// callback from schannel
private bool ValidateRemoteCertificate(object sender, X509Certificate certificate, X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
if (_parent.RequireClientCertificate)
{
if (certificate == null)
{
Contract.Assert(certificate != null, "certificate MUST NOT be null");
return(false);
}
// Note: add ref to handle since the caller will reset the cert after the callback return.
X509Certificate2 certificate2 = new X509Certificate2(certificate.Handle);
_clientCertificate = certificate2;
try
{
SecurityToken token = new X509SecurityToken(certificate2, false);
ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies = _parent.ClientCertificateAuthenticator.ValidateToken(token);
_clientSecurity = new SecurityMessageProperty();
_clientSecurity.TransportToken = new SecurityTokenSpecification(token, authorizationPolicies);
_clientSecurity.ServiceSecurityContext = new ServiceSecurityContext(authorizationPolicies);
}
catch (SecurityTokenException)
{
return(false);
}
}
return(true);
}
protected override Stream OnAcceptUpgrade(Stream stream, out SecurityMessageProperty remoteSecurity)
{
SslStream stream2 = new SslStream(stream, false, new RemoteCertificateValidationCallback(this.ValidateRemoteCertificate));
try
{
stream2.AuthenticateAsServer(this.parent.ServerCertificate, this.parent.RequireClientCertificate, SslProtocols.Default, false);
}
catch (AuthenticationException exception)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(exception.Message, exception));
}
catch (IOException exception2)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("NegotiationFailedIO", new object[] { exception2.Message }), exception2));
}
if (System.ServiceModel.Security.SecurityUtils.ShouldValidateSslCipherStrength())
{
System.ServiceModel.Security.SecurityUtils.ValidateSslCipherStrength(stream2.CipherStrength);
}
remoteSecurity = this.clientSecurity;
if (this.IsChannelBindingSupportEnabled)
{
this.channelBindingToken = ChannelBindingUtility.GetToken(stream2);
}
return(stream2);
}
private bool ValidateRemoteCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
if (this.parent.RequireClientCertificate)
{
if (certificate == null)
{
if (DiagnosticUtility.ShouldTraceError)
{
TraceUtility.TraceEvent(TraceEventType.Error, 0x4002d, System.ServiceModel.SR.GetString("TraceCodeSslClientCertMissing"), this);
}
return(false);
}
X509Certificate2 certificate2 = new X509Certificate2(certificate);
this.clientCertificate = certificate2;
try
{
SecurityToken token = new X509SecurityToken(certificate2, false);
ReadOnlyCollection <IAuthorizationPolicy> tokenPolicies = this.parent.ClientCertificateAuthenticator.ValidateToken(token);
this.clientSecurity = new SecurityMessageProperty();
this.clientSecurity.TransportToken = new SecurityTokenSpecification(token, tokenPolicies);
this.clientSecurity.ServiceSecurityContext = new ServiceSecurityContext(tokenPolicies);
}
catch (SecurityTokenException exception)
{
if (DiagnosticUtility.ShouldTraceInformation)
{
DiagnosticUtility.ExceptionUtility.TraceHandledException(exception, TraceEventType.Information);
}
return(false);
}
}
return(true);
}
protected override Stream OnAcceptUpgrade(Stream stream, out SecurityMessageProperty remoteSecurity)
{
if (TD.SslOnAcceptUpgradeIsEnabled())
{
TD.SslOnAcceptUpgrade(this.EventTraceActivity);
}
SslStream sslStream = new SslStream(stream, false, this.ValidateRemoteCertificate);
try
{
sslStream.AuthenticateAsServer(_parent.ServerCertificate, _parent.RequireClientCertificate,
_parent.SslProtocols, false);
}
catch (AuthenticationException exception)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(exception.Message,
exception));
}
catch (IOException ioException)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(
SR.Format(SR.NegotiationFailedIO, ioException.Message), ioException));
}
remoteSecurity = _clientSecurity;
if (this.IsChannelBindingSupportEnabled)
{
_channelBindingToken = ChannelBindingUtility.GetToken(sslStream);
