public override void CopyFrom(ServiceModelExtensionElement from) { base.CopyFrom(from); HttpTransportElement source = (HttpTransportElement)from; #pragma warning suppress 56506 // Microsoft, base.CopyFrom() validates the argument this.AllowCookies = source.AllowCookies; this.RequestInitializationTimeout = source.RequestInitializationTimeout; this.AuthenticationScheme = source.AuthenticationScheme; this.BypassProxyOnLocal = source.BypassProxyOnLocal; this.DecompressionEnabled = source.DecompressionEnabled; this.KeepAliveEnabled = source.KeepAliveEnabled; this.HostNameComparisonMode = source.HostNameComparisonMode; this.MaxBufferSize = source.MaxBufferSize; this.MaxPendingAccepts = source.MaxPendingAccepts; this.ProxyAddress = source.ProxyAddress; this.ProxyAuthenticationScheme = source.ProxyAuthenticationScheme; this.Realm = source.Realm; this.TransferMode = source.TransferMode; this.UnsafeConnectionNtlmAuthentication = source.UnsafeConnectionNtlmAuthentication; this.UseDefaultWebProxy = source.UseDefaultWebProxy; this.WebSocketSettings = source.WebSocketSettings; this.MessageHandlerFactory = source.MessageHandlerFactory; ChannelBindingUtility.CopyFrom(source.ExtendedProtectionPolicy, this.ExtendedProtectionPolicy); }
public override void ApplyConfiguration(BindingElement bindingElement) { base.ApplyConfiguration(bindingElement); HttpTransportBindingElement binding = (HttpTransportBindingElement)bindingElement; binding.AllowCookies = this.AllowCookies; binding.AuthenticationScheme = this.AuthenticationScheme; binding.BypassProxyOnLocal = this.BypassProxyOnLocal; binding.DecompressionEnabled = this.DecompressionEnabled; binding.KeepAliveEnabled = this.KeepAliveEnabled; binding.HostNameComparisonMode = this.HostNameComparisonMode; PropertyInformationCollection propertyInfo = this.ElementInformation.Properties; if (propertyInfo[ConfigurationStrings.MaxBufferSize].ValueOrigin != PropertyValueOrigin.Default) { binding.MaxBufferSize = this.MaxBufferSize; } binding.MaxPendingAccepts = this.MaxPendingAccepts; binding.ProxyAddress = this.ProxyAddress; binding.ProxyAuthenticationScheme = this.ProxyAuthenticationScheme; binding.Realm = this.Realm; binding.RequestInitializationTimeout = this.RequestInitializationTimeout; binding.TransferMode = this.TransferMode; binding.UnsafeConnectionNtlmAuthentication = this.UnsafeConnectionNtlmAuthentication; binding.UseDefaultWebProxy = this.UseDefaultWebProxy; binding.ExtendedProtectionPolicy = ChannelBindingUtility.BuildPolicy(this.ExtendedProtectionPolicy); this.WebSocketSettings.ApplyConfiguration(binding.WebSocketSettings); if (this.MessageHandlerFactory != null) { binding.MessageHandlerFactory = HttpMessageHandlerFactory.CreateFromConfigurationElement(this.MessageHandlerFactory); } }
protected override void OnClosed() { base.OnClosed(); // clean up the CBT after transitioning to the closed state ChannelBindingUtility.Dispose(ref _channelBindingToken); }
protected internal override void InitializeFrom(BindingElement bindingElement) { base.InitializeFrom(bindingElement); HttpTransportBindingElement source = (HttpTransportBindingElement)bindingElement; SetPropertyValueIfNotDefaultValue(ConfigurationStrings.AllowCookies, source.AllowCookies); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.AuthenticationScheme, source.AuthenticationScheme); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.DecompressionEnabled, source.DecompressionEnabled); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.BypassProxyOnLocal, source.BypassProxyOnLocal); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.KeepAliveEnabled, source.KeepAliveEnabled); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.HostNameComparisonMode, source.HostNameComparisonMode); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.MaxBufferSize, source.MaxBufferSize); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.MaxPendingAccepts, source.MaxPendingAccepts); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.ProxyAddress