public override void createTestFixture()
{
BodyArchitectAccessService.EnableLog(false);//to invoke static constructor which set Log to true
base.createTestFixture();
ExceptionHandler.Default.EmailFeaturesEnabled = false;
//HibernatingRhinos.Profiler.Appender.NHibernate.NHibernateProfiler.Initialize();
var baseAddress = new Uri("http://localhost:8000/TestService");
myServiceHost_ = new ServiceHost(typeof(ServiceClass), baseAddress);
binding = new BasicHttpBinding();
myServiceHost_.AddServiceEndpoint(typeof(IService), binding, address);
myServiceHost_.Description.Behaviors.Remove(typeof(ServiceAuthorizationBehavior));
var apiKeyAuthorization = new ServiceAuthorizationBehavior();
apiKeyAuthorization.ServiceAuthorizationManager = new APIKeyAuthorization();
myServiceHost_.Description.Behaviors.Add(apiKeyAuthorization);
var smb = new ServiceMetadataBehavior {
HttpGetEnabled = true
};
myServiceHost_.Description.Behaviors.Add(smb);
myServiceHost_.Open();
}
public void Can_Apply_PrincipalPermissionModeAuthorization()
{
using (IWindsorContainer container = Container)
{
container.Register(
Component.For <PrincipalPermissionModeAuthorization>()
.DependsOn(new { principalPermissionMode = PrincipalPermissionMode.Custom })
.Attribute(WcfConstants.ExtensionScopeKey).Eq(WcfExtensionScope.Services),
Component.For <IOperations>()
.ImplementedBy <Operations>()
.LifeStyle.Transient
.AsWcfService(
new DefaultServiceModel()
.AddEndpoints(WcfEndpoint
.BoundTo(new NetTcpBinding {
PortSharingEnabled = true
})
.At("net.tcp://localhost/Operations"))));
WcfFacility wcfFacility = container.Kernel.GetFacilities().OfType <WcfFacility>().Single();
ServiceHost host = wcfFacility.Services.ManagedServiceHosts.Single();
ServiceAuthorizationBehavior serviceAuthorizationBehavior = host.Description.Behaviors.OfType <ServiceAuthorizationBehavior>().SingleOrDefault();
Assert.IsNotNull(serviceAuthorizationBehavior);
Assert.AreEqual(PrincipalPermissionMode.Custom, serviceAuthorizationBehavior.PrincipalPermissionMode);
}
}
public static IServiceCollection AddServiceModelServices(this IServiceCollection services)
{
if (services == null)
{
throw new ArgumentNullException(nameof(services));
}
services.AddSingleton <ServiceBuilder>();
services.AddSingleton <IServiceBuilder>(provider => provider.GetRequiredService <ServiceBuilder>());
services.AddSingleton <IServiceBehavior>(provider => provider.GetRequiredService <ServiceAuthorizationBehavior>());
services.AddSingleton <ServiceAuthorizationBehavior>(provider =>
{
var behavior = new ServiceAuthorizationBehavior();
var manager = provider.GetService <ServiceAuthorizationManager>();
if (manager != null)
{
behavior.ServiceAuthorizationManager = manager;
}
return(behavior);
});
services.TryAddSingleton(typeof(IServiceConfiguration <>), typeof(ServiceConfiguration <>));
services.TryAddSingleton <IDispatcherBuilder, DispatcherBuilderImpl>();
services.AddSingleton(typeof(ServiceConfigurationDelegateHolder <>));
services.AddScoped <ReplyChannelBinder>();
services.AddScoped <DuplexChannelBinder>();
services.AddScoped <InputChannelBinder>();
services.AddScoped <ServiceChannel.SessionIdleManager>();
services.AddSingleton(typeof(ServiceHostObjectModel <>));
services.AddSingleton(typeof(TransportCompressionSupportHelper));
return(services);
}
/// <summary>
/// Creates a new <see cref="DataServiceHost"/> from the URI.
/// </summary>
/// <param name="serviceType">Specifies the type of WCF service to host.</param>
/// <param name="baseAddresses">An array of base addresses for the service.</param>
/// <returns>New <see cref="DataServiceHost"/>.</returns>
protected override ServiceHost CreateServiceHost(Type serviceType, Uri[] baseAddresses)
{
// Create data service host.
ServiceHost host = base.CreateServiceHost(serviceType, baseAddresses);
// Enable security on the data service.
