public void HttpTransportSecurityElement_InitializeFrom()
{
HttpTransportSecurityElement element = new HttpTransportSecurityElement()
{
ClientCredentialType = HttpClientCredentialType.Basic,
ProxyCredentialType = HttpProxyCredentialType.Basic,
Realm = "MyRealm"
};
HttpTransportSecurity security = new HttpTransportSecurity();
// first initialize the transport security
element.ApplyConfiguration(security);
Assert.AreEqual(element.ClientCredentialType, security.ClientCredentialType, "ClientCredentialType failed");
Assert.AreEqual(element.ProxyCredentialType, security.ProxyCredentialType, "ProxyCredentialType failed");
Assert.AreEqual(element.Realm, security.Realm, "Realm failed");
Assert.IsNotNull(security.ExtendedProtectionPolicy, "ExtendedProtectionPolicy failed");
// now initialize a new instance from the security
HttpTransportSecurityElement element2 = new HttpTransportSecurityElement();
element2.InitializeFrom(security);
Assert.AreEqual(element.ClientCredentialType, element2.ClientCredentialType, "ClientCredentialType failed");
Assert.AreEqual(element.ProxyCredentialType, element2.ProxyCredentialType, "ProxyCredentialType failed");
Assert.AreEqual(element.Realm, element2.Realm, "Realm failed");
Assert.IsNotNull(element2.ExtendedProtectionPolicy, "ExtendedProtectionPolicy failed");
}
BasicHttpSecurity(BasicHttpSecurityMode mode, HttpTransportSecurity transportSecurity, BasicHttpMessageSecurity messageSecurity)
{
Fx.Assert(BasicHttpSecurityModeHelper.IsDefined(mode), string.Format("Invalid BasicHttpSecurityMode value: {0}.", mode.ToString()));
this.Mode = mode;
this.transportSecurity = transportSecurity == null ? new HttpTransportSecurity() : transportSecurity;
this.messageSecurity = messageSecurity == null ? new BasicHttpMessageSecurity() : messageSecurity;
}
private static bool GetSecurityModeFromTransport(HttpTransportBindingElement http, HttpTransportSecurity transportSecurity, out UnifiedSecurityMode mode)
{
mode = UnifiedSecurityMode.None;
if (http == null)
{
return false;
}
if (http is HttpsTransportBindingElement)
{
mode = UnifiedSecurityMode.TransportWithMessageCredential | UnifiedSecurityMode.Transport;
BasicHttpSecurity.EnableTransportSecurity((HttpsTransportBindingElement) http, transportSecurity);
}
else if (HttpTransportSecurity.IsDisabledTransportAuthentication(http))
{
mode = UnifiedSecurityMode.Message | UnifiedSecurityMode.None;
}
else
{
if (!BasicHttpSecurity.IsEnabledTransportAuthentication(http, transportSecurity))
{
return false;
}
mode = UnifiedSecurityMode.TransportCredentialOnly;
}
return true;
}
private static void ConfigureAuthentication(HttpTransportBindingElement http, HttpTransportSecurity transportSecurity)
{
transportSecurity.clientCredentialType = HttpClientCredentialTypeHelper.MapToClientCredentialType(http.AuthenticationScheme);
transportSecurity.proxyCredentialType = HttpProxyCredentialTypeHelper.MapToProxyCredentialType(http.ProxyAuthenticationScheme);
transportSecurity.Realm = http.Realm;
transportSecurity.extendedProtectionPolicy = http.ExtendedProtectionPolicy;
}
internal static bool TryCreate(SecurityBindingElement sbe, TransportBindingElement transport, PrivacyNoticeBindingElement privacy, ReliableSessionBindingElement rsbe, TransactionFlowBindingElement tfbe, out Binding binding)
{
WSFederationHttpSecurityMode mode;
WSFederationHttpSecurity security2;
bool isReliableSession = rsbe != null;
binding = null;
HttpTransportSecurity transportSecurity = new HttpTransportSecurity();
if (!WSFederationHttpBinding.GetSecurityModeFromTransport(transport, transportSecurity, out mode))
{
return false;
}
HttpsTransportBindingElement element = transport as HttpsTransportBindingElement;
if (((element != null) && (element.MessageSecurityVersion != null)) && (element.MessageSecurityVersion.SecurityPolicyVersion != WS2007MessageSecurityVersion.SecurityPolicyVersion))
{
return false;
}
if (TryCreateSecurity(sbe, mode, transportSecurity, isReliableSession, out security2))
{
binding = new WS2007FederationHttpBinding(security2, privacy, isReliableSession);
}
