protected void InitializeAllDefaultSettings <R, I, D>(
bool startRestWebService,
WcfRestWebServiceAppSettings settings,
WebHttpSecurityMode webHttpSecurityMode,
HttpClientCredentialType httpClientCredentialType,
UserNamePasswordValidator userNamePasswordValidator,
Type userLinqToSqlType,
Type serverActionLinqToSqlType,
Type serverErrorLinqToSqlType,
bool logSettings,
out string restWebServiceUrl,
out string restWebServiceStartedLogMessage)
where R : WcfRestServiceWindows
where I : IWcfRestServiceWindows
where D : DataContext
{
base.InitializeAllDefaultSettings(
settings,
logSettings);
base.InitializeDatabaseSettings <D>(
settings,
userLinqToSqlType,
serverActionLinqToSqlType,
serverErrorLinqToSqlType);
InitializeRestWebServiceServiceHost <R, I>(
startRestWebService,
settings,
webHttpSecurityMode,
httpClientCredentialType,
userNamePasswordValidator,
out restWebServiceUrl,
out restWebServiceStartedLogMessage);
}
/// <summary>
/// Creates a security token authenticator based on the <see cref="T:System.IdentityModel.Selectors.SecurityTokenRequirement"/>.
/// </summary>
/// <param name="tokenRequirement">The <see cref="T:System.IdentityModel.Selectors.SecurityTokenRequirement"/>.</param>
/// <param name="outOfBandTokenResolver">When this method returns, contains a <see cref="T:System.IdentityModel.Selectors.SecurityTokenResolver"/>. This parameter is passed uninitialized.</param>
/// <returns>
/// The <see cref="T:System.IdentityModel.Selectors.SecurityTokenAuthenticator"/>.
/// </returns>
/// <exception cref="T:System.ArgumentNullException">
/// <paramref name="tokenRequirement"/> is null.</exception>
/// <exception cref="T:System.NotSupportedException">A security token authenticator cannot be created for the<paramref name=" tokenRequirement"/> that was passed in.</exception>
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(
SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver)
{
if (tokenRequirement.TokenType == SecurityTokenTypes.UserName)
{
outOfBandTokenResolver = null;
// Get the current validator
UserNamePasswordValidator validator = ServiceCredentials.UserNameAuthentication.CustomUserNamePasswordValidator;
// Ensure that a validator exists
if (validator == null)
{
Trace.TraceWarning("Custom UserName Password Validator must be configued in web.config");
validator = new DefaultPersonnelValidator();
}
return(new PersonnelUserNameTokenAuthenticator(validator));
}
// Return your implementation of the SecurityTokenAuthenticator, if required.
// This implementation delegates to the base class.
return(base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver));
}
public BasicServerSecurity(UserNamePasswordValidator myValidator)
{
if (myValidator == null)
{
throw new ArgumentNullException("myValidator");
}
_validator = myValidator;
}
/// <summary>
/// Creates a security token authenticator which can authenticate users who has a mail address as username.
/// </summary>
/// <param name="validator">Validator which can validate username and password.</param>
/// <param name="identityBuilder">Functionality which can build an identity.</param>
public UserNameAsMailAddressSecurityTokenAuthenticator(UserNamePasswordValidator validator, IIdentityBuilder identityBuilder)
: base(validator)
{
if (identityBuilder == null)
{
throw new ArgumentNullException("identityBuilder");
}
_identityBuilder = identityBuilder;
}
public UserNamePasswordValidatorBehavior(UserNamePasswordValidator validator)
: base()
{
_validator = validator;
UserNameAuthentication.CustomUserNamePasswordValidator = _validator;
UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom;
ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectName, "localhost");
}
internal UserNamePasswordServiceCredential(UserNamePasswordServiceCredential other)
{
_includeWindowsGroups = other._includeWindowsGroups;
_membershipProvider = other._membershipProvider;
_validationMode = other._validationMode;
_validator = other._validator;
_cacheLogonTokens = other._cacheLogonTokens;
_maxCachedLogonTokens = other._maxCachedLogonTokens;
_cachedLogonTokenLifetime = other._cachedLogonTokenLifetime;
_isReadOnly = other._isReadOnly;
}
internal UserNamePasswordServiceCredential(UserNamePasswordServiceCredential other)
{
includeWindowsGroups = other.includeWindowsGroups;
membershipProvider = other.membershipProvider;