ServiceAuthorizationBehavior serviceBehavior = host.Description.Behaviors.Find <ServiceAuthorizationBehavior>();
if (serviceBehavior == null)
{
serviceBehavior = new ServiceAuthorizationBehavior();
host.Description.Behaviors.Add(serviceBehavior);
}
serviceBehavior.PrincipalPermissionMode = PrincipalPermissionMode.Custom;
List <IAuthorizationPolicy> policies = new List <IAuthorizationPolicy>();
policies.Add((IAuthorizationPolicy)Activator.CreateInstance(m_authorizationPolicy));
serviceBehavior.ExternalAuthorizationPolicies = policies.AsReadOnly();
foreach (var behavior in m_serviceBehaviors ?? new List <IServiceBehavior>())
{
host.Description.Behaviors.Add(behavior);
}
foreach (var endpoint in host.Description.Endpoints)
{
foreach (var behavior in m_endpointBehaviors ?? new List <IEndpointBehavior>())
{
endpoint.EndpointBehaviors.Add(behavior);
}
}
return(host);
}
static void DemanAspNetProvidersPermissions(ServiceHost host)
{
bool demand = false;
foreach (IServiceBehavior behavior in host.Description.Behaviors)
{
if (behavior is ServiceCredentials)
{
ServiceCredentials credentialsBehavior = behavior as ServiceCredentials;
if (credentialsBehavior.UserNameAuthentication.UserNamePasswordValidationMode == UserNamePasswordValidationMode.MembershipProvider)
{
demand = true;
break;
}
}
if (behavior is ServiceAuthorizationBehavior)
{
ServiceAuthorizationBehavior serviceAuthorization = behavior as ServiceAuthorizationBehavior;
if (serviceAuthorization.PrincipalPermissionMode == PrincipalPermissionMode.UseAspNetRoles && Roles.Enabled)
{
demand = true;
break;
}
}
}
if (demand)
{
IPermission permission = new AspNetHostingPermission(AspNetHostingPermissionLevel.Minimal);
permission.Demand();
}
}
protected virtual void ApplyConfiguration()
{
if (Description == null)
{
throw new InvalidOperationException("ApplyConfiguration requires that the Description property be initialized. Either provide a valid ServiceDescription in the CreateDescription method or override the ApplyConfiguration method to provide an alternative implementation");
}
ServiceElement service = GetServiceElement();
if (service != null)
{
LoadConfigurationSection(service);
}
// simplified configuration
AddServiceBehaviors(String.Empty, false);
// TODO: consider commonBehaviors here
// ensure ServiceAuthorizationBehavior
Authorization = Description.Behaviors.Find <ServiceAuthorizationBehavior> ();
if (Authorization == null)
{
Authorization = new ServiceAuthorizationBehavior();
Description.Behaviors.Add(Authorization);
}
// ensure ServiceDebugBehavior
ServiceDebugBehavior debugBehavior = Description.Behaviors.Find <ServiceDebugBehavior> ();
if (debugBehavior == null)
{
debugBehavior = new ServiceDebugBehavior();
Description.Behaviors.Add(debugBehavior);
}
}
protected override void OnOpened()
{
if (this.Description != null)
{
ServiceCredentials credentials = this.description.Behaviors.Find <ServiceCredentials>();
if (credentials != null)
{
ServiceCredentials credentials2 = credentials.Clone();
credentials2.MakeReadOnly();
this.readOnlyCredentials = credentials2;
}
ServiceAuthorizationBehavior behavior = this.description.Behaviors.Find <ServiceAuthorizationBehavior>();
if (behavior != null)
{
ServiceAuthorizationBehavior behavior2 = behavior.Clone();
behavior2.MakeReadOnly();
this.readOnlyAuthorization = behavior2;
}
ServiceAuthenticationBehavior behavior3 = this.description.Behaviors.Find <ServiceAuthenticationBehavior>();
if (behavior3 != null)
{
ServiceAuthenticationBehavior behavior4 = behavior3.Clone();
behavior3.MakeReadOnly();
this.readOnlyAuthentication = behavior4;
}
if (ManagementExtension.IsEnabled)
{
ManagementExtension.OnServiceOpened(this);
}
}
base.OnOpened();
}
/// <summary>
/// Adds the service authorization behavior based on configuration
/// </summary>
/// <param name="serviceBehaviors"></param>
public static void SetServiceAuthorizationBehavior(
this KeyedByTypeCollection <IServiceBehavior> serviceBehaviors