if ((rsbe != null) && (rsbe.ReliableMessagingVersion != ReliableMessagingVersion.WSReliableMessaging11))
{
return false;
}
if ((tfbe != null) && (tfbe.TransactionProtocol != TransactionProtocol.WSAtomicTransaction11))
{
return false;
}
return (binding != null);
}
public void HttpTransportSecurity_DisableTransportAuthentication()
{
ExtendedProtectionPolicy policy = new ExtendedProtectionPolicy(PolicyEnforcement.Never);
HttpTransportSecurity security = new HttpTransportSecurity()
{
ClientCredentialType = HttpClientCredentialType.Basic,
ProxyCredentialType = HttpProxyCredentialType.Basic,
Realm = "MyRealm",
ExtendedProtectionPolicy = policy
};
HttpTransportBindingElement binding = new HttpTransportBindingElement();
// first configure it
security.ConfigureTransportAuthentication(binding);
Assert.AreEqual(AuthenticationSchemes.Basic, binding.AuthenticationScheme, "AuthenticationScheme failed to init");
Assert.AreEqual(AuthenticationSchemes.Basic, binding.ProxyAuthenticationScheme, "ProxyAuthenticationScheme failed to init");
Assert.AreEqual("MyRealm", binding.Realm, "Realm failed to init");
Assert.AreEqual(policy, binding.ExtendedProtectionPolicy, "ExtendedProtectionPolicy failed to init");
// then disable it
security.DisableTransportAuthentication(binding);
Assert.AreEqual(AuthenticationSchemes.Anonymous, binding.AuthenticationScheme, "AuthenticationScheme failed to init");
Assert.AreEqual(AuthenticationSchemes.Anonymous, binding.ProxyAuthenticationScheme, "ProxyAuthenticationScheme failed to init");
Assert.AreEqual(string.Empty, binding.Realm, "Realm failed to init");
Assert.AreEqual(policy, binding.ExtendedProtectionPolicy, "ExtendedProtectionPolicy failed to init");
}
public void Transport_Can_Be_Set()
{
HttpMessageBindingSecurity security = new HttpMessageBindingSecurity();
HttpTransportSecurity transport = new HttpTransportSecurity();
transport.ClientCredentialType = HttpClientCredentialType.Basic;
security.Transport = transport;
Assert.AreEqual(HttpClientCredentialType.Basic, security.Transport.ClientCredentialType, "HttpMessageBindingSecurity.Transport.ClientCredentialType should have been HttpClientCredentialType.Basic.");
}
internal static void ConfigureTransportProtectionAndAuthentication(HttpsTransportBindingElement https, HttpTransportSecurity transportSecurity)
{
ConfigureAuthentication(https, transportSecurity);
if (https.RequireClientCertificate)
{
transportSecurity.ClientCredentialType = HttpClientCredentialType.Certificate;
}
}
internal void InitializeFrom(HttpTransportSecurity security)
{
if (security == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("security");
}
SetPropertyValueIfNotDefaultValue(ConfigurationStrings.ClientCredentialType, security.ClientCredentialType);
SetPropertyValueIfNotDefaultValue(ConfigurationStrings.ProxyCredentialType, security.ProxyCredentialType);
SetPropertyValueIfNotDefaultValue(ConfigurationStrings.Realm, security.Realm);
ChannelBindingUtility.InitializeFrom(security.ExtendedProtectionPolicy, this.ExtendedProtectionPolicy);
}
internal void ApplyConfiguration(HttpTransportSecurity security)
{
if (security == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("security");
}
security.ClientCredentialType = this.ClientCredentialType;
security.ProxyCredentialType = this.ProxyCredentialType;
security.Realm = this.Realm;
security.ExtendedProtectionPolicy = ChannelBindingUtility.BuildPolicy(this.ExtendedProtectionPolicy);
}
internal void InitializeFrom(HttpTransportSecurity security)
{
if (security == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("security");
}
this.ClientCredentialType = security.ClientCredentialType;
this.ProxyCredentialType = security.ProxyCredentialType;
this.Realm = security.Realm;
ChannelBindingUtility.InitializeFrom(security.ExtendedProtectionPolicy, this.ExtendedProtectionPolicy);
}
internal static void InitializeFromTransport(HttpTransportSecurityElement element, HttpTransportSecurity security)
{
if (security == null)
{
throw new ArgumentNullException("security");
}
element.ClientCredentialType = security.ClientCredentialType;