, source.ProxyAddress); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.ProxyAuthenticationScheme, source.ProxyAuthenticationScheme); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.Realm, source.Realm); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.RequestInitializationTimeout, source.RequestInitializationTimeout); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.TransferMode, source.TransferMode); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.UnsafeConnectionNtlmAuthentication, source.UnsafeConnectionNtlmAuthentication); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.UseDefaultWebProxy, source.UseDefaultWebProxy); this.WebSocketSettings.InitializeFrom(source.WebSocketSettings); if (source.MessageHandlerFactory != null) { this.MessageHandlerFactory = source.MessageHandlerFactory.GenerateConfigurationElement(); } ChannelBindingUtility.InitializeFrom(source.ExtendedProtectionPolicy, this.ExtendedProtectionPolicy); }
internal static void ApplyConfiguration(this HttpTransportSecurityElement httpTransportSecurityElement, HttpTransportSecurity httpTransportSecurity) { Fx.Assert(httpTransportSecurityElement != null, "httpTransportSecurityElement cannot be null"); Fx.Assert(httpTransportSecurity != null, "httpTransportSecurity cannot be null"); httpTransportSecurity.ClientCredentialType = httpTransportSecurityElement.ClientCredentialType; httpTransportSecurity.ProxyCredentialType = httpTransportSecurityElement.ProxyCredentialType; httpTransportSecurity.Realm = httpTransportSecurityElement.Realm; httpTransportSecurity.ExtendedProtectionPolicy = ChannelBindingUtility.BuildPolicy(httpTransportSecurityElement.ExtendedProtectionPolicy); }
internal void InitializeFrom(TcpTransportSecurity security) { if (security == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("security"); } this.ClientCredentialType = security.ClientCredentialType; this.ProtectionLevel = security.ProtectionLevel; ChannelBindingUtility.InitializeFrom(security.ExtendedProtectionPolicy, this.ExtendedProtectionPolicy); }
internal void InitializeFrom(TcpTransportSecurity security) { if (security == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("security"); } SetPropertyValueIfNotDefaultValue(ConfigurationStrings.ClientCredentialType, security.ClientCredentialType); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.ProtectionLevel, security.ProtectionLevel); ChannelBindingUtility.InitializeFrom(security.ExtendedProtectionPolicy, this.ExtendedProtectionPolicy); }
internal void ApplyConfiguration(TcpTransportSecurity security) { if (security == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("security"); } security.ClientCredentialType = this.ClientCredentialType; security.ProtectionLevel = this.ProtectionLevel; security.ExtendedProtectionPolicy = ChannelBindingUtility.BuildPolicy(this.ExtendedProtectionPolicy); }
public override void CopyFrom(ServiceModelExtensionElement from) { base.CopyFrom(from); TcpTransportElement element = (TcpTransportElement)from; this.ListenBacklog = element.ListenBacklog; this.PortSharingEnabled = element.PortSharingEnabled; this.TeredoEnabled = element.TeredoEnabled; this.ConnectionPoolSettings.CopyFrom(element.ConnectionPoolSettings); ChannelBindingUtility.CopyFrom(element.ExtendedProtectionPolicy, this.ExtendedProtectionPolicy); }
protected internal override void InitializeFrom(BindingElement bindingElement) { base.InitializeFrom(bindingElement); TcpTransportBindingElement element = (TcpTransportBindingElement)bindingElement; this.ListenBacklog = element.ListenBacklog; this.PortSharingEnabled = element.PortSharingEnabled; this.TeredoEnabled = element.TeredoEnabled; this.ConnectionPoolSettings.InitializeFrom(element.ConnectionPoolSettings); ChannelBindingUtility.InitializeFrom(element.ExtendedProtectionPolicy, this.ExtendedProtectionPolicy); }
