protected override void VerifyIncomingMessageCore(ref Message message, TimeSpan timeout)
{
string actor = string.Empty; // message.Version.Envelope.UltimateDestinationActor;
ReceiveSecurityHeader securityHeader = this.Factory.StandardsManager.CreateReceiveSecurityHeader(message, actor,
this.Factory.IncomingAlgorithmSuite, MessageDirection.Input);
securityHeader.RequireMessageProtection = false;
securityHeader.ReaderQuotas = this.Factory.SecurityBindingElement.ReaderQuotas;
IList <SupportingTokenAuthenticatorSpecification> supportingAuthenticators = GetSupportingTokenAuthenticatorsAndSetExpectationFlags(this.Factory, message, securityHeader);
ReadOnlyCollection <SecurityTokenResolver> mergedTokenResolvers = MergeOutOfBandResolvers(supportingAuthenticators, this.sessionTokenResolverList);
if (supportingAuthenticators != null && supportingAuthenticators.Count > 0)
{
supportingAuthenticators = new List <SupportingTokenAuthenticatorSpecification>(supportingAuthenticators);
supportingAuthenticators.Insert(0, this.sessionTokenAuthenticatorSpecificationList[0]);
}
else
{
supportingAuthenticators = this.sessionTokenAuthenticatorSpecificationList;
}
securityHeader.ConfigureTransportBindingServerReceiveHeader(supportingAuthenticators);
securityHeader.ConfigureOutOfBandTokenResolver(mergedTokenResolvers);
securityHeader.ExpectEndorsingTokens = true;
TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);
securityHeader.ReplayDetectionEnabled = this.Factory.DetectReplays;
securityHeader.SetTimeParameters(this.Factory.NonceCache, this.Factory.ReplayWindow, this.Factory.MaxClockSkew);
// do not enforce key derivation requirement for Cancel messages due to WSE interop
securityHeader.EnforceDerivedKeyRequirement = (message.Headers.Action != this.Factory.StandardsManager.SecureConversationDriver.CloseAction.Value);
securityHeader.Process(timeoutHelper.RemainingTime(), SecurityUtils.GetChannelBindingFromMessage(message), this.Factory.ExtendedProtectionPolicy);
if (securityHeader.Timestamp == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.GetString(SR.RequiredTimestampMissingInSecurityHeader)));
}
bool didSessionSctEndorse = false;
if (securityHeader.EndorsingSupportingTokens != null)
{
for (int i = 0; i < securityHeader.EndorsingSupportingTokens.Count; ++i)
{
SecurityContextSecurityToken signingSct = (securityHeader.EndorsingSupportingTokens[i] as SecurityContextSecurityToken);
if (signingSct != null && signingSct.ContextId == this.sessionId)
{
didSessionSctEndorse = true;
break;
}
}
}
if (!didSessionSctEndorse)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(SR.GetString(SR.NoSessionTokenPresentInMessage)));
}
message = securityHeader.ProcessedMessage;
AttachRecipientSecurityProperty(message, securityHeader.BasicSupportingTokens, securityHeader.EndorsingSupportingTokens,
securityHeader.SignedEndorsingSupportingTokens, securityHeader.SignedSupportingTokens, securityHeader.SecurityTokenAuthorizationPoliciesMapping);
base.OnIncomingMessageVerified(message);
}
protected override void VerifyIncomingMessageCore(ref Message message, TimeSpan timeout)
{
string actor = string.Empty;
ReceiveSecurityHeader securityHeader = this.Factory.StandardsManager.CreateReceiveSecurityHeader(message, actor, this.Factory.IncomingAlgorithmSuite, MessageDirection.Input);
securityHeader.RequireMessageProtection = false;
securityHeader.ReaderQuotas = this.Factory.SecurityBindingElement.ReaderQuotas;
IList <SupportingTokenAuthenticatorSpecification> supportingAuthenticators = base.GetSupportingTokenAuthenticatorsAndSetExpectationFlags(this.Factory, message, securityHeader);
ReadOnlyCollection <SecurityTokenResolver> outOfBandResolvers = base.MergeOutOfBandResolvers(supportingAuthenticators, this.sessionTokenResolverList);
if ((supportingAuthenticators != null) && (supportingAuthenticators.Count > 0))
{
supportingAuthenticators = new List <SupportingTokenAuthenticatorSpecification>(supportingAuthenticators);
