private static void WriteRightAttribute(Claim claim, SctClaimDictionary dictionary, XmlDictionaryWriter writer)
 {
     if (!Rights.PossessProperty.Equals(claim.Right))
     {
         writer.WriteAttributeString(dictionary.Right, dictionary.EmptyString, claim.Right);
     }
 }
Beispiel #2
0
        static void SerializePrimaryIdentity(IIdentity identity, SctClaimDictionary dictionary, XmlDictionaryWriter writer, XmlObjectSerializer serializer)
        {
            if (identity != null && identity != SecurityUtils.AnonymousIdentity)
            {
                writer.WriteStartElement(dictionary.PrimaryIdentity, dictionary.EmptyString);
                if (identity is WindowsIdentity)
                {
                    WindowsIdentity wid = (WindowsIdentity)identity;
                    writer.WriteStartElement(dictionary.WindowsSidIdentity, dictionary.EmptyString);
                    WriteSidAttribute(wid.User, dictionary, writer);

                    // This is to work around WOW64 bug Windows OS 1491447
                    string authenticationType = null;
                    using (WindowsIdentity self = WindowsIdentity.GetCurrent())
                    {
                        // is owner or admin?  AuthenticationType could throw un-authorized exception
                        if ((self.User == wid.Owner) ||
                            (wid.Owner != null && self.Groups.Contains(wid.Owner)) ||
                            (wid.Owner != SecurityUtils.AdministratorsSid && self.Groups.Contains(SecurityUtils.AdministratorsSid)))
                        {
                            authenticationType = wid.AuthenticationType;
                        }
                    }
                    if (!String.IsNullOrEmpty(authenticationType))
                    {
                        writer.WriteAttributeString(dictionary.AuthenticationType, dictionary.EmptyString, authenticationType);
                    }
                    writer.WriteString(wid.Name);
                    writer.WriteEndElement();
                }
                else if (identity is WindowsSidIdentity)
                {
                    WindowsSidIdentity wsid = (WindowsSidIdentity)identity;
                    writer.WriteStartElement(dictionary.WindowsSidIdentity, dictionary.EmptyString);
                    WriteSidAttribute(wsid.SecurityIdentifier, dictionary, writer);
                    if (!String.IsNullOrEmpty(wsid.AuthenticationType))
                    {
                        writer.WriteAttributeString(dictionary.AuthenticationType, dictionary.EmptyString, wsid.AuthenticationType);
                    }
                    writer.WriteString(wsid.Name);
                    writer.WriteEndElement();
                }
                else if (identity is GenericIdentity)
                {
                    GenericIdentity genericIdentity = (GenericIdentity)identity;
                    writer.WriteStartElement(dictionary.GenericIdentity, dictionary.EmptyString);
                    if (!String.IsNullOrEmpty(genericIdentity.AuthenticationType))
                    {
                        writer.WriteAttributeString(dictionary.AuthenticationType, dictionary.EmptyString, genericIdentity.AuthenticationType);
                    }
                    writer.WriteString(genericIdentity.Name);
                    writer.WriteEndElement();
                }
                else
                {
                    serializer.WriteObject(writer, identity);
                }
                writer.WriteEndElement();
            }
        }
Beispiel #3
0
        static IIdentity DeserializePrimaryIdentity(XmlDictionaryReader reader, SctClaimDictionary dictionary, XmlObjectSerializer serializer)
        {
            IIdentity identity = null;

            if (reader.IsStartElement(dictionary.PrimaryIdentity, dictionary.EmptyString))
            {
                reader.ReadStartElement();
                if (reader.IsStartElement(dictionary.WindowsSidIdentity, dictionary.EmptyString))
                {
                    SecurityIdentifier sid = ReadSidAttribute(reader, dictionary);
                    string             authenticationType = reader.GetAttribute(dictionary.AuthenticationType, dictionary.EmptyString);
                    reader.ReadStartElement();
                    string name = reader.ReadContentAsString();
                    identity = new WindowsSidIdentity(sid, name, authenticationType ?? String.Empty);
                    reader.ReadEndElement();
                }
                else if (reader.IsStartElement(dictionary.GenericIdentity, dictionary.EmptyString))
                {
                    string authenticationType = reader.GetAttribute(dictionary.AuthenticationType, dictionary.EmptyString);
                    reader.ReadStartElement();
                    string name = reader.ReadContentAsString();
                    identity = SecurityUtils.CreateIdentity(name, authenticationType ?? String.Empty);
                    reader.ReadEndElement();
                }
                else
                {
                    identity = (IIdentity)serializer.ReadObject(reader);
                }
                reader.ReadEndElement();
            }
            return(identity);
        }
        static IAuthorizationPolicy RetrievePolicyFromBlob(byte[] contextBlob, string id, DateTime expirationTime, IList <Type> knownTypes)
        {
            if (contextBlob == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("contextBlob");
            }

            if (id == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("id");
            }

            SctClaimDictionary  claimDictionary = SctClaimDictionary.Instance;
            XmlDictionaryReader reader          = XmlDictionaryReader.CreateBinaryReader(contextBlob, 0, contextBlob.Length, claimDictionary, XmlDictionaryReaderQuotas.Max, null, null);
            IList <IIdentity>   identities      = null;
            IList <ClaimSet>    claimSets       = null;
            int versionNumber = -1;

            reader.ReadFullStartElement(claimDictionary.SecurityContextSecurityToken, claimDictionary.EmptyString);

            while (reader.IsStartElement())
            {
                if (reader.IsStartElement(claimDictionary.Version, claimDictionary.EmptyString))
                {
                    versionNumber = reader.ReadElementContentAsInt();

                    if (versionNumber != 1)
                    {
                        throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR2.GetString(SR2.SerializedAuthorizationContextVersionUnsupported, versionNumber)));
                    }
                }
                else
                {
                    if (reader.IsStartElement(claimDictionary.Identities, claimDictionary.EmptyString))
                    {
                        identities = SctClaimSerializer.DeserializeIdentities(reader, claimDictionary, DataContractSerializerDefaults.CreateSerializer(typeof(IIdentity), knownTypes, 0x7fffffff));
                        continue;
                    }
                    if (reader.IsStartElement(claimDictionary.ClaimSets, claimDictionary.EmptyString))
                    {
                        reader.ReadStartElement();
                        DataContractSerializer claimSetSerializer = DataContractSerializerDefaults.CreateSerializer(typeof(ClaimSet), knownTypes, 0x7fffffff);
                        DataContractSerializer claimSerializer    = DataContractSerializerDefaults.CreateSerializer(typeof(Claim), knownTypes, 0x7fffffff);
                        claimSets = new List <ClaimSet>(1);

                        while (reader.IsStartElement())
                        {
                            claimSets.Add(SctClaimSerializer.DeserializeClaimSet(reader, claimDictionary, claimSetSerializer, claimSerializer));
                        }

                        reader.ReadEndElement();
                        continue;
                    }
                }
            }
            reader.ReadEndElement();
            return(new SctUnconditionalPolicy(identities, id, claimSets, expirationTime));
        }
Beispiel #5
0
        public static ClaimSet DeserializeClaimSet(XmlDictionaryReader reader, SctClaimDictionary dictionary, XmlObjectSerializer serializer, XmlObjectSerializer claimSerializer)
        {
            if (reader.IsStartElement(dictionary.NullValue, dictionary.EmptyString))
            {
                reader.ReadElementString();
                return(null);
            }
            else if (reader.IsStartElement(dictionary.X509CertificateClaimSet, dictionary.EmptyString))
            {
                reader.ReadStartElement();
                byte[] rawData = reader.ReadContentAsBase64();
                reader.ReadEndElement();
                return(new X509CertificateClaimSet(new X509Certificate2(rawData), false));
            }
            else if (reader.IsStartElement(dictionary.SystemClaimSet, dictionary.EmptyString))
            {
                reader.ReadElementString();
                return(ClaimSet.System);
            }
            else if (reader.IsStartElement(dictionary.WindowsClaimSet, dictionary.EmptyString))
            {
                reader.ReadElementString();
                return(ClaimSet.Windows);
            }
            else if (reader.IsStartElement(dictionary.AnonymousClaimSet, dictionary.EmptyString))
            {
                reader.ReadElementString();
                return(ClaimSet.Anonymous);
            }
            else if (reader.IsStartElement(dictionary.ClaimSet, dictionary.EmptyString))
            {
                ClaimSet     issuer = null;
                List <Claim> claims = new List <Claim>();
                reader.ReadStartElement();

                if (reader.IsStartElement(dictionary.PrimaryIssuer, dictionary.EmptyString))
                {
                    reader.ReadStartElement();
                    issuer = DeserializeClaimSet(reader, dictionary, serializer, claimSerializer);
                    reader.ReadEndElement();
                }