public override void ApplyConfiguration(BindingElement bindingElement) { base.ApplyConfiguration(bindingElement); TcpTransportBindingElement element = (TcpTransportBindingElement)bindingElement; element.ListenBacklog = this.ListenBacklog; element.PortSharingEnabled = this.PortSharingEnabled; element.TeredoEnabled = this.TeredoEnabled; this.ConnectionPoolSettings.ApplyConfiguration(element.ConnectionPoolSettings); element.ExtendedProtectionPolicy = ChannelBindingUtility.BuildPolicy(this.ExtendedProtectionPolicy); }
internal static void InitializeFrom(this HttpTransportSecurityElement httpTransportSecurityElement, HttpTransportSecurity httpTransportSecurity) { Fx.Assert(httpTransportSecurityElement != null, "httpTransportSecurityElement cannot be null"); Fx.Assert(httpTransportSecurity != null, "httpTransportSecurity cannot be null"); ConfigurationElementProxy proxy = new ConfigurationElementProxy(httpTransportSecurityElement); proxy.SetPropertyValueIfNotDefaultValue <HttpClientCredentialType>(ConfigurationStrings.ClientCredentialType, httpTransportSecurity.ClientCredentialType); proxy.SetPropertyValueIfNotDefaultValue <HttpProxyCredentialType>(ConfigurationStrings.ProxyCredentialType, httpTransportSecurity.ProxyCredentialType); proxy.SetPropertyValueIfNotDefaultValue <string>(ConfigurationStrings.Realm, httpTransportSecurity.Realm); ChannelBindingUtility.InitializeFrom(httpTransportSecurity.ExtendedProtectionPolicy, httpTransportSecurityElement.ExtendedProtectionPolicy); }
public override void CopyFrom(ServiceModelExtensionElement from) { base.CopyFrom(from); TcpTransportElement source = (TcpTransportElement)from; #pragma warning suppress 56506 // [....], base.CopyFrom() validates the argument this.ListenBacklog = source.ListenBacklog; this.PortSharingEnabled = source.PortSharingEnabled; this.TeredoEnabled = source.TeredoEnabled; this.ConnectionPoolSettings.CopyFrom(source.ConnectionPoolSettings); ChannelBindingUtility.CopyFrom(source.ExtendedProtectionPolicy, this.ExtendedProtectionPolicy); }
public override void CopyFrom(ServiceModelExtensionElement from) { base.CopyFrom(from); TcpTransportElement source = (TcpTransportElement)from; this.ListenBacklog = source.ListenBacklog; this.PortSharingEnabled = source.PortSharingEnabled; this.TeredoEnabled = source.TeredoEnabled; this.ConnectionPoolSettings.CopyFrom(source.ConnectionPoolSettings); #if DESKTOP ChannelBindingUtility.CopyFrom(source.ExtendedProtectionPolicy, this.ExtendedProtectionPolicy); #endif }
protected internal override void InitializeFrom(BindingElement bindingElement) { base.InitializeFrom(bindingElement); #pragma warning suppress 56506 // [....], base.CopyFrom() validates the argument TcpTransportBindingElement binding = (TcpTransportBindingElement)bindingElement; if (binding.IsListenBacklogSet) { ConfigurationProperty listenBacklogProperty = this.Properties[ConfigurationStrings.ListenBacklog]; SetPropertyValue(listenBacklogProperty, binding.ListenBacklog, false /*ignore locks*/); } SetPropertyValueIfNotDefaultValue(ConfigurationStrings.PortSharingEnabled, binding.PortSharingEnabled); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.TeredoEnabled, binding.TeredoEnabled); this.ConnectionPoolSettings.InitializeFrom(binding.ConnectionPoolSettings); ChannelBindingUtility.InitializeFrom(binding.ExtendedProtectionPolicy, this.ExtendedProtectionPolicy); }
public override void ApplyConfiguration(BindingElement bindingElement) { base.ApplyConfiguration(bindingElement); #pragma warning suppress 56506 // [....], base.ApplyConfiguration() validates the argument TcpTransportBindingElement binding = (TcpTransportBindingElement)bindingElement; PropertyInformationCollection propertyInfo = this.ElementInformation.Properties; if (this.ListenBacklog != TcpTransportDefaults.ListenBacklogConst) { binding.ListenBacklog = this.ListenBacklog; } binding.PortSharingEnabled = this.PortSharingEnabled; binding.TeredoEnabled = this.TeredoEnabled; #pragma warning suppress 56506 // [....], base.ApplyConfiguration() validates the argument this.ConnectionPoolSettings.ApplyConfiguration(binding.ConnectionPoolSettings); binding.ExtendedProtectionPolicy = ChannelBindingUtility.BuildPolicy(this.ExtendedProtectionPolicy); }