}
return(sslStream);
}
public static Stream End(IAsyncResult result, out SecurityMessageProperty remoteSecurity, out ChannelBinding channelBinding)
{
Stream stream = StreamSecurityUpgradeAcceptorAsyncResult.End(result, out remoteSecurity);
channelBinding = ((SslStreamSecurityUpgradeAcceptor.AcceptUpgradeAsyncResult)result).channelBindingToken;
return(stream);
}
private ServiceSecurityContext GetAndCacheSecurityContext(MessageRpc rpc)
{
ServiceSecurityContext securityContext = rpc.SecurityContext;
if (!rpc.HasSecurityContext)
{
SecurityMessageProperty securityContextProperty = rpc.Request.Properties.Security;
if (securityContextProperty == null)
{
securityContext = null; // SecurityContext.Anonymous
}
else
{
securityContext = securityContextProperty.ServiceSecurityContext;
if (securityContext == null)
{
throw TraceUtility.ThrowHelperError(new InvalidOperationException(SR.Format(SR.SecurityContextMissing, rpc.Operation.Name)), rpc.Request);
}
}
rpc.SecurityContext = securityContext;
rpc.HasSecurityContext = true;
}
return(securityContext);
}
protected override Stream OnAcceptUpgrade(Stream stream, out SecurityMessageProperty remoteSecurity)
{
// wrap stream
NegotiateStream negotiateStream = new NegotiateStream(stream);
// authenticate
try
{
if (TD.WindowsStreamSecurityOnAcceptUpgradeIsEnabled())
{
TD.WindowsStreamSecurityOnAcceptUpgrade(this.EventTraceActivity);
}
negotiateStream.AuthenticateAsServer(parent.ServerCredential, parent.ProtectionLevel,
TokenImpersonationLevel.Identification);
}
catch (AuthenticationException exception)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(exception.Message,
exception));
}
catch (IOException ioException)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(
SR.GetString(SR.NegotiationFailedIO, ioException.Message), ioException));
}
remoteSecurity = CreateClientSecurity(negotiateStream, parent.ExtractGroupsForWindowsAccounts);
return(negotiateStream);
}
SecurityMessageProperty CreateClientSecurity(NegotiateStream negotiateStream,
bool extractGroupsForWindowsAccounts)
{
IIdentity remoteIdentity = negotiateStream.RemoteIdentity;
SecurityToken token;
ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies;
if (remoteIdentity is WindowsIdentity)
{
WindowsIdentity windowIdentity = (WindowsIdentity)remoteIdentity;
Security.SecurityUtils.ValidateAnonymityConstraint(windowIdentity, false);
WindowsSecurityTokenAuthenticator authenticator = new WindowsSecurityTokenAuthenticator(extractGroupsForWindowsAccounts);
token = new WindowsSecurityToken(windowIdentity, SecurityUniqueId.Create().Value, windowIdentity.AuthenticationType);
authorizationPolicies = authenticator.ValidateToken(token);
}
else
{
token = new GenericSecurityToken(remoteIdentity.Name, SecurityUniqueId.Create().Value);
GenericSecurityTokenAuthenticator authenticator = new GenericSecurityTokenAuthenticator();
authorizationPolicies = authenticator.ValidateToken(token);
}
SecurityMessageProperty clientSecurity = new SecurityMessageProperty();
clientSecurity.TransportToken = new SecurityTokenSpecification(token, authorizationPolicies);
clientSecurity.ServiceSecurityContext = new ServiceSecurityContext(authorizationPolicies);
return(clientSecurity);
}
protected override SecurityMessageProperty ValidateCreateSecurity()
{
SecurityMessageProperty remoteSecurity = WindowsStreamSecurityUpgradeProvider.WindowsStreamSecurityUpgradeInitiator.CreateServerSecurity(this.negotiateStream);
this.initiator.ValidateMutualAuth(this.expectedIdentity, this.negotiateStream, remoteSecurity, this.initiator.allowNtlm);
return(remoteSecurity);
}
// callback from schannel
private bool ValidateRemoteCertificate(object sender, X509Certificate certificate, X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
if (_parent.RequireClientCertificate)
{
if (certificate == null)
{
return(false);
}
// Note: add ref to handle since the caller will reset the cert after the callback return.