                while (reader.IsStartElement())
                {
                    reader.ReadStartElement();
                    claims.Add(DeserializeClaim(reader, dictionary, claimSerializer));
                    reader.ReadEndElement();
                }

                reader.ReadEndElement();
                return(issuer != null ? new DefaultClaimSet(issuer, claims) : new DefaultClaimSet(claims));
            }
            else
            {
                return((ClaimSet)serializer.ReadObject(reader));
            }
        }
        private static string ReadRightAttribute(XmlDictionaryReader reader, SctClaimDictionary dictionary)
        {
            string attribute = reader.GetAttribute(dictionary.Right, dictionary.EmptyString);

            if (!string.IsNullOrEmpty(attribute))
            {
                return(attribute);
            }
            return(Rights.PossessProperty);
        }
 private static void SerializePrimaryIdentity(IIdentity identity, SctClaimDictionary dictionary, XmlDictionaryWriter writer, XmlObjectSerializer serializer)
 {
     if ((identity != null) && (identity != System.ServiceModel.Security.SecurityUtils.AnonymousIdentity))
     {
         writer.WriteStartElement(dictionary.PrimaryIdentity, dictionary.EmptyString);
         if (identity is WindowsIdentity)
         {
             WindowsIdentity identity2 = (WindowsIdentity)identity;
             writer.WriteStartElement(dictionary.WindowsSidIdentity, dictionary.EmptyString);
             WriteSidAttribute(identity2.User, dictionary, writer);
             string authenticationType = null;
             using (WindowsIdentity identity3 = WindowsIdentity.GetCurrent())
             {
                 if (((identity3.User == identity2.Owner) || ((identity2.Owner != null) && identity3.Groups.Contains(identity2.Owner))) || ((identity2.Owner != System.ServiceModel.Security.SecurityUtils.AdministratorsSid) && identity3.Groups.Contains(System.ServiceModel.Security.SecurityUtils.AdministratorsSid)))
                 {
                     authenticationType = identity2.AuthenticationType;
                 }
             }
             if (!string.IsNullOrEmpty(authenticationType))
             {
                 writer.WriteAttributeString(dictionary.AuthenticationType, dictionary.EmptyString, authenticationType);
             }
             writer.WriteString(identity2.Name);
             writer.WriteEndElement();
         }
         else if (identity is WindowsSidIdentity)
         {
             WindowsSidIdentity identity4 = (WindowsSidIdentity)identity;
             writer.WriteStartElement(dictionary.WindowsSidIdentity, dictionary.EmptyString);
             WriteSidAttribute(identity4.SecurityIdentifier, dictionary, writer);
             if (!string.IsNullOrEmpty(identity4.AuthenticationType))
             {
                 writer.WriteAttributeString(dictionary.AuthenticationType, dictionary.EmptyString, identity4.AuthenticationType);
             }
             writer.WriteString(identity4.Name);
             writer.WriteEndElement();
         }
         else if (identity is GenericIdentity)
         {
             GenericIdentity identity5 = (GenericIdentity)identity;
             writer.WriteStartElement(dictionary.GenericIdentity, dictionary.EmptyString);
             if (!string.IsNullOrEmpty(identity5.AuthenticationType))
             {
                 writer.WriteAttributeString(dictionary.AuthenticationType, dictionary.EmptyString, identity5.AuthenticationType);
             }
             writer.WriteString(identity5.Name);
             writer.WriteEndElement();
         }
         else
         {
             serializer.WriteObject(writer, identity);
         }
         writer.WriteEndElement();
     }
 }
Beispiel #8
0
        public static void SerializeClaimSet(ClaimSet claimSet, SctClaimDictionary dictionary, XmlDictionaryWriter writer, XmlObjectSerializer serializer, XmlObjectSerializer claimSerializer)
        {
            if (claimSet is X509CertificateClaimSet)
            {
                X509CertificateClaimSet x509ClaimSet = (X509CertificateClaimSet)claimSet;
                writer.WriteStartElement(dictionary.X509CertificateClaimSet, dictionary.EmptyString);
                byte[] rawData = x509ClaimSet.X509Certificate.RawData;
                writer.WriteBase64(rawData, 0, rawData.Length);
                writer.WriteEndElement();
            }
            else if (claimSet == ClaimSet.System)
            {
                writer.WriteElementString(dictionary.SystemClaimSet, dictionary.EmptyString, String.Empty);
            }
            else if (claimSet == ClaimSet.Windows)
            {
                writer.WriteElementString(dictionary.WindowsClaimSet, dictionary.EmptyString, String.Empty);
            }
            else if (claimSet == ClaimSet.Anonymous)
            {
                writer.WriteElementString(dictionary.AnonymousClaimSet, dictionary.EmptyString, String.Empty);
            }
            else if (claimSet is WindowsClaimSet || claimSet is DefaultClaimSet)
            {
                writer.WriteStartElement(dictionary.ClaimSet, dictionary.EmptyString);
                writer.WriteStartElement(dictionary.PrimaryIssuer, dictionary.EmptyString);
                if (claimSet.Issuer == claimSet)
                {
                    writer.WriteElementString(dictionary.NullValue, dictionary.EmptyString, string.Empty);
                }
                else
                {
                    SerializeClaimSet(claimSet.Issuer, dictionary, writer, serializer, claimSerializer);
                }
                writer.WriteEndElement();

                foreach (Claim claim in claimSet)
                {
                    writer.WriteStartElement(dictionary.Claim, dictionary.EmptyString);
                    SerializeClaim(claim, dictionary, writer, claimSerializer);
                    writer.WriteEndElement();
                }
                writer.WriteEndElement();
            }
            else
            {
                serializer.WriteObject(writer, claimSet);
            }
        }
        public static void SerializeIdentities(AuthorizationContext authContext, SctClaimDictionary dictionary, XmlDictionaryWriter writer, XmlObjectSerializer serializer)
        {
            object obj2;

            if (authContext.Properties.TryGetValue("Identities", out obj2))
            {
                IList <IIdentity> list = obj2 as IList <IIdentity>;
                if ((list != null) && (list.Count > 0))
                {
                    writer.WriteStartElement(dictionary.Identities, dictionary.EmptyString);
                    for (int i = 0; i < list.Count; i++)
                    {
                        SerializePrimaryIdentity(list[i], dictionary, writer, serializer);
                    }
                    writer.WriteEndElement();
                }
            }
        }
Beispiel #10
0
        public static void SerializeIdentities(AuthorizationContext authContext, SctClaimDictionary dictionary, XmlDictionaryWriter writer, XmlObjectSerializer serializer)
        {
            object            obj;
            IList <IIdentity> identities;

            if (authContext.Properties.TryGetValue(SecurityUtils.Identities, out obj))
            {
                identities = obj as IList <IIdentity>;
                if (identities != null && identities.Count > 0)
                {
                    writer.WriteStartElement(dictionary.Identities, dictionary.EmptyString);
                    for (int i = 0; i < identities.Count; ++i)
                    {
                        SerializePrimaryIdentity(identities[i], dictionary, writer, serializer);
                    }
                    writer.WriteEndElement();
                }
            }
        }
        static byte[] CreateSerializableBlob(AuthorizationContext authorizationContext, IList <Type> knownTypes)
        {
            if (authorizationContext == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("authorizationContext");
            }

