protected ClientSecurityChannel(ChannelManagerBase factory, System.ServiceModel.Security.SecurityProtocolFactory securityProtocolFactory, UChannel innerChannel, EndpointAddress to, Uri via) : base(factory, innerChannel)
{
this.to = to;
this.via = via;
this.securityProtocolFactory = securityProtocolFactory;
this.channelParameters = new ChannelParameterCollection(this);
}
public static IClientReliableChannelBinder CreateBinder(EndpointAddress to, Uri via,
IChannelFactory <TChannel> factory, MaskingMode maskingMode, TolerateFaultsMode faultMode,
ChannelParameterCollection channelParameters,
TimeSpan defaultCloseTimeout, TimeSpan defaultSendTimeout)
{
Type type = typeof(TChannel);
if (type == typeof(IDuplexChannel))
{
return(new DuplexClientReliableChannelBinder(to, via, (IChannelFactory <IDuplexChannel>)(object) factory, maskingMode,
channelParameters, defaultCloseTimeout, defaultSendTimeout));
}
else if (type == typeof(IDuplexSessionChannel))
{
return(new DuplexSessionClientReliableChannelBinder(to, via, (IChannelFactory <IDuplexSessionChannel>)(object) factory, maskingMode,
faultMode, channelParameters, defaultCloseTimeout, defaultSendTimeout));
}
else if (type == typeof(IRequestChannel))
{
return(new RequestClientReliableChannelBinder(to, via, (IChannelFactory <IRequestChannel>)(object) factory, maskingMode,
channelParameters, defaultCloseTimeout, defaultSendTimeout));
}
else if (type == typeof(IRequestSessionChannel))
{
return(new RequestSessionClientReliableChannelBinder(to, via, (IChannelFactory <IRequestSessionChannel>)(object) factory, maskingMode,
faultMode, channelParameters, defaultCloseTimeout, defaultSendTimeout));
}
else
{
throw Fx.AssertAndThrow("ClientReliableChannelBinder supports creation of IDuplexChannel, IDuplexSessionChannel, IRequestChannel, and IRequestSessionChannel only.");
}
}
public ReliableRequestSessionChannel(
ChannelManagerBase factory,
IReliableFactorySettings settings,
IClientReliableChannelBinder binder,
FaultHelper faultHelper,
LateBoundChannelParameterCollection channelParameters,
UniqueId inputID)
: base(factory, binder.RemoteAddress, binder.Via, true)
{
this.settings = settings;
this.binder = binder;
this.session = new ClientReliableSession(this, settings, binder, faultHelper, inputID);
this.session.PollingCallback = this.PollingCallback;
this.session.UnblockChannelCloseCallback = this.UnblockClose;
if (this.settings.ReliableMessagingVersion == ReliableMessagingVersion.WSReliableMessagingFebruary2005)
{
this.shutdownHandle = new InterruptibleWaitObject(false);
}
else
{
this.replyAckConsistencyGuard = new Guard(Int32.MaxValue);
}
this.binder.Faulted += OnBinderFaulted;
this.binder.OnException += OnBinderException;
this.channelParameters = channelParameters;
channelParameters.SetChannel(this);
}
public RequestSessionClientReliableChannelBinder(EndpointAddress to, Uri via,
IChannelFactory <IRequestSessionChannel> factory, MaskingMode maskingMode, TolerateFaultsMode faultMode,
ChannelParameterCollection channelParameters,
TimeSpan defaultCloseTimeout, TimeSpan defaultSendTimeout)
: base(to, via, factory, maskingMode, faultMode, channelParameters, defaultCloseTimeout,
defaultSendTimeout)
{
}
public ClientReliableDuplexSessionChannel(ChannelManagerBase factory, IReliableFactorySettings settings, IReliableChannelBinder binder, FaultHelper faultHelper, LateBoundChannelParameterCollection channelParameters, UniqueId inputID) : base(factory, settings, binder)
{
this.clientSession = new DuplexClientReliableSession(this, settings, faultHelper, inputID);
this.clientSession.PollingCallback = new ClientReliableSession.PollingHandler(this.PollingCallback);
base.SetSession(this.clientSession);
this.channelParameters = channelParameters;
channelParameters.SetChannel(this);
((IClientReliableChannelBinder)binder).ConnectionLost += new EventHandler(this.OnConnectionLost);