)
{
bool addNewEntry = false;
var serviceAuthorizationBehavior =
serviceBehaviors.Find <ServiceAuthorizationBehavior>();
if (serviceAuthorizationBehavior == null)
{
addNewEntry = true;
serviceAuthorizationBehavior = new ServiceAuthorizationBehavior();
}
Console.WriteLine("Added service behavior with user group access");
serviceAuthorizationBehavior.PrincipalPermissionMode =
PrincipalPermissionMode.UseWindowsGroups;
serviceAuthorizationBehavior.ServiceAuthorizationManager =
new SecuredServiceAuthorizationManager(new List <string>()
{
"BUILTIN\\Administrators", "NT AUTHORITY\\SYSTEM", "CODE1\\gd_IN_Employees_HT"
}, new List <string>()
{
"Test1"
});
if (addNewEntry)
{
serviceBehaviors.Add(serviceAuthorizationBehavior);
}
}
public void Validate()
{
var b = new ServiceAuthorizationBehavior();
IServiceBehavior sb = b;
sb.Validate(new ServiceDescription(),
new ServiceHost(typeof(object)));
}
protected virtual ServiceEndpoint AddCommonEndpoints(Type type, ServiceHost sh, string path, bool withMex,
bool authPolicy, int serverListenPort)
{
NetTcpBinding binding = Channels.GetBinding(Settings.Default.AllowClients);
var address = new Uri(string.Format("net.tcp://localhost:{0}/{1}",
serverListenPort,
path));
ServiceEndpoint endpoint = sh.AddServiceEndpoint(type, binding, address);
ServiceMetadataBehavior smb = sh.Description.Behaviors.Find <ServiceMetadataBehavior>()
?? new ServiceMetadataBehavior();
smb.MetadataExporter.PolicyVersion = PolicyVersion.Policy15;
smb.HttpGetEnabled = true;
if (sh.Description.Behaviors.Find <ServiceMetadataBehavior>() == null)
{
sh.Description.Behaviors.Add(smb);
}
ServiceThrottlingBehavior throttle = sh.Description.Behaviors.Find <ServiceThrottlingBehavior>()
?? new ServiceThrottlingBehavior();
throttle.MaxConcurrentSessions = Settings.Default.AllowClients;
if (sh.Description.Behaviors.Find <ServiceThrottlingBehavior>() == null)
{
sh.Description.Behaviors.Add(throttle);
}
if (authPolicy && Settings.Default.ClaimsSecurityEnabled)
{
ServiceAuthorizationBehavior auth = sh.Description.Behaviors.Find <ServiceAuthorizationBehavior>()
?? new ServiceAuthorizationBehavior();
auth.ExternalAuthorizationPolicies = new ReadOnlyCollection <IAuthorizationPolicy>
(new[] { new ClaimsPolicy() });
if (sh.Description.Behaviors.Find <ServiceAuthorizationBehavior>() == null)
{
sh.Description.Behaviors.Add(auth);
}
}
if (withMex)
{
sh.AddServiceEndpoint(
ServiceMetadataBehavior.MexContractName,
MetadataExchangeBindings.CreateMexHttpBinding(),
"mex");
}
sh.UnknownMessageReceived += service_UnknownMessageReceived;
#if DEBUG
((ServiceDebugBehavior)sh.Description.Behaviors[typeof(ServiceDebugBehavior)])
.IncludeExceptionDetailInFaults = true;
#endif
return(endpoint);
}
private ServiceAuthorizationBehavior EnsureAuthorization(System.ServiceModel.Description.ServiceDescription description)
{
ServiceAuthorizationBehavior item = description.Behaviors.Find <ServiceAuthorizationBehavior>();
if (item == null)
{
item = new ServiceAuthorizationBehavior();
description.Behaviors.Add(item);
}
return(item);
}
/// <summary>
/// Start session launcher service
/// </summary>
private void StartSessionLauncherService()
{
try
{
string sessionLauncherAddress = SoaHelper.GetSessionLauncherAddress("localhost");
this.launcherHost = new ServiceHost(this.sessionLauncher, new Uri(sessionLauncherAddress));
BindingHelper.ApplyDefaultThrottlingBehavior(this.launcherHost);
#if AZURE_STORAGE_BINDING
if (SessionLauncherRuntimeConfiguration.OpenAzureStorageListener)
{
this.launcherHost.AddServiceEndpoint(
typeof(ISessionLauncher),
new TableTransportBinding()
{
ConnectionString = SessionLauncherRuntimeConfiguration.SessionLauncherStorageConnectionString, TargetPartitionKey = "all"
},
TelepathyConstants.SessionLauncherAzureTableBindingAddress);
TraceHelper.TraceEvent(TraceEventType.Information, "Add session launcher service endpoint {0}", TelepathyConstants.SessionLauncherAzureTableBindingAddress);