validationMode = other.validationMode;
validator = other.validator;
cacheLogonTokens = other.cacheLogonTokens;
maxCachedLogonTokens = other.maxCachedLogonTokens;
cachedLogonTokenLifetime = other.cachedLogonTokenLifetime;
isReadOnly = other.isReadOnly;
}
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(System.IdentityModel.Selectors.SecurityTokenRequirement tokenRequirement, out System.IdentityModel.Selectors.SecurityTokenResolver outOfBandTokenResolver)
{
if (tokenRequirement.TokenType == SecurityTokenTypes.UserName)
{
outOfBandTokenResolver = null;
// Get the current validator
UserNamePasswordValidator validator = ServiceCredentials.UserNameAuthentication.CustomUserNamePasswordValidator;
return(new CustomSecurityTokenAuthenticator(validator));
}
return(base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver));
}
public bool Authenticate(UserNamePasswordValidator validator)
{
if (!_valid)
{
return(false);
}
try
{
validator.Validate(_username, _password);
return(true);
}
catch { }
return(false);
}
internal UserNamePasswordServiceCredential(UserNamePasswordServiceCredential other)
{
this.includeWindowsGroups = true;
this.maxCachedLogonTokens = 0x80;
this.cachedLogonTokenLifetime = DefaultCachedLogonTokenLifetime;
this.includeWindowsGroups = other.includeWindowsGroups;
this.membershipProvider = other.membershipProvider;
this.validationMode = other.validationMode;
this.validator = other.validator;
this.cacheLogonTokens = other.cacheLogonTokens;
this.maxCachedLogonTokens = other.maxCachedLogonTokens;
this.cachedLogonTokenLifetime = other.cachedLogonTokenLifetime;
this.isReadOnly = other.isReadOnly;
}
private UserNamePasswordValidator GetMembershipProviderValidator()
{
System.Web.Security.MembershipProvider membershipProvider;
if (this.membershipProvider != null)
{
membershipProvider = (System.Web.Security.MembershipProvider) this.membershipProvider;
}
else
{
membershipProvider = SystemWebHelper.GetMembershipProvider();
}
if (membershipProvider == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("MissingMembershipProvider")));
}
return(UserNamePasswordValidator.CreateMembershipProviderValidator(membershipProvider));
}
///
/// <param name="serviceEndpointName"></param>
/// <param name="binding"></param>
/// <param name="authValidator"></param>
/// <param name="serviceHost"></param>
/// <param name="contract"></param>
/// <param name="logger"></param>
public RailwayServiceHost(string serviceEndpointName, BasicHttpBinding binding, UserNamePasswordValidator authValidator, ServiceHost serviceHost, Type contract, ILogging logger)
{
this.serviceEndpointName = serviceEndpointName;
this.binding = binding;
this.authValidator = authValidator;
this.serviceHost = serviceHost;
this.contract = contract;
this.logger = logger;
this.binding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
this.binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
this.serviceHost.Credentials.UserNameAuthentication.UserNamePasswordValidationMode = System.ServiceModel.Security.UserNamePasswordValidationMode.Custom;
this.serviceHost.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = authValidator;
this.serviceHost.AddServiceEndpoint(this.contract, this.binding, this.serviceEndpointName);
}
UserNamePasswordValidator GetMembershipProviderValidator()
{
MembershipProvider provider;
if (this.membershipProvider != null)
{
provider = (MembershipProvider)this.membershipProvider;
}
else
{
provider = SystemWebHelper.GetMembershipProvider();
}
if (provider == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.MissingMembershipProvider)));
}
return(UserNamePasswordValidator.CreateMembershipProviderValidator(provider));
}
UserNameSecurityTokenAuthenticator CreateUserNameAuthenticator(SecurityTokenRequirement requirement)
{
UserNamePasswordServiceCredential c = ServiceCredentials.UserNameAuthentication;
switch (c.UserNamePasswordValidationMode)
{
case UserNamePasswordValidationMode.MembershipProvider:
if (c.MembershipProvider == null)
{
throw new InvalidOperationException("For MembershipProvider validation mode, MembershipProvider is required to create a user name token authenticator.");
}
return(new CustomUserNameSecurityTokenAuthenticator(UserNamePasswordValidator.CreateMembershipProviderValidator(c.MembershipProvider)));
case UserNamePasswordValidationMode.Windows:
return(new WindowsUserNameSecurityTokenAuthenticator(c.IncludeWindowsGroups));