element.ProxyCredentialType = security.ProxyCredentialType;
element.Realm = security.Realm;
}
private BasicHttpsSecurity(BasicHttpsSecurityMode mode, HttpTransportSecurity transportSecurity)
{
if (!BasicHttpsSecurityModeHelper.IsDefined(mode))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("mode"));
}
HttpTransportSecurity httpTransportSecurity = transportSecurity == null ? new HttpTransportSecurity() : transportSecurity;
BasicHttpSecurityMode basicHttpSecurityMode = BasicHttpsSecurityModeHelper.ToBasicHttpSecurityMode(mode);
_basicHttpSecurity = new BasicHttpSecurity()
{
Mode = basicHttpSecurityMode,
Transport = httpTransportSecurity
};
}
public void HttpTransportSecurityElement_ApplyConfiguration()
{
HttpTransportSecurityElement element = new HttpTransportSecurityElement()
{
ClientCredentialType = HttpClientCredentialType.Basic,
ProxyCredentialType = HttpProxyCredentialType.Basic,
Realm = "MyRealm"
};
HttpTransportSecurity security = new HttpTransportSecurity();
element.ApplyConfiguration(security);
Assert.AreEqual(element.ClientCredentialType, security.ClientCredentialType, "ClientCredentialType failed");
Assert.AreEqual(element.ProxyCredentialType, security.ProxyCredentialType, "ProxyCredentialType failed");
Assert.AreEqual(element.Realm, security.Realm, "Realm failed");
Assert.IsNotNull(security.ExtendedProtectionPolicy, "ExtendedProtectionPolicy failed");
}
internal static bool GetSecurityModeFromTransport(TransportBindingElement transport, HttpTransportSecurity transportSecurity, out UnifiedSecurityMode mode)
{
mode = UnifiedSecurityMode.None;
if (transport is HttpsTransportBindingElement)
{
mode = UnifiedSecurityMode.TransportWithMessageCredential | UnifiedSecurityMode.Transport;
WSHttpSecurity.ApplyTransportSecurity((HttpsTransportBindingElement) transport, transportSecurity);
}
else if (transport is HttpTransportBindingElement)
{
mode = UnifiedSecurityMode.Message | UnifiedSecurityMode.None;
}
else
{
return false;
}
return true;
}
internal static bool TryCreate(SecurityBindingElement sbe, WSFederationHttpSecurityMode mode, HttpTransportSecurity transportSecurity, bool isReliableSessionEnabled, MessageSecurityVersion version, out WSFederationHttpSecurity security)
{
security = null;
FederatedMessageSecurityOverHttp messageSecurity = null;
if (sbe == null)
{
mode = WSFederationHttpSecurityMode.None;
}
else
{
mode &= WSFederationHttpSecurityMode.TransportWithMessageCredential | WSFederationHttpSecurityMode.Message;
if (!FederatedMessageSecurityOverHttp.TryCreate(sbe, mode == WSFederationHttpSecurityMode.TransportWithMessageCredential, isReliableSessionEnabled, version, out messageSecurity))
{
return false;
}
}
security = new WSFederationHttpSecurity(mode, messageSecurity);
return true;
}
internal static bool TryCreate(SecurityBindingElement sbe,
WSFederationHttpSecurityMode mode,
HttpTransportSecurity transportSecurity,
bool isReliableSessionEnabled,
MessageSecurityVersion version,
out WSFederationHttpSecurity security)
{
security = null;
FederatedMessageSecurityOverHttp messageSecurity = null;
if (sbe == null)
{
mode = WSFederationHttpSecurityMode.None;
}
else
{
mode &= WSFederationHttpSecurityMode.Message | WSFederationHttpSecurityMode.TransportWithMessageCredential;
Fx.Assert(WSFederationHttpSecurityModeHelper.IsDefined(mode), string.Format("Invalid WSFederationHttpSecurityMode value: {0}", mode.ToString()));
if (!FederatedMessageSecurityOverHttp.TryCreate(sbe, mode == WSFederationHttpSecurityMode.TransportWithMessageCredential, isReliableSessionEnabled, version, out messageSecurity))
return false;
}
security = new WSFederationHttpSecurity(mode, messageSecurity);
return true;
}
static bool TryCreateSecurity(SecurityBindingElement sbe, WSFederationHttpSecurityMode mode, HttpTransportSecurity transportSecurity, bool isReliableSession, out WSFederationHttpSecurity security)
{
if (!WSFederationHttpSecurity.TryCreate(sbe, mode, transportSecurity, isReliableSession, WS2007MessageSecurityVersion, out security))
{
return(false);
}
