public ServiceAuthorizationBehaviorAttribute(PrincipalPermissionMode principalPermissionMode, string roleProviderName = "")
{
switch (principalPermissionMode)
{
case PrincipalPermissionMode.UseWindowsGroups:
{
this.CallContextInitializer = new WindowsAuthorizationCallContextInitializer();
break;
}
case PrincipalPermissionMode.UseAspNetRoles:
{
if (string.IsNullOrEmpty(roleProviderName))
{
this.CallContextInitializer = new AspRoleAuthorizationCallContextInitializer(Roles.Provider);
}
else
{
this.CallContextInitializer = new AspRoleAuthorizationCallContextInitializer(Roles.Providers[roleProviderName]);
}
break;
}
case PrincipalPermissionMode.Custom:
{
throw new ArgumentException("只有UseWindowsGroups和UseAspNetRoles模式被支持!");
}
}
}
public ServiceAuthorizationBehaviorAttribute(PrincipalPermissionMode principalPermissionMode, string roleProviderName = "")
{
switch (principalPermissionMode)
{
case PrincipalPermissionMode.UseWindowsGroups:
{
this.CallContextInitializer = new WindowsAuthorizationCallContextInitializer();
break;
}
case PrincipalPermissionMode.UseAspNetRoles:
{
if (string.IsNullOrEmpty(roleProviderName))
{
this.CallContextInitializer = new AspRoleAuthorizationCallContextInitializer(Roles.Provider);
}
else
{
this.CallContextInitializer = new AspRoleAuthorizationCallContextInitializer(Roles.Providers[roleProviderName]);
}
break;
}
case PrincipalPermissionMode.Custom:
{
throw new ArgumentException("只有UseWindowsGroups和UseAspNetRoles模式被支持!");
}
}
}
public static bool IsDefined(PrincipalPermissionMode principalPermissionMode)
{
if (((principalPermissionMode != PrincipalPermissionMode.None) && (principalPermissionMode != PrincipalPermissionMode.UseWindowsGroups)) && (principalPermissionMode != PrincipalPermissionMode.UseAspNetRoles))
{
return (principalPermissionMode == PrincipalPermissionMode.Custom);
}
return true;
}
public static bool IsDefined(PrincipalPermissionMode principalPermissionMode)
{
if (((principalPermissionMode != PrincipalPermissionMode.None) && (principalPermissionMode != PrincipalPermissionMode.UseWindowsGroups)) && (principalPermissionMode != PrincipalPermissionMode.UseAspNetRoles))
{
return(principalPermissionMode == PrincipalPermissionMode.Custom);
}
return(true);
}
//AuditLevel auditLevel = ServiceSecurityAuditBehavior.defaultMessageAuthenticationAuditLevel;
//AuditLogLocation auditLogLocation = ServiceSecurityAuditBehavior.defaultAuditLogLocation;
//bool suppressAuditFailure = ServiceSecurityAuditBehavior.defaultSuppressAuditFailure;
private SecurityImpersonationBehavior(DispatchRuntime dispatch)
{
_principalPermissionMode = dispatch.PrincipalPermissionMode;
_impersonateCallerForAllOperations = dispatch.ImpersonateCallerForAllOperations;
//this.auditLevel = dispatch.MessageAuthenticationAuditLevel;
//this.auditLogLocation = dispatch.SecurityAuditLogLocation;
//this.suppressAuditFailure = dispatch.SuppressAuditFailure;
_ncNameMap = new Dictionary <string, string>(maxDomainNameMapSize, StringComparer.OrdinalIgnoreCase);
}
public static ServiceHost CreateWcfChannel <T>(
object singletonInstance,
Binding binding,
string address,
string thumbPrint = null,
ServiceAuthorizationManager authorizationManager = null,
PrincipalPermissionMode permissionMode = PrincipalPermissionMode.UseWindowsGroups,
ServiceThrottlingBehavior throttlingBehavior = null)
{
return(CreateWcfChannel <T>(singletonInstance, binding, new Uri(address), thumbPrint, authorizationManager, permissionMode, throttlingBehavior));
}
private SecurityImpersonationBehavior(DispatchRuntime dispatch)
{
this.principalPermissionMode = dispatch.PrincipalPermissionMode;
this.impersonateCallerForAllOperations = dispatch.ImpersonateCallerForAllOperations;
this.auditLevel = dispatch.MessageAuthenticationAuditLevel;
this.auditLogLocation = dispatch.SecurityAuditLogLocation;
