protected ReceiveSecurityHeader ConfigureReceiveSecurityHeader(Message message, string actor, SecurityProtocolCorrelationState[] correlationStates, SecurityStandardsManager standardsManager, out IList <SupportingTokenAuthenticatorSpecification> supportingAuthenticators)
{
System.ServiceModel.Security.MessageSecurityProtocolFactory messageSecurityProtocolFactory = this.MessageSecurityProtocolFactory;
MessageDirection transferDirection = messageSecurityProtocolFactory.ActAsInitiator ? MessageDirection.Output : MessageDirection.Input;
ReceiveSecurityHeader securityHeader = this.CreateSecurityHeader(message, actor, transferDirection, standardsManager);
string action = message.Headers.Action;
supportingAuthenticators = base.GetSupportingTokenAuthenticatorsAndSetExpectationFlags(this.factory, message, securityHeader);
if (messageSecurityProtocolFactory.RequireIntegrity || securityHeader.ExpectSignedTokens)
{
securityHeader.RequiredSignatureParts = messageSecurityProtocolFactory.GetIncomingSignatureParts(action);
}
if (messageSecurityProtocolFactory.RequireConfidentiality || securityHeader.ExpectBasicTokens)
{
securityHeader.RequiredEncryptionParts = messageSecurityProtocolFactory.GetIncomingEncryptionParts(action);
}
securityHeader.ExpectEncryption = messageSecurityProtocolFactory.RequireConfidentiality || securityHeader.ExpectBasicTokens;
securityHeader.ExpectSignature = messageSecurityProtocolFactory.RequireIntegrity || securityHeader.ExpectSignedTokens;
securityHeader.SetRequiredProtectionOrder(messageSecurityProtocolFactory.MessageProtectionOrder);
if ((messageSecurityProtocolFactory.ActAsInitiator && messageSecurityProtocolFactory.DoRequestSignatureConfirmation) && this.HasCorrelationState(correlationStates))
{
securityHeader.MaintainSignatureConfirmationState = true;
securityHeader.ExpectSignatureConfirmation = true;
return(securityHeader);
}
if (!messageSecurityProtocolFactory.ActAsInitiator && messageSecurityProtocolFactory.DoRequestSignatureConfirmation)
{
securityHeader.MaintainSignatureConfirmationState = true;
return(securityHeader);
}
securityHeader.MaintainSignatureConfirmationState = false;
return(securityHeader);
}
protected ReceiveSecurityHeader ConfigureReceiveSecurityHeader(Message message, string actor, SecurityProtocolCorrelationState[] correlationStates, SecurityStandardsManager standardsManager, out IList <SupportingTokenAuthenticatorSpecification> supportingAuthenticators)
{
MessageSecurityProtocolFactory factory = this.MessageSecurityProtocolFactory;
MessageDirection direction = factory.ActAsInitiator ? MessageDirection.Output : MessageDirection.Input;
ReceiveSecurityHeader securityHeader = CreateSecurityHeader(message, actor, direction, standardsManager);
string action = message.Headers.Action;
supportingAuthenticators = GetSupportingTokenAuthenticatorsAndSetExpectationFlags(this.factory, message, securityHeader);
if (factory.RequireIntegrity || securityHeader.ExpectSignedTokens)
{
securityHeader.RequiredSignatureParts = factory.GetIncomingSignatureParts(action);
}
if (factory.RequireConfidentiality || securityHeader.ExpectBasicTokens)
{
securityHeader.RequiredEncryptionParts = factory.GetIncomingEncryptionParts(action);
}
securityHeader.ExpectEncryption = factory.RequireConfidentiality || securityHeader.ExpectBasicTokens;
securityHeader.ExpectSignature = factory.RequireIntegrity || securityHeader.ExpectSignedTokens;
securityHeader.SetRequiredProtectionOrder(factory.MessageProtectionOrder);
// On the receiving side if protectTokens is enabled
// 1. If we are service, we make sure that the client always signs the primary token( can be any token type)else we throw.
// But currently the service can sign the primary token in reply only if the primary token is an issued token
// 2. If we are client, we do not care if the service signs the primary token or not. Otherwise it will be impossible to have a wcf client /service talk to each other unless we
// either use a symmetric binding with issued tokens or asymmetric bindings with both the intiator and recipient parameters being issued tokens( later one is rare).
securityHeader.RequireSignedPrimaryToken = !factory.ActAsInitiator && factory.SecurityBindingElement.ProtectTokens;
if (factory.ActAsInitiator && factory.DoRequestSignatureConfirmation && HasCorrelationState(correlationStates))
{
securityHeader.MaintainSignatureConfirmationState = true;
securityHeader.ExpectSignatureConfirmation = true;
}
else if (!factory.ActAsInitiator && factory.DoRequestSignatureConfirmation)
{
securityHeader.MaintainSignatureConfirmationState = true;
}
else
{
securityHeader.MaintainSignatureConfirmationState = false;
}
return(securityHeader);
}
