public override void Validate(X509Certificate2 certificate)
{
X509Certificate2 srvCert = CertManager.GetCertificateFromStorage(StoreName.My, StoreLocation.LocalMachine, Formatter.ParseName(WindowsIdentity.GetCurrent().Name));
if (!certificate.Issuer.Equals(srvCert.Issuer))
{
throw new Exception("Certificate is nit from the valid issuer");
}
}
/// <summary>
/// Implementation of a custom certificate validation on the service side.
/// Service should consider certificate valid if its issuer is the same as the issuer of the service.
/// If validation fails, throw an exception with an adequate message.
/// </summary>
/// <param name="certificate"> certificate to be validate </param>
public override void Validate(System.Security.Cryptography.X509Certificates.X509Certificate2 certificate)
{
/// This will take service's certificate from storage
X509Certificate2 srvCert = CertManager.GetCertificateFromStorage(StoreName.My, StoreLocation.LocalMachine, Formatter.ParseName(WindowsIdentity.GetCurrent().Name));
if (!certificate.Issuer.Equals(srvCert.Issuer))
{
throw new Exception("Certificate is not from the valid issuer.");
}
}
/// <summary>
/// Implementation of a custom certificate validation on the service side.
/// Service should consider certificate valid if its issuer is the same as the issuer of the service.
/// If validation fails, throw an exception with an adequate message.
/// </summary>
/// <param name="certificate"> certificate to be validate </param>
public override void Validate(X509Certificate2 certificate)
{
/// This will take service's certificate from storage
X509Certificate2 srvCert = CertManager.GetCertificateFromStorage(StoreName.My, StoreLocation.LocalMachine, Formatter.ParseName(WindowsIdentity.GetCurrent().Name));
if (!certificate.Issuer.Equals(srvCert.Issuer)) //server proverava da li je klijentski sertifikat potpisan od strane istog CA kao i sopstveni
{
throw new Exception("Certificate is not from the valid issuer.");
}
}
/// <summary>
/// Implementation of a custom certificate validation on the service side.
/// Service should consider certificate valid if its issuer is the same as the issuer of the service.
/// If validation fails, throw an exception with an adequate message.
/// </summary>
/// <param name="certificate"> certificate to be validate </param>
public override void Validate(X509Certificate2 certificate)
{
string service = Formatter.ParseName(WindowsIdentity.GetCurrent().Name); //servis
X509Certificate2 certificateOfService = CertManager.GetCertificateFromStorage(StoreName.My, StoreLocation.LocalMachine, service);
if (!certificate.Issuer.Equals(certificateOfService.Subject))
{
throw new Exception("Client certificate is not from the valid issuer.");
}
}
public override void Validate(X509Certificate2 certificate)
{
X509Certificate2 cert = CertManager.GetCertificateFromStorage(StoreName.My, StoreLocation.LocalMachine, Formatter.ParseName(WindowsIdentity.GetCurrent().Name));
if (!certificate.Issuer.Equals(cert.Issuer))
{
throw new Exception("Certificate is not from the valid issuer.");
}
if (certificate.NotAfter.Ticks <= DateTime.Now.Ticks)
{
throw new Exception("Certificate has expired.");
}
}
/// <summary>
/// Implementation of a custom certificate validation on the client side.
/// Client should consider certificate valid if the given certifiate is not self-signed.
/// If validation fails, throw an exception with an adequate message.
/// </summary>
/// <param name="certificate"> certificate to be validate </param>
public override void Validate(X509Certificate2 certificate)
{
X509Certificate2 clnCert = CertManager.GetCertificateFromStorage(StoreName.My, StoreLocation.LocalMachine, Formatter.ParseName(WindowsIdentity.GetCurrent().Name));
if (certificate == null)
{
Audit.AuthenticationFailed("Nema sertifikat");
throw new Exception("Client certificate not found.");
}
if (!certificate.Subject.Equals(certificate.Issuer))
{
Audit.AuthenticationFailed("Certificate is not self-signed.");
throw new Exception("Certificate is not self-signed.");
}
Audit.AuthenticationSuccess(certificate.Subject);
}
protected virtual IPrincipal GetPrincipal(IIdentity identity)
{
lock (locker)
{
IPrincipal principal = null;
WindowsIdentity winIdentitiy = identity as WindowsIdentity;
if (winIdentitiy != null)
{
principal = new CustomPrincipal(winIdentitiy);
}
else
{
string pov = Formatter.VratiIme(identity.Name);
string[] names = pov.Split('=');
string name = "";
if (names[1].Contains(','))
{
string[] niz = names[1].Split(',');
name = niz[0].Trim();
}
else
{
name = names[1].Trim();
}
X509Certificate2 certificate = CertManager.GetCertificateFromStorage(StoreName.TrustedPeople, StoreLocation.LocalMachine, name);
if (certificate == null)
{
Audit.AuthenticationFailed(Formatter.VratiIme(identity.Name), OperationContext.Current.IncomingMessageHeaders.Action, "Authentication failed.");
MyException ex = new MyException();
ex.Message = "Niste autentifikovani!";
throw new FaultException <MyException>(ex);
}
else
{
Audit.AuthenticationSuccess(Formatter.VratiIme(identity.Name));
}
principal = new CustomPrincipal(certificate, identity);
}
return(principal);
}
}
/// <summary>
/// Implementation of a custom certificate validation on the service side.
/// Service should consider certificate valid if its issuer is the same as the issuer of the service.
/// If validation fails, throw an exception with an adequate message.
/// </summary>
/// <param name="certificate"> certificate to be validate </param>
public override void Validate(X509Certificate2 certificate)
{
if (certificate == null)
{
Audit.AuthenticationFailed("Nema sertifikat");
throw new Exception("Nema sertifikat");
}
/// This will take service's certificate from storage
X509Certificate2 srvCert = CertManager.GetCertificateFromStorage(StoreName.My, StoreLocation.LocalMachine, Formatter.ParseName(WindowsIdentity.GetCurrent().Name));
if (!certificate.Issuer.Equals(srvCert.Subject))
{
Audit.AuthenticationFailed("Certificate is not issued by the service.");
throw new Exception("Certificate is not issued by the service.");
}
Audit.AuthenticationSuccess(certificate.Subject);
}
/// <summary>
/// Get a certificate with the specified subject name from the predefined certificate storage
/// Only valid certificates should be considered
/// </summary>
/// <param name="storeName"></param>
/// <param name="storeLocation"></param>
/// <param name="subjectName"></param>
/// <returns> The requested certificate. If no valid certificate is found, returns null. </returns>
public static X509Certificate2 GetCertificateFromStorage(StoreName storeName, StoreLocation storeLocation, string subjectName)
{
X509Store store = new X509Store(storeName, storeLocation);
store.Open(OpenFlags.ReadOnly);
//subjectName = "testservis";
X509Certificate2Collection certCollection = store.Certificates.Find(X509FindType.FindBySubjectName, subjectName, true);
string name = String.Empty;
/// Check whether the subjectName of the certificate is exactly the same as the given "subjectName"
foreach (X509Certificate2 c in certCollection)
{
name = CertManager.GetCertName(c.Subject);
if (name.Equals("CN=" + subjectName.ToLower()))
{
return(c);
}
}
return(null);
}