this.suppressAuditFailure = dispatch.SuppressAuditFailure;
if (dispatch.IsRoleProviderSet)
{
this.ApplyRoleProvider(dispatch);
}
this.domainNameMap = new Dictionary<string, string>(5, StringComparer.OrdinalIgnoreCase);
}
private SecurityImpersonationBehavior(DispatchRuntime dispatch)
{
this.principalPermissionMode = dispatch.PrincipalPermissionMode;
this.impersonateCallerForAllOperations = dispatch.ImpersonateCallerForAllOperations;
this.auditLevel = dispatch.MessageAuthenticationAuditLevel;
this.auditLogLocation = dispatch.SecurityAuditLogLocation;
this.suppressAuditFailure = dispatch.SuppressAuditFailure;
if (dispatch.IsRoleProviderSet)
{
this.ApplyRoleProvider(dispatch);
}
this.domainNameMap = new Dictionary <string, string>(5, StringComparer.OrdinalIgnoreCase);
}
private ServiceAuthorizationBehavior(ServiceAuthorizationBehavior other)
{
_impersonateCallerForAllOperations = other._impersonateCallerForAllOperations;
_impersonateOnSerializingReply = other._impersonateOnSerializingReply;
_principalPermissionMode = other._principalPermissionMode;
_isExternalPoliciesSet = other._isExternalPoliciesSet;
_isAuthorizationManagerSet = other._isAuthorizationManagerSet;
if (other._isExternalPoliciesSet || other._isAuthorizationManagerSet)
{
CopyAuthorizationPoliciesAndManager(other);
}
_isReadOnly = other._isReadOnly;
}
ServiceAuthorizationBehavior(ServiceAuthorizationBehavior other)
{
this.impersonateCallerForAllOperations = other.impersonateCallerForAllOperations;
this.impersonateOnSerializingReply = other.impersonateOnSerializingReply;
this.principalPermissionMode = other.principalPermissionMode;
this.roleProvider = other.roleProvider;
this.isExternalPoliciesSet = other.isExternalPoliciesSet;
this.isAuthorizationManagerSet = other.isAuthorizationManagerSet;
if (other.isExternalPoliciesSet || other.isAuthorizationManagerSet)
{
CopyAuthorizationPoliciesAndManager(other);
}
this.isReadOnly = other.isReadOnly;
}
ServiceAuthorizationBehavior(ServiceAuthorizationBehavior other)
{
this.impersonateCallerForAllOperations = other.impersonateCallerForAllOperations;
this.impersonateOnSerializingReply = other.impersonateOnSerializingReply;
this.principalPermissionMode = other.principalPermissionMode;
this.roleProvider = other.roleProvider;
this.isExternalPoliciesSet = other.isExternalPoliciesSet;
this.isAuthorizationManagerSet = other.isAuthorizationManagerSet;
if (other.isExternalPoliciesSet || other.isAuthorizationManagerSet)
{
CopyAuthorizationPoliciesAndManager(other);
}
this.isReadOnly = other.isReadOnly;
}
public static async Task <ServiceHost> SetupWcfChannelAsync <T>(
object singletonInstance,
Binding binding,
ServiceAuthorizationManager authorizationManager,
PrincipalPermissionMode permissionMode,
ServiceThrottlingBehavior throttlingBehavior,
string address)
{
Trace.TraceInformation("[WcfHost] Start WCF endpoint on {0}", address);
var host = CreateWcfChannel <T>(singletonInstance, binding, address, null, authorizationManager, permissionMode, throttlingBehavior);
await Task.Factory.FromAsync(host.BeginOpen(null, null), host.EndOpen).ConfigureAwait(false);
Trace.TraceInformation("[WcfHost] End to setup WCF channel");
return(host);
}
DispatchRuntime(SharedRuntimeState shared)
{
this.shared = shared;
operations = new OperationCollection(this);
inputSessionShutdownHandlers = NewBehaviorCollection <IInputSessionShutdown>();
MessageInspectors = NewBehaviorCollection <IDispatchMessageInspector>();
instanceContextInitializers = NewBehaviorCollection <IInstanceContextInitializer>();
synchronizationContext = ThreadBehavior.GetCurrentSynchronizationContext();
automaticInputSessionShutdown = true;
principalPermissionMode = ServiceAuthorizationBehavior.DefaultPrincipalPermissionMode;
