private SslStreamSecurityBindingElement(
SslStreamSecurityBindingElement other)
: base(other)
{
verifier = other.verifier;
require_client_certificate = other.require_client_certificate;
}
protected SslStreamSecurityBindingElement(SslStreamSecurityBindingElement elementToBeCloned)
: base(elementToBeCloned)
{
this.identityVerifier = elementToBeCloned.identityVerifier;
this.requireClientCertificate = elementToBeCloned.requireClientCertificate;
this.sslProtocols = elementToBeCloned.sslProtocols;
}
protected SslStreamSecurityBindingElement(SslStreamSecurityBindingElement elementToBeCloned)
: base(elementToBeCloned)
{
_identityVerifier = elementToBeCloned._identityVerifier;
RequireClientCertificate = elementToBeCloned.RequireClientCertificate;
_sslProtocols = elementToBeCloned._sslProtocols;
}
private SslStreamSecurityUpgradeProvider(IDefaultCommunicationTimeouts timeouts, SecurityTokenManager clientSecurityTokenManager, bool requireClientCertificate, string scheme, IdentityVerifier identityVerifier, SslProtocols sslProtocols)
: base(timeouts)
{
_identityVerifier = identityVerifier;
_scheme = scheme;
_clientSecurityTokenManager = clientSecurityTokenManager;
_requireClientCertificate = requireClientCertificate;
_sslProtocols = sslProtocols;
}
private SslStreamSecurityBindingElement(
SslStreamSecurityBindingElement other)
: base(other)
{
#if !MOBILE && !XAMMAC_4_5
verifier = other.verifier;
#endif
require_client_certificate = other.require_client_certificate;
}
private SslStreamSecurityUpgradeProvider(IDefaultCommunicationTimeouts timeouts, SecurityTokenProvider serverTokenProvider, bool requireClientCertificate, SecurityTokenAuthenticator clientCertificateAuthenticator, string scheme, IdentityVerifier identityVerifier, SslProtocols sslProtocols)
: base(timeouts)
{
_serverTokenProvider = serverTokenProvider;
RequireClientCertificate = requireClientCertificate;
_clientCertificateAuthenticator = clientCertificateAuthenticator;
IdentityVerifier = identityVerifier;
Scheme = scheme;
SslProtocols = sslProtocols;
}
private SslStreamSecurityUpgradeProvider(IDefaultCommunicationTimeouts timeouts, SecurityTokenProvider serverTokenProvider, bool requireClientCertificate, SecurityTokenAuthenticator clientCertificateAuthenticator, string scheme, IdentityVerifier identityVerifier, SslProtocols sslProtocols)
: base(timeouts)
{
_serverTokenProvider = serverTokenProvider;
RequireClientCertificate = requireClientCertificate;
_clientCertificateAuthenticator = clientCertificateAuthenticator;
IdentityVerifier = identityVerifier;
Scheme = scheme;
SslProtocols = sslProtocols;
ClientSecurityTokenManager = null; // Used for client but there's public api which need this and the compiler complains it's never assigned
}
public override T GetProperty <T> (BindingContext context)
{
if (typeof(T) == typeof(ISecurityCapabilities))
{
return((T)(object)this);
}
if (typeof(T) == typeof(IdentityVerifier))
{
return((T)(object)IdentityVerifier.CreateDefault());
}
return(null);
}
protected override void OnOpened()
{
base.OnOpened();
if (_identityVerifier == null)
{
_identityVerifier = IdentityVerifier.CreateDefault();
}
if (_serverCredential == null)
{
_serverCredential = CredentialCache.DefaultNetworkCredentials;
}
}
public static SspiSecurityTokenProvider GetSspiTokenProvider(SecurityTokenManager tokenManager, EndpointAddress target, Uri via, string transportScheme, out IdentityVerifier identityVerifier)
{
identityVerifier = null;
if (tokenManager == null)
{
return(null);
}
SspiSecurityTokenProvider provider = tokenManager.CreateSecurityTokenProvider(CreateSspiTokenRequirement(target, via, transportScheme)) as SspiSecurityTokenProvider;
if (provider != null)
{
identityVerifier = IdentityVerifier.CreateDefault();
}
return(provider);
}
public LocalClientSecuritySettings()
{
DetectReplays = SecurityProtocolFactory.defaultDetectReplays;
ReplayCacheSize = SecurityProtocolFactory.defaultMaxCachedNonces;
ReplayWindow = SecurityProtocolFactory.defaultReplayWindow;
MaxClockSkew = SecurityProtocolFactory.defaultMaxClockSkew;
TimestampValidityDuration = SecurityProtocolFactory.defaultTimestampValidityDuration;
CacheCookies = IssuanceTokenProviderBase <IssuanceTokenProviderState> .defaultClientCacheTokens;