// the last check: make sure that security binding element match the incoming security
return(SecurityElement.AreBindingsMatching(security.CreateMessageSecurity(isReliableSession, WS2007MessageSecurityVersion), sbe));
}
internal static bool TryCreate(BindingElementCollection elements, out Binding binding)
{
UnifiedSecurityMode mode;
BasicHttpSecurity security2;
binding = null;
if (elements.Count > 3)
{
return(false);
}
SecurityBindingElement securityElement = null;
MessageEncodingBindingElement encoding = null;
HttpTransportBindingElement http = null;
foreach (BindingElement element4 in elements)
{
if (element4 is SecurityBindingElement)
{
securityElement = element4 as SecurityBindingElement;
}
else if (element4 is TransportBindingElement)
{
http = element4 as HttpTransportBindingElement;
}
else if (element4 is MessageEncodingBindingElement)
{
encoding = element4 as MessageEncodingBindingElement;
}
else
{
return(false);
}
}
HttpTransportSecurity transportSecurity = new HttpTransportSecurity();
if (!GetSecurityModeFromTransport(http, transportSecurity, out mode))
{
return(false);
}
if (encoding == null)
{
return(false);
}
if (!encoding.CheckEncodingVersion(System.ServiceModel.EnvelopeVersion.Soap11))
{
return(false);
}
if (!TryCreateSecurity(securityElement, mode, transportSecurity, out security2))
{
return(false);
}
BasicHttpBinding binding2 = new BasicHttpBinding(security2);
binding2.InitializeFrom(http, encoding);
if (!binding2.IsBindingElementsMatch(http, encoding))
{
return(false);
}
binding = binding2;
return(true);
}
internal static bool GetSecurityModeFromTransport(TransportBindingElement transport, HttpTransportSecurity transportSecurity, out UnifiedSecurityMode mode)
{
mode = UnifiedSecurityMode.None;
if (transport is HttpsTransportBindingElement)
{
mode = UnifiedSecurityMode.Transport | UnifiedSecurityMode.TransportWithMessageCredential;
WSHttpSecurity.ApplyTransportSecurity((HttpsTransportBindingElement)transport, transportSecurity);
}
else if (transport is HttpTransportBindingElement)
{
mode = UnifiedSecurityMode.None | UnifiedSecurityMode.Message;
}
else
{
return(false);
}
return(true);
}
internal static bool GetSecurityModeFromTransport(HttpTransportBindingElement http, HttpTransportSecurity transportSecurity, out UnifiedSecurityMode mode)
{
mode = UnifiedSecurityMode.None;
if (http == null)
{
return(false);
}
Fx.Assert(http.AuthenticationScheme.IsSingleton(), "authenticationScheme used in an Http(s)ChannelFactory must be a singleton value.");
if (http is HttpsTransportBindingElement)
{
mode = UnifiedSecurityMode.Transport | UnifiedSecurityMode.TransportWithMessageCredential;
BasicHttpSecurity.EnableTransportSecurity((HttpsTransportBindingElement)http, transportSecurity);
}
else if (HttpTransportSecurity.IsDisabledTransportAuthentication(http))
{
mode = UnifiedSecurityMode.Message | UnifiedSecurityMode.None;
}
else if (!BasicHttpSecurity.IsEnabledTransportAuthentication(http, transportSecurity))
{
return(false);
}
else
{
mode = UnifiedSecurityMode.TransportCredentialOnly;
}
return(true);
}
internal WSHttpSecurity(SecurityMode mode, HttpTransportSecurity transportSecurity, NonDualMessageSecurityOverHttp messageSecurity)
{
this.mode = mode;
this.transportSecurity = (transportSecurity == null) ? GetDefaultHttpTransportSecurity() : transportSecurity;
this.messageSecurity = (messageSecurity == null) ? new NonDualMessageSecurityOverHttp() : messageSecurity;
}
internal static bool TryCreate(SecurityBindingElement sbe, UnifiedSecurityMode mode, HttpTransportSecurity transportSecurity, bool isReliableSessionEnabled, out WSHttpSecurity security)
{
security = null;
NonDualMessageSecurityOverHttp messageSecurity = null;
SecurityMode none = SecurityMode.None;
if (sbe != null)
{
mode &= UnifiedSecurityMode.TransportWithMessageCredential | UnifiedSecurityMode.Message;
none = SecurityModeHelper.ToSecurityMode(mode);
if (!MessageSecurityOverHttp.TryCreate<NonDualMessageSecurityOverHttp>(sbe, none == SecurityMode.TransportWithMessageCredential, isReliableSessionEnabled, out messageSecurity))
{
return false;
}
}
else
{
