private async Task <SecurityMessageProperty> CreateClientSecurityAsync(NegotiateStream negotiateStream, bool extractGroupsForWindowsAccounts) { IIdentity remoteIdentity = negotiateStream.RemoteIdentity; SecurityToken token; ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies; WindowsSecurityTokenAuthenticator authenticator = new WindowsSecurityTokenAuthenticator(extractGroupsForWindowsAccounts, _ldapSettings); if (remoteIdentity is WindowsIdentity) { WindowsIdentity windowIdentity = (WindowsIdentity)remoteIdentity; SecurityUtils.ValidateAnonymityConstraint(windowIdentity, false); token = new WindowsSecurityToken(windowIdentity, SecurityUniqueId.Create().Value, windowIdentity.AuthenticationType); } else { ClaimsIdentity claimsIdentity = new ClaimsIdentity(remoteIdentity); token = new GenericSecurityToken(remoteIdentity.Name, SecurityUniqueId.Create().Value); } authorizationPolicies = await authenticator.ValidateTokenAsync(token); SecurityMessageProperty clientSecurity = new SecurityMessageProperty { TransportToken = new SecurityTokenSpecification(token, authorizationPolicies), ServiceSecurityContext = new ServiceSecurityContext(authorizationPolicies) }; return(clientSecurity); }
SecurityMessageProperty CreateClientSecurity(NegotiateStream negotiateStream, bool extractGroupsForWindowsAccounts) { IIdentity remoteIdentity = negotiateStream.RemoteIdentity; SecurityToken token; ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies; if (remoteIdentity is WindowsIdentity) { WindowsIdentity windowIdentity = (WindowsIdentity)remoteIdentity; Security.SecurityUtils.ValidateAnonymityConstraint(windowIdentity, false); WindowsSecurityTokenAuthenticator authenticator = new WindowsSecurityTokenAuthenticator(extractGroupsForWindowsAccounts); token = new WindowsSecurityToken(windowIdentity, SecurityUniqueId.Create().Value, windowIdentity.AuthenticationType); authorizationPolicies = authenticator.ValidateToken(token); } else { token = new GenericSecurityToken(remoteIdentity.Name, SecurityUniqueId.Create().Value); GenericSecurityTokenAuthenticator authenticator = new GenericSecurityTokenAuthenticator(); authorizationPolicies = authenticator.ValidateToken(token); } SecurityMessageProperty clientSecurity = new SecurityMessageProperty(); clientSecurity.TransportToken = new SecurityTokenSpecification(token, authorizationPolicies); clientSecurity.ServiceSecurityContext = new ServiceSecurityContext(authorizationPolicies); return(clientSecurity); }