private void OnNegotiationComplete(SspiNegotiationTokenProviderState sspiState, RequestSecurityTokenResponse negotiationRstr, RequestSecurityTokenResponse authenticatorRstr)
{
ISspiNegotiation sspiNegotiation = sspiState.SspiNegotiation;
ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies = this.ValidateSspiNegotiation(sspiNegotiation);
SecurityTokenResolver resolver = new SspiSecurityTokenResolver(sspiNegotiation);
GenericXmlSecurityToken serviceToken = negotiationRstr.GetIssuedToken(resolver, System.ServiceModel.Security.EmptyReadOnlyCollection <SecurityTokenAuthenticator> .Instance, SecurityKeyEntropyMode.ServerEntropy, null, base.SecurityContextTokenUri, authorizationPolicies, 0, false);
if (serviceToken == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("NoServiceTokenReceived")));
}
WrappedKeySecurityToken proofToken = serviceToken.ProofToken as WrappedKeySecurityToken;
if ((proofToken == null) || (proofToken.WrappingAlgorithm != sspiNegotiation.KeyEncryptionAlgorithm))
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("ProofTokenWasNotWrappedCorrectly")));
}
byte[] wrappedKey = proofToken.GetWrappedKey();
if (authenticatorRstr == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("RSTRAuthenticatorNotPresent")));
}
byte[] authenticator = authenticatorRstr.GetAuthenticator();
if (authenticator == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("RSTRAuthenticatorNotPresent")));
}
if (!IsCorrectAuthenticator(sspiState, wrappedKey, authenticator))
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("RSTRAuthenticatorIncorrect")));
}
sspiState.SetServiceToken(serviceToken);
}
void OnNegotiationComplete(SspiNegotiationTokenProviderState sspiState, RequestSecurityTokenResponse negotiationRstr, RequestSecurityTokenResponse authenticatorRstr)
{
ISspiNegotiation sspiNegotiation = sspiState.SspiNegotiation;
ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies = ValidateSspiNegotiation(sspiNegotiation);
// the negotiation has completed successfully - the service token needs to be extracted from the
// negotiationRstr
SecurityTokenResolver tokenResolver = new SspiSecurityTokenResolver(sspiNegotiation);
GenericXmlSecurityToken serviceToken = negotiationRstr.GetIssuedToken(tokenResolver, EmptyReadOnlyCollection <SecurityTokenAuthenticator> .Instance,
SecurityKeyEntropyMode.ServerEntropy, null, this.SecurityContextTokenUri, authorizationPolicies, 0, false);
if (serviceToken == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.NoServiceTokenReceived)));
}
WrappedKeySecurityToken wrappedToken = (serviceToken.ProofToken as WrappedKeySecurityToken);
if (wrappedToken == null || wrappedToken.WrappingAlgorithm != sspiNegotiation.KeyEncryptionAlgorithm)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.ProofTokenWasNotWrappedCorrectly)));
}
byte[] proofKey = wrappedToken.GetWrappedKey();
if (authenticatorRstr == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.RSTRAuthenticatorNotPresent)));
}
byte[] serverAuthenticator = authenticatorRstr.GetAuthenticator();
if (serverAuthenticator == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.RSTRAuthenticatorNotPresent)));
}
if (!IsCorrectAuthenticator(sspiState, proofKey, serverAuthenticator))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.RSTRAuthenticatorIncorrect)));
}
sspiState.SetServiceToken(serviceToken);
}
