Example #1
0
        /// <summary>
        /// The purpose of this method is to set our WrappedTokenCache as the token cache for SCT's.
        /// And to set our OnIssuedToken callback when in cookie mode.
        /// We have to use reflection here as this is a private method.
        /// </summary>
        static void SetWrappedTokenCache(
            WrappedTokenCache wrappedTokenCache,
            SecurityTokenAuthenticator sta,
            WrappedSessionSecurityTokenAuthenticator wssta,
            SctClaimsHandler claimsHandler)
        {
            if (sta is SecuritySessionSecurityTokenAuthenticator)
            {
                (sta as SecuritySessionSecurityTokenAuthenticator).IssuedTokenCache = wrappedTokenCache;
            }
            else if (sta is AcceleratedTokenAuthenticator)
            {
                (sta as AcceleratedTokenAuthenticator).IssuedTokenCache = wrappedTokenCache;
            }
            else if (sta is SpnegoTokenAuthenticator)
            {
                (sta as SpnegoTokenAuthenticator).IssuedTokenCache = wrappedTokenCache;
            }
            else if (sta is TlsnegoTokenAuthenticator)
            {
                (sta as TlsnegoTokenAuthenticator).IssuedTokenCache = wrappedTokenCache;
            }

            // we need to special case this as the OnTokenIssued callback is not hooked up in the cookie mode case.
            IIssuanceSecurityTokenAuthenticator issuanceTokenAuthenticator = sta as IIssuanceSecurityTokenAuthenticator;

            if (issuanceTokenAuthenticator != null)
            {
                issuanceTokenAuthenticator.IssuedSecurityTokenHandler  = claimsHandler.OnTokenIssued;
                issuanceTokenAuthenticator.RenewedSecurityTokenHandler = claimsHandler.OnTokenRenewed;
            }
        }
Example #2
0
        /// <summary>
        /// Helper method to setup the WrappedSecureConversttion
        /// </summary>
        SecurityTokenAuthenticator SetupSecureConversationWrapper(RecipientServiceModelSecurityTokenRequirement tokenRequirement, SessionSecurityTokenHandler tokenHandler, out SecurityTokenResolver outOfBandTokenResolver)
        {
            // This code requires Orcas SP1 to compile.
            // WCF expects this securityTokenAuthenticator to support:
            // 1. IIssuanceSecurityTokenAuthenticator
            // 2. ICommunicationObject is needed for this to work right.
            // WCF opens a listener in this STA that handles the nego and uses an internal class for negotiating the
            // the bootstrap tokens.  We want to handle ValidateToken to return our authorization policies and surface the bootstrap tokens.

            // when sp1 is installed, use this one.
            //SecurityTokenAuthenticator sta = base.CreateSecureConversationTokenAuthenticator( tokenRequirement as RecipientServiceModelSecurityTokenRequirement, _saveBootstrapTokensInSession, out outOfBandTokenResolver );

            // use this code if SP1 is not installed
            SecurityTokenAuthenticator  sta = base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver);
            SessionSecurityTokenHandler sessionTokenHandler = tokenHandler;

            //
            // If there is no SCT handler here, create one.
            //
            if (tokenHandler == null)
            {
                sessionTokenHandler = new SessionSecurityTokenHandler(_cookieTransforms, SessionSecurityTokenHandler.DefaultTokenLifetime);
                sessionTokenHandler.ContainingCollection = _securityTokenHandlerCollection;
                sessionTokenHandler.Configuration        = _securityTokenHandlerCollection.Configuration;
            }

            if (ServiceCredentials != null)
            {
                sessionTokenHandler.Configuration.MaxClockSkew = ServiceCredentials.IdentityConfiguration.MaxClockSkew;
            }

            SctClaimsHandler claimsHandler = new SctClaimsHandler(
                _securityTokenHandlerCollection,
                GetNormalizedEndpointId(tokenRequirement));

            WrappedSessionSecurityTokenAuthenticator wssta = new WrappedSessionSecurityTokenAuthenticator(sessionTokenHandler, sta,
                                                                                                          claimsHandler, _exceptionMapper);
            WrappedTokenCache wrappedTokenCache = new WrappedTokenCache(_tokenCache, claimsHandler);

