protected ReceiveSecurityHeader ConfigureReceiveSecurityHeader(Message message, string actor, SecurityProtocolCorrelationState[] correlationStates, SecurityStandardsManager standardsManager, out IList <SupportingTokenAuthenticatorSpecification> supportingAuthenticators) { System.ServiceModel.Security.MessageSecurityProtocolFactory messageSecurityProtocolFactory = this.MessageSecurityProtocolFactory; MessageDirection transferDirection = messageSecurityProtocolFactory.ActAsInitiator ? MessageDirection.Output : MessageDirection.Input; ReceiveSecurityHeader securityHeader = this.CreateSecurityHeader(message, actor, transferDirection, standardsManager); string action = message.Headers.Action; supportingAuthenticators = base.GetSupportingTokenAuthenticatorsAndSetExpectationFlags(this.factory, message, securityHeader); if (messageSecurityProtocolFactory.RequireIntegrity || securityHeader.ExpectSignedTokens) { securityHeader.RequiredSignatureParts = messageSecurityProtocolFactory.GetIncomingSignatureParts(action); } if (messageSecurityProtocolFactory.RequireConfidentiality || securityHeader.ExpectBasicTokens) { securityHeader.RequiredEncryptionParts = messageSecurityProtocolFactory.GetIncomingEncryptionParts(action); } securityHeader.ExpectEncryption = messageSecurityProtocolFactory.RequireConfidentiality || securityHeader.ExpectBasicTokens; securityHeader.ExpectSignature = messageSecurityProtocolFactory.RequireIntegrity || securityHeader.ExpectSignedTokens; securityHeader.SetRequiredProtectionOrder(messageSecurityProtocolFactory.MessageProtectionOrder); if ((messageSecurityProtocolFactory.ActAsInitiator && messageSecurityProtocolFactory.DoRequestSignatureConfirmation) && this.HasCorrelationState(correlationStates)) { securityHeader.MaintainSignatureConfirmationState = true; securityHeader.ExpectSignatureConfirmation = true; return(securityHeader); } if (!messageSecurityProtocolFactory.ActAsInitiator && messageSecurityProtocolFactory.DoRequestSignatureConfirmation) { securityHeader.MaintainSignatureConfirmationState = true; return(securityHeader); } securityHeader.MaintainSignatureConfirmationState = false; return(securityHeader); }
protected ReceiveSecurityHeader ConfigureReceiveSecurityHeader(Message message, string actor, SecurityProtocolCorrelationState[] correlationStates, SecurityStandardsManager standardsManager, out IList <SupportingTokenAuthenticatorSpecification> supportingAuthenticators) { MessageSecurityProtocolFactory factory = this.MessageSecurityProtocolFactory; MessageDirection direction = factory.ActAsInitiator ? MessageDirection.Output : MessageDirection.Input; ReceiveSecurityHeader securityHeader = CreateSecurityHeader(message, actor, direction, standardsManager); string action = message.Headers.Action; supportingAuthenticators = GetSupportingTokenAuthenticatorsAndSetExpectationFlags(this.factory, message, securityHeader); if (factory.RequireIntegrity || securityHeader.ExpectSignedTokens) { securityHeader.RequiredSignatureParts = factory.GetIncomingSignatureParts(action); } if (factory.RequireConfidentiality || securityHeader.ExpectBasicTokens) { securityHeader.RequiredEncryptionParts = factory.GetIncomingEncryptionParts(action); } securityHeader.ExpectEncryption = factory.RequireConfidentiality || securityHeader.ExpectBasicTokens; securityHeader.ExpectSignature = factory.RequireIntegrity || securityHeader.ExpectSignedTokens; securityHeader.SetRequiredProtectionOrder(factory.MessageProtectionOrder); // On the receiving side if protectTokens is enabled // 1. If we are service, we make sure that the client always signs the primary token( can be any token type)else we throw. // But currently the service can sign the primary token in reply only if the primary token is an issued token // 2. If we are client, we do not care if the service signs the primary token or not. Otherwise it will be impossible to have a wcf client /service talk to each other unless we // either use a symmetric binding with issued tokens or asymmetric bindings with both the intiator and recipient parameters being issued tokens( later one is rare). securityHeader.RequireSignedPrimaryToken = !factory.ActAsInitiator && factory.SecurityBindingElement.ProtectTokens; if (factory.ActAsInitiator && factory.DoRequestSignatureConfirmation && HasCorrelationState(correlationStates)) { securityHeader.MaintainSignatureConfirmationState = true; securityHeader.ExpectSignatureConfirmation = true; } else if (!factory.ActAsInitiator && factory.DoRequestSignatureConfirmation) { securityHeader.MaintainSignatureConfirmationState = true; } else { securityHeader.MaintainSignatureConfirmationState = false; } return(securityHeader); }