public static bool TryExtract(BindingParameterCollection collection, out AuthenticationSchemes authenticationSchemes)
{
Fx.Assert(collection != null, "collection != null");
authenticationSchemes = AuthenticationSchemes.None;
AuthenticationSchemesBindingParameter instance = collection.Find <AuthenticationSchemesBindingParameter>();
if (instance != null)
{
authenticationSchemes = instance.AuthenticationSchemes;
return(true);
}
return(false);
}
internal static AuthenticationSchemes GetEffectiveAuthenticationSchemes(AuthenticationSchemes currentAuthenticationSchemes,
BindingParameterCollection bindingParameters)
{
if (bindingParameters == null)
{
return(currentAuthenticationSchemes);
}
AuthenticationSchemes hostSupportedAuthenticationSchemes;
if (!AuthenticationSchemesBindingParameter.TryExtract(bindingParameters, out hostSupportedAuthenticationSchemes))
{
return(currentAuthenticationSchemes);
}
if (currentAuthenticationSchemes == AuthenticationSchemes.None ||
(AspNetEnvironment.Current.IsMetadataListener(bindingParameters) &&
currentAuthenticationSchemes == AuthenticationSchemes.Anonymous &&
hostSupportedAuthenticationSchemes.IsNotSet(AuthenticationSchemes.Anonymous)))
{
//Inherit authentication schemes from host.
//This logic of inheriting from the host for anonymous MEX endpoints was previously implemented in HostedAspNetEnvironment.ValidateHttpSettings.
//We moved it here to maintain the pre-multi-auth behavior. (see CSDMain 183553)
if (!hostSupportedAuthenticationSchemes.IsSingleton() &&
hostSupportedAuthenticationSchemes.IsSet(AuthenticationSchemes.Anonymous) &&
AspNetEnvironment.Current.AspNetCompatibilityEnabled &&
AspNetEnvironment.Current.IsSimpleApplicationHost &&
AspNetEnvironment.Current.IsWindowsAuthenticationConfigured())
{
// Remove Anonymous if ASP.Net authentication mode is Windows (Asp.Net would not allow anonymous requests in this case anyway)
hostSupportedAuthenticationSchemes ^= AuthenticationSchemes.Anonymous;
}
return(hostSupportedAuthenticationSchemes);
}
else
{
//build intersection between AuthenticationSchemes supported on the HttpTransportbidningELement and ServiceHost/IIS
return(currentAuthenticationSchemes & hostSupportedAuthenticationSchemes);
}
}
protected void UpdateAuthenticationSchemes(BindingContext context)
{
if (context == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");
}
AuthenticationSchemes effectiveAutheSchemes = HttpTransportBindingElement.GetEffectiveAuthenticationSchemes(this.AuthenticationScheme,
context.BindingParameters);
if (effectiveAutheSchemes == AuthenticationSchemes.None)
{
#pragma warning suppress 56506 // Microsoft, context.Binding will never be null.
string bindingName = context.Binding.Name;
if (this.AuthenticationScheme == AuthenticationSchemes.None)
{
//can't inherit from host because none were configured.
//We are throwing a "NotSupportedException" to be consistent with the type of exception that was thrown in this scenario,
//before the multi-auth feature, in HostedAspNetEnvironment.ValidateHttpSettings.
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(
new NotSupportedException(SR.GetString(SR.AuthenticationSchemesCannotBeInheritedFromHost, bindingName)));
}
else
{
//settings configured on the host and binding conflict.
AuthenticationSchemes hostSchemes;
if (!AuthenticationSchemesBindingParameter.TryExtract(context.BindingParameters, out hostSchemes))
{
//The host/binding settings can only conflict if host has settings specified, so we should never
//hit this line of code
DiagnosticUtility.DebugAssert("Failed to find AuthenticationSchemesBindingParameter");
}
//We are throwing a "NotSupportedException" to be consistent with the type of exception that was thrown in this scenario,
//before the multi-auth feature, in HostedAspNetEnvironment.ValidateHttpSettings.
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(
new NotSupportedException(SR.GetString(SR.AuthenticationSchemes_BindingAndHostConflict, hostSchemes, bindingName, this.AuthenticationScheme)));
}
}
this.AuthenticationScheme = effectiveAutheSchemes;
}