MaxCookieCachingTime = IssuanceTokenProviderBase <IssuanceTokenProviderState> .DefaultClientMaxTokenCachingTime;
SessionKeyRenewalInterval = SecuritySessionClientSettings.defaultKeyRenewalInterval;
SessionKeyRolloverInterval = SecuritySessionClientSettings.defaultKeyRolloverInterval;
ReconnectTransportOnFailure = SecuritySessionClientSettings.defaultTolerateTransportFailures;
CookieRenewalThresholdPercentage = AcceleratedTokenProvider.defaultServiceTokenValidityThresholdPercentage;
IdentityVerifier = IdentityVerifier.CreateDefault();
NonceCache = null;
}
public override T GetProperty <T>(BindingContext context) where T : class
{
if (context == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");
}
if (typeof(T) == typeof(ISecurityCapabilities))
{
return((T) new SecurityCapabilities(true, true, true, this.protectionLevel, this.protectionLevel));
}
if (typeof(T) == typeof(IdentityVerifier))
{
return((T)IdentityVerifier.CreateDefault());
}
return(context.GetInnerProperty <T>());
}
private LocalClientSecuritySettings(LocalClientSecuritySettings other)
{
_detectReplays = other._detectReplays;
_replayCacheSize = other._replayCacheSize;
_replayWindow = other._replayWindow;
_maxClockSkew = other._maxClockSkew;
_cacheCookies = other._cacheCookies;
_maxCookieCachingTime = other._maxCookieCachingTime;
_sessionKeyRenewalInterval = other._sessionKeyRenewalInterval;
_sessionKeyRolloverInterval = other._sessionKeyRolloverInterval;
_reconnectTransportOnFailure = other._reconnectTransportOnFailure;
_timestampValidityDuration = other._timestampValidityDuration;
_identityVerifier = other._identityVerifier;
_cookieRenewalThresholdPercentage = other._cookieRenewalThresholdPercentage;
_nonceCache = other._nonceCache;
}
LocalClientSecuritySettings(LocalClientSecuritySettings other)
{
this.detectReplays = other.detectReplays;
this.replayCacheSize = other.replayCacheSize;
this.replayWindow = other.replayWindow;
this.maxClockSkew = other.maxClockSkew;
this.cacheCookies = other.cacheCookies;
this.maxCookieCachingTime = other.maxCookieCachingTime;
this.sessionKeyRenewalInterval = other.sessionKeyRenewalInterval;
this.sessionKeyRolloverInterval = other.sessionKeyRolloverInterval;
this.reconnectTransportOnFailure = other.reconnectTransportOnFailure;
this.timestampValidityDuration = other.timestampValidityDuration;
this.identityVerifier = other.identityVerifier;
this.cookieRenewalThresholdPercentage = other.cookieRenewalThresholdPercentage;
this.nonceCache = other.nonceCache;
}
public override T GetProperty <T>(BindingContext context)
{
if (context == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(context));
}
if (typeof(T) == typeof(ISecurityCapabilities))
{
return((T)(object)new SecurityCapabilities(true, true, true, _protectionLevel, _protectionLevel));
}
else if (typeof(T) == typeof(IdentityVerifier))
{
return((T)(object)IdentityVerifier.CreateDefault());
}
else
{
return(context.GetInnerProperty <T>());
}
}
private string GetServicePrincipalName(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement)
{
IdentityVerifier identityVerifier;
EndpointIdentity identity;
EndpointAddress targetAddress = initiatorRequirement.TargetAddress;
if (targetAddress == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenRequirementDoesNotSpecifyTargetAddress", new object[] { initiatorRequirement }));
}
SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement;
if (securityBindingElement != null)
{
identityVerifier = securityBindingElement.LocalClientSettings.IdentityVerifier;
}
else
{
identityVerifier = IdentityVerifier.CreateDefault();
}
identityVerifier.TryGetIdentity(targetAddress, out identity);
return(System.ServiceModel.Security.SecurityUtils.GetSpnFromIdentity(identity, targetAddress));
}
internal static ClientRuntime BuildProxyBehavior(ServiceEndpoint serviceEndpoint, out BindingParameterCollection parameters)
{
parameters = new BindingParameterCollection();
SecurityContractInformationEndpointBehavior.ClientInstance.AddBindingParameters(serviceEndpoint, parameters);
AddBindingParameters(serviceEndpoint, parameters);
ContractDescription contractDescription = serviceEndpoint.Contract;