            MemoryStream        stream          = new MemoryStream();
            XmlDictionaryWriter writer          = XmlDictionaryWriter.CreateBinaryWriter(stream, SctClaimDictionary.Instance, null);
            SctClaimDictionary  claimDictionary = SctClaimDictionary.Instance;


            writer.WriteStartElement(claimDictionary.SecurityContextSecurityToken, claimDictionary.EmptyString);
            writer.WriteStartElement(claimDictionary.Version, claimDictionary.EmptyString);
            writer.WriteValue(1);
            writer.WriteEndElement();

            if ((authorizationContext != null) && (authorizationContext.ClaimSets.Count != 0))
            {
                DataContractSerializer identitySerializer = DataContractSerializerDefaults.CreateSerializer(typeof(IIdentity), knownTypes, 0x7fffffff);
                DataContractSerializer claimSetSerializer = DataContractSerializerDefaults.CreateSerializer(typeof(ClaimSet), knownTypes, 0x7fffffff);
                DataContractSerializer claimSerializer    = DataContractSerializerDefaults.CreateSerializer(typeof(Claim), knownTypes, 0x7fffffff);
                SctClaimSerializer.SerializeIdentities(authorizationContext, claimDictionary, writer, identitySerializer);

                writer.WriteStartElement(claimDictionary.ClaimSets, claimDictionary.EmptyString);
                for (int i = 0; i < authorizationContext.ClaimSets.Count; i++)
                {
                    SctClaimSerializer.SerializeClaimSet(authorizationContext.ClaimSets[i], claimDictionary, writer, claimSetSerializer, claimSerializer);
                }
                writer.WriteEndElement();
            }

            writer.WriteEndElement();
            writer.Flush();
            return(stream.ToArray());
        }
 public static IList<IIdentity> DeserializeIdentities(XmlDictionaryReader reader, SctClaimDictionary dictionary, XmlObjectSerializer serializer)
 {
     List<IIdentity> identities = null;
     if (reader.IsStartElement(dictionary.Identities, dictionary.EmptyString))
     {
         identities = new List<IIdentity>();
         reader.ReadStartElement();
         while (reader.IsStartElement(dictionary.PrimaryIdentity, dictionary.EmptyString))
         {
             IIdentity identity = DeserializePrimaryIdentity(reader, dictionary, serializer);
             if (identity != null && identity != SecurityUtils.AnonymousIdentity)
             {
                 identities.Add(identity);
             }
         }
         reader.ReadEndElement();
     }
     return identities;
 }
 static SecurityIdentifier ReadSidAttribute(XmlDictionaryReader reader, SctClaimDictionary dictionary)
 {
     byte[] sidBytes = Convert.FromBase64String(reader.GetAttribute(dictionary.Sid, dictionary.EmptyString));
     return new SecurityIdentifier(sidBytes, 0);
 }
 static string ReadRightAttribute(XmlDictionaryReader reader, SctClaimDictionary dictionary)
 {
     string right = reader.GetAttribute(dictionary.Right, dictionary.EmptyString);
     return String.IsNullOrEmpty(right) ? Rights.PossessProperty : right;
 }
        static void SerializePrimaryIdentity(IIdentity identity, SctClaimDictionary dictionary, XmlDictionaryWriter writer, XmlObjectSerializer serializer)
        {
            if (identity != null && identity != SecurityUtils.AnonymousIdentity)
            {
                writer.WriteStartElement(dictionary.PrimaryIdentity, dictionary.EmptyString);
                if (identity is WindowsIdentity)
                {
                    WindowsIdentity wid = (WindowsIdentity)identity;
                    writer.WriteStartElement(dictionary.WindowsSidIdentity, dictionary.EmptyString);
                    WriteSidAttribute(wid.User, dictionary, writer);

                    // This is to work around WOW64 bug Windows OS 1491447
                    string authenticationType = null;
                    using (WindowsIdentity self = WindowsIdentity.GetCurrent())
                    {
                        // is owner or admin?  AuthenticationType could throw un-authorized exception
                        if ((self.User == wid.Owner) || 
                            (wid.Owner != null && self.Groups.Contains(wid.Owner)) || 
                            (wid.Owner != SecurityUtils.AdministratorsSid && self.Groups.Contains(SecurityUtils.AdministratorsSid)))
                        {
                            authenticationType = wid.AuthenticationType;
                        }
                    }
                    if (!String.IsNullOrEmpty(authenticationType))
                        writer.WriteAttributeString(dictionary.AuthenticationType, dictionary.EmptyString, authenticationType);
                    writer.WriteString(wid.Name);
                    writer.WriteEndElement();
                }
                else if (identity is WindowsSidIdentity)
                {
                    WindowsSidIdentity wsid = (WindowsSidIdentity)identity;
                    writer.WriteStartElement(dictionary.WindowsSidIdentity, dictionary.EmptyString);
                    WriteSidAttribute(wsid.SecurityIdentifier, dictionary, writer);
                    if (!String.IsNullOrEmpty(wsid.AuthenticationType))
                        writer.WriteAttributeString(dictionary.AuthenticationType, dictionary.EmptyString, wsid.AuthenticationType);
                    writer.WriteString(wsid.Name);
                    writer.WriteEndElement();
                }
                else if (identity is GenericIdentity)
                {
                    GenericIdentity genericIdentity = (GenericIdentity)identity;
                    writer.WriteStartElement(dictionary.GenericIdentity, dictionary.EmptyString);
                    if (!String.IsNullOrEmpty(genericIdentity.AuthenticationType))
                        writer.WriteAttributeString(dictionary.AuthenticationType, dictionary.EmptyString, genericIdentity.AuthenticationType);
                    writer.WriteString(genericIdentity.Name);
                    writer.WriteEndElement();
                }
                else
                {
                    serializer.WriteObject(writer, identity);
                }
                writer.WriteEndElement();
            }
        }
        public static Claim DeserializeClaim(XmlDictionaryReader reader, SctClaimDictionary dictionary, XmlObjectSerializer serializer)
        {
            if (reader.IsStartElement(dictionary.NullValue, dictionary.EmptyString))
            {
                reader.ReadElementString();
                return null;
            }
            else if (reader.IsStartElement(dictionary.WindowsSidClaim, dictionary.EmptyString))
            {
                string right = ReadRightAttribute(reader, dictionary);
                reader.ReadStartElement();
                byte[] sidBytes = reader.ReadContentAsBase64();
                reader.ReadEndElement();
                return new Claim(ClaimTypes.Sid, new SecurityIdentifier(sidBytes, 0), right);
            }
            else if (reader.IsStartElement(dictionary.DenyOnlySidClaim, dictionary.EmptyString))
            {
                string right = ReadRightAttribute(reader, dictionary);
                reader.ReadStartElement();
                byte[] sidBytes = reader.ReadContentAsBase64();
                reader.ReadEndElement();
                return new Claim(ClaimTypes.DenyOnlySid, new SecurityIdentifier(sidBytes, 0), right);
            }
            else if (reader.IsStartElement(dictionary.X500DistinguishedNameClaim, dictionary.EmptyString))
            {
                string right = ReadRightAttribute(reader, dictionary);
                reader.ReadStartElement();
                byte[] rawData = reader.ReadContentAsBase64();
                reader.ReadEndElement();
                return new Claim(ClaimTypes.X500DistinguishedName, new X500DistinguishedName(rawData), right);
            }
            else if (reader.IsStartElement(dictionary.X509ThumbprintClaim, dictionary.EmptyString))
            {
                string right = ReadRightAttribute(reader, dictionary);
                reader.ReadStartElement();
                byte[] thumbprint = reader.ReadContentAsBase64();
                reader.ReadEndElement();
                return new Claim(ClaimTypes.Thumbprint, thumbprint, right);
            }
            else if (reader.IsStartElement(dictionary.NameClaim, dictionary.EmptyString))
            {
                string right = ReadRightAttribute(reader, dictionary);
                reader.ReadStartElement();
                string name = reader.ReadString();
                reader.ReadEndElement();
                return new Claim(ClaimTypes.Name, name, right);
            }
            else if (reader.IsStartElement(dictionary.DnsClaim, dictionary.EmptyString))
            {
                string right = ReadRightAttribute(reader, dictionary);
                reader.ReadStartElement();
                string dns = reader.ReadString();
                reader.ReadEndElement();
                return new Claim(ClaimTypes.Dns, dns, right);
            }
            else if (reader.IsStartElement(dictionary.RsaClaim, dictionary.EmptyString))
            {
                string right = ReadRightAttribute(reader, dictionary);
                reader.ReadStartElement();
                string rsaXml = reader.ReadString();
                reader.ReadEndElement();