mode &= ~(UnifiedSecurityMode.TransportWithMessageCredential | UnifiedSecurityMode.Message);
none = SecurityModeHelper.ToSecurityMode(mode);
}
security = new WSHttpSecurity(none, transportSecurity, messageSecurity);
return true;
}
private static bool GetSecurityModeFromTransport(HttpTransportBindingElement http, HttpTransportSecurity transportSecurity, out UnifiedSecurityMode mode)
{
mode = UnifiedSecurityMode.None;
if (http == null)
{
return(false);
}
if (http is HttpsTransportBindingElement)
{
mode = UnifiedSecurityMode.TransportWithMessageCredential | UnifiedSecurityMode.Transport;
BasicHttpSecurity.EnableTransportSecurity((HttpsTransportBindingElement)http, transportSecurity);
}
else if (HttpTransportSecurity.IsDisabledTransportAuthentication(http))
{
mode = UnifiedSecurityMode.Message | UnifiedSecurityMode.None;
}
else
{
if (!BasicHttpSecurity.IsEnabledTransportAuthentication(http, transportSecurity))
{
return(false);
}
mode = UnifiedSecurityMode.TransportCredentialOnly;
}
return(true);
}
internal static bool TryCreate(SecurityBindingElement sbe, UnifiedSecurityMode mode, HttpTransportSecurity transportSecurity, out BasicHttpSecurity security)
{
security = null;
BasicHttpMessageSecurity security2 = null;
if (sbe != null)
{
bool flag;
mode &= UnifiedSecurityMode.TransportWithMessageCredential | UnifiedSecurityMode.Message;
if (!BasicHttpMessageSecurity.TryCreate(sbe, out security2, out flag))
{
return false;
}
}
else
{
mode &= ~(UnifiedSecurityMode.TransportWithMessageCredential | UnifiedSecurityMode.Message);
}
BasicHttpSecurityMode mode2 = BasicHttpSecurityModeHelper.ToSecurityMode(mode);
security = new BasicHttpSecurity(mode2, transportSecurity, security2);
return SecurityElementBase.AreBindingsMatching(security.CreateMessageSecurity(), sbe);
}
internal static void EnableTransportSecurity(HttpsTransportBindingElement https, HttpTransportSecurity transportSecurity)
{
BasicHttpSecurity.EnableTransportSecurity(https, transportSecurity);
}
internal static void EnableTransportSecurity(HttpsTransportBindingElement https, HttpTransportSecurity transportSecurity)
{
BasicHttpSecurity.EnableTransportSecurity(https, transportSecurity);
}
internal static bool IsConfiguredTransportAuthentication(HttpTransportBindingElement http, HttpTransportSecurity transportSecurity)
{
if (HttpClientCredentialTypeHelper.MapToClientCredentialType(http.AuthenticationScheme) == HttpClientCredentialType.Certificate)
{
return(false);
}
ConfigureAuthentication(http, transportSecurity);
return(true);
}
public WebHttpSecurity()
{
this.transportSecurity = new HttpTransportSecurity();
}
// if you make changes here, see also WS2007HttpBinding.TryCreateSecurity()
private static bool TryCreateSecurity(SecurityBindingElement sbe, UnifiedSecurityMode mode, HttpTransportSecurity transportSecurity, bool isReliableSession, out WSHttpSecurity security)
{
if (!WSHttpSecurity.TryCreate(sbe, mode, transportSecurity, isReliableSession, out security))
{
return(false);
}
// the last check: make sure that security binding element match the incoming security
return(System.ServiceModel.Configuration.SecurityElement.AreBindingsMatching(security.CreateMessageSecurity(isReliableSession, s_WSMessageSecurityVersion), sbe));
}
private static void ConfigureAuthentication(HttpTransportBindingElement http, HttpTransportSecurity transportSecurity)
{
transportSecurity._clientCredentialType = HttpClientCredentialTypeHelper.MapToClientCredentialType(http.AuthenticationScheme);
transportSecurity.Realm = http.Realm;
#region FromWCF
transportSecurity.extendedProtectionPolicy = http.ExtendedProtectionPolicy;
#endregion
}
internal static bool TryCreate(BindingElementCollection elements, out Binding binding)
{
binding = null;
if (elements.Count > 3)
{
return(false);
}
SecurityBindingElement securityElement = null;
MessageEncodingBindingElement encoding = null;
HttpTransportBindingElement transport = null;
foreach (BindingElement element in elements)
{
if (element is SecurityBindingElement)
{
securityElement = element as SecurityBindingElement;
}
