Example #1
0
 // RST specific method
 public abstract void WriteRequestSecurityToken(RequestSecurityToken rst, XmlWriter w);
Example #2
0
 // RST specific method
 public abstract BinaryNegotiation GetBinaryNegotiation(RequestSecurityToken rst);
Example #3
0
 // RST specific method
 public abstract SecurityToken GetEntropy(RequestSecurityToken rst, SecurityTokenResolver resolver);
Example #4
0
 public abstract T GetAppliesTo <T>(RequestSecurityToken rst, XmlObjectSerializer serializer);
Example #5
0
 public abstract void GetAppliesToQName(RequestSecurityToken rst, out string localName, out string namespaceUri);
Example #6
0
 public GetOutgoingBlobProxy(SspiNegotiationTokenProviderState sspiState, SspiNegotiationTokenProvider sspiProvider, RequestSecurityToken rst)
 {
     this._sspiState    = sspiState;
     this._sspiProvider = sspiProvider;
     this._rst          = rst;
 }
        protected override BodyWriter ProcessRequestSecurityToken(Message request, RequestSecurityToken requestSecurityToken, out NegotiationTokenAuthenticatorState negotiationState)
        {
            BodyWriter writer;

            if (request == null)
            {
                throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("request");
            }
            if (requestSecurityToken == null)
            {
                throw TraceUtility.ThrowHelperArgumentNull("requestSecurityToken", request);
            }
            try
            {
                EndpointAddress        address;
                DataContractSerializer serializer;
                string        str;
                string        str2;
                int           num;
                byte[]        buffer;
                byte[]        buffer2;
                SecurityToken token;
                ReadOnlyCollection <IAuthorizationPolicy> instance;
                if ((requestSecurityToken.RequestType != null) && (requestSecurityToken.RequestType != base.StandardsManager.TrustDriver.RequestTypeIssue))
                {
                    throw TraceUtility.ThrowHelperWarning(new SecurityNegotiationException(System.ServiceModel.SR.GetString("InvalidRstRequestType", new object[] { requestSecurityToken.RequestType })), request);
                }
                if ((requestSecurityToken.TokenType != null) && (requestSecurityToken.TokenType != base.SecurityContextTokenUri))
                {
                    throw TraceUtility.ThrowHelperWarning(new SecurityNegotiationException(System.ServiceModel.SR.GetString("CannotIssueRstTokenType", new object[] { requestSecurityToken.TokenType })), request);
                }
                requestSecurityToken.GetAppliesToQName(out str, out str2);
                if ((str == "EndpointReference") && (str2 == request.Version.Addressing.Namespace))
                {
                    if (request.Version.Addressing != AddressingVersion.WSAddressing10)
                    {
                        if (request.Version.Addressing != AddressingVersion.WSAddressingAugust2004)
                        {
                            throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ProtocolException(System.ServiceModel.SR.GetString("AddressingVersionNotSupported", new object[] { request.Version.Addressing })));
                        }
                        serializer = DataContractSerializerDefaults.CreateSerializer(typeof(EndpointAddressAugust2004), 0x10000);
                        address    = requestSecurityToken.GetAppliesTo <EndpointAddressAugust2004>(serializer).ToEndpointAddress();
                    }
                    else
                    {
                        serializer = DataContractSerializerDefaults.CreateSerializer(typeof(EndpointAddress10), 0x10000);
                        address    = requestSecurityToken.GetAppliesTo <EndpointAddress10>(serializer).ToEndpointAddress();
                    }
                }
                else
                {
                    address    = null;
                    serializer = null;
                }
                if (this.shouldMatchRstWithEndpointFilter)
                {
                    System.ServiceModel.Security.SecurityUtils.MatchRstWithEndpointFilter(request, base.EndpointFilterTable, base.ListenUri);
                }
                WSTrust.Driver.ProcessRstAndIssueKey(requestSecurityToken, null, this.KeyEntropyMode, base.SecurityAlgorithmSuite, out num, out buffer, out buffer2, out token);
                UniqueId contextId               = System.ServiceModel.Security.SecurityUtils.GenerateUniqueId();
                string   id                      = System.ServiceModel.Security.SecurityUtils.GenerateId();
                DateTime utcNow                  = DateTime.UtcNow;
                DateTime expirationTime          = TimeoutHelper.Add(utcNow, base.ServiceTokenLifetime);
                SecurityMessageProperty security = request.Properties.Security;
                if (security != null)
                {
                    instance = SecuritySessionSecurityTokenAuthenticator.CreateSecureConversationPolicies(security, expirationTime);
                }
                else
                {
                    instance = EmptyReadOnlyCollection <IAuthorizationPolicy> .Instance;
                }
                SecurityContextSecurityToken token2 = base.IssueSecurityContextToken(contextId, id, buffer2, utcNow, expirationTime, instance, base.EncryptStateInServiceToken);
                if (this.preserveBootstrapTokens)
                {
                    token2.BootstrapMessageProperty = (security == null) ? null : ((SecurityMessageProperty)security.CreateCopy());
                    System.ServiceModel.Security.SecurityUtils.ErasePasswordInUsernameTokenIfPresent(token2.BootstrapMessageProperty);
                }
                RequestSecurityTokenResponse response = new RequestSecurityTokenResponse(base.StandardsManager)
                {
                    Context = requestSecurityToken.Context,
                    KeySize = num,
                    RequestedUnattachedReference = base.IssuedSecurityTokenParameters.CreateKeyIdentifierClause(token2, SecurityTokenReferenceStyle.External),
