void ProcessSecurityAccess(string siteName, string virtualPath, ref HostedServiceTransportSettings transportSettings)
{
ConfigurationSection section = WebConfigurationManagerWrapper.WebConfigGetSection(siteName, virtualPath, MetabaseSettingsIis7Constants.SecurityAccessSectionName);
// Check SSL Flags.
if (section != null)
{
int sslFlags = (int)WebConfigurationManagerWrapper.GetValue(section, MetabaseSettingsIis7Constants.SslFlagsAttributeName);
transportSettings.AccessSslFlags = (HttpAccessSslFlags)sslFlags;
// Clear SslMapCert field, which should not contain any useful data now.
transportSettings.AccessSslFlags &= ~(HttpAccessSslFlags.SslMapCert);
}
// Check whether IIS client certificate mapping is enabled.
section = WebConfigurationManagerWrapper.WebConfigGetSection(siteName, virtualPath, MetabaseSettingsIis7Constants.IisClientCertMapAuthenticationName);
if ((section != null) &&
((bool)WebConfigurationManagerWrapper.GetValue(section, MetabaseSettingsIis7Constants.EnabledAttributeName))
)
{
transportSettings.AccessSslFlags |= HttpAccessSslFlags.SslMapCert;
}
else
{
// Check whether Active Directory client certification mapping is enabled.
section = WebConfigurationManagerWrapper.WebConfigGetSection(siteName, virtualPath, MetabaseSettingsIis7Constants.ClientCertMapAuthenticationName);
if ((section != null) &&
((bool)WebConfigurationManagerWrapper.GetValue(section, MetabaseSettingsIis7Constants.EnabledAttributeName))
)
{
transportSettings.AccessSslFlags |= HttpAccessSslFlags.SslMapCert;
}
}
}
void PopulateSiteProperties()
{
ConfigurationElement site = WebConfigurationManagerWrapper.GetSite(HostingEnvironment.SiteName);
//
// Build up the binding table.
//
IDictionary <string, List <string> > bindingList = WebConfigurationManagerWrapper.GetProtocolBindingTable(site);
// Convert to string arrays
foreach (KeyValuePair <string, List <string> > entry in bindingList)
{
this.Bindings.Add(entry.Key, entry.Value.ToArray());
entry.Value.Clear();
}
// Clear the temporary buffer
bindingList.Clear();
//
// Build up the protocol list.
//
string[] protocols = WebConfigurationManagerWrapper.GetEnabledProtocols(site).Split(MetabaseSettingsIis7Constants.CommaSeparator.ToCharArray(), StringSplitOptions.RemoveEmptyEntries);
foreach (string protocolValue in protocols)
{
string protocol = protocolValue.Trim();
protocol = protocol.ToLowerInvariant();
if (string.IsNullOrEmpty(protocol) || this.Protocols.Contains(protocol))
{
// Ignore duplicates and empty protocols
continue;
}
else if (string.Compare(protocol, Uri.UriSchemeHttp, StringComparison.OrdinalIgnoreCase) == 0 ||
string.Compare(protocol, Uri.UriSchemeHttps, StringComparison.OrdinalIgnoreCase) == 0)
{
// Special casing HTTPS. If HTTP is enabled, it means that
// both HTTP and HTTPS are enabled.
if (this.Bindings.ContainsKey(Uri.UriSchemeHttp))
{
this.Protocols.Add(Uri.UriSchemeHttp);
}
if (this.Bindings.ContainsKey(Uri.UriSchemeHttps))
{
this.Protocols.Add(Uri.UriSchemeHttps);
}
}
else if (this.Bindings.ContainsKey(protocol))
{
// We only take the protocols that have bindings.
this.Protocols.Add(protocol);
}
}
}
void ProcessDigestAuthentication(string siteName, string virtualPath, ref HostedServiceTransportSettings transportSettings)
{
ConfigurationSection section = WebConfigurationManagerWrapper.WebConfigGetSection(siteName, virtualPath, MetabaseSettingsIis7Constants.DigestAuthenticationSectionName);
if ((section != null) &&
((bool)WebConfigurationManagerWrapper.GetValue(section, MetabaseSettingsIis7Constants.EnabledAttributeName))
)
{
transportSettings.AuthFlags = transportSettings.AuthFlags | AuthFlags.AuthMD5;
}
}
void ProcessWindowsAuthentication(string siteName, string virtualPath, ref HostedServiceTransportSettings transportSettings)
{
ConfigurationSection section = WebConfigurationManagerWrapper.WebConfigGetSection(siteName, virtualPath, MetabaseSettingsIis7Constants.WindowsAuthenticationSectionName);
if ((section != null) &&
((bool)WebConfigurationManagerWrapper.GetValue(section, MetabaseSettingsIis7Constants.EnabledAttributeName))
)
{
transportSettings.AuthFlags = transportSettings.AuthFlags | AuthFlags.AuthNTLM;
List <string> providerList = WebConfigurationManagerWrapper.GetProviderList(section);
if (providerList.Count != 0)
{
transportSettings.AuthProviders = providerList.ToArray();
}
// Check the CBT configuration
try
{
ConfigurationElement element = section.GetChildElement(MetabaseSettingsIis7Constants.ExtendedProtectionElementName);
if (element != null)
{
ExtendedProtectionTokenChecking tokenChecking;
ExtendedProtectionFlags flags;
List <string> spnList;
WebConfigurationManagerWrapper.ReadIisExtendedProtectionPolicy(element, out tokenChecking, out flags, out spnList);
transportSettings.IisExtendedProtectionPolicy = BuildExtendedProtectionPolicy(tokenChecking, flags, spnList);
}
}
catch (COMException e)
{
// hit this exception only when IIS does not support CBT
// safe for us to igore this COMException so that services not using CBT still can be activated
// if a service does use CBT in binding, channel listener will catch it when comparing IIS setting against WCF (on CBT) and throw exception
if (DiagnosticUtility.ShouldTraceWarning)
{
TraceUtility.TraceEvent(TraceEventType.Warning, TraceCode.WebHostNoCBTSupport,
SR.TraceCodeWebHostNoCBTSupport, this, e);
}
}
}
}
protected override IEnumerable <string> GetSiteApplicationPaths()
{
ConfigurationElement site = WebConfigurationManagerWrapper.GetSite(HostingEnvironment.SiteName);
return(WebConfigurationManagerWrapper.GetApplicationPaths(site));
}
