public override void ValidateHttpSettings(string virtualPath, bool isMetadataListener, bool usingDefaultSpnList, ref AuthenticationSchemes bindingElementAuthenticationSchemes, ref ExtendedProtectionPolicy extendedProtectionPolicy, ref string realm)
{
// Verify the authentication settings
AuthenticationSchemes hostSupportedSchemes = HostedTransportConfigurationManager.MetabaseSettings.GetAuthenticationSchemes(virtualPath);
if ((bindingElementAuthenticationSchemes & hostSupportedSchemes) == 0)
{
if (bindingElementAuthenticationSchemes == AuthenticationSchemes.Negotiate ||
bindingElementAuthenticationSchemes == AuthenticationSchemes.Ntlm ||
bindingElementAuthenticationSchemes == AuthenticationSchemes.IntegratedWindowsAuthentication)
{
throw FxTrace.Exception.AsError(new NotSupportedException(SR.Hosting_AuthSchemesRequireWindowsAuth));
}
else
{
throw FxTrace.Exception.AsError(new NotSupportedException(SR.Hosting_AuthSchemesRequireOtherAuth(bindingElementAuthenticationSchemes.ToString())));
}
}
//only use AuthenticationSchemes, which are supported both in IIS and the WCF binding
bindingElementAuthenticationSchemes &= hostSupportedSchemes;
if (bindingElementAuthenticationSchemes != AuthenticationSchemes.Anonymous)
{
//Compare the ExtendedProtectionPolicy setttings to IIS
ExtendedProtectionPolicy iisPolicy = HostedTransportConfigurationManager.MetabaseSettings.GetExtendedProtectionPolicy(virtualPath);
if (iisPolicy == null) //OS doesn't support CBT
{
if (extendedProtectionPolicy.PolicyEnforcement == PolicyEnforcement.Always)
{
throw FxTrace.Exception.AsError(new NotSupportedException(SR.ExtendedProtectionNotSupported));
}
}
else
{
if (isMetadataListener && ChannelBindingUtility.IsDefaultPolicy(extendedProtectionPolicy))
{
//push the IIS policy onto the metadataListener if and only if the default policy is
//in force. policy for non metadata listeners will still have to match IIS policy.
extendedProtectionPolicy = iisPolicy;
}
else
{
if (!ChannelBindingUtility.AreEqual(iisPolicy, extendedProtectionPolicy))
{
string mismatchErrorMessage;
if (iisPolicy.PolicyEnforcement != extendedProtectionPolicy.PolicyEnforcement)
{
mismatchErrorMessage = SR.ExtendedProtectionPolicyEnforcementMismatch(iisPolicy.PolicyEnforcement, extendedProtectionPolicy.PolicyEnforcement);
}
else if (iisPolicy.ProtectionScenario != extendedProtectionPolicy.ProtectionScenario)
{
mismatchErrorMessage = SR.ExtendedProtectionPolicyScenarioMismatch(iisPolicy.ProtectionScenario, extendedProtectionPolicy.ProtectionScenario);
}
else
{
Fx.Assert(iisPolicy.CustomChannelBinding != extendedProtectionPolicy.CustomChannelBinding, "new case in ChannelBindingUtility.AreEqual to account for");
mismatchErrorMessage = SR.ExtendedProtectionPolicyCustomChannelBindingMismatch;
}
if (mismatchErrorMessage != null)
{
throw FxTrace.Exception.AsError(new NotSupportedException(SR.Hosting_ExtendedProtectionPoliciesMustMatch(mismatchErrorMessage)));
}
}
//when using the default SPN list we auto generate, we should make sure that the IIS policy is also the default...
ServiceNameCollection listenerSpnList = usingDefaultSpnList ? null : extendedProtectionPolicy.CustomServiceNames;
if (!ChannelBindingUtility.IsSubset(iisPolicy.CustomServiceNames, listenerSpnList))
{
throw FxTrace.Exception.AsError(new NotSupportedException(SR.Hosting_ExtendedProtectionPoliciesMustMatch(SR.Hosting_ExtendedProtectionSPNListNotSubset)));
}
}
}
}
// Do not set realm for Cassini.
