNegotiationOverTransportBinding() method. public static TransportSecurityBindingElement CreateSspiNegotiationOverTransportBindingElement(bool requireCancellation) { TransportSecurityBindingElement result = new TransportSecurityBindingElement(); SspiSecurityTokenParameters sspiParameters = new SspiSecurityTokenParameters(requireCancellation) { RequireDerivedKeys = false }; result.EndpointSupportingTokenParameters.Endorsing.Add( sspiParameters); result.IncludeTimestamp = true; // result.LocalClientSettings.DetectReplays = false; result.LocalServiceSettings.DetectReplays = false; result.SupportsExtendedProtectionPolicy = true; return(result); }
public void MessageSecuritySPNego() { WSHttpBinding binding = new WSHttpBinding(); SymmetricSecurityBindingElement sbe = binding.CreateBindingElements().Find <SymmetricSecurityBindingElement> (); Assert.IsNotNull(sbe, "#1"); Assert.AreEqual(false, sbe.RequireSignatureConfirmation, "#1-2"); SecureConversationSecurityTokenParameters sp = sbe.ProtectionTokenParameters as SecureConversationSecurityTokenParameters; Assert.IsNotNull(sp, "#2"); SymmetricSecurityBindingElement spbe = sp.BootstrapSecurityBindingElement as SymmetricSecurityBindingElement; Assert.IsNotNull(spbe, "#3"); SspiSecurityTokenParameters p = spbe.ProtectionTokenParameters as SspiSecurityTokenParameters; Assert.IsNotNull(p, "#4"); Assert.AreEqual(SecurityTokenReferenceStyle.Internal, p.ReferenceStyle, "#5"); Assert.AreEqual(SecurityTokenInclusionMode.AlwaysToRecipient, p.InclusionMode, "#6"); Assert.AreEqual(0, sbe.EndpointSupportingTokenParameters.Signed.Count, "#7"); Assert.AreEqual(0, sbe.EndpointSupportingTokenParameters.SignedEncrypted.Count, "#8"); Assert.AreEqual(0, sbe.EndpointSupportingTokenParameters.Endorsing.Count, "#9"); Assert.AreEqual(0, sbe.EndpointSupportingTokenParameters.SignedEndorsing.Count, "#10"); Assert.AreEqual(0, spbe.EndpointSupportingTokenParameters.Signed.Count, "#11"); Assert.AreEqual(0, spbe.EndpointSupportingTokenParameters.SignedEncrypted.Count, "#12"); Assert.AreEqual(0, spbe.EndpointSupportingTokenParameters.Endorsing.Count, "#13"); Assert.AreEqual(0, spbe.EndpointSupportingTokenParameters.SignedEndorsing.Count, "#14"); Assert.AreEqual(0, sbe.OptionalEndpointSupportingTokenParameters.Signed.Count, "#17"); Assert.AreEqual(0, sbe.OptionalEndpointSupportingTokenParameters.SignedEncrypted.Count, "#18"); Assert.AreEqual(0, sbe.OptionalEndpointSupportingTokenParameters.Endorsing.Count, "#19"); Assert.AreEqual(0, sbe.OptionalEndpointSupportingTokenParameters.SignedEndorsing.Count, "#110"); Assert.AreEqual(0, spbe.OptionalEndpointSupportingTokenParameters.Signed.Count, "#21"); Assert.AreEqual(0, spbe.OptionalEndpointSupportingTokenParameters.SignedEncrypted.Count, "#22"); Assert.AreEqual(0, spbe.OptionalEndpointSupportingTokenParameters.Endorsing.Count, "#23"); Assert.AreEqual(0, spbe.OptionalEndpointSupportingTokenParameters.SignedEndorsing.Count, "#24"); }
public override XmlElement CreateWsspSpnegoContextTokenAssertion(MetadataExporter exporter, SspiSecurityTokenParameters parameters) { XmlElement tokenAssertion = this.CreateWsspAssertion("SpnegoContextToken"); this.SetIncludeTokenValue(tokenAssertion, parameters.InclusionMode); tokenAssertion.AppendChild(this.CreateWspPolicyWrapper(exporter, new XmlElement[] { this.CreateWsspRequireDerivedKeysAssertion(parameters.RequireDerivedKeys), this.CreateWsspMustNotSendCancelAssertion(false), this.CreateWsspMustNotSendAmendAssertion(), this.CreateWsspMustNotSendRenewAssertion() })); return(tokenAssertion); }
public override XmlElement CreateWsspSpnegoContextTokenAssertion(MetadataExporter exporter, SspiSecurityTokenParameters parameters) { XmlElement result = CreateWsspAssertion(SpnegoContextTokenName); SetIncludeTokenValue(result, parameters.InclusionMode); result.AppendChild( CreateWspPolicyWrapper( exporter, CreateWsspRequireDerivedKeysAssertion(parameters.RequireDerivedKeys), // Always emit <sp:MustNotSendCancel/> for spnego and sslnego CreateWsspMustNotSendCancelAssertion(false), CreateWsspMustNotSendAmendAssertion(), CreateWsspMustNotSendRenewAssertion() )); return(result); }