}
#endif
if (SessionLauncherRuntimeConfiguration.SchedulerType == SchedulerType.HpcPack)
{
this.launcherHost.AddServiceEndpoint(typeof(ISessionLauncher), BindingHelper.HardCodedSessionLauncherNetTcpBinding, string.Empty);
this.launcherHost.AddServiceEndpoint(typeof(ISessionLauncher), BindingHelper.HardCodedNoAuthSessionLauncherNetTcpBinding, "AAD");
this.launcherHost.AddServiceEndpoint(typeof(ISessionLauncher), BindingHelper.HardCodedInternalSessionLauncherNetTcpBinding, "Internal");
TraceHelper.TraceEvent(TraceEventType.Information, "Open session launcher find cert {0}", TelepathyContext.Get().GetSSLThumbprint().GetAwaiter().GetResult());
this.launcherHost.Credentials.UseInternalAuthenticationAsync().GetAwaiter().GetResult();
TraceHelper.TraceEvent(TraceEventType.Information, "Add session launcher service endpoint {0}", sessionLauncherAddress);
}
else
{
this.launcherHost.AddServiceEndpoint(typeof(ISessionLauncher), BindingHelper.HardCodedUnSecureNetTcpBinding, string.Empty);
this.launcherHost.AddServiceEndpoint(typeof(ISessionLauncher), BindingHelper.HardCodedUnSecureNetTcpBinding, "Internal");
TraceHelper.TraceEvent(TraceEventType.Information, "Add session launcher service endpoint {0}", sessionLauncherAddress);
}
this.launcherHost.Faulted += this.SessionLauncherHostFaultHandler;
ServiceAuthorizationBehavior myServiceBehavior =
this.launcherHost.Description.Behaviors.Find <ServiceAuthorizationBehavior>();
myServiceBehavior.PrincipalPermissionMode = PrincipalPermissionMode.None;
this.launcherHost.Open();
TraceHelper.TraceEvent(TraceEventType.Information, "Open session launcher service");
}
catch (Exception ex)
{
Trace.TraceError(ex.ToString());
throw;
}
}
public void DefaultValues()
{
ServiceAuthorizationBehavior b =
new ServiceAuthorizationBehavior();
Assert.IsNull(b.AuthorizationDomain, "#1");
Assert.IsFalse(b.ImpersonateCallerForAllServiceOperations,
"#2");
Assert.IsNull(b.OperationRequirement, "#3");
Assert.AreEqual(PrincipalPermissionMode.UseWindowsGroups,
b.PrincipalPermissionMode, "#4");
}
public static void Main()
{
Uri baseUri = new Uri("http://ServiceModelSamples");
//<snippet3>
ServiceHost myServiceHost = new ServiceHost(typeof(Calculator), baseUri);
ServiceAuthorizationBehavior myServiceBehavior =
myServiceHost.Description.Behaviors.Find <ServiceAuthorizationBehavior>();
myServiceBehavior.PrincipalPermissionMode =
PrincipalPermissionMode.UseAspNetRoles;
//</snippet3>
}
private ServiceAuthorizationBehavior EnsureAuthorization(ServiceDescription description)
{
Fx.Assert(State == CommunicationState.Created || State == CommunicationState.Opening, "");
ServiceAuthorizationBehavior a = description.Behaviors.Find <ServiceAuthorizationBehavior>();
if (a == null)
{
a = new ServiceAuthorizationBehavior();
description.Behaviors.Add(a);
}
return(a);
}
protected internal override object CreateBehavior()
{
ServiceAuthorizationBehavior behavior = new ServiceAuthorizationBehavior();
behavior.PrincipalPermissionMode = this.PrincipalPermissionMode;
string roleProviderName = this.RoleProviderName;
if (!String.IsNullOrEmpty(roleProviderName))
{
behavior.RoleProvider = SystemWebHelper.GetRoleProvider(roleProviderName);
if (behavior.RoleProvider == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ConfigurationErrorsException(
SR.GetString(SR.InvalidRoleProviderSpecifiedInConfig, roleProviderName)));
}
}
behavior.ImpersonateCallerForAllOperations = this.ImpersonateCallerForAllOperations;
behavior.ImpersonateOnSerializingReply = this.ImpersonateOnSerializingReply;
string serviceAuthorizationManagerType = this.ServiceAuthorizationManagerType;
if (!String.IsNullOrEmpty(serviceAuthorizationManagerType))
{
Type type = Type.GetType(serviceAuthorizationManagerType, true);
if (!typeof(ServiceAuthorizationManager).IsAssignableFrom(type))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ConfigurationErrorsException(