X509Certificate2 certificate2 = new X509Certificate2(certificate);
_clientCertificate = certificate2;
try
{
SecurityToken token = new X509SecurityToken(certificate2, false);
ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies;
var validationValueTask = _parent.ClientCertificateAuthenticator.ValidateTokenAsync(token);
authorizationPolicies = validationValueTask.IsCompleted
? validationValueTask.Result
: validationValueTask.AsTask().GetAwaiter().GetResult();
_clientSecurity = new SecurityMessageProperty
{
TransportToken = new SecurityTokenSpecification(token, authorizationPolicies),
ServiceSecurityContext = new ServiceSecurityContext(authorizationPolicies)
};
}
catch (SecurityTokenException e)
{
DiagnosticUtility.TraceHandledException(e, TraceEventType.Information);
return(false);
}
}
return(true);
}
public InitiatorSecureMessageDecryptor(
Message source, SecurityMessageProperty secprop, InitiatorMessageSecurityBindingSupport security)
: base(source, security)
{
this.security = security;
request_security = secprop;
}
// Define the set of policies taking part in chaining. We will provide
// the safe default set (primary token + all supporting tokens except token with
// with SecurityTokenAttachmentMode.Signed + transport token). Implementor
// can override and provide different selection of policies set.
protected virtual ReadOnlyCollection <IAuthorizationPolicy> GetAuthorizationPolicies(OperationContext operationContext)
{
SecurityMessageProperty security = operationContext.IncomingMessageProperties.Security;
if (security == null)
{
return(EmptyReadOnlyCollection <IAuthorizationPolicy> .Instance);
}
ReadOnlyCollection <IAuthorizationPolicy> externalPolicies = security.ExternalAuthorizationPolicies;
if (security.ServiceSecurityContext == null)
{
return(externalPolicies ?? EmptyReadOnlyCollection <IAuthorizationPolicy> .Instance);
}
ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies = security.ServiceSecurityContext.AuthorizationPolicies;
if (externalPolicies == null || externalPolicies.Count <= 0)
{
return(authorizationPolicies);
}
// Combine
List <IAuthorizationPolicy> policies = new List <IAuthorizationPolicy>(authorizationPolicies);
policies.AddRange(externalPolicies);
return(policies.AsReadOnly());
}
public void Clear()
{
if (_disposed)
{
ThrowDisposed();
}
if (_properties != null)
{
for (int i = 0; i < _properties.Length; i++)
{
if (_properties[i].Name == null)
{
break;
}
_properties[i] = new Property();
}
}
_via = null;
_allowOutputBatching = null;
_security = null;
_encoder = null;
_propertyCount = 0;
}
protected override Stream OnAcceptUpgrade(Stream stream, out SecurityMessageProperty remoteSecurity)
{
#if SUPPORTS_WINDOWSIDENTITY // NegotiateStream
// wrap stream
NegotiateStream negotiateStream = new NegotiateStream(stream);
// authenticate
try
{
if (WcfEventSource.Instance.WindowsStreamSecurityOnAcceptUpgradeIsEnabled())
{
WcfEventSource.Instance.WindowsStreamSecurityOnAcceptUpgrade(EventTraceActivity);
}
negotiateStream.AuthenticateAsServerAsync(_parent.ServerCredential, _parent.ProtectionLevel,
TokenImpersonationLevel.Identification).GetAwaiter().GetResult();
}
catch (AuthenticationException exception)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(exception.Message,
exception));
}
catch (IOException ioException)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(
SR.Format(SR.NegotiationFailedIO, ioException.Message), ioException));
}
remoteSecurity = CreateClientSecurity(negotiateStream, _parent.ExtractGroupsForWindowsAccounts);
return(negotiateStream);
#else
throw ExceptionHelper.PlatformNotSupported(ExceptionHelper.WinsdowsStreamSecurityNotSupported);
#endif // SUPPORTS_WINDOWSIDENTITY
}
protected override async Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
IPrincipal originalPrincipal = Thread.CurrentPrincipal;
// here you can see the requestor's identity via the request message
// convert the Generic Identity to some IPrincipal object, and set it in the request's property
// later the authorization filter will use the role information to authorize request.