protected internal override void InitializeFrom(BindingElement bindingElement) { base.InitializeFrom(bindingElement); TcpTransportBindingElement binding = (TcpTransportBindingElement)bindingElement; #if DESKTOP if (binding.IsListenBacklogSet) { ConfigurationProperty listenBacklogProperty = this.Properties[ConfigurationStrings.ListenBacklog]; SetPropertyValue(listenBacklogProperty, binding.ListenBacklog, false /*ignore locks*/); } SetPropertyValueIfNotDefaultValue(ConfigurationStrings.PortSharingEnabled, binding.PortSharingEnabled); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.TeredoEnabled, binding.TeredoEnabled); #endif this.ConnectionPoolSettings.InitializeFrom(binding.ConnectionPoolSettings); #if DESKTOP ChannelBindingUtility.InitializeFrom(binding.ExtendedProtectionPolicy, this.ExtendedProtectionPolicy); #endif }
public override void ApplyConfiguration(BindingElement bindingElement) { base.ApplyConfiguration(bindingElement); TcpTransportBindingElement binding = (TcpTransportBindingElement)bindingElement; PropertyInformationCollection propertyInfo = this.ElementInformation.Properties; #if DESKTOP if (this.ListenBacklog != TcpTransportDefaults.ListenBacklogConst) { binding.ListenBacklog = this.ListenBacklog; } binding.PortSharingEnabled = this.PortSharingEnabled; binding.TeredoEnabled = this.TeredoEnabled; #endif this.ConnectionPoolSettings.ApplyConfiguration(binding.ConnectionPoolSettings); #if DESKTOP binding.ExtendedProtectionPolicy = ChannelBindingUtility.BuildPolicy(this.ExtendedProtectionPolicy); #endif }
protected internal override void InitializeFrom(BindingElement bindingElement) { base.InitializeFrom(bindingElement); HttpTransportBindingElement element = (HttpTransportBindingElement)bindingElement; this.AllowCookies = element.AllowCookies; this.AuthenticationScheme = element.AuthenticationScheme; this.DecompressionEnabled = element.DecompressionEnabled; this.BypassProxyOnLocal = element.BypassProxyOnLocal; this.KeepAliveEnabled = element.KeepAliveEnabled; this.HostNameComparisonMode = element.HostNameComparisonMode; this.MaxBufferSize = element.MaxBufferSize; this.ProxyAddress = element.ProxyAddress; this.ProxyAuthenticationScheme = element.ProxyAuthenticationScheme; this.Realm = element.Realm; this.TransferMode = element.TransferMode; this.UnsafeConnectionNtlmAuthentication = element.UnsafeConnectionNtlmAuthentication; this.UseDefaultWebProxy = element.UseDefaultWebProxy; ChannelBindingUtility.InitializeFrom(element.ExtendedProtectionPolicy, this.ExtendedProtectionPolicy); }
public override void CopyFrom(ServiceModelExtensionElement from) { base.CopyFrom(from); HttpTransportElement element = (HttpTransportElement)from; this.AllowCookies = element.AllowCookies; this.AuthenticationScheme = element.AuthenticationScheme; this.BypassProxyOnLocal = element.BypassProxyOnLocal; this.DecompressionEnabled = element.DecompressionEnabled; this.KeepAliveEnabled = element.KeepAliveEnabled; this.HostNameComparisonMode = element.HostNameComparisonMode; this.MaxBufferSize = element.MaxBufferSize; this.ProxyAddress = element.ProxyAddress; this.ProxyAuthenticationScheme = element.ProxyAuthenticationScheme; this.Realm = element.Realm; this.TransferMode = element.TransferMode; this.UnsafeConnectionNtlmAuthentication = element.UnsafeConnectionNtlmAuthentication; this.UseDefaultWebProxy = element.UseDefaultWebProxy; ChannelBindingUtility.CopyFrom(element.ExtendedProtectionPolicy, this.ExtendedProtectionPolicy); }