                    RequestedAttachedReference   = base.IssuedSecurityTokenParameters.CreateKeyIdentifierClause(token2, SecurityTokenReferenceStyle.Internal),
                    TokenType = base.SecurityContextTokenUri,
                    RequestedSecurityToken = token2
                };
                if (buffer != null)
                {
                    response.SetIssuerEntropy(buffer);
                    response.ComputeKey = true;
                }
                if (token != null)
                {
                    response.RequestedProofToken = token;
                }
                if (address != null)
                {
                    if (request.Version.Addressing != AddressingVersion.WSAddressing10)
                    {
                        if (request.Version.Addressing != AddressingVersion.WSAddressingAugust2004)
                        {
                            throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ProtocolException(System.ServiceModel.SR.GetString("AddressingVersionNotSupported", new object[] { request.Version.Addressing })));
                        }
                        response.SetAppliesTo <EndpointAddressAugust2004>(EndpointAddressAugust2004.FromEndpointAddress(address), serializer);
                    }
                    else
                    {
                        response.SetAppliesTo <EndpointAddress10>(EndpointAddress10.FromEndpointAddress(address), serializer);
                    }
                }
                response.MakeReadOnly();
                negotiationState = new NegotiationTokenAuthenticatorState();
                negotiationState.SetServiceToken(token2);
                if (base.StandardsManager.MessageSecurityVersion.SecureConversationVersion == SecureConversationVersion.WSSecureConversationFeb2005)
                {
                    return(response);
                }
                if (base.StandardsManager.MessageSecurityVersion.SecureConversationVersion != SecureConversationVersion.WSSecureConversation13)
                {
                    throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
                }
                RequestSecurityTokenResponseCollection responses = new RequestSecurityTokenResponseCollection(new List <RequestSecurityTokenResponse>(1)
                {
                    response
                }, base.StandardsManager);
                writer = responses;
            }
            finally
            {
                SecuritySessionSecurityTokenAuthenticator.RemoveCachedTokensIfRequired(request.Properties.Security);
            }
            return(writer);
        }
Example #8
0
 protected abstract BodyWriter ProcessRequestSecurityToken(Message request, RequestSecurityToken requestSecurityToken, out T negotiationState);
Example #9
0
        private Message ProcessRequestCore(Message request)
        {
            Message message;

            if (request == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("request");
            }
            RequestSecurityToken         requestSecurityToken         = null;
            RequestSecurityTokenResponse requestSecurityTokenResponse = null;
            string context          = null;
            bool   flag             = false;
            bool   flag2            = true;
            T      negotiationState = default(T);

            try
            {
                if (this.maxMessageSize < 0x7fffffff)
                {
                    string action = request.Headers.Action;
                    try
                    {
                        using (MessageBuffer buffer = request.CreateBufferedCopy(this.maxMessageSize))
                        {
                            request = buffer.CreateMessage();
                            flag    = true;
                        }
                    }
                    catch (QuotaExceededException exception)
                    {
                        throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("SecurityNegotiationMessageTooLarge", new object[] { action, this.maxMessageSize }), exception));
                    }
                }
                try
                {
                    BodyWriter writer;
                    Uri        to = request.Headers.To;
                    this.ParseMessageBody(request, out context, out requestSecurityToken, out requestSecurityTokenResponse);
                    if (context != null)
                    {
                        negotiationState = this.stateCache.GetState(context);
                    }
                    else
                    {
                        negotiationState = default(T);
                    }
                    bool flag3 = false;
                    try
                    {
                        if (requestSecurityToken != null)
                        {
                            if (negotiationState != null)
                            {
                                throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new SecurityNegotiationException(System.ServiceModel.SR.GetString("NegotiationStateAlreadyPresent", new object[] { context })));
                            }
                            writer = this.ProcessRequestSecurityToken(request, requestSecurityToken, out negotiationState);
                            lock (negotiationState.ThisLock)
                            {
                                if (negotiationState.IsNegotiationCompleted)
                                {
                                    if (!negotiationState.ServiceToken.IsCookieMode)
                                    {
                                        this.IssuedTokenCache.AddContext(negotiationState.ServiceToken);
                                    }
                                    this.OnTokenIssued(negotiationState.ServiceToken);
                                    SecurityTraceRecordHelper.TraceServiceSecurityNegotiationCompleted <T>((NegotiationTokenAuthenticator <T>) this, negotiationState.ServiceToken);