SecurityMessageProperty property = request.GetSecurityMessageProperty();
if (property != null)
{
ServiceSecurityContext context = property.ServiceSecurityContext;
if (context.PrimaryIdentity.Name == "username")
{
Thread.CurrentPrincipal = new GenericPrincipal(context.PrimaryIdentity, new string[] { "Administrators" });
}
}
try
{
return(await base.SendAsync(request, cancellationToken));
}
finally
{
Thread.CurrentPrincipal = originalPrincipal;
}
}
protected override async Task <(Stream, SecurityMessageProperty)> OnAcceptUpgradeAsync(Stream stream)
{
var sslStream = new SslStream(stream, false, ValidateRemoteCertificate);
try
{
await sslStream.AuthenticateAsServerAsync(_parent.ServerCertificate, _parent.RequireClientCertificate,
_parent.SslProtocols, false);
}
catch (AuthenticationException exception)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(exception.Message,
exception));
}
catch (IOException ioException)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(
SR.Format(SR.NegotiationFailedIO, ioException.Message), ioException));
}
SecurityMessageProperty remoteSecurity = _clientSecurity;
if (IsChannelBindingSupportEnabled)
{
_channelBindingToken = ChannelBindingUtility.GetToken(sslStream);
}
return(sslStream, remoteSecurity);
}
bool HandleUpgrade(IAsyncResult result)
{
connection = ConnectionUpgradeHelper.EndInitiateUpgrade(result);
if (this.channelBindingProvider != null && this.channelBindingProvider.IsChannelBindingSupportEnabled)
{
this.channel.channelBindingToken = this.channelBindingProvider.GetChannelBinding(this.upgradeInitiator, ChannelBindingKind.Endpoint);
}
this.remoteSecurity = StreamSecurityUpgradeInitiator.GetRemoteSecurity(this.upgradeInitiator);
this.upgradeInitiator = null; // we're done with the initiator
if (onWritePreambleEnd == null)
{
onWritePreambleEnd = Fx.ThunkCallback(new WaitCallback(OnWritePreambleEnd));
}
AsyncCompletionResult writePreambleResult = connection.BeginWrite(
ClientSingletonEncoder.PreambleEndBytes, 0, ClientSingletonEncoder.PreambleEndBytes.Length, true,
timeoutHelper.RemainingTime(), onWritePreambleEnd, this);
if (writePreambleResult == AsyncCompletionResult.Queued)
{
return(false);
}
connection.EndWrite();
return(ReadPreambleAck());
}
public static IConnection End(IAsyncResult result, out SecurityMessageProperty remoteSecurity)
{
SendPreambleAsyncResult thisPtr = AsyncResult.End <SendPreambleAsyncResult>(result);
remoteSecurity = thisPtr.remoteSecurity;
return(thisPtr.connection);
}
public void ClientAcceptUpgrade()
{
ServiceCredentials cred = new ServiceCredentials();
X509Certificate2 cert =
new X509Certificate2("Test/Resources/test.cer");
cred.ServiceCertificate.Certificate = cert;
X509CertificateEndpointIdentity ident =
new X509CertificateEndpointIdentity(cert);
StreamSecurityUpgradeProvider p = CreateClientProvider(cred, ident);
p.Open();
try
{
StreamSecurityUpgradeAcceptor a =
p.CreateUpgradeAcceptor()
as StreamSecurityUpgradeAcceptor;
Assert.IsNotNull(a, "#1");
SecurityMessageProperty prop =
a.GetRemoteSecurity();
Assert.IsNull(prop, "#2"); // hmm
Stream s = a.AcceptUpgrade(new MemoryStream(new byte [] { 1, 2, 3, 4, 5 }));
}
finally
{
p.Close();
}
}
private static X509Certificate2 RetrieveClientCertificate(HttpRequestMessage request)
{
if (request == null)
{
throw Error.ArgumentNull("request");
}
SecurityMessageProperty property = request.GetSecurityMessageProperty();
X509Certificate2 result = null;