else if (element is TransportBindingElement)
{
transport = element as HttpTransportBindingElement;
}
else if (element is MessageEncodingBindingElement)
{
encoding = element as MessageEncodingBindingElement;
}
else
{
return(false);
}
}
HttpsTransportBindingElement httpsTransport = transport as HttpsTransportBindingElement;
if ((securityElement != null) && (httpsTransport != null) && (httpsTransport.RequireClientCertificate != TransportDefaults.RequireClientCertificate))
{
return(false);
}
// process transport binding element
UnifiedSecurityMode mode;
HttpTransportSecurity transportSecurity = new HttpTransportSecurity();
if (!GetSecurityModeFromTransport(transport, transportSecurity, out mode))
{
return(false);
}
if (encoding == null)
{
return(false);
}
// BasicHttpBinding only supports Soap11
if (!encoding.CheckEncodingVersion(EnvelopeVersion.Soap11))
{
return(false);
}
BasicHttpSecurity security;
if (!HttpBindingBase.TryCreateSecurity(securityElement, mode, transportSecurity, out security))
{
return(false);
}
BasicHttpBinding basicHttpBinding = new BasicHttpBinding(security);
basicHttpBinding.InitializeFrom(transport, encoding);
// make sure all our defaults match
if (!basicHttpBinding.IsBindingElementsMatch(transport, encoding))
{
return(false);
}
binding = basicHttpBinding;
return(true);
}
internal WSHttpSecurity(SecurityMode mode)
{
this.Mode = mode;
message = new NonDualMessageSecurityOverHttp();
transport = new HttpTransportSecurity();
}
private static bool TryCreateSecurity(SecurityBindingElement securityElement, UnifiedSecurityMode mode, HttpTransportSecurity transportSecurity, out BasicHttpSecurity security)
{
return(BasicHttpSecurity.TryCreate(securityElement, mode, transportSecurity, out security));
}
internal static bool GetSecurityModeFromTransport(HttpTransportBindingElement http, HttpTransportSecurity transportSecurity, out UnifiedSecurityMode mode)
{
mode = UnifiedSecurityMode.None;
if (http == null)
{
return false;
}
Fx.Assert(http.AuthenticationScheme.IsSingleton(), "authenticationScheme used in an Http(s)ChannelFactory must be a singleton value.");
if (http is HttpsTransportBindingElement)
{
mode = UnifiedSecurityMode.Transport | UnifiedSecurityMode.TransportWithMessageCredential;
BasicHttpSecurity.EnableTransportSecurity((HttpsTransportBindingElement)http, transportSecurity);
}
else if (HttpTransportSecurity.IsDisabledTransportAuthentication(http))
{
mode = UnifiedSecurityMode.Message | UnifiedSecurityMode.None;
}
else if (!BasicHttpSecurity.IsEnabledTransportAuthentication(http, transportSecurity))
{
return false;
}
else
{
mode = UnifiedSecurityMode.TransportCredentialOnly;
}
return true;
}
internal static bool TryCreate(SecurityBindingElement sbe, WSFederationHttpSecurityMode mode, HttpTransportSecurity transportSecurity, bool isReliableSessionEnabled, MessageSecurityVersion version, out WSFederationHttpSecurity security)
{
security = null;
FederatedMessageSecurityOverHttp messageSecurity = null;
if (sbe == null)
{
mode = WSFederationHttpSecurityMode.None;
}
else
{
mode &= WSFederationHttpSecurityMode.TransportWithMessageCredential | WSFederationHttpSecurityMode.Message;
if (!FederatedMessageSecurityOverHttp.TryCreate(sbe, mode == WSFederationHttpSecurityMode.TransportWithMessageCredential, isReliableSessionEnabled, version, out messageSecurity))
{
return(false);
}
}
security = new WSFederationHttpSecurity(mode, messageSecurity);
return(true);
}
internal static void ApplyTransportSecurity(HttpsTransportBindingElement transport, HttpTransportSecurity transportSecurity)
{
HttpTransportSecurity.ConfigureTransportProtectionAndAuthentication(transport, transportSecurity);
}
internal static bool IsEnabledTransportAuthentication(HttpTransportBindingElement http, HttpTransportSecurity transportSecurity)
{
return(HttpTransportSecurity.IsConfiguredTransportAuthentication(http, transportSecurity));
}
private BasicHttpSecurity(BasicHttpSecurityMode mode, HttpTransportSecurity transportSecurity)
{
Fx.Assert(BasicHttpSecurityModeHelper.IsDefined(mode), string.Format("Invalid BasicHttpSecurityMode value: {0}.", mode.ToString()));
