internal static object ToJsonModel(Site site, string path)
{
if (site == null)
{
throw new ArgumentException("site");
}
var section = GetAccessSection(site, path);
bool isLocal = section.IsLocallyStored;
bool isLocked = section.IsLocked;
OverrideMode overrideMode = section.OverrideMode;
OverrideMode overrideModeEffective = section.OverrideModeEffective;
HttpAccessSslFlags sslFlags = section.SslFlags;
ClientCertificateSettings clientCertSettings;
if (sslFlags.HasFlag(HttpAccessSslFlags.SslRequireCert))
{
clientCertSettings = ClientCertificateSettings.REQUIRE;
}
else if (sslFlags.HasFlag(HttpAccessSslFlags.SslNegotiateCert))
{
clientCertSettings = ClientCertificateSettings.ACCEPT;
}
else
{
clientCertSettings = ClientCertificateSettings.IGNORE;
}
bool hasHttpsBinding = false;
if (!(site == null))
{
foreach (Binding binding in site.Bindings)
{
if (binding.Protocol.Equals("https", StringComparison.OrdinalIgnoreCase))
{
hasHttpsBinding = true;
break;
}
}
}
SslSettingId id = new SslSettingId(site?.Id, path, isLocal);
var obj = new {
id = id.Uuid,
scope = site == null ? string.Empty : site.Name + path,
metadata = ConfigurationUtility.MetadataToJson(isLocal, isLocked, overrideMode, overrideModeEffective),
require_ssl = sslFlags.HasFlag(HttpAccessSslFlags.Ssl) || sslFlags.HasFlag(HttpAccessSslFlags.Ssl128),
client_certificates = Enum.GetName(typeof(ClientCertificateSettings), clientCertSettings).ToLower(),
has_https_binding = hasHttpsBinding,
website = SiteHelper.ToJsonModelRef(site)
};
return(Core.Environment.Hal.Apply(Defines.Resource.Guid, obj));
}
internal bool GetAllowSslOnly(string virtualPath)
{
HttpAccessSslFlags flags = this.GetAccessSslFlags(virtualPath);
if ((flags & HttpAccessSslFlags.Ssl) != 0)
{
return(true);
}
return(false);
}
public override bool ValidateHttpsSettings(string virtualPath, ref bool?requireClientCertificate)
{
bool flag = false;
if (!ServiceHostingEnvironment.IsSimpleApplicationHost)
{
HttpAccessSslFlags accessSslFlags = HostedTransportConfigurationManager.MetabaseSettings.GetAccessSslFlags(virtualPath);
HttpAccessSslFlags none = HttpAccessSslFlags.None;
bool flag2 = false;
if ((accessSslFlags & HttpAccessSslFlags.SslRequireCert) != HttpAccessSslFlags.None)
{
if (requireClientCertificate.HasValue)
{
if (!requireClientCertificate.Value)
{
flag2 = true;
}
}
else
{
requireClientCertificate = 1;
}
}
else if (requireClientCertificate.GetValueOrDefault())
{
none |= HttpAccessSslFlags.SslRequireCert;
flag2 = true;
}
if (!flag2 && ((accessSslFlags & HttpAccessSslFlags.SslMapCert) != HttpAccessSslFlags.None))
{
flag = true;
}
if (flag2)
{
throw FxTrace.Exception.AsError(new NotSupportedException(System.ServiceModel.Activation.SR.Hosting_SslSettingsMisconfigured(none.ToString(), accessSslFlags.ToString())));
}
}
return(flag);
}
public override bool ValidateHttpsSettings(string virtualPath, ref bool requireClientCertificate)
{
// Do not validate settings for Cassini. Actually current implementation of Cassini does not support HTTPS.
if (ServiceHostingEnvironment.IsSimpleApplicationHost)
{
return(false);
}
// Validate Ssl Settings
HttpAccessSslFlags sslFlags = HostedTransportConfigurationManager.MetabaseSettings.GetAccessSslFlags(virtualPath);
HttpAccessSslFlags channelListenerSslFlags = HttpAccessSslFlags.None;
// Validating SSL flags. SslRequireCert means "require client certificate" in IIS terminology.
if ((sslFlags & HttpAccessSslFlags.SslRequireCert) != 0)
{
// Require SSL.
// We apply IIS settings to the ChannelListener to fix the endpoint
requireClientCertificate = true;
}
else if (requireClientCertificate &&
// Validating SSL flags. SslNegotiateCert means "accept client certificate" in IIS terminology.
// We want to allow SslNegotiateCert in IIS to support hosting one endpoint requiring client
// certificates and another endpoint not using client certificates in the same VirtualDirectory.
// HttpsChannelListener.ValidateAuthentication ensures that authentication is denied for services
// requiring client certificates when the client does not present one.
(sslFlags & HttpAccessSslFlags.SslNegotiateCert) == 0)
{
// IIS ignores client cert but the binding requires it.
channelListenerSslFlags |= HttpAccessSslFlags.SslRequireCert;
throw FxTrace.Exception.AsError(new NotSupportedException(SR.Hosting_SslSettingsMisconfigured(
channelListenerSslFlags.ToString(), sslFlags.ToString())));
}
return((sslFlags & HttpAccessSslFlags.SslMapCert) != 0);
}