if (!ServiceHostingEnvironment.IsSimpleApplicationHost)
{
// Set the realm
realm = HostedTransportConfigurationManager.MetabaseSettings.GetRealm(virtualPath);
}
}
public override void ValidateHttpSettings(string virtualPath, bool isMetadataListener, bool usingDefaultSpnList, ref AuthenticationSchemes supportedSchemes, ref ExtendedProtectionPolicy extendedProtectionPolicy, ref string realm)
{
AuthenticationSchemes authenticationSchemes = HostedTransportConfigurationManager.MetabaseSettings.GetAuthenticationSchemes(virtualPath);
if (((supportedSchemes == AuthenticationSchemes.Anonymous) && ((authenticationSchemes & AuthenticationSchemes.Anonymous) == AuthenticationSchemes.None)) && isMetadataListener)
{
if ((authenticationSchemes & AuthenticationSchemes.Negotiate) != AuthenticationSchemes.None)
{
supportedSchemes = AuthenticationSchemes.Negotiate;
}
else
{
supportedSchemes = authenticationSchemes;
}
}
if ((supportedSchemes & authenticationSchemes) == AuthenticationSchemes.None)
{
if (AuthenticationSchemesHelper.IsWindowsAuth(supportedSchemes))
{
throw FxTrace.Exception.AsError(new NotSupportedException(System.ServiceModel.Activation.SR.Hosting_AuthSchemesRequireWindowsAuth));
}
throw FxTrace.Exception.AsError(new NotSupportedException(System.ServiceModel.Activation.SR.Hosting_AuthSchemesRequireOtherAuth(((AuthenticationSchemes)supportedSchemes).ToString())));
}
if (supportedSchemes != AuthenticationSchemes.Anonymous)
{
ExtendedProtectionPolicy policy = HostedTransportConfigurationManager.MetabaseSettings.GetExtendedProtectionPolicy(virtualPath);
if (policy == null)
{
if (extendedProtectionPolicy.PolicyEnforcement == PolicyEnforcement.Always)
{
throw FxTrace.Exception.AsError(new NotSupportedException(System.ServiceModel.Activation.SR.ExtendedProtectionNotSupported));
}
}
else if (isMetadataListener && ChannelBindingUtility.IsDefaultPolicy(extendedProtectionPolicy))
{
extendedProtectionPolicy = policy;
}
else
{
if (!ChannelBindingUtility.AreEqual(policy, extendedProtectionPolicy))
{
string extendedProtectionPolicyCustomChannelBindingMismatch;
if (policy.PolicyEnforcement != extendedProtectionPolicy.PolicyEnforcement)
{
extendedProtectionPolicyCustomChannelBindingMismatch = System.ServiceModel.Activation.SR.ExtendedProtectionPolicyEnforcementMismatch(policy.PolicyEnforcement, extendedProtectionPolicy.PolicyEnforcement);
}
else if (policy.ProtectionScenario != extendedProtectionPolicy.ProtectionScenario)
{
extendedProtectionPolicyCustomChannelBindingMismatch = System.ServiceModel.Activation.SR.ExtendedProtectionPolicyScenarioMismatch(policy.ProtectionScenario, extendedProtectionPolicy.ProtectionScenario);
}
else
{
extendedProtectionPolicyCustomChannelBindingMismatch = System.ServiceModel.Activation.SR.ExtendedProtectionPolicyCustomChannelBindingMismatch;
}
if (extendedProtectionPolicyCustomChannelBindingMismatch != null)
{
throw FxTrace.Exception.AsError(new NotSupportedException(System.ServiceModel.Activation.SR.Hosting_ExtendedProtectionPoliciesMustMatch(extendedProtectionPolicyCustomChannelBindingMismatch)));
}
}
ServiceNameCollection subset = usingDefaultSpnList ? null : extendedProtectionPolicy.CustomServiceNames;
if (!ChannelBindingUtility.IsSubset(policy.CustomServiceNames, subset))
{
throw FxTrace.Exception.AsError(new NotSupportedException(System.ServiceModel.Activation.SR.Hosting_ExtendedProtectionPoliciesMustMatch(System.ServiceModel.Activation.SR.Hosting_ExtendedProtectionSPNListNotSubset)));
}
}
}
if (!ServiceHostingEnvironment.IsSimpleApplicationHost)
{
realm = HostedTransportConfigurationManager.MetabaseSettings.GetRealm(virtualPath);
}
}