}
protected ClientSecurityChannel(ChannelManagerBase factory, SecurityProtocolFactory securityProtocolFactory,
UChannel innerChannel, EndpointAddress to, Uri via)
: base(factory, innerChannel)
{
RemoteAddress = to;
Via = via;
SecurityProtocolFactory = securityProtocolFactory;
_channelParameters = new ChannelParameterCollection(this);
}
internal void CreateAndOpenTokenProviders(EndpointAddress to, Uri via, ChannelParameterCollection channelParameters, TimeSpan timeout, out SecurityTokenProviderContainer tokenProvider)
{
if (!IsSecurityTokenManagerRequired())
{
tokenProvider = null;
}
else
{
CreateAndOpenTokenProvidersCore(to, via, channelParameters, timeout, out tokenProvider);
}
}
protected ClientReliableChannelBinder(EndpointAddress to, Uri via, IChannelFactory <TChannel> factory,
MaskingMode maskingMode, TolerateFaultsMode faultMode, ChannelParameterCollection channelParameters,
TimeSpan defaultCloseTimeout, TimeSpan defaultSendTimeout)
: base(factory.CreateChannel(to, via), maskingMode, faultMode,
defaultCloseTimeout, defaultSendTimeout)
{
_to = to;
Via = via;
_factory = factory;
_channelParameters = channelParameters ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(channelParameters));
}
protected ReliableOutputSessionChannel(ChannelManagerBase factory, IReliableFactorySettings settings, IClientReliableChannelBinder binder, FaultHelper faultHelper, LateBoundChannelParameterCollection channelParameters) : base(factory)
{
this.settings = settings;
this.binder = binder;
this.session = new ClientReliableSession(this, settings, binder, faultHelper, null);
this.session.PollingCallback = new ClientReliableSession.PollingHandler(this.PollingCallback);
this.session.UnblockChannelCloseCallback = new ChannelReliableSession.UnblockChannelCloseHandler(this.UnblockClose);
this.binder.Faulted += new BinderExceptionHandler(this.OnBinderFaulted);
this.binder.OnException += new BinderExceptionHandler(this.OnBinderException);
this.channelParameters = channelParameters;
channelParameters.SetChannel(this);
}
HttpWebRequest CreateHttpWebRequest(TimeSpan timeout)
{
TimeoutHelper helper = new TimeoutHelper(timeout);
ChannelParameterCollection channelParameterCollection = new ChannelParameterCollection();
HttpWebRequest request;
if (HttpChannelFactory <IDuplexSessionChannel> .MapIdentity(this.RemoteAddress, this.channelFactory.AuthenticationScheme))
{
lock (ThisLock)
{
this.cleanupIdentity = HttpTransportSecurityHelpers.AddIdentityMapping(Via, RemoteAddress);
}
}
this.channelFactory.CreateAndOpenTokenProviders(
this.RemoteAddress,
this.Via,
channelParameterCollection,
helper.RemainingTime(),
out this.webRequestTokenProvider,
out this.webRequestProxyTokenProvider);
SecurityTokenContainer clientCertificateToken = null;
HttpsChannelFactory <IDuplexSessionChannel> httpsChannelFactory = this.channelFactory as HttpsChannelFactory <IDuplexSessionChannel>;
if (httpsChannelFactory != null && httpsChannelFactory.RequireClientCertificate)
{
SecurityTokenProvider certificateProvider = httpsChannelFactory.CreateAndOpenCertificateTokenProvider(this.RemoteAddress, this.Via, channelParameterCollection, helper.RemainingTime());
clientCertificateToken = httpsChannelFactory.GetCertificateSecurityToken(certificateProvider, this.RemoteAddress, this.Via, channelParameterCollection, ref helper);
}
request = this.channelFactory.GetWebRequest(this.RemoteAddress, this.Via, this.webRequestTokenProvider, this.webRequestProxyTokenProvider, clientCertificateToken, helper.RemainingTime(), true);
// If a web socket connection factory is specified (for example, when using web sockets on pre-Win8 OS),
// we're going to use the protocol version from it. At the moment, on pre-Win8 OS, the HttpWebRequest
// created above doesn't have the version header specified.
