internal WindowsClaimSet(ClaimsIdentity claimsIdentity, string authenticationType, bool includeWindowsGroups, DateTime expirationTime, bool clone, IList <Claim> _fromClaims, LdapSettings ldapSettings)
: this(authenticationType, includeWindowsGroups, expirationTime, clone, _fromClaims)
{
if (claimsIdentity == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(claimsIdentity));
}
_windowsIdentity = (clone && claimsIdentity is WindowsIdentity) ? SecurityUtils.CloneWindowsIdentityIfNecessary((WindowsIdentity)claimsIdentity, authenticationType) : claimsIdentity;
_ldapSettings = ldapSettings;
}
internal WindowsClaimSet(WindowsIdentity windowsIdentity, string authenticationType, bool includeWindowsGroups, DateTime expirationTime, bool clone, IList <Claim> _fromClaims)
: this(authenticationType, includeWindowsGroups, expirationTime, clone, _fromClaims)
{
if (windowsIdentity == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(windowsIdentity));
}
_windowsIdentity = clone ? SecurityUtils.CloneWindowsIdentityIfNecessary(windowsIdentity, authenticationType) : windowsIdentity;
}
internal X509WindowsSecurityToken(X509Certificate2 certificate, WindowsIdentity windowsIdentity, string authenticationType, string id, bool clone)
: base(certificate, id, clone)
{
if (windowsIdentity == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("windowsIdentity");
}
this.authenticationType = authenticationType;
this.windowsIdentity = clone ? SecurityUtils.CloneWindowsIdentityIfNecessary(windowsIdentity, authenticationType) : windowsIdentity;
}
protected void Initialize(string id, string authenticationType, DateTime effectiveTime, DateTime expirationTime, WindowsIdentity windowsIdentity, bool clone)
{
if (windowsIdentity == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(windowsIdentity));
}
_id = id ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(id));
AuthenticationType = authenticationType;
_effectiveTime = effectiveTime;
_expirationTime = expirationTime;
_windowsIdentity = clone ? SecurityUtils.CloneWindowsIdentityIfNecessary(windowsIdentity, authenticationType) : windowsIdentity;
}
internal WindowsClaimSet(WindowsIdentity windowsIdentity, string authenticationType, bool includeWindowsGroups, DateTime expirationTime, bool clone)
{
if (windowsIdentity == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("windowsIdentity");
}
this.windowsIdentity = clone ? SecurityUtils.CloneWindowsIdentityIfNecessary(windowsIdentity, authenticationType) : windowsIdentity;
this.includeWindowsGroups = includeWindowsGroups;
this.expirationTime = expirationTime;
this.authenticationType = authenticationType;
}
protected void Initialize(string id, string authenticationType, DateTime effectiveTime, DateTime expirationTime, WindowsIdentity windowsIdentity, bool clone)
{
if (windowsIdentity == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("windowsIdentity");
}
if (id == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("id");
}
this.id = id;
this.authenticationType = authenticationType;
this.effectiveTime = effectiveTime;
this.expirationTime = expirationTime;
this.windowsIdentity = clone ? SecurityUtils.CloneWindowsIdentityIfNecessary(windowsIdentity, authenticationType) : windowsIdentity;
}
public override SecurityMessageProperty ProcessAuthentication(IHttpAuthenticationContext authenticationContext)
{
if (this.shouldValidateClientCertificate)
{
SecurityMessageProperty retValue;
X509Certificate2 certificate = null;
try
{
bool isCertificateValid;
certificate = authenticationContext.GetClientCertificate(out isCertificateValid);
Fx.Assert(!this.requireClientCertificate || certificate != null, "ClientCertificate must be present");
if (certificate != null)
{
if (!this.useCustomClientCertificateVerification)
{
Fx.Assert(isCertificateValid, "ClientCertificate must be valid");
}
WindowsIdentity identity = null;
string authType = base.GetAuthType(authenticationContext);
if (this.useHostedClientCertificateMapping)
{
identity = authenticationContext.LogonUserIdentity;
if (identity == null || !identity.IsAuthenticated)
{
identity = WindowsIdentity.GetAnonymous();
}
else
{
// it is not recommended to call identity.AuthenticationType as this is a privileged instruction.
// when the identity is cloned, it will be created with an authtype indicating WindowsIdentity from a cert.
identity = SecurityUtils.CloneWindowsIdentityIfNecessary(identity, SecurityUtils.AuthTypeCertMap);
authType = SecurityUtils.AuthTypeCertMap;
}
}
retValue = CreateSecurityProperty(certificate, identity, authType);
}
else if (this.AuthenticationScheme == AuthenticationSchemes.Anonymous)
{
return(new SecurityMessageProperty());
}
else
{
return(base.ProcessAuthentication(authenticationContext));
}
}
#pragma warning suppress 56500 // covered by FXCop
catch (Exception exception)
{
if (Fx.IsFatal(exception))
{
throw;
}
// Audit Authentication failure
if (AuditLevel.Failure == (this.AuditBehavior.MessageAuthenticationAuditLevel & AuditLevel.Failure))
{
WriteAuditEvent(AuditLevel.Failure, (certificate != null) ? SecurityUtils.GetCertificateId(certificate) : String.Empty, exception);
}
throw;
}
// Audit Authentication success
if (AuditLevel.Success == (this.AuditBehavior.MessageAuthenticationAuditLevel & AuditLevel.Success))
{
WriteAuditEvent(AuditLevel.Success, (certificate != null) ? SecurityUtils.GetCertificateId(certificate) : String.Empty, null);
}
return(retValue);
}
else if (this.AuthenticationScheme == AuthenticationSchemes.Anonymous)
{
return(new SecurityMessageProperty());
}
else
{
return(base.ProcessAuthentication(authenticationContext));
}
}