SR.GetString(SR.ConfigInvalidServiceAuthorizationManagerType, serviceAuthorizationManagerType, typeof(ServiceAuthorizationManager))));
}
behavior.ServiceAuthorizationManager = (ServiceAuthorizationManager)Activator.CreateInstance(type);
}
AuthorizationPolicyTypeElementCollection authorizationPolicies = this.AuthorizationPolicies;
if (authorizationPolicies.Count > 0)
{
List <IAuthorizationPolicy> policies = new List <IAuthorizationPolicy>(authorizationPolicies.Count);
for (int i = 0; i < authorizationPolicies.Count; ++i)
{
Type type = Type.GetType(authorizationPolicies[i].PolicyType, true);
if (!typeof(IAuthorizationPolicy).IsAssignableFrom(type))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ConfigurationErrorsException(
SR.GetString(SR.ConfigInvalidAuthorizationPolicyType, authorizationPolicies[i].PolicyType, typeof(IAuthorizationPolicy))));
}
policies.Add((IAuthorizationPolicy)Activator.CreateInstance(type));
}
behavior.ExternalAuthorizationPolicies = policies.AsReadOnly();
}
return(behavior);
}
protected override void OnOpening()
{
base.OnOpening();
foreach (var ep in this.Description.Endpoints)
{
if (ep.Behaviors.Find <WebHttpBehavior>() != null)
{
ep.Behaviors.Remove <WebHttpBehavior>();
ep.Behaviors.Add(new WebHttpBehavior2()
{
EnableAspNetCustomErrors = this.EnableAspNetCustomErrors, EnableAutomaticHelpPage = this.EnableAutomaticHelpPage, HelpPageLink = this.HelpPageLink
});
}
CustomBinding binding = new CustomBinding(ep.Binding);
if (this.MaxMessageSize != 0)
{
binding.Elements.Find <TransportBindingElement>().MaxReceivedMessageSize = this.MaxMessageSize;
}
if (this.TransferMode != TransferMode.Buffered)
{
binding.Elements.Find <HttpTransportBindingElement>().TransferMode = this.TransferMode;
}
if (this.ReaderQuotas != null)
{
this.ReaderQuotas.CopyTo(binding.Elements.Find <TextMessageEncodingBindingElement>().ReaderQuotas);
}
if (this.Interceptors.Count > 0)
{
binding.Elements.Insert(0, new RequestInterceptorBindingElement(this.Interceptors));
}
ep.Binding = binding;
}
if (this.MaxConcurrentCalls != 0)
{
ServiceThrottlingBehavior throttlingBehavior = this.Description.Behaviors.Find <ServiceThrottlingBehavior>();
if (throttlingBehavior == null)
{
throttlingBehavior = new ServiceThrottlingBehavior();
this.Description.Behaviors.Add(throttlingBehavior);
}
throttlingBehavior.MaxConcurrentCalls = this.MaxConcurrentCalls;
}
ServiceAuthorizationBehavior authz = this.Description.Behaviors.Find <ServiceAuthorizationBehavior>();
authz.PrincipalPermissionMode = this.PrincipalPermissionMode;
if (authz.PrincipalPermissionMode == PrincipalPermissionMode.UseAspNetRoles && authz.RoleProvider == null && Roles.Enabled)
{
authz.RoleProvider = Roles.Provider;
}
}
protected override void OnOpening()
{
this.CreateEndpoints();
//if (String.IsNullOrEmpty(this.Description.Namespace) || this.Description.Namespace == "http://tempuri.org/")
// this.Description.Namespace = Constants.ServiceNamespace;
foreach (var endpoint in this.Description.Endpoints)
{
if (endpoint.Behaviors.Find <WebHttpBehavior>() != null)
{
endpoint.Behaviors.Remove <WebHttpBehavior>();
}
endpoint.Behaviors.Add(new DynamicWebHttpBehavior());
}
if (this.Description.Behaviors.Find <ServiceDebugBehavior>() == null)
{
var item = new ServiceDebugBehavior
{
IncludeExceptionDetailInFaults = true
};
this.Description.Behaviors.Add(item);
}
if (this.Description.Behaviors.Find <ServiceAuthorizationBehavior>() == null)
{
var item = new ServiceAuthorizationBehavior
{
ImpersonateCallerForAllOperations = true
};
this.Description.Behaviors.Add(item);
}
if (this.Description.Behaviors.Find <ServiceMetadataBehavior>() == null)
{
var item = new ServiceMetadataBehavior
{
MetadataExporter = { PolicyVersion = PolicyVersion.Policy15 }
};
this.Description.Behaviors.Add(item);
}
else
{
var item = this.Description.Behaviors.Find <ServiceMetadataBehavior>();
item.MetadataExporter.PolicyVersion = PolicyVersion.Policy15;
}
base.OnOpening();