if (property != null && property.ServiceSecurityContext != null && property.ServiceSecurityContext.AuthorizationContext != null)
{
X509CertificateClaimSet certClaimSet = null;
foreach (ClaimSet claimSet in property.ServiceSecurityContext.AuthorizationContext.ClaimSets)
{
certClaimSet = claimSet as X509CertificateClaimSet;
if (certClaimSet != null)
{
result = certClaimSet.X509Certificate;
break;
}
}
}
return(result);
}
private bool ProcessAuthentication(RequestContext requestContext)
{
var authorizationHeader = GetAuthorizationHeader(requestContext.RequestMessage);
if (!authorizationHeader.StartsWith(BasicAuthenticationMechanism, StringComparison.Ordinal))
{
return(false);
}
string authBase64Encoded = authorizationHeader.Substring(BasicAuthenticationMechanismLength);
var authDecodedBytes = Convert.FromBase64String(authBase64Encoded);
var authDecoded = Encoding.UTF8.GetString(authDecodedBytes);
int colonPos = authDecoded.IndexOf(':');
if (colonPos <= 0)
{
return(false);
}
var username = authDecoded.Substring(0, colonPos);
var password = authDecoded.Substring(colonPos + 1);
SecurityToken securityToken = new UserNameSecurityToken(username, password);
ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies = _parentListener.UserNameTokenAuthenticator.ValidateToken(securityToken);
SecurityMessageProperty security = new SecurityMessageProperty();
security.TransportToken = new SecurityTokenSpecification(securityToken, authorizationPolicies);
security.ServiceSecurityContext = new ServiceSecurityContext(authorizationPolicies);
requestContext.RequestMessage.Properties.Security = security;
return(true);
}
internal SecurityContextSecurityToken(SecurityContextSecurityToken sourceToken, string id, byte[] key, UniqueId keyGeneration, DateTime keyEffectiveTime, DateTime keyExpirationTime, ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies)
{
this.id = id;
this.Initialize(sourceToken.contextId, key, sourceToken.ValidFrom, sourceToken.ValidTo, authorizationPolicies, sourceToken.isCookieMode, keyGeneration, keyEffectiveTime, keyExpirationTime);
this.cookieBlob = sourceToken.cookieBlob;
this.bootstrapMessageProperty = (sourceToken.bootstrapMessageProperty == null) ? null : ((SecurityMessageProperty)sourceToken.BootstrapMessageProperty.CreateCopy());
}
public static Stream End(IAsyncResult result, out SecurityMessageProperty remoteSecurity)
{
StreamSecurityUpgradeAcceptorAsyncResult result2 = AsyncResult.End <StreamSecurityUpgradeAcceptorAsyncResult>(result);
remoteSecurity = result2.remoteSecurity;
return(result2.upgradedStream);
}
public static Stream End(IAsyncResult result, out SecurityMessageProperty remoteSecurity)
{
StreamSecurityUpgradeInitiatorAsyncResult thisPtr = AsyncResult.End <StreamSecurityUpgradeInitiatorAsyncResult>(result);
remoteSecurity = thisPtr.remoteSecurity;
return(thisPtr.upgradedStream);
}
private async Task <SecurityMessageProperty> CreateClientSecurityAsync(NegotiateStream negotiateStream,
bool extractGroupsForWindowsAccounts)
{
IIdentity remoteIdentity = negotiateStream.RemoteIdentity;
SecurityToken token;
ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies;
WindowsSecurityTokenAuthenticator authenticator = new WindowsSecurityTokenAuthenticator(extractGroupsForWindowsAccounts, _ldapSettings);
if (remoteIdentity is WindowsIdentity)
{
WindowsIdentity windowIdentity = (WindowsIdentity)remoteIdentity;