if (this.connectionFactory != null)
{
this.UseWebSocketVersionFromFactory(request);
}
this.webSocketKey = request.Headers[WebSocketHelper.SecWebSocketKey];
this.ConfigureHttpWebRequestHeader(request);
request.Timeout = (int)helper.RemainingTime().TotalMilliseconds;
return(request);
}
public void PropagateChannelParameters(IChannel innerChannel)
{
if (innerChannel == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("innerChannel");
}
this.ThrowIfMutable();
ChannelParameterCollection property = innerChannel.GetProperty <ChannelParameterCollection>();
if (property != null)
{
for (int i = 0; i < base.Count; i++)
{
property.Add(base[i]);
}
}
}
public static SecurityTokenProvider GetUserNameTokenProvider(
SecurityTokenManager tokenManager, EndpointAddress target, Uri via, string transportScheme, AuthenticationSchemes authenticationScheme,
ChannelParameterCollection channelParameters)
{
SecurityTokenProvider result = null;
if (tokenManager != null)
{
SecurityTokenRequirement usernameRequirement = CreateUserNameTokenRequirement(target, via, transportScheme);
usernameRequirement.Properties[ServiceModelSecurityTokenRequirement.HttpAuthenticationSchemeProperty] = authenticationScheme;
if (channelParameters != null)
{
usernameRequirement.Properties[ServiceModelSecurityTokenRequirement.ChannelParametersCollectionProperty] = channelParameters;
}
result = tokenManager.CreateSecurityTokenProvider(usernameRequirement);
}
return(result);
}
public void PropagateChannelParameters(IChannel innerChannel)
{
if (innerChannel == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(innerChannel));
}
ThrowIfMutable();
ChannelParameterCollection innerCollection = innerChannel.GetProperty <ChannelParameterCollection>();
if (innerCollection != null)
{
for (int i = 0; i < Count; i++)
{
innerCollection.Add(this[i]);
}
}
}
protected ReliableOutputSessionChannel(
ChannelManagerBase factory,
IReliableFactorySettings settings,
IClientReliableChannelBinder binder,
FaultHelper faultHelper,
LateBoundChannelParameterCollection channelParameters)
: base(factory)
{
Settings = settings;
_binder = binder;
_session = new ClientReliableSession(this, settings, binder, faultHelper, null);
_session.PollingCallback = PollingAsyncCallback;
_session.UnblockChannelCloseCallback = UnblockClose;
_binder.Faulted += OnBinderFaulted;
_binder.OnException += OnBinderException;
_channelParameters = channelParameters;
channelParameters.SetChannel(this);
}
public override T GetProperty <T>()
{
if (typeof(T) == typeof(ChannelParameterCollection))
{
if (State == CommunicationState.Created)
{
lock (ThisLock)
{
if (_channelParameters == null)
{
_channelParameters = new ChannelParameterCollection();
}
}
}
return((T)(object)_channelParameters);
}
else
{
return(base.GetProperty <T>());
}
}
public static SecurityTokenProvider GetDigestTokenProvider(
SecurityTokenManager tokenManager, EndpointAddress target, Uri via,
string transportScheme, AuthenticationSchemes authenticationScheme, ChannelParameterCollection channelParameters)
{
if (tokenManager != null)
{
InitiatorServiceModelSecurityTokenRequirement digestTokenRequirement =
new InitiatorServiceModelSecurityTokenRequirement();
digestTokenRequirement.TokenType = ServiceModelSecurityTokenTypes.SspiCredential;
digestTokenRequirement.TargetAddress = target;
digestTokenRequirement.Via = via;
digestTokenRequirement.RequireCryptographicToken = false;
digestTokenRequirement.TransportScheme = transportScheme;
digestTokenRequirement.Properties[ServiceModelSecurityTokenRequirement.HttpAuthenticationSchemeProperty] = authenticationScheme;
if (channelParameters != null)
{
digestTokenRequirement.Properties[ServiceModelSecurityTokenRequirement.ChannelParametersCollectionProperty] = channelParameters;
}
return(tokenManager.CreateSecurityTokenProvider(digestTokenRequirement) as SspiSecurityTokenProvider);
}
return(null);
}
internal SecurityTokenContainer GetCertificateSecurityToken(SecurityTokenProvider certificateProvider,
EndpointAddress to, Uri via, ChannelParameterCollection channelParameters, ref TimeoutHelper timeoutHelper)
{
SecurityToken token = null;
SecurityTokenContainer tokenContainer = null;
SecurityTokenProvider requestCertificateProvider;
if (ManualAddressing && RequireClientCertificate)
{
requestCertificateProvider = CreateAndOpenCertificateTokenProvider(to, via, channelParameters, timeoutHelper.RemainingTime());
}
else
{
requestCertificateProvider = certificateProvider;
}
if (requestCertificateProvider != null)