this.Mode = mode;
_transportSecurity = transportSecurity == null ? new HttpTransportSecurity() : transportSecurity;
}
internal static bool TryCreate(BindingElementCollection elements, out Binding binding)
{
binding = null;
if (elements.Count > 4)
{
return(false);
}
ReliableSessionBindingElement session = null;
SecurityBindingElement securityElement = null;
MessageEncodingBindingElement encoding = null;
HttpTransportBindingElement transport = null;
foreach (BindingElement element in elements)
{
if (element is ReliableSessionBindingElement)
{
session = element as ReliableSessionBindingElement;
}
if (element is SecurityBindingElement)
{
securityElement = element as SecurityBindingElement;
}
else if (element is TransportBindingElement)
{
transport = element as HttpTransportBindingElement;
}
else if (element is MessageEncodingBindingElement)
{
encoding = element as MessageEncodingBindingElement;
}
else
{
return(false);
}
}
if (transport == null || transport.WebSocketSettings.TransportUsage != WebSocketTransportUsage.Always)
{
return(false);
}
HttpsTransportBindingElement httpsTransport = transport as HttpsTransportBindingElement;
if ((securityElement != null) && (httpsTransport != null) && (httpsTransport.RequireClientCertificate != TransportDefaults.RequireClientCertificate))
{
return(false);
}
// process transport binding element
UnifiedSecurityMode mode;
HttpTransportSecurity transportSecurity = new HttpTransportSecurity();
if (!GetSecurityModeFromTransport(transport, transportSecurity, out mode))
{
return(false);
}
if (encoding == null)
{
return(false);
}
if (!(encoding is TextMessageEncodingBindingElement || encoding is MtomMessageEncodingBindingElement || encoding is BinaryMessageEncodingBindingElement))
{
return(false);
}
if (encoding.MessageVersion != MessageVersion.Soap12WSAddressing10)
{
return(false);
}
BasicHttpSecurity security;
if (!TryCreateSecurity(securityElement, mode, transportSecurity, out security))
{
return(false);
}
NetHttpBinding netHttpBinding = new NetHttpBinding(security);
netHttpBinding.InitializeFrom(transport, encoding, session);
// make sure all our defaults match
if (!netHttpBinding.IsBindingElementsMatch(transport, encoding, session))
{
return(false);
}
binding = netHttpBinding;
return(true);
}
internal static bool IsEnabledTransportAuthentication(HttpTransportBindingElement http, HttpTransportSecurity transportSecurity)
{
return HttpTransportSecurity.IsConfiguredTransportAuthentication(http, transportSecurity);
}
private static void ConfigureAuthentication(HttpTransportBindingElement http, HttpTransportSecurity transportSecurity)
{
transportSecurity._clientCredentialType = HttpClientCredentialTypeHelper.MapToClientCredentialType(http.AuthenticationScheme);
transportSecurity.Realm = http.Realm;
}
private static void ConfigureAuthentication(HttpTransportBindingElement http, HttpTransportSecurity transportSecurity)
{
transportSecurity._clientCredentialType = HttpClientCredentialTypeHelper.MapToClientCredentialType(http.AuthenticationScheme);
transportSecurity.Realm = http.Realm;
}
private static bool TryCreateSecurity(SecurityBindingElement sbe, UnifiedSecurityMode mode, HttpTransportSecurity transportSecurity, bool isReliableSession, out WSHttpSecurity security)
{
if (!WSHttpSecurity.TryCreate(sbe, mode, transportSecurity, isReliableSession, out security))
{
return(false);
}
return(SecurityElementBase.AreBindingsMatching(security.CreateMessageSecurity(isReliableSession, WSMessageSecurityVersion), sbe));
}
internal static bool TryCreate(SecurityBindingElement sbe, UnifiedSecurityMode mode, HttpTransportSecurity transportSecurity, out BasicHttpSecurity security)
{
security = null;
BasicHttpMessageSecurity messageSecurity = null;
if (sbe != null)
{
mode &= UnifiedSecurityMode.Message | UnifiedSecurityMode.TransportWithMessageCredential;
bool isSecureTransportMode;
if (!BasicHttpMessageSecurity.TryCreate(sbe, out messageSecurity, out isSecureTransportMode))
{
return false;
}
}
else
{