            SetWrappedTokenCache(wrappedTokenCache, sta, wssta, claimsHandler);
            outOfBandTokenResolver = wrappedTokenCache;

            return(wssta);
        }
        /// <summary>
        /// The purpose of this method is to set our WrappedTokenCache as the token cache for SCT's.
        /// And to set our OnIssuedToken callback when in cookie mode.
        /// We have to use reflection here as this is a private method.
        /// </summary>
        static void SetWrappedTokenCache(
            WrappedTokenCache wrappedTokenCache,
            SecurityTokenAuthenticator sta,
            WrappedSessionSecurityTokenAuthenticator wssta,
            SctClaimsHandler claimsHandler )
        {
            if ( sta is SecuritySessionSecurityTokenAuthenticator )
            {
                ( sta as SecuritySessionSecurityTokenAuthenticator ).IssuedTokenCache = wrappedTokenCache;
            }
            else if ( sta is AcceleratedTokenAuthenticator )
            {
                ( sta as AcceleratedTokenAuthenticator ).IssuedTokenCache = wrappedTokenCache;
            }
            else if ( sta is SpnegoTokenAuthenticator )
            {
                ( sta as SpnegoTokenAuthenticator ).IssuedTokenCache = wrappedTokenCache;
            }
            else if ( sta is TlsnegoTokenAuthenticator )
            {
                ( sta as TlsnegoTokenAuthenticator ).IssuedTokenCache = wrappedTokenCache;
            }

            // we need to special case this as the OnTokenIssued callback is not hooked up in the cookie mode case.
            IIssuanceSecurityTokenAuthenticator issuanceTokenAuthenticator = sta as IIssuanceSecurityTokenAuthenticator;
            if ( issuanceTokenAuthenticator != null )
            {
                issuanceTokenAuthenticator.IssuedSecurityTokenHandler = claimsHandler.OnTokenIssued;
                issuanceTokenAuthenticator.RenewedSecurityTokenHandler = claimsHandler.OnTokenRenewed;
            }
        }
        /// <summary>
        /// Helper method to setup the WrappedSecureConversttion
        /// </summary>
        SecurityTokenAuthenticator SetupSecureConversationWrapper( RecipientServiceModelSecurityTokenRequirement tokenRequirement, SessionSecurityTokenHandler tokenHandler, out SecurityTokenResolver outOfBandTokenResolver )
        {
            // This code requires Orcas SP1 to compile.
            // WCF expects this securityTokenAuthenticator to support:
            // 1. IIssuanceSecurityTokenAuthenticator
            // 2. ICommunicationObject is needed for this to work right.
            // WCF opens a listener in this STA that handles the nego and uses an internal class for negotiating the 
            // the bootstrap tokens.  We want to handle ValidateToken to return our authorization policies and surface the bootstrap tokens.

            // when sp1 is installed, use this one.
            //SecurityTokenAuthenticator sta = base.CreateSecureConversationTokenAuthenticator( tokenRequirement as RecipientServiceModelSecurityTokenRequirement, _saveBootstrapTokensInSession, out outOfBandTokenResolver );

            // use this code if SP1 is not installed
            SecurityTokenAuthenticator sta = base.CreateSecurityTokenAuthenticator( tokenRequirement, out outOfBandTokenResolver );
            SessionSecurityTokenHandler sessionTokenHandler = tokenHandler;

            //
            // If there is no SCT handler here, create one.
            //
            if ( tokenHandler == null )
            {
                sessionTokenHandler = new SessionSecurityTokenHandler( _cookieTransforms, SessionSecurityTokenHandler.DefaultTokenLifetime );
                sessionTokenHandler.ContainingCollection = _securityTokenHandlerCollection;
                sessionTokenHandler.Configuration = _securityTokenHandlerCollection.Configuration;
            }

            if ( ServiceCredentials != null )
            {
                sessionTokenHandler.Configuration.MaxClockSkew = ServiceCredentials.IdentityConfiguration.MaxClockSkew;
            }

            SctClaimsHandler claimsHandler = new SctClaimsHandler(
                                                    _securityTokenHandlerCollection,
                                                    GetNormalizedEndpointId( tokenRequirement ) );

            WrappedSessionSecurityTokenAuthenticator wssta = new WrappedSessionSecurityTokenAuthenticator( sessionTokenHandler, sta,
                                                                                                           claimsHandler, _exceptionMapper );
            WrappedTokenCache wrappedTokenCache = new WrappedTokenCache( _tokenCache, claimsHandler);
            SetWrappedTokenCache( wrappedTokenCache, sta, wssta, claimsHandler );
            outOfBandTokenResolver = wrappedTokenCache;

            return wssta;
        }