                                    flag3 = true;
                                }
                                else
                                {
                                    this.stateCache.AddState(context, negotiationState);
                                    flag3 = false;
                                }
                                this.AddNegotiationChannelForIdleTracking();
                                goto Label_0299;
                            }
                        }
                        if (negotiationState == null)
                        {
                            throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new SecurityNegotiationException(System.ServiceModel.SR.GetString("CannotFindNegotiationState", new object[] { context })));
                        }
                        lock (negotiationState.ThisLock)
                        {
                            writer = this.ProcessRequestSecurityTokenResponse(negotiationState, request, requestSecurityTokenResponse);
                            if (negotiationState.IsNegotiationCompleted)
                            {
                                if (!negotiationState.ServiceToken.IsCookieMode)
                                {
                                    this.IssuedTokenCache.AddContext(negotiationState.ServiceToken);
                                }
                                this.OnTokenIssued(negotiationState.ServiceToken);
                                SecurityTraceRecordHelper.TraceServiceSecurityNegotiationCompleted <T>((NegotiationTokenAuthenticator <T>) this, negotiationState.ServiceToken);
                                flag3 = true;
                            }
                            else
                            {
                                flag3 = false;
                            }
                        }
Label_0299:
                        if ((negotiationState.IsNegotiationCompleted && (null != this.ListenUri)) && (AuditLevel.Success == (this.messageAuthenticationAuditLevel & AuditLevel.Success)))
                        {
                            string remoteIdentityName = negotiationState.GetRemoteIdentityName();
                            SecurityAuditHelper.WriteSecurityNegotiationSuccessEvent(this.auditLogLocation, this.suppressAuditFailure, request, request.Headers.To, request.Headers.Action, remoteIdentityName, base.GetType().Name);
                        }
                        flag2 = false;
                    }
                    catch (Exception exception2)
                    {
                        if (Fx.IsFatal(exception2))
                        {
                            throw;
                        }
                        if (PerformanceCounters.PerformanceCountersEnabled && (null != this.ListenUri))
                        {
                            PerformanceCounters.AuthenticationFailed(request, this.ListenUri);
                        }
                        if (AuditLevel.Failure == (this.messageAuthenticationAuditLevel & AuditLevel.Failure))
                        {
                            try
                            {
                                string clientIdentity = (negotiationState != null) ? negotiationState.GetRemoteIdentityName() : string.Empty;
                                SecurityAuditHelper.WriteSecurityNegotiationFailureEvent(this.auditLogLocation, this.suppressAuditFailure, request, request.Headers.To, request.Headers.Action, clientIdentity, base.GetType().Name, exception2);
                            }
                            catch (Exception exception3)
                            {
                                if (Fx.IsFatal(exception3))
                                {
                                    throw;
                                }
                                DiagnosticUtility.ExceptionUtility.TraceHandledException(exception3, TraceEventType.Error);
                            }
                        }
                        flag3 = true;
                        throw;
                    }
                    finally
                    {
                        if (flag3 && (negotiationState != null))
                        {
                            if (context != null)
                            {
                                this.stateCache.RemoveState(context);
                            }
                            negotiationState.Dispose();
                        }
                    }
                    return(NegotiationTokenAuthenticator <T> .CreateReply(request, (writer is RequestSecurityTokenResponseCollection)?this.RequestSecurityTokenResponseFinalAction : this.RequestSecurityTokenResponseAction, writer));
                }
                finally
                {
                    if (flag)
                    {
                        request.Close();
                    }
                }
            }
            finally
            {
                if (flag2)
                {
                    this.AddNegotiationChannelForIdleTracking();
                }
                else if ((negotiationState != null) && negotiationState.IsNegotiationCompleted)
                {
                    this.RemoveNegotiationChannelFromIdleTracking();
                }
            }
            return(message);
        }
        private static void AddToDigest(SspiNegotiationTokenAuthenticatorState sspiState, RequestSecurityToken rst)
        {
            MemoryStream        stream = new MemoryStream();
            XmlDictionaryWriter w      = XmlDictionaryWriter.CreateTextWriter(stream);

            rst.RequestSecurityTokenXml.WriteTo(w);
            w.Flush();
            AddToDigest(sspiState.NegotiationDigest, stream);
        }
Example #11
0
 protected virtual void WriteTargets(RequestSecurityToken rst, XmlDictionaryWriter writer)
 {
 }
Example #12
0
 public override void WriteRequestSecurityToken(RequestSecurityToken rst, XmlWriter xmlWriter)
 {
     throw new NotImplementedException();
 }