                System.Security.Cryptography.RSACryptoServiceProvider rsa = new System.Security.Cryptography.RSACryptoServiceProvider();
                rsa.FromXmlString(rsaXml);
                return new Claim(ClaimTypes.Rsa, rsa, right);
            }
            else if (reader.IsStartElement(dictionary.MailAddressClaim, dictionary.EmptyString))
            {
                string right = ReadRightAttribute(reader, dictionary);
                reader.ReadStartElement();
                string address = reader.ReadString();
                reader.ReadEndElement();
                return new Claim(ClaimTypes.Email, new System.Net.Mail.MailAddress(address), right);
            }
            else if (reader.IsStartElement(dictionary.SystemClaim, dictionary.EmptyString))
            {
                reader.ReadElementString();
                return Claim.System;
            }
            else if (reader.IsStartElement(dictionary.HashClaim, dictionary.EmptyString))
            {
                string right = ReadRightAttribute(reader, dictionary);
                reader.ReadStartElement();
                byte[] hash = reader.ReadContentAsBase64();
                reader.ReadEndElement();
                return new Claim(ClaimTypes.Hash, hash, right);
            }
            else if (reader.IsStartElement(dictionary.SpnClaim, dictionary.EmptyString))
            {
                string right = ReadRightAttribute(reader, dictionary);
                reader.ReadStartElement();
                string spn = reader.ReadString();
                reader.ReadEndElement();
                return new Claim(ClaimTypes.Spn, spn, right);
            }
            else if (reader.IsStartElement(dictionary.UpnClaim, dictionary.EmptyString))
            {
                string right = ReadRightAttribute(reader, dictionary);
                reader.ReadStartElement();
                string upn = reader.ReadString();
                reader.ReadEndElement();
                return new Claim(ClaimTypes.Upn, upn, right);
            }
            else if (reader.IsStartElement(dictionary.UrlClaim, dictionary.EmptyString))
            {
                string right = ReadRightAttribute(reader, dictionary);
                reader.ReadStartElement();
                string url = reader.ReadString();
                reader.ReadEndElement();
                return new Claim(ClaimTypes.Uri, new Uri(url), right);
            }
            else
            {
                return (Claim)serializer.ReadObject(reader);
            }
        }
 static void WriteRightAttribute(Claim claim, SctClaimDictionary dictionary, XmlDictionaryWriter writer)
 {
     if (Rights.PossessProperty.Equals(claim.Right))
         return;
     writer.WriteAttributeString(dictionary.Right, dictionary.EmptyString, claim.Right);
 }
 private static void SerializeSid(SecurityIdentifier sid, SctClaimDictionary dictionary, XmlDictionaryWriter writer)
 {
     byte[] binaryForm = new byte[sid.BinaryLength];
     sid.GetBinaryForm(binaryForm, 0);
     writer.WriteBase64(binaryForm, 0, binaryForm.Length);
 }
 private static void WriteSidAttribute(SecurityIdentifier sid, SctClaimDictionary dictionary, XmlDictionaryWriter writer)
 {
     byte[] binaryForm = new byte[sid.BinaryLength];
     sid.GetBinaryForm(binaryForm, 0);
     writer.WriteAttributeString(dictionary.Sid, dictionary.EmptyString, Convert.ToBase64String(binaryForm));
 }
 public static void SerializeIdentities(AuthorizationContext authContext, SctClaimDictionary dictionary, XmlDictionaryWriter writer, XmlObjectSerializer serializer)
 {
     object obj2;
     if (authContext.Properties.TryGetValue("Identities", out obj2))
     {
         IList<IIdentity> list = obj2 as IList<IIdentity>;
         if ((list != null) && (list.Count > 0))
         {
             writer.WriteStartElement(dictionary.Identities, dictionary.EmptyString);
             for (int i = 0; i < list.Count; i++)
             {
                 SerializePrimaryIdentity(list[i], dictionary, writer, serializer);
             }
             writer.WriteEndElement();
         }
     }
 }
 private static void SerializePrimaryIdentity(IIdentity identity, SctClaimDictionary dictionary, XmlDictionaryWriter writer, XmlObjectSerializer serializer)
 {
     if ((identity != null) && (identity != System.ServiceModel.Security.SecurityUtils.AnonymousIdentity))
     {
         writer.WriteStartElement(dictionary.PrimaryIdentity, dictionary.EmptyString);
         if (identity is WindowsIdentity)
         {
             WindowsIdentity identity2 = (WindowsIdentity) identity;
             writer.WriteStartElement(dictionary.WindowsSidIdentity, dictionary.EmptyString);
             WriteSidAttribute(identity2.User, dictionary, writer);
             string authenticationType = null;
             using (WindowsIdentity identity3 = WindowsIdentity.GetCurrent())
             {
                 if (((identity3.User == identity2.Owner) || ((identity2.Owner != null) && identity3.Groups.Contains(identity2.Owner))) || ((identity2.Owner != System.ServiceModel.Security.SecurityUtils.AdministratorsSid) && identity3.Groups.Contains(System.ServiceModel.Security.SecurityUtils.AdministratorsSid)))
                 {
                     authenticationType = identity2.AuthenticationType;
                 }
             }
             if (!string.IsNullOrEmpty(authenticationType))
             {
                 writer.WriteAttributeString(dictionary.AuthenticationType, dictionary.EmptyString, authenticationType);
             }
             writer.WriteString(identity2.Name);
             writer.WriteEndElement();
         }
         else if (identity is WindowsSidIdentity)
         {
             WindowsSidIdentity identity4 = (WindowsSidIdentity) identity;
             writer.WriteStartElement(dictionary.WindowsSidIdentity, dictionary.EmptyString);
             WriteSidAttribute(identity4.SecurityIdentifier, dictionary, writer);
             if (!string.IsNullOrEmpty(identity4.AuthenticationType))
             {
                 writer.WriteAttributeString(dictionary.AuthenticationType, dictionary.EmptyString, identity4.AuthenticationType);
             }
             writer.WriteString(identity4.Name);
             writer.WriteEndElement();
         }
         else if (identity is GenericIdentity)
         {
             GenericIdentity identity5 = (GenericIdentity) identity;
             writer.WriteStartElement(dictionary.GenericIdentity, dictionary.EmptyString);
             if (!string.IsNullOrEmpty(identity5.AuthenticationType))
             {
                 writer.WriteAttributeString(dictionary.AuthenticationType, dictionary.EmptyString, identity5.AuthenticationType);
             }
             writer.WriteString(identity5.Name);
             writer.WriteEndElement();
         }
         else
         {
             serializer.WriteObject(writer, identity);
         }
         writer.WriteEndElement();
     }
 }
 public static void SerializeClaim(Claim claim, SctClaimDictionary dictionary, XmlDictionaryWriter writer, XmlObjectSerializer serializer)
 {
     if (claim == null)
     {
         writer.WriteElementString(dictionary.NullValue, dictionary.EmptyString, string.Empty);
     }
     else if (ClaimTypes.Sid.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.WindowsSidClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         SerializeSid((SecurityIdentifier) claim.Resource, dictionary, writer);
         writer.WriteEndElement();
     }
     else if (ClaimTypes.DenyOnlySid.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.DenyOnlySidClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         SerializeSid((SecurityIdentifier) claim.Resource, dictionary, writer);
         writer.WriteEndElement();
     }
     else if (ClaimTypes.X500DistinguishedName.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.X500DistinguishedNameClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         byte[] rawData = ((X500DistinguishedName) claim.Resource).RawData;
         writer.WriteBase64(rawData, 0, rawData.Length);
         writer.WriteEndElement();
     }
     else if (ClaimTypes.Thumbprint.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.X509ThumbprintClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         byte[] resource = (byte[]) claim.Resource;
         writer.WriteBase64(resource, 0, resource.Length);
         writer.WriteEndElement();
     }
     else if (ClaimTypes.Name.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.NameClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         writer.WriteString((string) claim.Resource);
         writer.WriteEndElement();
     }
     else if (ClaimTypes.Dns.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.DnsClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         writer.WriteString((string) claim.Resource);
         writer.WriteEndElement();
     }
     else if (ClaimTypes.Rsa.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.RsaClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         writer.WriteString(((RSA) claim.Resource).ToXmlString(false));
         writer.WriteEndElement();
     }
     else if (ClaimTypes.Email.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.MailAddressClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         writer.WriteString(((MailAddress) claim.Resource).Address);
         writer.WriteEndElement();
     }
     else if (claim == Claim.System)
     {
         writer.WriteElementString(dictionary.SystemClaim, dictionary.EmptyString, string.Empty);
     }
     else if (ClaimTypes.Hash.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.HashClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         byte[] buffer = (byte[]) claim.Resource;
         writer.WriteBase64(buffer, 0, buffer.Length);
         writer.WriteEndElement();
     }
     else if (ClaimTypes.Spn.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.SpnClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         writer.WriteString((string) claim.Resource);
         writer.WriteEndElement();
     }
     else if (ClaimTypes.Upn.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.UpnClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         writer.WriteString((string) claim.Resource);
         writer.WriteEndElement();
     }
     else if (ClaimTypes.Uri.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.UrlClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         writer.WriteString(((Uri) claim.Resource).AbsoluteUri);
         writer.WriteEndElement();
     }
     else
     {
         serializer.WriteObject(writer, claim);
     }
 }
 private static string ReadRightAttribute(XmlDictionaryReader reader, SctClaimDictionary dictionary)
 {
     string attribute = reader.GetAttribute(dictionary.Right, dictionary.EmptyString);
     if (!string.IsNullOrEmpty(attribute))
     {
         return attribute;
     }
     return Rights.PossessProperty;
 }
 public static IList<IIdentity> DeserializeIdentities(XmlDictionaryReader reader, SctClaimDictionary dictionary, XmlObjectSerializer serializer)
 {
     List<IIdentity> list = null;
     if (reader.IsStartElement(dictionary.Identities, dictionary.EmptyString))
     {
         list = new List<IIdentity>();
         reader.ReadStartElement();
         while (reader.IsStartElement(dictionary.PrimaryIdentity, dictionary.EmptyString))
         {
             IIdentity item = DeserializePrimaryIdentity(reader, dictionary, serializer);
             if ((item != null) && (item != System.ServiceModel.Security.SecurityUtils.AnonymousIdentity))
             {
                 list.Add(item);
             }
         }
         reader.ReadEndElement();
     }
     return list;
 }
 public static Claim DeserializeClaim(XmlDictionaryReader reader, SctClaimDictionary dictionary, XmlObjectSerializer serializer)
 {
     if (reader.IsStartElement(dictionary.NullValue, dictionary.EmptyString))
     {
         reader.ReadElementString();
         return null;
     }
     if (reader.IsStartElement(dictionary.WindowsSidClaim, dictionary.EmptyString))
     {
         string right = ReadRightAttribute(reader, dictionary);
         reader.ReadStartElement();
         byte[] binaryForm = reader.ReadContentAsBase64();
         reader.ReadEndElement();
         return new Claim(ClaimTypes.Sid, new SecurityIdentifier(binaryForm, 0), right);
     }
     if (reader.IsStartElement(dictionary.DenyOnlySidClaim, dictionary.EmptyString))
     {
         string str2 = ReadRightAttribute(reader, dictionary);
         reader.ReadStartElement();
         byte[] buffer2 = reader.ReadContentAsBase64();
         reader.ReadEndElement();
         return new Claim(ClaimTypes.DenyOnlySid, new SecurityIdentifier(buffer2, 0), str2);
     }
     if (reader.IsStartElement(dictionary.X500DistinguishedNameClaim, dictionary.EmptyString))
     {
         string str3 = ReadRightAttribute(reader, dictionary);
         reader.ReadStartElement();
         byte[] encodedDistinguishedName = reader.ReadContentAsBase64();
         reader.ReadEndElement();
         return new Claim(ClaimTypes.X500DistinguishedName, new X500DistinguishedName(encodedDistinguishedName), str3);
     }
     if (reader.IsStartElement(dictionary.X509ThumbprintClaim, dictionary.EmptyString))
     {
         string str4 = ReadRightAttribute(reader, dictionary);
         reader.ReadStartElement();
         byte[] resource = reader.ReadContentAsBase64();
         reader.ReadEndElement();
         return new Claim(ClaimTypes.Thumbprint, resource, str4);
     }
     if (reader.IsStartElement(dictionary.NameClaim, dictionary.EmptyString))
     {
         string str5 = ReadRightAttribute(reader, dictionary);
         reader.ReadStartElement();
         string str6 = reader.ReadString();
         reader.ReadEndElement();
         return new Claim(ClaimTypes.Name, str6, str5);
     }
     if (reader.IsStartElement(dictionary.DnsClaim, dictionary.EmptyString))
     {
         string str7 = ReadRightAttribute(reader, dictionary);
         reader.ReadStartElement();
         string str8 = reader.ReadString();
         reader.ReadEndElement();
         return new Claim(ClaimTypes.Dns, str8, str7);
     }
     if (reader.IsStartElement(dictionary.RsaClaim, dictionary.EmptyString))
     {
         string str9 = ReadRightAttribute(reader, dictionary);
         reader.ReadStartElement();
         string xmlString = reader.ReadString();
         reader.ReadEndElement();
         RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
         provider.FromXmlString(xmlString);
         return new Claim(ClaimTypes.Rsa, provider, str9);
     }
     if (reader.IsStartElement(dictionary.MailAddressClaim, dictionary.EmptyString))
     {
         string str11 = ReadRightAttribute(reader, dictionary);
         reader.ReadStartElement();
         string address = reader.ReadString();
         reader.ReadEndElement();
         return new Claim(ClaimTypes.Email, new MailAddress(address), str11);
     }
     if (reader.IsStartElement(dictionary.SystemClaim, dictionary.EmptyString))
     {
         reader.ReadElementString();
         return Claim.System;
     }
     if (reader.IsStartElement(dictionary.HashClaim, dictionary.EmptyString))
     {
         string str13 = ReadRightAttribute(reader, dictionary);
         reader.ReadStartElement();
         byte[] buffer5 = reader.ReadContentAsBase64();
         reader.ReadEndElement();
         return new Claim(ClaimTypes.Hash, buffer5, str13);
     }
     if (reader.IsStartElement(dictionary.SpnClaim, dictionary.EmptyString))
     {
         string str14 = ReadRightAttribute(reader, dictionary);
         reader.ReadStartElement();
         string str15 = reader.ReadString();
         reader.ReadEndElement();
         return new Claim(ClaimTypes.Spn, str15, str14);
     }
     if (reader.IsStartElement(dictionary.UpnClaim, dictionary.EmptyString))
     {
         string str16 = ReadRightAttribute(reader, dictionary);
         reader.ReadStartElement();
         string str17 = reader.ReadString();
         reader.ReadEndElement();
         return new Claim(ClaimTypes.Upn, str17, str16);
     }
     if (reader.IsStartElement(dictionary.UrlClaim, dictionary.EmptyString))
     {
         string str18 = ReadRightAttribute(reader, dictionary);
         reader.ReadStartElement();
         string uriString = reader.ReadString();
         reader.ReadEndElement();
         return new Claim(ClaimTypes.Uri, new Uri(uriString), str18);
     }
     return (Claim) serializer.ReadObject(reader);
 }
 public static Claim DeserializeClaim(XmlDictionaryReader reader, SctClaimDictionary dictionary, XmlObjectSerializer serializer)
 {
     if (reader.IsStartElement(dictionary.NullValue, dictionary.EmptyString))
     {
         reader.ReadElementString();
         return(null);
     }
     if (reader.IsStartElement(dictionary.WindowsSidClaim, dictionary.EmptyString))
     {
         string right = ReadRightAttribute(reader, dictionary);
         reader.ReadStartElement();
         byte[] binaryForm = reader.ReadContentAsBase64();
         reader.ReadEndElement();
         return(new Claim(ClaimTypes.Sid, new SecurityIdentifier(binaryForm, 0), right));
     }
     if (reader.IsStartElement(dictionary.DenyOnlySidClaim, dictionary.EmptyString))
     {
         string str2 = ReadRightAttribute(reader, dictionary);
         reader.ReadStartElement();
         byte[] buffer2 = reader.ReadContentAsBase64();
         reader.ReadEndElement();
         return(new Claim(ClaimTypes.DenyOnlySid, new SecurityIdentifier(buffer2, 0), str2));
     }
     if (reader.IsStartElement(dictionary.X500DistinguishedNameClaim, dictionary.EmptyString))
     {
         string str3 = ReadRightAttribute(reader, dictionary);
         reader.ReadStartElement();
         byte[] encodedDistinguishedName = reader.ReadContentAsBase64();
         reader.ReadEndElement();
         return(new Claim(ClaimTypes.X500DistinguishedName, new X500DistinguishedName(encodedDistinguishedName), str3));
     }
     if (reader.IsStartElement(dictionary.X509ThumbprintClaim, dictionary.EmptyString))
     {
         string str4 = ReadRightAttribute(reader, dictionary);
         reader.ReadStartElement();
         byte[] resource = reader.ReadContentAsBase64();
         reader.ReadEndElement();
         return(new Claim(ClaimTypes.Thumbprint, resource, str4));
     }
     if (reader.IsStartElement(dictionary.NameClaim, dictionary.EmptyString))
     {
         string str5 = ReadRightAttribute(reader, dictionary);
         reader.ReadStartElement();
         string str6 = reader.ReadString();
         reader.ReadEndElement();
         return(new Claim(ClaimTypes.Name, str6, str5));
     }
     if (reader.IsStartElement(dictionary.DnsClaim, dictionary.EmptyString))
     {
         string str7 = ReadRightAttribute(reader, dictionary);
         reader.ReadStartElement();
         string str8 = reader.ReadString();
         reader.ReadEndElement();
         return(new Claim(ClaimTypes.Dns, str8, str7));
     }
     if (reader.IsStartElement(dictionary.RsaClaim, dictionary.EmptyString))
     {
         string str9 = ReadRightAttribute(reader, dictionary);
         reader.ReadStartElement();
         string xmlString = reader.ReadString();
         reader.ReadEndElement();
         RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
         provider.FromXmlString(xmlString);
         return(new Claim(ClaimTypes.Rsa, provider, str9));
     }
     if (reader.IsStartElement(dictionary.MailAddressClaim, dictionary.EmptyString))
     {
         string str11 = ReadRightAttribute(reader, dictionary);
         reader.ReadStartElement();
         string address = reader.ReadString();
         reader.ReadEndElement();
         return(new Claim(ClaimTypes.Email, new MailAddress(address), str11));
     }
     if (reader.IsStartElement(dictionary.SystemClaim, dictionary.EmptyString))
     {
         reader.ReadElementString();
         return(Claim.System);
     }
     if (reader.IsStartElement(dictionary.HashClaim, dictionary.EmptyString))
     {
         string str13 = ReadRightAttribute(reader, dictionary);
         reader.ReadStartElement();
         byte[] buffer5 = reader.ReadContentAsBase64();
         reader.ReadEndElement();
         return(new Claim(ClaimTypes.Hash, buffer5, str13));
     }
     if (reader.IsStartElement(dictionary.SpnClaim, dictionary.EmptyString))
     {
         string str14 = ReadRightAttribute(reader, dictionary);
         reader.ReadStartElement();
         string str15 = reader.ReadString();
         reader.ReadEndElement();
         return(new Claim(ClaimTypes.Spn, str15, str14));
     }
     if (reader.IsStartElement(dictionary.UpnClaim, dictionary.EmptyString))
     {
         string str16 = ReadRightAttribute(reader, dictionary);
         reader.ReadStartElement();
         string str17 = reader.ReadString();
         reader.ReadEndElement();
         return(new Claim(ClaimTypes.Upn, str17, str16));
     }
     if (reader.IsStartElement(dictionary.UrlClaim, dictionary.EmptyString))
     {
         string str18 = ReadRightAttribute(reader, dictionary);
         reader.ReadStartElement();
         string uriString = reader.ReadString();
         reader.ReadEndElement();
         return(new Claim(ClaimTypes.Uri, new Uri(uriString), str18));
     }
     return((Claim)serializer.ReadObject(reader));
 }
Beispiel #27
0
        public static Claim DeserializeClaim(XmlDictionaryReader reader, SctClaimDictionary dictionary, XmlObjectSerializer serializer)
        {
            if (reader.IsStartElement(dictionary.NullValue, dictionary.EmptyString))
            {
                reader.ReadElementString();
                return(null);
            }
            else if (reader.IsStartElement(dictionary.WindowsSidClaim, dictionary.EmptyString))
            {
                string right = ReadRightAttribute(reader, dictionary);
                reader.ReadStartElement();
                byte[] sidBytes = reader.ReadContentAsBase64();
                reader.ReadEndElement();
                return(new Claim(ClaimTypes.Sid, new SecurityIdentifier(sidBytes, 0), right));
            }
            else if (reader.IsStartElement(dictionary.DenyOnlySidClaim, dictionary.EmptyString))
            {
                string right = ReadRightAttribute(reader, dictionary);
                reader.ReadStartElement();
                byte[] sidBytes = reader.ReadContentAsBase64();
                reader.ReadEndElement();
                return(new Claim(ClaimTypes.DenyOnlySid, new SecurityIdentifier(sidBytes, 0), right));
            }
            else if (reader.IsStartElement(dictionary.X500DistinguishedNameClaim, dictionary.EmptyString))
            {
                string right = ReadRightAttribute(reader, dictionary);
                reader.ReadStartElement();
                byte[] rawData = reader.ReadContentAsBase64();
                reader.ReadEndElement();
                return(new Claim(ClaimTypes.X500DistinguishedName, new X500DistinguishedName(rawData), right));
            }
            else if (reader.IsStartElement(dictionary.X509ThumbprintClaim, dictionary.EmptyString))
            {
                string right = ReadRightAttribute(reader, dictionary);
                reader.ReadStartElement();
                byte[] thumbprint = reader.ReadContentAsBase64();
                reader.ReadEndElement();
                return(new Claim(ClaimTypes.Thumbprint, thumbprint, right));
            }
            else if (reader.IsStartElement(dictionary.NameClaim, dictionary.EmptyString))
            {
                string right = ReadRightAttribute(reader, dictionary);
                reader.ReadStartElement();
                string name = reader.ReadString();
                reader.ReadEndElement();
                return(new Claim(ClaimTypes.Name, name, right));
            }
            else if (reader.IsStartElement(dictionary.DnsClaim, dictionary.EmptyString))
            {
                string right = ReadRightAttribute(reader, dictionary);
                reader.ReadStartElement();
                string dns = reader.ReadString();
                reader.ReadEndElement();
                return(new Claim(ClaimTypes.Dns, dns, right));
            }
            else if (reader.IsStartElement(dictionary.RsaClaim, dictionary.EmptyString))
            {
                string right = ReadRightAttribute(reader, dictionary);
                reader.ReadStartElement();
                string rsaXml = reader.ReadString();
                reader.ReadEndElement();