mode &= ~(UnifiedSecurityMode.Message | UnifiedSecurityMode.TransportWithMessageCredential);
}
BasicHttpSecurityMode basicHttpSecurityMode = BasicHttpSecurityModeHelper.ToSecurityMode(mode);
Fx.Assert(BasicHttpSecurityModeHelper.IsDefined(basicHttpSecurityMode), string.Format("Invalid BasicHttpSecurityMode value: {0}.", basicHttpSecurityMode.ToString()));
security = new BasicHttpSecurity(basicHttpSecurityMode, transportSecurity, messageSecurity);
return SecurityElement.AreBindingsMatching(security.CreateMessageSecurity(), sbe);
}
internal static void ConfigureTransportProtectionAndAuthentication(HttpsTransportBindingElement https, HttpTransportSecurity transportSecurity)
{
ConfigureAuthentication(https, transportSecurity);
if (https.RequireClientCertificate)
{
transportSecurity.ClientCredentialType = HttpClientCredentialType.Certificate;
}
}
internal static void EnableTransportSecurity(HttpsTransportBindingElement https, HttpTransportSecurity transportSecurity)
{
HttpTransportSecurity.ConfigureTransportProtectionAndAuthentication(https, transportSecurity);
}
private BasicHttpSecurity(BasicHttpSecurityMode mode, HttpTransportSecurity transportSecurity, BasicHttpMessageSecurity messageSecurity)
{
this.Mode = mode;
this.transportSecurity = (transportSecurity == null) ? new HttpTransportSecurity() : transportSecurity;
this.messageSecurity = (messageSecurity == null) ? new BasicHttpMessageSecurity() : messageSecurity;
}
public WebHttpSecurity()
{
this.transportSecurity = new HttpTransportSecurity();
}
internal static bool TryCreate(SecurityBindingElement sbe, UnifiedSecurityMode mode, HttpTransportSecurity transportSecurity, out BasicHttpSecurity security)
{
security = null;
BasicHttpMessageSecurity security2 = null;
if (sbe != null)
{
bool flag;
mode &= UnifiedSecurityMode.TransportWithMessageCredential | UnifiedSecurityMode.Message;
if (!BasicHttpMessageSecurity.TryCreate(sbe, out security2, out flag))
{
return(false);
}
}
else
{
mode &= ~(UnifiedSecurityMode.TransportWithMessageCredential | UnifiedSecurityMode.Message);
}
BasicHttpSecurityMode mode2 = BasicHttpSecurityModeHelper.ToSecurityMode(mode);
security = new BasicHttpSecurity(mode2, transportSecurity, security2);
return(SecurityElementBase.AreBindingsMatching(security.CreateMessageSecurity(), sbe));
}
internal static bool IsConfiguredTransportAuthentication(HttpTransportBindingElement http, HttpTransportSecurity transportSecurity)
{
if (HttpClientCredentialTypeHelper.MapToClientCredentialType(http.AuthenticationScheme) == HttpClientCredentialType.Certificate)
return false;
ConfigureAuthentication(http, transportSecurity);
return true;
}
internal static bool TryCreate(SecurityBindingElement sbe, UnifiedSecurityMode mode, HttpTransportSecurity transportSecurity, out BasicHttpSecurity security)
{
security = null;
BasicHttpMessageSecurity messageSecurity = null;
if (sbe != null)
{
mode &= UnifiedSecurityMode.Message | UnifiedSecurityMode.TransportWithMessageCredential;
bool isSecureTransportMode;
if (!BasicHttpMessageSecurity.TryCreate(sbe, out messageSecurity, out isSecureTransportMode))
{
return(false);
}
}
else
{
mode &= ~(UnifiedSecurityMode.Message | UnifiedSecurityMode.TransportWithMessageCredential);
}
BasicHttpSecurityMode basicHttpSecurityMode = BasicHttpSecurityModeHelper.ToSecurityMode(mode);
Fx.Assert(BasicHttpSecurityModeHelper.IsDefined(basicHttpSecurityMode), string.Format("Invalid BasicHttpSecurityMode value: {0}.", basicHttpSecurityMode.ToString()));
security = new BasicHttpSecurity(basicHttpSecurityMode, transportSecurity, messageSecurity);
return(SecurityElement.AreBindingsMatching(security.CreateMessageSecurity(), sbe));
}
/// <summary>
/// Creates a new instance of the <see cref="HttpBindingSecurity"/> class.
/// </summary>
public HttpBindingSecurity()
{
this.mode = DefaultMode;
this.transportSecurity = new HttpTransportSecurity();
}
internal static void EnableTransportSecurity(HttpsTransportBindingElement https, HttpTransportSecurity transportSecurity)
{
HttpTransportSecurity.ConfigureTransportProtectionAndAuthentication(https, transportSecurity);
}