SecurityUtils.ValidateAnonymityConstraint(windowIdentity, false);
token = new WindowsSecurityToken(windowIdentity, SecurityUniqueId.Create().Value, windowIdentity.AuthenticationType);
}
else
{
ClaimsIdentity claimsIdentity = new ClaimsIdentity(remoteIdentity);
token = new GenericSecurityToken(remoteIdentity.Name, SecurityUniqueId.Create().Value);
}
authorizationPolicies = await authenticator.ValidateTokenAsync(token);
SecurityMessageProperty clientSecurity = new SecurityMessageProperty
{
TransportToken = new SecurityTokenSpecification(token, authorizationPolicies),
ServiceSecurityContext = new ServiceSecurityContext(authorizationPolicies)
};
return(clientSecurity);
}
public void Authorize(ref MessageRpc rpc)
{
// TODO: Events
SecurityMessageProperty security = SecurityMessageProperty.GetOrCreate(rpc.Request);
security.ExternalAuthorizationPolicies = _externalAuthorizationPolicies;
ServiceAuthorizationManager serviceAuthorizationManager = _serviceAuthorizationManager ?? s_defaultServiceAuthorizationManager;
try
{
if (!serviceAuthorizationManager.CheckAccess(rpc.OperationContext, ref rpc.Request))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(CreateAccessDeniedFaultException());
}
}
catch (Exception ex)
{
// I know this code looks weird and it looks like the try/catch block should be removed, but I'm maintaining
// this code structure in preparation for Perf counters and auditing to be put back in.
if (Fx.IsFatal(ex))
{
throw;
}
// TODO: PerformanceCounters
// TODO: Auditing
throw;
}
}
protected override async Task <(Stream, SecurityMessageProperty)> OnAcceptUpgradeAsync(Stream stream)
{
// wrap stream
NegotiateStream negotiateStream = new NegotiateStream(stream, true);
// authenticate
try
{
await negotiateStream.AuthenticateAsServerAsync(_parent.ServerCredential, _parent.ProtectionLevel,
TokenImpersonationLevel.Identification);
}
catch (AuthenticationException exception)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(exception.Message,
exception));
}
catch (IOException ioException)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(
SR.Format(SR.NegotiationFailedIO, ioException.Message), ioException));
}
SecurityMessageProperty remoteSecurity = await CreateClientSecurityAsync(negotiateStream, _parent.ExtractGroupsForWindowsAccounts);
return(negotiateStream, remoteSecurity);
}
public WindowsStreamSecurityUpgradeAcceptor(WindowsStreamSecurityUpgradeProvider parent)
: base(FramingUpgradeString.Negotiate)
{
_parent = parent;
_clientSecurity = new SecurityMessageProperty();
_ldapSettings = parent.LdapSettings;
}
static void GetOrCreateSecureMessageAtClient(Message msg)
{
foreach (object o in msg.Properties)
{
if (o is SecurityMessageProperty)
{
Assert.Fail("The input msg should not contain SecurityMessageProperty yet.");
}
}
SecurityMessageProperty p = SecurityMessageProperty.GetOrCreate(msg);
Assert.AreEqual(null, p.InitiatorToken, "#1");
Assert.AreEqual(null, p.RecipientToken, "#2");
Assert.IsNull(p.ProtectionToken, "#3");
Assert.IsNull(p.TransportToken, "#4");
Assert.IsNull(p.ExternalAuthorizationPolicies, "#5");
// Assert.AreEqual (0, p.ExternalAuthorizationPolicies.Count, "#5");
Assert.IsFalse(p.HasIncomingSupportingTokens, "#6");
Assert.IsNotNull(p.IncomingSupportingTokens, "#6-2");
Assert.AreEqual("_", p.SenderIdPrefix, "#6-3");
ServiceSecurityContext ssc = p.ServiceSecurityContext;
Assert.IsNotNull(ssc, "#7");
// not sure if it is worthy of testing though ...