                System.Security.Cryptography.RSACryptoServiceProvider rsa = new System.Security.Cryptography.RSACryptoServiceProvider();
                rsa.FromXmlString(rsaXml);
                return(new Claim(ClaimTypes.Rsa, rsa, right));
            }
            else if (reader.IsStartElement(dictionary.MailAddressClaim, dictionary.EmptyString))
            {
                string right = ReadRightAttribute(reader, dictionary);
                reader.ReadStartElement();
                string address = reader.ReadString();
                reader.ReadEndElement();
                return(new Claim(ClaimTypes.Email, new System.Net.Mail.MailAddress(address), right));
            }
            else if (reader.IsStartElement(dictionary.SystemClaim, dictionary.EmptyString))
            {
                reader.ReadElementString();
                return(Claim.System);
            }
            else if (reader.IsStartElement(dictionary.HashClaim, dictionary.EmptyString))
            {
                string right = ReadRightAttribute(reader, dictionary);
                reader.ReadStartElement();
                byte[] hash = reader.ReadContentAsBase64();
                reader.ReadEndElement();
                return(new Claim(ClaimTypes.Hash, hash, right));
            }
            else if (reader.IsStartElement(dictionary.SpnClaim, dictionary.EmptyString))
            {
                string right = ReadRightAttribute(reader, dictionary);
                reader.ReadStartElement();
                string spn = reader.ReadString();
                reader.ReadEndElement();
                return(new Claim(ClaimTypes.Spn, spn, right));
            }
            else if (reader.IsStartElement(dictionary.UpnClaim, dictionary.EmptyString))
            {
                string right = ReadRightAttribute(reader, dictionary);
                reader.ReadStartElement();
                string upn = reader.ReadString();
                reader.ReadEndElement();
                return(new Claim(ClaimTypes.Upn, upn, right));
            }
            else if (reader.IsStartElement(dictionary.UrlClaim, dictionary.EmptyString))
            {
                string right = ReadRightAttribute(reader, dictionary);
                reader.ReadStartElement();
                string url = reader.ReadString();
                reader.ReadEndElement();
                return(new Claim(ClaimTypes.Uri, new Uri(url), right));
            }
            else
            {
                return((Claim)serializer.ReadObject(reader));
            }
        }
        public static IList <IIdentity> DeserializeIdentities(XmlDictionaryReader reader, SctClaimDictionary dictionary, XmlObjectSerializer serializer)
        {
            List <IIdentity> list = null;

