SecurityTokenProvider CreateSpnegoTokenProvider(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement)
 {
     EndpointAddress targetAddress = initiatorRequirement.TargetAddress;
     if (targetAddress == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenRequirementDoesNotSpecifyTargetAddress, initiatorRequirement));
     }
     SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement;
     if (securityBindingElement == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenProviderRequiresSecurityBindingElement, initiatorRequirement));
     }
     SspiIssuanceChannelParameter sspiChannelParameter = GetSspiIssuanceChannelParameter(initiatorRequirement);
     bool negotiateTokenOnOpen = (sspiChannelParameter == null ? true : sspiChannelParameter.GetTokenOnOpen);
     LocalClientSecuritySettings localClientSettings = securityBindingElement.LocalClientSettings;
     BindingContext issuerBindingContext = initiatorRequirement.GetProperty<BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty);
     SpnegoTokenProvider spnegoTokenProvider = new SpnegoTokenProvider(sspiChannelParameter != null ? sspiChannelParameter.CredentialsHandle : null, securityBindingElement);
     SspiSecurityToken clientSspiToken = GetSpnegoClientCredential(initiatorRequirement);
     spnegoTokenProvider.ClientCredential = clientSspiToken.NetworkCredential;
     spnegoTokenProvider.IssuerAddress = initiatorRequirement.IssuerAddress;
     spnegoTokenProvider.AllowedImpersonationLevel = parent.Windows.AllowedImpersonationLevel;
     spnegoTokenProvider.AllowNtlm = clientSspiToken.AllowNtlm;
     spnegoTokenProvider.IdentityVerifier = localClientSettings.IdentityVerifier;
     spnegoTokenProvider.SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite;
     // if this is not a supporting token, authenticate the server
     spnegoTokenProvider.AuthenticateServer = !initiatorRequirement.Properties.ContainsKey(ServiceModelSecurityTokenRequirement.SupportingTokenAttachmentModeProperty);
     spnegoTokenProvider.NegotiateTokenOnOpen = negotiateTokenOnOpen;
     spnegoTokenProvider.CacheServiceTokens = negotiateTokenOnOpen || localClientSettings.CacheCookies;
     spnegoTokenProvider.IssuerBindingContext = issuerBindingContext;
     spnegoTokenProvider.MaxServiceTokenCachingTime = localClientSettings.MaxCookieCachingTime;
     spnegoTokenProvider.ServiceTokenValidityThresholdPercentage = localClientSettings.CookieRenewalThresholdPercentage;
     spnegoTokenProvider.StandardsManager = SecurityUtils.CreateSecurityStandardsManager(initiatorRequirement, this);
     spnegoTokenProvider.TargetAddress = targetAddress;
     spnegoTokenProvider.Via = initiatorRequirement.GetPropertyOrDefault<Uri>(InitiatorServiceModelSecurityTokenRequirement.ViaProperty, null);
     spnegoTokenProvider.ApplicationProtectionRequirements = (issuerBindingContext != null) ? issuerBindingContext.BindingParameters.Find<ChannelProtectionRequirements>() : null;
     spnegoTokenProvider.InteractiveNegoExLogonEnabled = this.ClientCredentials.SupportInteractive;
     
     return spnegoTokenProvider;
 }
 private SecurityTokenProvider CreateSpnegoTokenProvider(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement)
 {
     EndpointAddress targetAddress = initiatorRequirement.TargetAddress;
     if (targetAddress == null)
     {
         throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenRequirementDoesNotSpecifyTargetAddress", new object[] { initiatorRequirement }));
     }
     SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement;
     if (securityBindingElement == null)
     {
         throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenProviderRequiresSecurityBindingElement", new object[] { initiatorRequirement }));
     }
     SspiIssuanceChannelParameter sspiIssuanceChannelParameter = this.GetSspiIssuanceChannelParameter(initiatorRequirement);
     bool flag = (sspiIssuanceChannelParameter == null) || sspiIssuanceChannelParameter.GetTokenOnOpen;
     LocalClientSecuritySettings localClientSettings = securityBindingElement.LocalClientSettings;
     BindingContext property = initiatorRequirement.GetProperty<BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty);
     SpnegoTokenProvider provider = new SpnegoTokenProvider((sspiIssuanceChannelParameter != null) ? sspiIssuanceChannelParameter.CredentialsHandle : null, securityBindingElement);
     SspiSecurityToken spnegoClientCredential = this.GetSpnegoClientCredential(initiatorRequirement);
     provider.ClientCredential = spnegoClientCredential.NetworkCredential;
     provider.IssuerAddress = initiatorRequirement.IssuerAddress;
     provider.AllowedImpersonationLevel = this.parent.Windows.AllowedImpersonationLevel;
     provider.AllowNtlm = spnegoClientCredential.AllowNtlm;
     provider.IdentityVerifier = localClientSettings.IdentityVerifier;
     provider.SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite;
     provider.AuthenticateServer = !initiatorRequirement.Properties.ContainsKey(ServiceModelSecurityTokenRequirement.SupportingTokenAttachmentModeProperty);
     provider.NegotiateTokenOnOpen = flag;
     provider.CacheServiceTokens = flag || localClientSettings.CacheCookies;
     provider.IssuerBindingContext = property;
     provider.MaxServiceTokenCachingTime = localClientSettings.MaxCookieCachingTime;
     provider.ServiceTokenValidityThresholdPercentage = localClientSettings.CookieRenewalThresholdPercentage;
     provider.StandardsManager = System.ServiceModel.Security.SecurityUtils.CreateSecurityStandardsManager(initiatorRequirement, this);
     provider.TargetAddress = targetAddress;
     provider.Via = initiatorRequirement.GetPropertyOrDefault<Uri>(ServiceModelSecurityTokenRequirement.ViaProperty, null);
     provider.ApplicationProtectionRequirements = (property != null) ? property.BindingParameters.Find<ChannelProtectionRequirements>() : null;
     provider.InteractiveNegoExLogonEnabled = this.ClientCredentials.SupportInteractive;
     return provider;
 }