}
public static IServiceCollection AddServiceModelServices(this IServiceCollection services)
{
if (services == null)
{
throw new ArgumentNullException(nameof(services));
}
services.AddSingleton <WrappingIServer>();
for (int i = 0; i < services.Count; i++)
{
if (services[i].ServiceType == typeof(IServer))
{
Type implType = services[i].ImplementationType;
if (!services.Any(d => d.ServiceType == implType))
{
services.AddSingleton(implType);
}
services[i] = ServiceDescriptor.Singleton <IServer>((provider) =>
{
var originalIServer = (IServer)provider.GetRequiredService(implType);
var wrappingServer = provider.GetRequiredService <WrappingIServer>();
wrappingServer.InnerServer = originalIServer;
return(wrappingServer);
});
}
}
services.AddSingleton <ServiceBuilder>();
services.AddSingleton <IServiceBuilder>(provider => provider.GetRequiredService <ServiceBuilder>());
services.AddSingleton <IServiceBehavior>(provider => provider.GetRequiredService <ServiceAuthorizationBehavior>());
services.AddSingleton <ServiceAuthorizationBehavior>(provider =>
{
var behavior = new ServiceAuthorizationBehavior();
var manager = provider.GetService <ServiceAuthorizationManager>();
if (manager != null)
{
behavior.ServiceAuthorizationManager = manager;
}
return(behavior);
});
services.TryAddSingleton(typeof(IServiceConfiguration <>), typeof(ServiceConfiguration <>));
services.TryAddSingleton <IDispatcherBuilder, DispatcherBuilderImpl>();
services.AddSingleton(typeof(ServiceConfigurationDelegateHolder <>));
services.AddScoped <ReplyChannelBinder>();
services.AddScoped <DuplexChannelBinder>();
services.AddScoped <InputChannelBinder>();
services.AddScoped <ServiceChannel.SessionIdleManager>();
services.AddSingleton(typeof(ServiceHostObjectModel <>));
services.AddSingleton(typeof(TransportCompressionSupportHelper));
return(services);
}
public void DefaultValues()
{
var b = new ServiceAuthorizationBehavior();
Assert.IsNull(b.ExternalAuthorizationPolicies, "#1-1");
Assert.IsFalse(b.ImpersonateCallerForAllOperations, "#1-2");
Assert.AreEqual(PrincipalPermissionMode.UseWindowsGroups, b.PrincipalPermissionMode, "#1-3");
ServiceHost host = new ServiceHost(typeof(TestService));
b = host.Description.Behaviors.Find <ServiceAuthorizationBehavior> ();
Assert.IsNull(b.ExternalAuthorizationPolicies, "#2-1");
Assert.IsFalse(b.ImpersonateCallerForAllOperations, "#2-2");
Assert.AreEqual(PrincipalPermissionMode.UseWindowsGroups, b.PrincipalPermissionMode, "#2-3");
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
ServiceAuthorizationBehavior authBehavior = app.ApplicationServices.GetRequiredService <ServiceAuthorizationBehavior>();
authBehavior.PrincipalPermissionMode = principalMode;
if (isImpersonate)
{
authBehavior.ImpersonateCallerForAllOperations = true;
}
app.UseServiceModel(builder =>
{
builder.AddService <Services.TestService>();
builder.AddServiceEndpoint <Services.TestService, ServiceContract.ITestService>(new CoreWCF.NetTcpBinding(), WindowsAuthRelativePath);
builder.AddServiceEndpoint <Services.TestService, ServiceContract.ITestService>(new CoreWCF.NetTcpBinding(SecurityMode.None), NoSecurityRelativePath);
});
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
ServiceAuthorizationBehavior authBehavior = app.ApplicationServices.GetRequiredService <ServiceAuthorizationBehavior>();
var authPolicies = new List <IAuthorizationPolicy>
{
new MyTestAuthorizationPolicy()
};
var externalAuthPolicies = new ReadOnlyCollection <IAuthorizationPolicy>(authPolicies);
authBehavior.ExternalAuthorizationPolicies = externalAuthPolicies;
authBehavior.PrincipalPermissionMode = PrincipalPermissionMode.None;
app.UseServiceModel(builder =>
{
builder.AddService <Services.EchoService>();
builder.AddServiceEndpoint <Services.EchoService, ServiceContract.IEchoService>(new CoreWCF.BasicHttpBinding(), "/BasicWcfService/basichttp.svc");
});
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