            if (reader.IsStartElement(dictionary.Identities, dictionary.EmptyString))
            {
                list = new List <IIdentity>();
                reader.ReadStartElement();
                while (reader.IsStartElement(dictionary.PrimaryIdentity, dictionary.EmptyString))
                {
                    IIdentity item = DeserializePrimaryIdentity(reader, dictionary, serializer);
                    if ((item != null) && (item != System.ServiceModel.Security.SecurityUtils.AnonymousIdentity))
                    {
                        list.Add(item);
                    }
                }
                reader.ReadEndElement();
            }
            return(list);
        }
        public static void SerializeClaimSet(ClaimSet claimSet, SctClaimDictionary dictionary, XmlDictionaryWriter writer, XmlObjectSerializer serializer, XmlObjectSerializer claimSerializer)
        {
            if (claimSet is X509CertificateClaimSet)
            {
                X509CertificateClaimSet x509ClaimSet = (X509CertificateClaimSet)claimSet;
                writer.WriteStartElement(dictionary.X509CertificateClaimSet, dictionary.EmptyString);
                byte[] rawData = x509ClaimSet.X509Certificate.RawData;
                writer.WriteBase64(rawData, 0, rawData.Length);
                writer.WriteEndElement();
            }
            else if (claimSet == ClaimSet.System)
            {
                writer.WriteElementString(dictionary.SystemClaimSet, dictionary.EmptyString, String.Empty);
            }
            else if (claimSet == ClaimSet.Windows)
            {
                writer.WriteElementString(dictionary.WindowsClaimSet, dictionary.EmptyString, String.Empty);
            }
            else if (claimSet == ClaimSet.Anonymous)
            {
                writer.WriteElementString(dictionary.AnonymousClaimSet, dictionary.EmptyString, String.Empty);
            }
            else if (claimSet is WindowsClaimSet || claimSet is DefaultClaimSet)
            {
                writer.WriteStartElement(dictionary.ClaimSet, dictionary.EmptyString);
                writer.WriteStartElement(dictionary.PrimaryIssuer, dictionary.EmptyString);
                if (claimSet.Issuer == claimSet)
                {
                    writer.WriteElementString(dictionary.NullValue, dictionary.EmptyString, string.Empty);
                }
                else
                {
                    SerializeClaimSet(claimSet.Issuer, dictionary, writer, serializer, claimSerializer);
                }
                writer.WriteEndElement();