supportingAuthenticators.Insert(0, this.sessionTokenAuthenticatorSpecificationList[0]);
}
else
{
supportingAuthenticators = this.sessionTokenAuthenticatorSpecificationList;
}
securityHeader.ConfigureTransportBindingServerReceiveHeader(supportingAuthenticators);
securityHeader.ConfigureOutOfBandTokenResolver(outOfBandResolvers);
securityHeader.ExpectEndorsingTokens = true;
TimeoutHelper helper = new TimeoutHelper(timeout);
securityHeader.SetTimeParameters(this.Factory.NonceCache, this.Factory.ReplayWindow, this.Factory.MaxClockSkew);
securityHeader.EnforceDerivedKeyRequirement = message.Headers.Action != this.Factory.StandardsManager.SecureConversationDriver.CloseAction.Value;
securityHeader.Process(helper.RemainingTime(), System.ServiceModel.Security.SecurityUtils.GetChannelBindingFromMessage(message), this.Factory.ExtendedProtectionPolicy);
if (securityHeader.Timestamp == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(System.ServiceModel.SR.GetString("RequiredTimestampMissingInSecurityHeader")));
}
bool flag = false;
if (securityHeader.EndorsingSupportingTokens != null)
{
for (int i = 0; i < securityHeader.EndorsingSupportingTokens.Count; i++)
{
SecurityContextSecurityToken token = securityHeader.EndorsingSupportingTokens[i] as SecurityContextSecurityToken;
if ((token != null) && (token.ContextId == this.sessionId))
{
flag = true;
break;
}
}
}
if (!flag)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new MessageSecurityException(System.ServiceModel.SR.GetString("NoSessionTokenPresentInMessage")));
}
message = securityHeader.ProcessedMessage;
base.AttachRecipientSecurityProperty(message, securityHeader.BasicSupportingTokens, securityHeader.EndorsingSupportingTokens, securityHeader.SignedEndorsingSupportingTokens, securityHeader.SignedSupportingTokens, securityHeader.SecurityTokenAuthorizationPoliciesMapping);
base.OnIncomingMessageVerified(message);
}
protected virtual void VerifyIncomingMessageCore(ref Message message, TimeSpan timeout)
{
bool flag;
bool flag2;
bool flag3;
TransportSecurityProtocolFactory securityProtocolFactory = (TransportSecurityProtocolFactory)base.SecurityProtocolFactory;
string actor = string.Empty;
ReceiveSecurityHeader header = securityProtocolFactory.StandardsManager.TryCreateReceiveSecurityHeader(message, actor, securityProtocolFactory.IncomingAlgorithmSuite, securityProtocolFactory.ActAsInitiator ? MessageDirection.Output : MessageDirection.Input);
IList <SupportingTokenAuthenticatorSpecification> supportingTokenAuthenticators = securityProtocolFactory.GetSupportingTokenAuthenticators(message.Headers.Action, out flag3, out flag, out flag2);
if (header == null)
{
bool flag4 = (flag2 || flag3) || flag;
if ((securityProtocolFactory.ActAsInitiator && (!securityProtocolFactory.AddTimestamp || securityProtocolFactory.SecurityBindingElement.EnableUnsecuredResponse)) || ((!securityProtocolFactory.ActAsInitiator && !securityProtocolFactory.AddTimestamp) && !flag4))
{
return;
}
if (string.IsNullOrEmpty(actor))
{
throw TraceUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("UnableToFindSecurityHeaderInMessageNoActor")), message);
}
throw TraceUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("UnableToFindSecurityHeaderInMessage", new object[] { actor })), message);
}
header.RequireMessageProtection = false;
header.ExpectBasicTokens = flag;
header.ExpectSignedTokens = flag3;
header.ExpectEndorsingTokens = flag2;
header.MaxReceivedMessageSize = securityProtocolFactory.SecurityBindingElement.MaxReceivedMessageSize;
header.ReaderQuotas = securityProtocolFactory.SecurityBindingElement.ReaderQuotas;
TimeoutHelper helper = new TimeoutHelper(timeout);
if (!securityProtocolFactory.ActAsInitiator)
{
header.ConfigureTransportBindingServerReceiveHeader(supportingTokenAuthenticators);
header.ConfigureOutOfBandTokenResolver(base.MergeOutOfBandResolvers(supportingTokenAuthenticators, EmptyReadOnlyCollection <SecurityTokenResolver> .Instance));