unhandled = new DispatchOperation(this, "*", MessageHeaders.WildcardAction, MessageHeaders.WildcardAction);
unhandled.InternalFormatter = MessageOperationFormatter.Instance;
unhandled.InternalInvoker = new UnhandledActionInvoker(this);
}
DispatchRuntime(SharedRuntimeState shared)
{
this.shared = shared;
this.operations = new OperationCollection(this);
this.inputSessionShutdownHandlers = this.NewBehaviorCollection <IInputSessionShutdown>();
this.messageInspectors = this.NewBehaviorCollection <IDispatchMessageInspector>();
this.instanceContextInitializers = this.NewBehaviorCollection <IInstanceContextInitializer>();
this.synchronizationContext = ThreadBehavior.GetCurrentSynchronizationContext();
this.automaticInputSessionShutdown = true;
this.principalPermissionMode = ServiceAuthorizationBehavior.DefaultPrincipalPermissionMode;
this.securityAuditLogLocation = ServiceSecurityAuditBehavior.defaultAuditLogLocation;
this.suppressAuditFailure = ServiceSecurityAuditBehavior.defaultSuppressAuditFailure;
this.serviceAuthorizationAuditLevel = ServiceSecurityAuditBehavior.defaultServiceAuthorizationAuditLevel;
this.messageAuthenticationAuditLevel = ServiceSecurityAuditBehavior.defaultMessageAuthenticationAuditLevel;
this.unhandled = new DispatchOperation(this, "*", MessageHeaders.WildcardAction, MessageHeaders.WildcardAction);
this.unhandled.InternalFormatter = MessageOperationFormatter.Instance;
this.unhandled.InternalInvoker = new UnhandledActionInvoker(this);
}
public static ServiceHost CreateWcfChannel <T>(
object singletonInstance,
Binding binding,
Uri address,
string thumbPrint = null,
ServiceAuthorizationManager authorizationManager = null,
PrincipalPermissionMode permissionMode = PrincipalPermissionMode.UseWindowsGroups,
ServiceThrottlingBehavior throttlingBehavior = null)
{
var host = new ServiceHost(singletonInstance);
if (authorizationManager != null)
{
host.Authorization.ServiceAuthorizationManager = authorizationManager;
}
if (throttlingBehavior != null)
{
host.Description.Behaviors.Add(throttlingBehavior);
}
var myServiceBehavior = host.Description.Behaviors.Find <ServiceAuthorizationBehavior>();
myServiceBehavior.PrincipalPermissionMode = permissionMode;
host.AddServiceEndpoint(typeof(T), binding, address);
host.OpenTimeout = ServiceHostOpenTimeout;
host.CloseTimeout = ServiceHostCloseTimeout;
if (!string.IsNullOrEmpty(thumbPrint))
{
host.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.PeerOrChainTrust;
host.Credentials.ClientCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;
host.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, thumbPrint);
}
return(host);
}
public PrincipalPermissionModeAuthorization(PrincipalPermissionMode principalPermissionMode)
{
m_PrincipalPermissionMode = principalPermissionMode;
}
public ServiceAuthorizationBehavior()
{
this.impersonateCallerForAllOperations = DefaultImpersonateCallerForAllOperations;
this.impersonateOnSerializingReply = DefaultImpersonateOnSerializingReply;
this.principalPermissionMode = DefaultPrincipalPermissionMode;
}
public static bool IsDefined(PrincipalPermissionMode principalPermissionMode)
{
return(Enum.IsDefined(typeof(PrincipalPermissionMode), principalPermissionMode));
}
public ServiceAuthorizationBehavior()
{
this.impersonateCallerForAllOperations = DefaultImpersonateCallerForAllOperations;
this.impersonateOnSerializingReply = DefaultImpersonateOnSerializingReply;
this.principalPermissionMode = DefaultPrincipalPermissionMode;
}
public static bool IsDefined(PrincipalPermissionMode principalPermissionMode)
{
return Enum.IsDefined( typeof( PrincipalPermissionMode ), principalPermissionMode );
}
public StartUpPermissionBase(PrincipalPermissionMode modeToTest, bool isImmpersonation = false)
{
this.principalMode = modeToTest;
this.isImpersonate = isImmpersonation;
}