ClientRuntime clientRuntime = new ClientRuntime(contractDescription.Name, contractDescription.Namespace);
clientRuntime.ContractClientType = contractDescription.ContractType;
IdentityVerifier identityVerifier = serviceEndpoint.Binding.GetProperty <IdentityVerifier>(parameters);
if (identityVerifier != null)
{
clientRuntime.IdentityVerifier = identityVerifier;
}
for (int i = 0; i < contractDescription.Operations.Count; i++)
{
OperationDescription operation = contractDescription.Operations[i];
if (!operation.IsServerInitiated())
{
DispatcherBuilder.BuildProxyOperation(operation, clientRuntime);
}
else
{
DispatcherBuilder.BuildDispatchOperation(operation, clientRuntime.CallbackDispatchRuntime);
}
}
DispatcherBuilder.ApplyClientBehavior(serviceEndpoint, clientRuntime);
return(clientRuntime);
}
string GetServicePrincipalName(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement)
{
EndpointAddress targetAddress = initiatorRequirement.TargetAddress;
if (targetAddress == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.Format(SR.TokenRequirementDoesNotSpecifyTargetAddress, initiatorRequirement));
}
IdentityVerifier identityVerifier;
SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement;
if (securityBindingElement != null)
{
identityVerifier = securityBindingElement.LocalClientSettings.IdentityVerifier;
}
else
{
identityVerifier = IdentityVerifier.CreateDefault();
}
EndpointIdentity identity;
identityVerifier.TryGetIdentity(targetAddress, out identity);
return(SecurityUtils.GetSpnFromIdentity(identity, targetAddress));
}
protected SslStreamSecurityBindingElement(SslStreamSecurityBindingElement elementToBeCloned)
: base(elementToBeCloned)
{
_identityVerifier = elementToBeCloned._identityVerifier;
_requireClientCertificate = elementToBeCloned._requireClientCertificate;
}
private void EnsureIncomingIdentity(SecurityMessageProperty property, EndpointAddress address, Message reply)
{
IdentityVerifier.EnsureIncomingIdentity(address, property.ServiceSecurityContext.AuthorizationContext);
}
public MyIdentityVerifier()
{
_defaultVerifier = CreateDefault();
}
static void Main()
{
// <Snippet2>
// <Snippet0>
// <Snippet1>
LocalClientSecuritySettings settings =
new LocalClientSecuritySettings();
// </Snippet1>
bool cacheCookies = settings.CacheCookies;
// </Snippet0>
// </Snippet2>
// <Snippet3>
// Set to 20 minutes.
settings.CookieRenewalThresholdPercentage = 20;
// </Snippet3>
// <Snippet4>
// Enable replay detection.
settings.DetectReplays = true;
// </Snippet4>
// <Snippet5>
IdentityVerifier id = settings.IdentityVerifier;
// </Snippet5>
// <Snippet6>
TimeSpan timeSpan = settings.MaxClockSkew;
// </Snippet6>
// <Snippet7>
TimeSpan maxCookieCachingTime = settings.MaxCookieCachingTime;
// </Snippet7>
// <Snippet8>
bool reconnect = settings.ReconnectTransportOnFailure;
// </Snippet8>
// <Snippet9>
int replayCacheSize = settings.ReplayCacheSize;
// </Snippet9>
// <Snippet10>
TimeSpan replayWindow = settings.ReplayWindow;
// </Snippet10>
// <Snippet11>
TimeSpan sessionKeyRenewalInterval = settings.SessionKeyRenewalInterval;
// </Snippet11>
// <Snippet12>
TimeSpan rollover = settings.SessionKeyRolloverInterval;
// </Snippet12>
// <Snippet13>
TimeSpan timestamp = settings.TimestampValidityDuration;
// </Snippet13>
// <Snippet14>
LocalClientSecuritySettings clone =
settings.Clone();
// </Snippet14>
}
public override bool TryGetIdentity(EndpointAddress reference, out EndpointIdentity identity)
{
return(IdentityVerifier.CreateDefault().TryGetIdentity(reference, out identity));
}
public bool ShouldSerializeIdentityVerifier()
{
// IdentifyVerifier.CreateDefault() grabs the static instance of nested DefaultIdentityVerifier.
// DefaultIdentityVerifier can't be serialized directly because it's nested.
return(!object.ReferenceEquals(this.IdentityVerifier, IdentityVerifier.CreateDefault()));
}
public SslStreamSecurityBindingElement()
{
#if !MOBILE && !XAMMAC_4_5
verifier = IdentityVerifier.CreateDefault();
#endif
}
public MyIdentityVerifier()
{
this.defaultVerifier = IdentityVerifier.CreateDefault();
}
public SslStreamSecurityBindingElement()
{
verifier = IdentityVerifier.CreateDefault();
}
public CustomeIdentityVerifier()
{
this.defaultVerifier = CustomeIdentityVerifier.CreateDefault();
}