if (securityProtocolFactory.ExpectKeyDerivation)
{
header.DerivedTokenAuthenticator = securityProtocolFactory.DerivedKeyTokenAuthenticator;
}
}
header.SetTimeParameters(securityProtocolFactory.NonceCache, securityProtocolFactory.ReplayWindow, securityProtocolFactory.MaxClockSkew);
header.Process(helper.RemainingTime(), System.ServiceModel.Security.SecurityUtils.GetChannelBindingFromMessage(message), securityProtocolFactory.ExtendedProtectionPolicy);
message = header.ProcessedMessage;
if (!securityProtocolFactory.ActAsInitiator)
{
this.AttachRecipientSecurityProperty(message, header.BasicSupportingTokens, header.EndorsingSupportingTokens, header.SignedEndorsingSupportingTokens, header.SignedSupportingTokens, header.SecurityTokenAuthorizationPoliciesMapping);
}
base.OnIncomingMessageVerified(message);
}
protected virtual void VerifyIncomingMessageCore(ref Message message, TimeSpan timeout)
{
TransportSecurityProtocolFactory factory = (TransportSecurityProtocolFactory)this.SecurityProtocolFactory;
string actor = string.Empty; // message.Version.Envelope.UltimateDestinationActor;
ReceiveSecurityHeader securityHeader = factory.StandardsManager.TryCreateReceiveSecurityHeader(message, actor,
factory.IncomingAlgorithmSuite, (factory.ActAsInitiator) ? MessageDirection.Output : MessageDirection.Input);
bool expectBasicTokens;
bool expectEndorsingTokens;
bool expectSignedTokens;
IList <SupportingTokenAuthenticatorSpecification> supportingAuthenticators = factory.GetSupportingTokenAuthenticators(message.Headers.Action,
out expectSignedTokens, out expectBasicTokens, out expectEndorsingTokens);
if (securityHeader == null)
{
bool expectSupportingTokens = expectEndorsingTokens || expectSignedTokens || expectBasicTokens;
if ((factory.ActAsInitiator && (!factory.AddTimestamp || factory.SecurityBindingElement.EnableUnsecuredResponse)) ||
(!factory.ActAsInitiator && !factory.AddTimestamp && !expectSupportingTokens))
{
return;
}
else
{
if (String.IsNullOrEmpty(actor))
{
throw System.ServiceModel.Diagnostics.TraceUtility.ThrowHelperError(new MessageSecurityException(
SR.GetString(SR.UnableToFindSecurityHeaderInMessageNoActor)), message);
}
else
{
throw System.ServiceModel.Diagnostics.TraceUtility.ThrowHelperError(new MessageSecurityException(
SR.GetString(SR.UnableToFindSecurityHeaderInMessage, actor)), message);
}
}
}
securityHeader.RequireMessageProtection = false;
securityHeader.ExpectBasicTokens = expectBasicTokens;
securityHeader.ExpectSignedTokens = expectSignedTokens;
securityHeader.ExpectEndorsingTokens = expectEndorsingTokens;
securityHeader.MaxReceivedMessageSize = factory.SecurityBindingElement.MaxReceivedMessageSize;
securityHeader.ReaderQuotas = factory.SecurityBindingElement.ReaderQuotas;
TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);
if (!factory.ActAsInitiator)
{
securityHeader.ConfigureTransportBindingServerReceiveHeader(supportingAuthenticators);
securityHeader.ConfigureOutOfBandTokenResolver(MergeOutOfBandResolvers(supportingAuthenticators, EmptyReadOnlyCollection <SecurityTokenResolver> .Instance));
if (factory.ExpectKeyDerivation)
{
securityHeader.DerivedTokenAuthenticator = factory.DerivedKeyTokenAuthenticator;
}
}
securityHeader.ReplayDetectionEnabled = factory.DetectReplays;
securityHeader.SetTimeParameters(factory.NonceCache, factory.ReplayWindow, factory.MaxClockSkew);
securityHeader.Process(timeoutHelper.RemainingTime(), SecurityUtils.GetChannelBindingFromMessage(message), factory.ExtendedProtectionPolicy);
message = securityHeader.ProcessedMessage;
if (!factory.ActAsInitiator)
{
AttachRecipientSecurityProperty(message, securityHeader.BasicSupportingTokens, securityHeader.EndorsingSupportingTokens, securityHeader.SignedEndorsingSupportingTokens,
securityHeader.SignedSupportingTokens, securityHeader.SecurityTokenAuthorizationPoliciesMapping);
}
base.OnIncomingMessageVerified(message);
}