                foreach (Claim claim in claimSet)
                {
                    writer.WriteStartElement(dictionary.Claim, dictionary.EmptyString);
                    SerializeClaim(claim, dictionary, writer, claimSerializer);
                    writer.WriteEndElement();
                }
                writer.WriteEndElement();
            }
            else
            {
                serializer.WriteObject(writer, claimSet);
            }
        }
Beispiel #30
0
        public static IList <IIdentity> DeserializeIdentities(XmlDictionaryReader reader, SctClaimDictionary dictionary, XmlObjectSerializer serializer)
        {
            List <IIdentity> identities = null;

            if (reader.IsStartElement(dictionary.Identities, dictionary.EmptyString))
            {
                identities = new List <IIdentity>();
                reader.ReadStartElement();
                while (reader.IsStartElement(dictionary.PrimaryIdentity, dictionary.EmptyString))
                {
                    IIdentity identity = DeserializePrimaryIdentity(reader, dictionary, serializer);
                    if (identity != null && identity != SecurityUtils.AnonymousIdentity)
                    {
                        identities.Add(identity);
                    }
                }
                reader.ReadEndElement();
            }
            return(identities);
        }
 static void SerializeSid(SecurityIdentifier sid, SctClaimDictionary dictionary, XmlDictionaryWriter writer)
 {
     byte[] sidBytes = new byte[sid.BinaryLength];
     sid.GetBinaryForm(sidBytes, 0);
     writer.WriteBase64(sidBytes, 0, sidBytes.Length);
 }
 private static SecurityIdentifier ReadSidAttribute(XmlDictionaryReader reader, SctClaimDictionary dictionary)
 {
     return(new SecurityIdentifier(Convert.FromBase64String(reader.GetAttribute(dictionary.Sid, dictionary.EmptyString)), 0));
 }
        public static ClaimSet DeserializeClaimSet(XmlDictionaryReader reader, SctClaimDictionary dictionary, XmlObjectSerializer serializer, XmlObjectSerializer claimSerializer)
        {
            if (reader.IsStartElement(dictionary.NullValue, dictionary.EmptyString))
            {
                reader.ReadElementString();
                return null;
            }
            else if (reader.IsStartElement(dictionary.X509CertificateClaimSet, dictionary.EmptyString))
            {
                reader.ReadStartElement();
                byte[] rawData = reader.ReadContentAsBase64();
                reader.ReadEndElement();
                return new X509CertificateClaimSet(new X509Certificate2(rawData), false);
            }
            else if (reader.IsStartElement(dictionary.SystemClaimSet, dictionary.EmptyString))
            {
                reader.ReadElementString();
                return ClaimSet.System;
            }
            else if (reader.IsStartElement(dictionary.WindowsClaimSet, dictionary.EmptyString))
            {
                reader.ReadElementString();
                return ClaimSet.Windows;
            }
            else if (reader.IsStartElement(dictionary.AnonymousClaimSet, dictionary.EmptyString))
            {
                reader.ReadElementString();
                return ClaimSet.Anonymous;
            }
            else if (reader.IsStartElement(dictionary.ClaimSet, dictionary.EmptyString))
            {
                ClaimSet issuer = null;
                List<Claim> claims = new List<Claim>();
                reader.ReadStartElement();

                if (reader.IsStartElement(dictionary.PrimaryIssuer, dictionary.EmptyString))
                {
                    reader.ReadStartElement();
                    issuer = DeserializeClaimSet(reader, dictionary, serializer, claimSerializer);
                    reader.ReadEndElement();
                }

                while (reader.IsStartElement())
                {
                    reader.ReadStartElement();
                    claims.Add(DeserializeClaim(reader, dictionary, claimSerializer));
                    reader.ReadEndElement();
                }

                reader.ReadEndElement();
                return issuer != null ? new DefaultClaimSet(issuer, claims) : new DefaultClaimSet(claims);
            }
            else
            {
                return (ClaimSet)serializer.ReadObject(reader);
            }
        }
 public static void SerializeClaim(Claim claim, SctClaimDictionary dictionary, XmlDictionaryWriter writer, XmlObjectSerializer serializer)
 {
     if (claim == null)
     {
         writer.WriteElementString(dictionary.NullValue, dictionary.EmptyString, string.Empty);
     }
     else if (ClaimTypes.Sid.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.WindowsSidClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         SerializeSid((SecurityIdentifier)claim.Resource, dictionary, writer);
         writer.WriteEndElement();
     }
     else if (ClaimTypes.DenyOnlySid.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.DenyOnlySidClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         SerializeSid((SecurityIdentifier)claim.Resource, dictionary, writer);
         writer.WriteEndElement();
     }
     else if (ClaimTypes.X500DistinguishedName.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.X500DistinguishedNameClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         byte[] rawData = ((X500DistinguishedName)claim.Resource).RawData;
         writer.WriteBase64(rawData, 0, rawData.Length);
         writer.WriteEndElement();
     }
     else if (ClaimTypes.Thumbprint.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.X509ThumbprintClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         byte[] resource = (byte[])claim.Resource;
         writer.WriteBase64(resource, 0, resource.Length);
         writer.WriteEndElement();
     }
     else if (ClaimTypes.Name.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.NameClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         writer.WriteString((string)claim.Resource);
         writer.WriteEndElement();
     }
     else if (ClaimTypes.Dns.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.DnsClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         writer.WriteString((string)claim.Resource);
         writer.WriteEndElement();
     }
     else if (ClaimTypes.Rsa.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.RsaClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         writer.WriteString(((RSA)claim.Resource).ToXmlString(false));
         writer.WriteEndElement();
     }
     else if (ClaimTypes.Email.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.MailAddressClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         writer.WriteString(((MailAddress)claim.Resource).Address);
         writer.WriteEndElement();
     }
     else if (claim == Claim.System)
     {
         writer.WriteElementString(dictionary.SystemClaim, dictionary.EmptyString, string.Empty);
     }
     else if (ClaimTypes.Hash.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.HashClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         byte[] buffer = (byte[])claim.Resource;
         writer.WriteBase64(buffer, 0, buffer.Length);
         writer.WriteEndElement();
     }
     else if (ClaimTypes.Spn.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.SpnClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         writer.WriteString((string)claim.Resource);
         writer.WriteEndElement();
     }
     else if (ClaimTypes.Upn.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.UpnClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         writer.WriteString((string)claim.Resource);
         writer.WriteEndElement();
     }
     else if (ClaimTypes.Uri.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.UrlClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         writer.WriteString(((Uri)claim.Resource).AbsoluteUri);
         writer.WriteEndElement();
     }
     else
     {
         serializer.WriteObject(writer, claim);
     }
 }
 public static void SerializeIdentities(AuthorizationContext authContext, SctClaimDictionary dictionary, XmlDictionaryWriter writer, XmlObjectSerializer serializer)
 {
     object obj;
     IList<IIdentity> identities;
     if (authContext.Properties.TryGetValue(SecurityUtils.Identities, out obj))
     {
         identities = obj as IList<IIdentity>;
         if (identities != null && identities.Count > 0)
         {
             writer.WriteStartElement(dictionary.Identities, dictionary.EmptyString);
             for (int i = 0; i < identities.Count; ++i)
             {
                 SerializePrimaryIdentity(identities[i], dictionary, writer, serializer);
             }
             writer.WriteEndElement();
         }
     }
 }
Beispiel #36
0
        static string ReadRightAttribute(XmlDictionaryReader reader, SctClaimDictionary dictionary)
        {
            string right = reader.GetAttribute(dictionary.Right, dictionary.EmptyString);