{
token = requestCertificateProvider.GetTokenAsync(timeoutHelper.GetCancellationToken()).GetAwaiter().GetResult();
}
if (ManualAddressing && RequireClientCertificate)
{
SecurityUtils.AbortTokenProviderIfRequired(requestCertificateProvider);
}
if (token != null)
{
tokenContainer = new SecurityTokenContainer(token);
}
return(tokenContainer);
}
internal SecurityTokenProvider CreateAndOpenCertificateTokenProvider(EndpointAddress target, Uri via, ChannelParameterCollection channelParameters, TimeSpan timeout)
{
if (!RequireClientCertificate)
{
return(null);
}
SecurityTokenProvider certificateProvider = TransportSecurityHelpers.GetCertificateTokenProvider(
SecurityTokenManager, target, via, Scheme, channelParameters);
SecurityUtils.OpenTokenProviderIfRequired(certificateProvider, timeout);
return(certificateProvider);
}
protected internal override async Task OnOpenAsync(TimeSpan timeout)
{
TimeoutHelper helper = new TimeoutHelper(timeout);
bool success = false;
try
{
if (WcfEventSource.Instance.WebSocketConnectionRequestSendStartIsEnabled())
{
WcfEventSource.Instance.WebSocketConnectionRequestSendStart(
EventTraceActivity,
RemoteAddress != null ? RemoteAddress.ToString() : string.Empty);
}
ChannelParameterCollection channelParameterCollection = new ChannelParameterCollection();
if (HttpChannelFactory <IDuplexSessionChannel> .MapIdentity(this.RemoteAddress, _channelFactory.AuthenticationScheme))
{
lock (ThisLock)
{
_cleanupIdentity = HttpTransportSecurityHelpers.AddIdentityMapping(Via, RemoteAddress);
}
}
X509Certificate2 clientCertificate = null;
HttpsChannelFactory <IDuplexSessionChannel> httpsChannelFactory = _channelFactory as HttpsChannelFactory <IDuplexSessionChannel>;
if (httpsChannelFactory != null && httpsChannelFactory.RequireClientCertificate)
{
var certificateProvider = httpsChannelFactory.CreateAndOpenCertificateTokenProvider(RemoteAddress, Via, channelParameterCollection, helper.RemainingTime());
var clientCertificateToken = httpsChannelFactory.GetCertificateSecurityToken(certificateProvider, RemoteAddress, Via, channelParameterCollection, ref helper);
var x509Token = (X509SecurityToken)clientCertificateToken.Token;
clientCertificate = x509Token.Certificate;
}
try
{
WebSocket = await CreateWebSocketWithFactoryAsync(clientCertificate, helper);
}
finally
{
if (WebSocket != null && _cleanupStarted)
{
WebSocket.Abort();
CommunicationObjectAbortedException communicationObjectAbortedException = new CommunicationObjectAbortedException(
new WebSocketException(WebSocketError.ConnectionClosedPrematurely).Message);
FxTrace.Exception.AsWarning(communicationObjectAbortedException);
throw communicationObjectAbortedException;
}
}
bool inputUseStreaming = TransferModeHelper.IsResponseStreamed(TransferMode);
SetMessageSource(new WebSocketMessageSource(
this,
WebSocket,
inputUseStreaming,
this));
success = true;
if (WcfEventSource.Instance.WebSocketConnectionRequestSendStopIsEnabled())
{
WcfEventSource.Instance.WebSocketConnectionRequestSendStop(
EventTraceActivity,
WebSocket != null ? WebSocket.GetHashCode() : -1);
}
}
catch (WebSocketException ex)
{
if (WcfEventSource.Instance.WebSocketConnectionFailedIsEnabled())
{
WcfEventSource.Instance.WebSocketConnectionFailed(EventTraceActivity, ex.Message);
}
TryConvertAndThrow(ex);
}
finally
{
CleanupTokenProviders();
if (!success)
{
CleanupOnError();
}
}
}
private SecurityTokenProviderContainer CreateAndOpenTokenProvider(TimeSpan timeout, AuthenticationSchemes authenticationScheme,
EndpointAddress target, Uri via, ChannelParameterCollection channelParameters)
{
SecurityTokenProvider tokenProvider = null;
switch (authenticationScheme)
{
case AuthenticationSchemes.Anonymous:
break;
case AuthenticationSchemes.Basic:
tokenProvider = TransportSecurityHelpers.GetUserNameTokenProvider(this.SecurityTokenManager, target, via, this.Scheme, authenticationScheme, channelParameters);
break;
case AuthenticationSchemes.Negotiate:
case AuthenticationSchemes.Ntlm:
// tokenProvider = TransportSecurityHelpers.GetSspiTokenProvider(this.SecurityTokenManager, target, via, this.Scheme, authenticationScheme, channelParameters);
// break;
throw ExceptionHelper.PlatformNotSupported("Negotiate/NTLM not supported yet");
case AuthenticationSchemes.Digest:
tokenProvider = TransportSecurityHelpers.GetDigestTokenProvider(this.SecurityTokenManager, target, via, this.Scheme, authenticationScheme, channelParameters);
break;
default:
// The setter for this property should prevent this.