GenericIdentity identity = ssc.PrimaryIdentity as GenericIdentity;
Assert.IsNotNull(identity, "#8-1");
Assert.AreEqual("", identity.Name, "#8-2");
Assert.AreEqual("", identity.AuthenticationType, "#8-3");
Assert.AreEqual(0, ssc.AuthorizationPolicies.Count, "#9");
Assert.IsTrue(ssc.IsAnonymous, "#10");
}
public void GetOrCreateNonSecureMessage()
{
Message m = Message.CreateMessage(MessageVersion.Default, "urn:myaction");
SecurityMessageProperty p =
SecurityMessageProperty.GetOrCreate(m);
Assert.IsNull(p.InitiatorToken, "#1");
Assert.IsNull(p.RecipientToken, "#2");
Assert.IsNull(p.ProtectionToken, "#3");
Assert.IsNull(p.TransportToken, "#4");
Assert.IsNull(p.ExternalAuthorizationPolicies, "#5");
// Assert.AreEqual (0, p.ExternalAuthorizationPolicies.Count, "#5");
Assert.IsFalse(p.HasIncomingSupportingTokens, "#6");
Assert.IsNotNull(p.IncomingSupportingTokens, "#6-2");
Assert.AreEqual("_", p.SenderIdPrefix, "#6-3");
ServiceSecurityContext ssc = p.ServiceSecurityContext;
Assert.IsNotNull(ssc, "#7");
// not sure if it is worthy of testing though ...
GenericIdentity identity = ssc.PrimaryIdentity as GenericIdentity;
Assert.IsNotNull(identity, "#8-1");
Assert.AreEqual("", identity.Name, "#8-2");
Assert.AreEqual("", identity.AuthenticationType, "#8-3");
Assert.AreEqual(0, ssc.AuthorizationPolicies.Count, "#9");
Assert.IsTrue(ssc.IsAnonymous, "#10");
}
internal SecurityContextSecurityToken(SecurityContextSecurityToken sourceToken, string id, byte[] key, UniqueId keyGeneration, DateTime keyEffectiveTime, DateTime keyExpirationTime, ReadOnlyCollection<IAuthorizationPolicy> authorizationPolicies)
: base()
{
_id = id;
this.Initialize(sourceToken._contextId, key, sourceToken.ValidFrom, sourceToken.ValidTo, authorizationPolicies, sourceToken._isCookieMode, keyGeneration, keyEffectiveTime, keyExpirationTime);
_cookieBlob = sourceToken._cookieBlob;
_bootstrapMessageProperty = (sourceToken._bootstrapMessageProperty == null) ? null : (SecurityMessageProperty)sourceToken.BootstrapMessageProperty.CreateCopy();
}
private SecurityContextSecurityToken(SecurityContextSecurityToken from)
{
ReadOnlyCollection<IAuthorizationPolicy> authorizationPolicies = System.IdentityModel.SecurityUtils.CloneAuthorizationPoliciesIfNecessary(from._authorizationPolicies);
_id = from._id;
this.Initialize(from._contextId, from._key, from._tokenEffectiveTime, from._tokenExpirationTime, authorizationPolicies, from._isCookieMode, from._keyGeneration, from._keyEffectiveTime, from._keyExpirationTime);
_cookieBlob = from._cookieBlob;
_bootstrapMessageProperty = (from._bootstrapMessageProperty == null) ? null : (SecurityMessageProperty)from.BootstrapMessageProperty.CreateCopy();
}
