Exemple #1
0
        internal static object ToJsonModel(Site site, string path)
        {
            if (site == null)
            {
                throw new ArgumentException("site");
            }

            var section = GetAccessSection(site, path);

            bool         isLocal               = section.IsLocallyStored;
            bool         isLocked              = section.IsLocked;
            OverrideMode overrideMode          = section.OverrideMode;
            OverrideMode overrideModeEffective = section.OverrideModeEffective;

            HttpAccessSslFlags        sslFlags = section.SslFlags;
            ClientCertificateSettings clientCertSettings;

            if (sslFlags.HasFlag(HttpAccessSslFlags.SslRequireCert))
            {
                clientCertSettings = ClientCertificateSettings.REQUIRE;
            }
            else if (sslFlags.HasFlag(HttpAccessSslFlags.SslNegotiateCert))
            {
                clientCertSettings = ClientCertificateSettings.ACCEPT;
            }
            else
            {
                clientCertSettings = ClientCertificateSettings.IGNORE;
            }

            bool hasHttpsBinding = false;

            if (!(site == null))
            {
                foreach (Binding binding in site.Bindings)
                {
                    if (binding.Protocol.Equals("https", StringComparison.OrdinalIgnoreCase))
                    {
                        hasHttpsBinding = true;
                        break;
                    }
                }
            }

            SslSettingId id = new SslSettingId(site?.Id, path, isLocal);

            var obj = new {
                id                  = id.Uuid,
                scope               = site == null ? string.Empty : site.Name + path,
                metadata            = ConfigurationUtility.MetadataToJson(isLocal, isLocked, overrideMode, overrideModeEffective),
                require_ssl         = sslFlags.HasFlag(HttpAccessSslFlags.Ssl) || sslFlags.HasFlag(HttpAccessSslFlags.Ssl128),
                client_certificates = Enum.GetName(typeof(ClientCertificateSettings), clientCertSettings).ToLower(),
                has_https_binding   = hasHttpsBinding,
                website             = SiteHelper.ToJsonModelRef(site)
            };

            return(Core.Environment.Hal.Apply(Defines.Resource.Guid, obj));
        }
        internal bool GetAllowSslOnly(string virtualPath)
        {
            HttpAccessSslFlags flags = this.GetAccessSslFlags(virtualPath);

            if ((flags & HttpAccessSslFlags.Ssl) != 0)
            {
                return(true);
            }
            return(false);
        }
        public override bool ValidateHttpsSettings(string virtualPath, ref bool?requireClientCertificate)
        {
            bool flag = false;

            if (!ServiceHostingEnvironment.IsSimpleApplicationHost)
            {
                HttpAccessSslFlags accessSslFlags = HostedTransportConfigurationManager.MetabaseSettings.GetAccessSslFlags(virtualPath);
                HttpAccessSslFlags none           = HttpAccessSslFlags.None;
                bool flag2 = false;
                if ((accessSslFlags & HttpAccessSslFlags.SslRequireCert) != HttpAccessSslFlags.None)
                {
                    if (requireClientCertificate.HasValue)
                    {
                        if (!requireClientCertificate.Value)
                        {
                            flag2 = true;
                        }
                    }
                    else
                    {
                        requireClientCertificate = 1;
                    }
                }
                else if (requireClientCertificate.GetValueOrDefault())
                {
                    none |= HttpAccessSslFlags.SslRequireCert;
                    flag2 = true;
                }
                if (!flag2 && ((accessSslFlags & HttpAccessSslFlags.SslMapCert) != HttpAccessSslFlags.None))
                {
                    flag = true;
                }
                if (flag2)
                {
                    throw FxTrace.Exception.AsError(new NotSupportedException(System.ServiceModel.Activation.SR.Hosting_SslSettingsMisconfigured(none.ToString(), accessSslFlags.ToString())));
                }
            }
            return(flag);
        }
Exemple #4
0
        public override bool ValidateHttpsSettings(string virtualPath, ref bool requireClientCertificate)
        {
            // Do not validate settings for Cassini. Actually current implementation of Cassini does not support HTTPS.
            if (ServiceHostingEnvironment.IsSimpleApplicationHost)
            {
                return(false);
            }

            // Validate Ssl Settings
            HttpAccessSslFlags sslFlags = HostedTransportConfigurationManager.MetabaseSettings.GetAccessSslFlags(virtualPath);
            HttpAccessSslFlags channelListenerSslFlags = HttpAccessSslFlags.None;

            // Validating SSL flags. SslRequireCert means "require client certificate" in IIS terminology.
            if ((sslFlags & HttpAccessSslFlags.SslRequireCert) != 0)
            {
                // Require SSL.
                // We apply IIS settings to the ChannelListener to fix the endpoint
                requireClientCertificate = true;
            }
            else if (requireClientCertificate &&
                     // Validating SSL flags. SslNegotiateCert means "accept client certificate" in IIS terminology.
                     // We want to allow SslNegotiateCert in IIS to support hosting one endpoint requiring client
                     // certificates and another endpoint not using client certificates in the same VirtualDirectory.
                     // HttpsChannelListener.ValidateAuthentication ensures that authentication is denied for services
                     // requiring client certificates when the client does not present one.
                     (sslFlags & HttpAccessSslFlags.SslNegotiateCert) == 0)
            {
                // IIS ignores client cert but the binding requires it.
                channelListenerSslFlags |= HttpAccessSslFlags.SslRequireCert;

                throw FxTrace.Exception.AsError(new NotSupportedException(SR.Hosting_SslSettingsMisconfigured(
                                                                              channelListenerSslFlags.ToString(), sslFlags.ToString())));
            }

            return((sslFlags & HttpAccessSslFlags.SslMapCert) != 0);
        }