/// <summary>
/// Checks if Audience Enforcement checks are required for the given token
/// based on this SamlSecurityTokenRequirement settings.
/// </summary>
/// <param name="audienceUriMode">
/// The <see cref="AudienceUriMode"/> defining the audience requirement.
/// </param>
/// <param name="token">The Security token to be tested for Audience
/// Enforcement.</param>
/// <returns>True if Audience Enforcement should be applied.</returns>
/// <exception cref="ArgumentNullException">The input argument 'token' is null.</exception>
public virtual bool ShouldEnforceAudienceRestriction(AudienceUriMode audienceUriMode, SecurityToken token)
{
if (null == token)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token");
}
//
// Use AudienceUriMode to determine whether the audience
// should be enforced
//
switch (audienceUriMode)
{
case AudienceUriMode.Always:
return(true);
case AudienceUriMode.Never:
return(false);
case AudienceUriMode.BearerKeyOnly:
#pragma warning suppress 56506
return(null == token.SecurityKeys || 0 == token.SecurityKeys.Count);
default:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID4025, audienceUriMode)));
}
}
internal static void Validate(AudienceUriMode value)
{
if (!IsDefined(value))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidEnumArgumentException("value", (int) value, typeof(AudienceUriMode)));
}
}
internal static void Validate(AudienceUriMode value)
{
if (!IsDefined(value))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidEnumArgumentException("value", (int)value, typeof(AudienceUriMode)));
}
}
public static bool IsDefined(AudienceUriMode validationMode)
{
if ((validationMode != AudienceUriMode.Never) && (validationMode != AudienceUriMode.Always))
{
return (validationMode == AudienceUriMode.BearerKeyOnly);
}
return true;
}
public static bool IsDefined(AudienceUriMode validationMode)
{
if ((validationMode != AudienceUriMode.Never) && (validationMode != AudienceUriMode.Always))
{
return(validationMode == AudienceUriMode.BearerKeyOnly);
}
return(true);
}
internal IssuedTokenServiceCredential(IssuedTokenServiceCredential other)
{
this.audienceUriMode = other.audienceUriMode;
this.allowedAudienceUris = new List<string>(other.allowedAudienceUris);
this.samlSerializer = other.samlSerializer;
this.knownCertificates = new List<X509Certificate2>(other.knownCertificates);
this.certificateValidationMode = other.certificateValidationMode;
this.customCertificateValidator = other.customCertificateValidator;
this.trustedStoreLocation = other.trustedStoreLocation;
this.revocationMode = other.revocationMode;
this.allowUntrustedRsaIssuers = other.allowUntrustedRsaIssuers;
this.isReadOnly = other.isReadOnly;
}
internal IssuedTokenServiceCredential(IssuedTokenServiceCredential other)
{
_audienceUriMode = other._audienceUriMode;
_allowedAudienceUris = new List <string>(other._allowedAudienceUris);
_samlSerializer = other._samlSerializer;
_knownCertificates = new List <X509Certificate2>(other._knownCertificates);
_certificateValidationMode = other._certificateValidationMode;
_customCertificateValidator = other._customCertificateValidator;
_trustedStoreLocation = other._trustedStoreLocation;
_revocationMode = other._revocationMode;
_allowUntrustedRsaIssuers = other._allowUntrustedRsaIssuers;
_isReadOnly = other._isReadOnly;
}
internal IssuedTokenServiceCredential(IssuedTokenServiceCredential other)
{
this.audienceUriMode = other.audienceUriMode;
this.allowedAudienceUris = new List <string>(other.allowedAudienceUris);
this.samlSerializer = other.samlSerializer;
this.knownCertificates = new List <X509Certificate2>(other.knownCertificates);
this.certificateValidationMode = other.certificateValidationMode;
this.customCertificateValidator = other.customCertificateValidator;
this.trustedStoreLocation = other.trustedStoreLocation;
this.revocationMode = other.revocationMode;
this.allowUntrustedRsaIssuers = other.allowUntrustedRsaIssuers;
this.isReadOnly = other.isReadOnly;
}
public SamlSecurityTokenAuthenticator(IList<SecurityTokenAuthenticator> supportingAuthenticators, TimeSpan maxClockSkew)
{
if (supportingAuthenticators == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("supportingAuthenticators");
this.supportingAuthenticators = new List<SecurityTokenAuthenticator>(supportingAuthenticators.Count);
for (int i = 0; i < supportingAuthenticators.Count; ++i)
{
this.supportingAuthenticators.Add(supportingAuthenticators[i]);
}
this.maxClockSkew = maxClockSkew;
this.audienceUriMode = AudienceUriMode.Always;
this.allowedAudienceUris = new Collection<string>();
}
public SamlSecurityTokenAuthenticator(IList <SecurityTokenAuthenticator> supportingAuthenticators, TimeSpan maxClockSkew)
{
if (supportingAuthenticators == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("supportingAuthenticators");
}
this.supportingAuthenticators = new List <SecurityTokenAuthenticator>(supportingAuthenticators.Count);
for (int i = 0; i < supportingAuthenticators.Count; ++i)
{
this.supportingAuthenticators.Add(supportingAuthenticators[i]);
}
this.maxClockSkew = maxClockSkew;
this.audienceUriMode = AudienceUriMode.Always;
this.allowedAudienceUris = new Collection <string>();
}
/// <summary>
/// Checks if Audience Enforcement checks are required for the given token
/// based on this SamlSecurityTokenRequirement settings.
/// </summary>
/// <param name="audienceUriMode">
/// The <see cref="AudienceUriMode"/> defining the audience requirement.
/// </param>
/// <param name="token">The Security token to be tested for Audience
/// Enforcement.</param>
/// <returns>True if Audience Enforcement should be applied.</returns>
/// <exception cref="ArgumentNullException">The input argument 'token' is null.</exception>
public virtual bool ShouldEnforceAudienceRestriction(AudienceUriMode audienceUriMode, SecurityToken token)
{
if (null == token)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token");
}
//
// Use AudienceUriMode to determine whether the audience
// should be enforced
//
switch (audienceUriMode)
{
case AudienceUriMode.Always:
return true;
case AudienceUriMode.Never:
return false;
case AudienceUriMode.BearerKeyOnly:
#pragma warning suppress 56506
return (null == token.SecurityKeys || 0 == token.SecurityKeys.Count);
default:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID4025, audienceUriMode)));
}
}
public AudienceRestriction (AudienceUriMode audienceMode)
: this ()
{
AudienceMode = audienceMode;
}
public AudienceRestriction(AudienceUriMode audienceMode)
{
AudienceMode = audienceMode;
}
public static bool IsDefined(AudienceUriMode validationMode)
{
return validationMode == AudienceUriMode.Never
|| validationMode == AudienceUriMode.Always
|| validationMode == AudienceUriMode.BearerKeyOnly;
}
public static bool IsDefined(AudienceUriMode validationMode)
{
return(validationMode == AudienceUriMode.Never ||
validationMode == AudienceUriMode.Always ||
validationMode == AudienceUriMode.BearerKeyOnly);
}
/// <summary>
/// Creates an instance of <see cref="AudienceRestriction"/>
/// </summary>
/// <param name="audienceMode">Specifies the mode in which AudienceUri restriction is applied.</param>
public AudienceRestriction( AudienceUriMode audienceMode )
{
_audienceMode = audienceMode;
}