ServiceAuthorizationBehavior authBehavior = app.ApplicationServices.GetRequiredService <ServiceAuthorizationBehavior>();
var authPolicies = new List <IAuthorizationPolicy>
{
new MyTestAuthorizationPolicy()
};
var externalAuthPolicies = new ReadOnlyCollection <IAuthorizationPolicy>(authPolicies);
authBehavior.ExternalAuthorizationPolicies = externalAuthPolicies;
authBehavior.ServiceAuthorizationManager = new MyTestServiceAuthorizationManager();
app.UseServiceModel(builder =>
{
builder.AddService <Services.TestService>();
builder.AddServiceEndpoint <Services.TestService, ServiceContract.ITestService>(new CoreWCF.NetTcpBinding(), WindowsAuthRelativePath);
builder.AddServiceEndpoint <Services.TestService, ServiceContract.ITestService>(new CoreWCF.NetTcpBinding(SecurityMode.None), NoSecurityRelativePath);
});
}
public void ApplyBehavior()
{
ServiceHost host = new ServiceHost(typeof(object));
EndpointDispatcher d = new EndpointDispatcher(host, "a", "");
DispatchRuntime db = d.Behavior;
EndpointDispatcher d2 = new EndpointDispatcher(host, "a", "");
DispatchRuntime db2 = d2.Behavior;
ServiceAuthorizationBehavior b =
new ServiceAuthorizationBehavior();
b.ImpersonateCallerForAllServiceOperations = true;
b.OperationRequirement = new MyRequirement();
b.PrincipalPermissionMode = PrincipalPermissionMode.None;
Collection <DispatchRuntime> c =
new Collection <DispatchRuntime> (
new DispatchRuntime [] { db, db2 });
Collection <BindingParameterCollection> pc =
new Collection <BindingParameterCollection> (
new BindingParameterCollection [] {
new BindingParameterCollection()
});
((IServiceBehavior)b).ApplyBehavior(null, host, c, pc);
Assert.IsNull(db.AuthorizationDomain, "#1-1");
Assert.IsTrue(db.ImpersonateCallerForAllServiceOperations, "#1-2");
Assert.AreEqual(typeof(MyRequirement),
db.OperationRequirement.GetType(), "#1-3");
Assert.AreEqual(PrincipalPermissionMode.None,
db.PrincipalPermissionMode, "#1-4");
Assert.IsNull(db2.AuthorizationDomain, "#2-1");
Assert.IsTrue(db2.ImpersonateCallerForAllServiceOperations, "#2-2");
/*
* Assert.AreEqual (typeof (MyRequirement),
* db2.OperationRequirement.GetType (), "#2-3");
* Assert.AreEqual (PrincipalPermissionMode.None,
* db2.PrincipalPermissionMode, "#2-4");
*/
}
static void Main(string[] args)
{
WindowsIdentity windowsIdentity = WindowsIdentity.GetCurrent();
GenericIdentity anoymousIdentity = new GenericIdentity("");
GenericIdentity authenticIdentity = new GenericIdentity("Foo");
Console.WriteLine(anoymousIdentity.IsAuthenticated); //false
Console.WriteLine(authenticIdentity.IsAuthenticated); //true
var identity1 = Thread.CurrentPrincipal.Identity;
var identity2 = ServiceSecurityContext.Current.PrimaryIdentity;
Debug.Assert(object.ReferenceEquals(identity1, identity2));
//IPrincipal principal = Thread.CurrentPrincipal;
//if (principal.IsInRole("Adminstrator"))
//{
// //执行授权操作
//}
//else {
// //异常
//}
//wcf Asp.net Roles 授权模式
using (ServiceHost host = new ServiceHost(typeof(CalculatorService)))
{
ServiceAuthorizationBehavior serviceAuthorizationBehavior = host.Description.Behaviors.Find <ServiceAuthorizationBehavior>();
if (null == serviceAuthorizationBehavior)
{
serviceAuthorizationBehavior = new ServiceAuthorizationBehavior();
host.Description.Behaviors.Add(serviceAuthorizationBehavior);
}
serviceAuthorizationBehavior.PrincipalPermissionMode = PrincipalPermissionMode.UseAspNetRoles;
serviceAuthorizationBehavior.RoleProvider = Roles.Provider;
host.Open();
}
DispatchRuntime
Console.ReadKey();
}
protected override void ApplyConfiguration()
{
base.ApplyConfiguration();
ServiceDebugBehavior serviceDebugBehavior = base.Description.Behaviors.Find <ServiceDebugBehavior>();
serviceDebugBehavior.IncludeExceptionDetailInFaults = true;
ServiceAuthorizationBehavior serviceAuthorizationBehavior = base.Description.Behaviors.Find <ServiceAuthorizationBehavior>();
serviceAuthorizationBehavior.PrincipalPermissionMode = PrincipalPermissionMode.Custom;