throw Fx.AssertAndThrow("CreateAndOpenTokenProvider: Invalid authentication scheme");
}
SecurityTokenProviderContainer result;
if (tokenProvider != null)
{
result = new SecurityTokenProviderContainer(tokenProvider);
result.Open(timeout);
}
else
{
result = null;
}
return(result);
}
private void CreateAndOpenTokenProvidersCore(EndpointAddress to, Uri via, ChannelParameterCollection channelParameters, TimeSpan timeout, out SecurityTokenProviderContainer tokenProvider)
{
TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);
tokenProvider = CreateAndOpenTokenProvider(timeoutHelper.RemainingTime(), this.AuthenticationScheme, to, via, channelParameters);
}
public static SecurityTokenProvider GetCertificateTokenProvider(
SecurityTokenManager tokenManager, EndpointAddress target, Uri via, string transportScheme, ChannelParameterCollection channelParameters)
{
if (tokenManager != null)
{
InitiatorServiceModelSecurityTokenRequirement certificateTokenRequirement =
new InitiatorServiceModelSecurityTokenRequirement();
certificateTokenRequirement.TokenType = SecurityTokenTypes.X509Certificate;
certificateTokenRequirement.TargetAddress = target;
certificateTokenRequirement.Via = via;
certificateTokenRequirement.RequireCryptographicToken = false;
certificateTokenRequirement.TransportScheme = transportScheme;
if (channelParameters != null)
{
certificateTokenRequirement.Properties[ServiceModelSecurityTokenRequirement.ChannelParametersCollectionProperty] = channelParameters;
}
return(tokenManager.CreateSecurityTokenProvider(certificateTokenRequirement));
}
return(null);
}
public static SspiSecurityTokenProvider GetSspiTokenProvider(
SecurityTokenManager tokenManager, EndpointAddress target, Uri via, string transportScheme, AuthenticationSchemes authenticationScheme, ChannelParameterCollection channelParameters)
{
if (tokenManager != null)
{
SecurityTokenRequirement sspiRequirement = CreateSspiTokenRequirement(target, via, transportScheme);
sspiRequirement.Properties[ServiceModelSecurityTokenRequirement.HttpAuthenticationSchemeProperty] = authenticationScheme;
if (channelParameters != null)
{
sspiRequirement.Properties[ServiceModelSecurityTokenRequirement.ChannelParametersCollectionProperty] = channelParameters;
}
SspiSecurityTokenProvider tokenProvider = tokenManager.CreateSecurityTokenProvider(sspiRequirement) as SspiSecurityTokenProvider;
return(tokenProvider);
}
return(null);
}
private SecurityTokenProvider CreateAndOpenCertificateTokenProvider(EndpointAddress target, Uri via, ChannelParameterCollection channelParameters, TimeSpan timeout)
{
if (!this.RequireClientCertificate)
{
return(null);
}
SecurityTokenProvider tokenProvider = TransportSecurityHelpers.GetCertificateTokenProvider(base.SecurityTokenManager, target, via, this.Scheme, channelParameters);
System.ServiceModel.Security.SecurityUtils.OpenTokenProviderIfRequired(tokenProvider, timeout);
return(tokenProvider);
}
private SecurityTokenContainer GetCertificateSecurityToken(SecurityTokenProvider certificateProvider, EndpointAddress to, Uri via, ChannelParameterCollection channelParameters, ref TimeoutHelper timeoutHelper)
{
SecurityToken token = null;
SecurityTokenContainer container = null;
SecurityTokenProvider provider;
if (base.ManualAddressing && this.RequireClientCertificate)
{
provider = this.CreateAndOpenCertificateTokenProvider(to, via, channelParameters, timeoutHelper.RemainingTime());
}
else
{
provider = certificateProvider;
}
if (provider != null)
{
token = provider.GetToken(timeoutHelper.RemainingTime());
}
if (base.ManualAddressing && this.RequireClientCertificate)
{
System.ServiceModel.Security.SecurityUtils.AbortTokenProviderIfRequired(provider);
}
if (token != null)
{
container = new SecurityTokenContainer(token);
}
return(container);
}
internal SecurityTokenProvider CreateAndOpenCertificateTokenProvider(EndpointAddress target, Uri via, ChannelParameterCollection channelParameters, TimeSpan timeout)
{
if (!this.RequireClientCertificate)
{
return(null);
}
throw ExceptionHelper.PlatformNotSupported("Client certificates not supported");
}