            return(String.IsNullOrEmpty(right) ? Rights.PossessProperty : right);
        }
 static void WriteSidAttribute(SecurityIdentifier sid, SctClaimDictionary dictionary, XmlDictionaryWriter writer)
 {
     byte[] sidBytes = new byte[sid.BinaryLength];
     sid.GetBinaryForm(sidBytes, 0);
     writer.WriteAttributeString(dictionary.Sid, dictionary.EmptyString, Convert.ToBase64String(sidBytes));
 }
Beispiel #38
0
 static void SerializeSid(SecurityIdentifier sid, SctClaimDictionary dictionary, XmlDictionaryWriter writer)
 {
     byte[] sidBytes = new byte[sid.BinaryLength];
     sid.GetBinaryForm(sidBytes, 0);
     writer.WriteBase64(sidBytes, 0, sidBytes.Length);
 }
 static IIdentity DeserializePrimaryIdentity(XmlDictionaryReader reader, SctClaimDictionary dictionary, XmlObjectSerializer serializer)
 {
     IIdentity identity = null;
     if (reader.IsStartElement(dictionary.PrimaryIdentity, dictionary.EmptyString))
     {
         reader.ReadStartElement();
         if (reader.IsStartElement(dictionary.WindowsSidIdentity, dictionary.EmptyString))
         {
             SecurityIdentifier sid = ReadSidAttribute(reader, dictionary);
             string authenticationType = reader.GetAttribute(dictionary.AuthenticationType, dictionary.EmptyString);
             reader.ReadStartElement();
             string name = reader.ReadContentAsString();
             identity = new WindowsSidIdentity(sid, name, authenticationType ?? String.Empty);
             reader.ReadEndElement();
         }
         else if (reader.IsStartElement(dictionary.GenericIdentity, dictionary.EmptyString))
         {
             string authenticationType = reader.GetAttribute(dictionary.AuthenticationType, dictionary.EmptyString);
             reader.ReadStartElement();
             string name = reader.ReadContentAsString();
             identity = SecurityUtils.CreateIdentity(name, authenticationType ?? String.Empty);
             reader.ReadEndElement();
         }
         else
         {
             identity = (IIdentity)serializer.ReadObject(reader);
         }
         reader.ReadEndElement();
     }
     return identity;
 }
 private static void SerializeSid(SecurityIdentifier sid, SctClaimDictionary dictionary, XmlDictionaryWriter writer)
 {
     byte[] binaryForm = new byte[sid.BinaryLength];
     sid.GetBinaryForm(binaryForm, 0);
     writer.WriteBase64(binaryForm, 0, binaryForm.Length);
 }
 public static void SerializeClaim(Claim claim, SctClaimDictionary dictionary, XmlDictionaryWriter writer, XmlObjectSerializer serializer)
 {
     // the order in which known claim types are checked is optimized for use patterns
     if (claim == null)
     {
         writer.WriteElementString(dictionary.NullValue, dictionary.EmptyString, string.Empty);
         return;
     }
     else if (ClaimTypes.Sid.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.WindowsSidClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         SerializeSid((SecurityIdentifier)claim.Resource, dictionary, writer);
         writer.WriteEndElement();
         return;
     }
     else if (ClaimTypes.DenyOnlySid.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.DenyOnlySidClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         SerializeSid((SecurityIdentifier)claim.Resource, dictionary, writer);
         writer.WriteEndElement();
         return;
     }
     else if (ClaimTypes.X500DistinguishedName.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.X500DistinguishedNameClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         byte[] rawData = ((X500DistinguishedName)claim.Resource).RawData;
         writer.WriteBase64(rawData, 0, rawData.Length);
         writer.WriteEndElement();
         return;
     }
     else if (ClaimTypes.Thumbprint.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.X509ThumbprintClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         byte[] thumbprint = (byte[])claim.Resource;
         writer.WriteBase64(thumbprint, 0, thumbprint.Length);
         writer.WriteEndElement();
         return;
     }
     else if (ClaimTypes.Name.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.NameClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         writer.WriteString((string)claim.Resource);
         writer.WriteEndElement();
         return;
     }
     else if (ClaimTypes.Dns.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.DnsClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         writer.WriteString((string)claim.Resource);
         writer.WriteEndElement();
         return;
     }
     else if (ClaimTypes.Rsa.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.RsaClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         writer.WriteString(((RSA)claim.Resource).ToXmlString(false));
         writer.WriteEndElement();
         return;
     }
     else if (ClaimTypes.Email.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.MailAddressClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         writer.WriteString(((MailAddress)claim.Resource).Address);
         writer.WriteEndElement();
         return;
     }
     else if (claim == Claim.System)
     {
         writer.WriteElementString(dictionary.SystemClaim, dictionary.EmptyString, string.Empty);
         return;
     }
     else if (ClaimTypes.Hash.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.HashClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         byte[] hash = (byte[])claim.Resource;
         writer.WriteBase64(hash, 0, hash.Length);
         writer.WriteEndElement();
         return;
     }
     else if (ClaimTypes.Spn.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.SpnClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         writer.WriteString((string)claim.Resource);
         writer.WriteEndElement();
         return;
     }
     else if (ClaimTypes.Upn.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.UpnClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         writer.WriteString((string)claim.Resource);
         writer.WriteEndElement();
         return;
     }
     else if (ClaimTypes.Uri.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.UrlClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         writer.WriteString(((Uri)claim.Resource).AbsoluteUri);
         writer.WriteEndElement();
         return;
     }
     else
     {
         // this is an extensible claim... need to delegate to xml object serializer
         serializer.WriteObject(writer, claim);
     }
 }
Beispiel #42
0
 public static void SerializeClaim(Claim claim, SctClaimDictionary dictionary, XmlDictionaryWriter writer, XmlObjectSerializer serializer)
 {
     // the order in which known claim types are checked is optimized for use patterns
     if (claim == null)
     {
         writer.WriteElementString(dictionary.NullValue, dictionary.EmptyString, string.Empty);
         return;
     }
     else if (ClaimTypes.Sid.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.WindowsSidClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         SerializeSid((SecurityIdentifier)claim.Resource, dictionary, writer);
         writer.WriteEndElement();
         return;
     }
     else if (ClaimTypes.DenyOnlySid.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.DenyOnlySidClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         SerializeSid((SecurityIdentifier)claim.Resource, dictionary, writer);
         writer.WriteEndElement();
         return;
     }
     else if (ClaimTypes.X500DistinguishedName.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.X500DistinguishedNameClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         byte[] rawData = ((X500DistinguishedName)claim.Resource).RawData;
         writer.WriteBase64(rawData, 0, rawData.Length);
         writer.WriteEndElement();
         return;
     }
     else if (ClaimTypes.Thumbprint.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.X509ThumbprintClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         byte[] thumbprint = (byte[])claim.Resource;
         writer.WriteBase64(thumbprint, 0, thumbprint.Length);
         writer.WriteEndElement();
         return;
     }
     else if (ClaimTypes.Name.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.NameClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         writer.WriteString((string)claim.Resource);
         writer.WriteEndElement();
         return;
     }
     else if (ClaimTypes.Dns.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.DnsClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         writer.WriteString((string)claim.Resource);
         writer.WriteEndElement();
         return;
     }
     else if (ClaimTypes.Rsa.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.RsaClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         writer.WriteString(((RSA)claim.Resource).ToXmlString(false));
         writer.WriteEndElement();
         return;
     }
     else if (ClaimTypes.Email.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.MailAddressClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         writer.WriteString(((MailAddress)claim.Resource).Address);
         writer.WriteEndElement();
         return;
     }
     else if (claim == Claim.System)
     {
         writer.WriteElementString(dictionary.SystemClaim, dictionary.EmptyString, string.Empty);
         return;
     }
     else if (ClaimTypes.Hash.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.HashClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         byte[] hash = (byte[])claim.Resource;
         writer.WriteBase64(hash, 0, hash.Length);
         writer.WriteEndElement();
         return;
     }
     else if (ClaimTypes.Spn.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.SpnClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         writer.WriteString((string)claim.Resource);
         writer.WriteEndElement();
         return;
     }
     else if (ClaimTypes.Upn.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.UpnClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         writer.WriteString((string)claim.Resource);
         writer.WriteEndElement();
         return;
     }
     else if (ClaimTypes.Uri.Equals(claim.ClaimType))
     {
         writer.WriteStartElement(dictionary.UrlClaim, dictionary.EmptyString);
         WriteRightAttribute(claim, dictionary, writer);
         writer.WriteString(((Uri)claim.Resource).AbsoluteUri);
         writer.WriteEndElement();
         return;
     }
     else
     {
         // this is an extensible claim... need to delegate to xml object serializer
         serializer.WriteObject(writer, claim);
     }
 }