default:
if (c.CustomUserNamePasswordValidator == null)
{
throw new InvalidOperationException("For Custom validation mode, CustomUserNamePasswordValidator is required to create a user name token authenticator.");
}
return(new CustomUserNameSecurityTokenAuthenticator(c.CustomUserNamePasswordValidator));
}
}
protected virtual void InitializeRestWebServiceServiceHost <R, I>(
bool startRestWebService,
WcfRestWebServiceAppSettings settings,
WebHttpSecurityMode webHttpSecurityMode,
HttpClientCredentialType httpClientCredentialType,
UserNamePasswordValidator userNamePasswordValidator,
out string restWebServiceUrl,
out string restWebServiceStartedLogMessage)
where R : WcfRestServiceWindows
where I : IWcfRestServiceWindows
{
GOCWindows.Instance.JsonSerializer.IncludeOrmTypeNamesInJsonResponse = settings.RestServiceIncludeOrmTypeNamesInJsonResponse;
GOCWindows.Instance.SetEncoding(settings.RestServiceTextResponseEncoding);
WebHttpBinding webHttpBinding = new WebHttpBinding()
{
MaxBufferPoolSize = settings.RestServiceMaxBufferPoolSize,
MaxBufferSize = Convert.ToInt32(settings.RestServiceMaxBufferSize),
MaxReceivedMessageSize = settings.RestServiceMaxReceivedMessageSize
};
if (settings.RestServiceUseAuthentication)
{
webHttpBinding.Security.Mode = webHttpSecurityMode;
webHttpBinding.Security.Transport.ClientCredentialType = httpClientCredentialType;
}
CustomBinding customBinding = GetBinding(settings, webHttpBinding);
ServiceHost serviceHost = new ServiceHost(typeof(R));
restWebServiceUrl = string.Format("http://127.0.0.1:{0}/{1}", settings.RestServicePortNumber, settings.RestServiceHostAddressSuffix);
SetServiceHostDebugBehavior(serviceHost, settings);
SetServiceHostThrottlingBehavior(serviceHost, settings);
ConfigurationFileHelperWindows.SetApplicationServiceModelPerformanceCounters(settings.RestServicePerformanceCounterScope);
ServiceEndpoint httpEndpoint = serviceHost.AddServiceEndpoint(typeof(I), customBinding, restWebServiceUrl);
httpEndpoint.Behaviors.Add(new WebHttpBehavior());
httpEndpoint.EndpointBehaviors.Add(new WcfServiceMessageInspectorBehaviorWindows(settings.RestServiceTraceHttpMessages, settings.RestServiceTraceHttpMessageHeaders));
if (settings.RestServiceUseAuthentication && (userNamePasswordValidator != null))
{
serviceHost.Credentials.UserNameAuthentication.UserNamePasswordValidationMode = System.ServiceModel.Security.UserNamePasswordValidationMode.Custom;
serviceHost.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = userNamePasswordValidator;
}
if (startRestWebService)
{
if (GOCWindows.Instance.GetByTypeName <ServiceHost>() != null)
{
GOCWindows.Instance.DeleteByTypeName <ServiceHost>();
}
GOCWindows.Instance.AddByTypeName(serviceHost); //The service's stop method will access it from the GOC to close the service host.
serviceHost.Open();
restWebServiceStartedLogMessage = string.Format($"Started - {settings.ApplicationName}: {restWebServiceUrl}");
GOCWindows.Instance.Logger.LogMessage(new LogMessage(restWebServiceStartedLogMessage, LogMessageType.SuccessAudit, LoggingLevel.Minimum));
}
else
{
restWebServiceStartedLogMessage = string.Format($"Not Started - {settings.ApplicationName}: {restWebServiceUrl}");
}
}
public static IServiceCredentials CustomUserNamePasswordValidator(this IServiceCredentials me, UserNamePasswordValidator userNamePasswordValidator)
{
var cre = me as _ServiceCredentials;
cre.ServiceCredentials.UserNameAuthentication.CustomUserNamePasswordValidator = userNamePasswordValidator;
return(me);
}
internal PasswordTokenAuthenticator(UserNamePasswordValidator validator)
: base(validator)
{
}
public AuthServiceHostFactory(UserNamePasswordValidator validator)
{
_validator = validator;
}
public CustomSecurityTokenAuthenticator(UserNamePasswordValidator validator)
: base(validator)
{
}
/// <summary>
/// Initializes a new instance of the <see cref="PersonnelUserNameTokenAuthenticator"/> class.
/// </summary>
/// <param name="validator">A <see cref="T:System.IdentityModel.Selectors.UserNamePasswordValidator"/> that authenticates the username and password using a custom authentication scheme.</param>
/// <exception cref="T:System.ArgumentNullException">
/// <paramref name="validator"/> is null.</exception>
public PersonnelUserNameTokenAuthenticator(UserNamePasswordValidator validator)
: base(validator)
{
}