serviceAuthorizationBehavior.ExternalAuthorizationPolicies = EcpServiceHostBase.customAuthorizationPolicies;
serviceAuthorizationBehavior.ServiceAuthorizationManager = EcpServiceHostBase.rbacAuthorizationManager;
ContractDescription contract = ContractDescription.GetContract(base.Description.ServiceType);
foreach (Uri uri in base.BaseAddresses)
{
Binding binding = this.CreateBinding(uri);
ServiceEndpoint serviceEndpoint = new ServiceEndpoint(contract, binding, new EndpointAddress(uri, new AddressHeader[0]));
serviceEndpoint.Behaviors.Add(EcpServiceHostBase.diagnosticsBehavior);
this.ApplyServiceEndPointConfiguration(serviceEndpoint);
base.Description.Endpoints.Add(serviceEndpoint);
}
}
public static ServiceConfiguration ApplyCustomAuthentication
(this ServiceConfiguration config, Type serviceType, string address)
{
config.Credentials.IdentityConfiguration = CreateIdentityConfiguration();
config.Credentials.UseIdentityConfiguration = true;
config.Description.Behaviors.Add(new ServiceMetadataBehavior {
HttpGetEnabled = true
});
config.Description.Behaviors.Add(new ServiceDebugBehavior {
IncludeExceptionDetailInFaults = true
});
var behavior = new ServiceAuthorizationBehavior
{
PrincipalPermissionMode = PrincipalPermissionMode.Always
};
config.Description.Behaviors.Add(behavior);
config.AddServiceEndpoint(serviceType, ServiceBinding.CreateBinding(), address);
return(config);
}
private void ServiceAuthorizationBehaviorStuff()
{
Uri myUri = new Uri("hello");
Uri[] addresses = new Uri[] { myUri };
Type c = typeof(HelloService);
ServiceHost serviceHost = new ServiceHost(c, addresses);
//<snippet3>
// Code to create a ServiceHost not shown.
ServiceAuthorizationBehavior MyServiceAuthoriationBehavior =
serviceHost.Description.Behaviors.Find <ServiceAuthorizationBehavior>();
MyServiceAuthoriationBehavior.ImpersonateCallerForAllOperations = true;
//</snippet3>
//<snippet4>
ChannelFactory <IEcho> cf = new ChannelFactory <IEcho>("EchoEndpoint");
cf.Credentials.Windows.AllowedImpersonationLevel =
System.Security.Principal.TokenImpersonationLevel.Impersonation;
//</snippet4>
}
public static void Run()
{
Uri baseUri = new Uri("http://ServiceModelSamples");
//<snippet3>
//<snippet1>
ServiceHost myServiceHost = new ServiceHost(typeof(Calculator), baseUri);
ServiceAuthorizationBehavior myServiceBehavior =
myServiceHost.Description.Behaviors.Find <ServiceAuthorizationBehavior>();
myServiceBehavior.PrincipalPermissionMode =
PrincipalPermissionMode.UseAspNetRoles;
//</snippet1>
//<snippet5>
MyServiceAuthorizationManager sm = new MyServiceAuthorizationManager();
myServiceBehavior.ServiceAuthorizationManager = sm;
//</snippet5>
//</snippet3>
//<snippet11>
RoleProvider myCustomRoleProvider = myServiceBehavior.RoleProvider;
//</snippet11>
}
private void StartHost()
{
try
{
object[] permissionAttributes = this.GetType().GetCustomAttributes(typeof(DesktopServiceHostPermissionAttribute), true);
foreach (DesktopServiceHostPermissionAttribute permissionAttribute in permissionAttributes)
{
if (!PermissionsHelper.IsInRoles(permissionAttribute.AuthorityTokens))
{
Platform.Log(LogLevel.Warn, "User does not have appropriate permissions to start desktop service ('{0}').", this.GetType().FullName);
return;
}
}
ServiceHost host = CreateServiceHost();
if (Thread.CurrentPrincipal == null)
{
host.Authorization.PrincipalPermissionMode = PrincipalPermissionMode.None;
}
else
{
ServiceAuthorizationBehavior sa = host.Description.Behaviors.Find <ServiceAuthorizationBehavior>();
sa.PrincipalPermissionMode = PrincipalPermissionMode.Custom;
List <IAuthorizationPolicy> policies = new List <IAuthorizationPolicy>();
policies.Add(new AuthorizationPolicy(Thread.CurrentPrincipal));
host.Authorization.ExternalAuthorizationPolicies = policies.AsReadOnly();
}
host.Open();
_host = host;
}
catch (Exception e)
{
Platform.Log(LogLevel.Debug, e, "Unable to start desktop service; another instance may be running.");
}
}