public override void ApplyConfiguration(BindingElement bindingElement) { base.ApplyConfiguration(bindingElement); HttpTransportBindingElement element = (HttpTransportBindingElement)bindingElement; element.AllowCookies = this.AllowCookies; element.AuthenticationScheme = this.AuthenticationScheme; element.BypassProxyOnLocal = this.BypassProxyOnLocal; element.DecompressionEnabled = this.DecompressionEnabled; element.KeepAliveEnabled = this.KeepAliveEnabled; element.HostNameComparisonMode = this.HostNameComparisonMode; if (base.ElementInformation.Properties["maxBufferSize"].ValueOrigin != PropertyValueOrigin.Default) { element.MaxBufferSize = this.MaxBufferSize; } element.ProxyAddress = this.ProxyAddress; element.ProxyAuthenticationScheme = this.ProxyAuthenticationScheme; element.Realm = this.Realm; element.TransferMode = this.TransferMode; element.UnsafeConnectionNtlmAuthentication = this.UnsafeConnectionNtlmAuthentication; element.UseDefaultWebProxy = this.UseDefaultWebProxy; element.ExtendedProtectionPolicy = ChannelBindingUtility.BuildPolicy(this.ExtendedProtectionPolicy); }
public bool ShouldSerializeExtendedProtectionPolicy() { return(!ChannelBindingUtility.AreEqual(this.ExtendedProtectionPolicy, ChannelBindingUtility.DefaultPolicy)); }
public override void ValidateHttpSettings(string virtualPath, bool isMetadataListener, bool usingDefaultSpnList, ref AuthenticationSchemes bindingElementAuthenticationSchemes, ref ExtendedProtectionPolicy extendedProtectionPolicy, ref string realm) { // Verify the authentication settings AuthenticationSchemes hostSupportedSchemes = HostedTransportConfigurationManager.MetabaseSettings.GetAuthenticationSchemes(virtualPath); if ((bindingElementAuthenticationSchemes & hostSupportedSchemes) == 0) { if (bindingElementAuthenticationSchemes == AuthenticationSchemes.Negotiate || bindingElementAuthenticationSchemes == AuthenticationSchemes.Ntlm || bindingElementAuthenticationSchemes == AuthenticationSchemes.IntegratedWindowsAuthentication) { throw FxTrace.Exception.AsError(new NotSupportedException(SR.Hosting_AuthSchemesRequireWindowsAuth)); } else { throw FxTrace.Exception.AsError(new NotSupportedException(SR.Hosting_AuthSchemesRequireOtherAuth(bindingElementAuthenticationSchemes.ToString()))); } } //only use AuthenticationSchemes, which are supported both in IIS and the WCF binding bindingElementAuthenticationSchemes &= hostSupportedSchemes; if (bindingElementAuthenticationSchemes != AuthenticationSchemes.Anonymous) { //Compare the ExtendedProtectionPolicy setttings to IIS ExtendedProtectionPolicy iisPolicy = HostedTransportConfigurationManager.MetabaseSettings.GetExtendedProtectionPolicy(virtualPath); if (iisPolicy == null) //OS doesn't support CBT { if (extendedProtectionPolicy.PolicyEnforcement == PolicyEnforcement.Always) { throw FxTrace.Exception.AsError(new NotSupportedException(SR.ExtendedProtectionNotSupported)); } } else { if (isMetadataListener && ChannelBindingUtility.IsDefaultPolicy(extendedProtectionPolicy)) { //push the IIS policy onto the metadataListener if and only if the default policy is //in force. policy for non metadata listeners will still have to match IIS policy. extendedProtectionPolicy = iisPolicy; } else { if (!ChannelBindingUtility.AreEqual(iisPolicy, extendedProtectionPolicy)) { string mismatchErrorMessage; if (iisPolicy.PolicyEnforcement != extendedProtectionPolicy.PolicyEnforcement) { mismatchErrorMessage = SR.ExtendedProtectionPolicyEnforcementMismatch(iisPolicy.PolicyEnforcement, extendedProtectionPolicy.PolicyEnforcement); } else if (iisPolicy.ProtectionScenario != extendedProtectionPolicy.ProtectionScenario) { mismatchErrorMessage = SR.ExtendedProtectionPolicyScenarioMismatch(iisPolicy.ProtectionScenario, extendedProtectionPolicy.ProtectionScenario); } else { Fx.Assert(iisPolicy.CustomChannelBinding != extendedProtectionPolicy.CustomChannelBinding, "new case in ChannelBindingUtility.AreEqual to account for"); mismatchErrorMessage = SR.ExtendedProtectionPolicyCustomChannelBindingMismatch; } if (mismatchErrorMessage != null) { throw FxTrace.Exception.AsError(new NotSupportedException(SR.Hosting_ExtendedProtectionPoliciesMustMatch(mismatchErrorMessage))); } } //when using the default SPN list we auto generate, we should make sure that the IIS policy is also the default... ServiceNameCollection listenerSpnList = usingDefaultSpnList ? null : extendedProtectionPolicy.CustomServiceNames; if (!ChannelBindingUtility.IsSubset(iisPolicy.CustomServiceNames, listenerSpnList)) { throw FxTrace.Exception.AsError(new NotSupportedException(SR.Hosting_ExtendedProtectionPoliciesMustMatch(SR.Hosting_ExtendedProtectionSPNListNotSubset))); } } } } // Do not set realm for Cassini. if (!ServiceHostingEnvironment.IsSimpleApplicationHost) { // Set the realm realm = HostedTransportConfigurationManager.MetabaseSettings.GetRealm(virtualPath); } }
protected void ApplyChannelBinding(Message message) { ChannelBindingUtility.TryAddToMessage(_channelBindingToken, message, false); }
public override void ValidateHttpSettings(string virtualPath, bool isMetadataListener, bool usingDefaultSpnList, ref AuthenticationSchemes supportedSchemes, ref ExtendedProtectionPolicy extendedProtectionPolicy, ref string realm) { AuthenticationSchemes authenticationSchemes = HostedTransportConfigurationManager.MetabaseSettings.GetAuthenticationSchemes(virtualPath); if (((supportedSchemes == AuthenticationSchemes.Anonymous) && ((authenticationSchemes & AuthenticationSchemes.Anonymous) == AuthenticationSchemes.None)) && isMetadataListener) { if ((authenticationSchemes & AuthenticationSchemes.Negotiate) != AuthenticationSchemes.None) { supportedSchemes = AuthenticationSchemes.Negotiate; } else { supportedSchemes = authenticationSchemes; } } if ((supportedSchemes & authenticationSchemes) == AuthenticationSchemes.None) { if (AuthenticationSchemesHelper.IsWindowsAuth(supportedSchemes)) { throw FxTrace.Exception.AsError(new NotSupportedException(System.ServiceModel.Activation.SR.Hosting_AuthSchemesRequireWindowsAuth)); } throw FxTrace.Exception.AsError(new NotSupportedException(System.ServiceModel.Activation.SR.Hosting_AuthSchemesRequireOtherAuth(((AuthenticationSchemes)supportedSchemes).ToString()))); } if (supportedSchemes != AuthenticationSchemes.Anonymous) { ExtendedProtectionPolicy policy = HostedTransportConfigurationManager.MetabaseSettings.GetExtendedProtectionPolicy(virtualPath); if (policy == null) { if (extendedProtectionPolicy.PolicyEnforcement == PolicyEnforcement.Always) { throw FxTrace.Exception.AsError(new NotSupportedException(System.ServiceModel.Activation.SR.ExtendedProtectionNotSupported)); } } else if (isMetadataListener && ChannelBindingUtility.IsDefaultPolicy(extendedProtectionPolicy)) { extendedProtectionPolicy = policy; } else { if (!ChannelBindingUtility.AreEqual(policy, extendedProtectionPolicy)) { string extendedProtectionPolicyCustomChannelBindingMismatch; if (policy.PolicyEnforcement != extendedProtectionPolicy.PolicyEnforcement) { extendedProtectionPolicyCustomChannelBindingMismatch = System.ServiceModel.Activation.SR.ExtendedProtectionPolicyEnforcementMismatch(policy.PolicyEnforcement, extendedProtectionPolicy.PolicyEnforcement); } else if (policy.ProtectionScenario != extendedProtectionPolicy.ProtectionScenario) { extendedProtectionPolicyCustomChannelBindingMismatch = System.ServiceModel.Activation.SR.ExtendedProtectionPolicyScenarioMismatch(policy.ProtectionScenario, extendedProtectionPolicy.ProtectionScenario); } else { extendedProtectionPolicyCustomChannelBindingMismatch = System.ServiceModel.Activation.SR.ExtendedProtectionPolicyCustomChannelBindingMismatch; } if (extendedProtectionPolicyCustomChannelBindingMismatch != null) { throw FxTrace.Exception.AsError(new NotSupportedException(System.ServiceModel.Activation.SR.Hosting_ExtendedProtectionPoliciesMustMatch(extendedProtectionPolicyCustomChannelBindingMismatch))); } } ServiceNameCollection subset = usingDefaultSpnList ? null : extendedProtectionPolicy.CustomServiceNames; if (!ChannelBindingUtility.IsSubset(policy.CustomServiceNames, subset)) { throw FxTrace.Exception.AsError(new NotSupportedException(System.ServiceModel.Activation.SR.Hosting_ExtendedProtectionPoliciesMustMatch(System.ServiceModel.Activation.SR.Hosting_ExtendedProtectionSPNListNotSubset))); } } } if (!ServiceHostingEnvironment.IsSimpleApplicationHost) { realm = HostedTransportConfigurationManager.MetabaseSettings.GetRealm(virtualPath); } }