public void Validation ()
		{
			Authenticator a = new Authenticator (
				UserNamePasswordValidator.None);
			PolicyCollection pl = a.ValidateToken (new UserNameSecurityToken ("mono", "mono"));
			Assert.AreEqual (1, pl.Count, "#1");
			IAuthorizationPolicy p = pl [0];
			Assert.AreEqual (ClaimSet.System, p.Issuer, "#2");
			TestEvaluationContext ec = new TestEvaluationContext ();
			object o = null;
			Assert.IsTrue (p.Evaluate (ec, ref o), "#3");
			Assert.AreEqual (DateTime.MaxValue.AddDays (-1), ec.ExpirationTime, "#4");
			IList<IIdentity> identities = ec.Properties ["Identities"] as IList<IIdentity>;
			Assert.IsNotNull (identities, "#5");
			Assert.AreEqual (1, identities.Count, "#6");
			IIdentity ident = identities [0];
			Assert.AreEqual (true, ident.IsAuthenticated, "#6-2");
			// it's implementation details.
			//Assert.AreEqual ("NoneUserNamePasswordValidator", ident.AuthenticationType, "#6-3");
			Assert.AreEqual ("mono", ident.Name, "#6-4");
			Assert.AreEqual (1, ec.ClaimSets.Count, "#7");

			Assert.IsTrue (p.Evaluate (ec, ref o), "#8");
			identities = ec.Properties ["Identities"] as IList<IIdentity>;
			Assert.AreEqual (2, identities.Count, "#9");
			Assert.AreEqual (2, ec.ClaimSets.Count, "#10");
		}
        public void Validation()
        {
            Authenticator a = new Authenticator(
                UserNamePasswordValidator.None);
            PolicyCollection pl = a.ValidateToken(new UserNameSecurityToken("mono", "mono"));

            Assert.AreEqual(1, pl.Count, "#1");
            IAuthorizationPolicy p = pl [0];

            Assert.AreEqual(ClaimSet.System, p.Issuer, "#2");
            TestEvaluationContext ec = new TestEvaluationContext();
            object o = null;

            Assert.IsTrue(p.Evaluate(ec, ref o), "#3");
            Assert.AreEqual(DateTime.MaxValue.AddDays(-1), ec.ExpirationTime, "#4");
            IList <IIdentity> identities = ec.Properties ["Identities"] as IList <IIdentity>;

            Assert.IsNotNull(identities, "#5");
            Assert.AreEqual(1, identities.Count, "#6");
            IIdentity ident = identities [0];

            Assert.AreEqual(true, ident.IsAuthenticated, "#6-2");
            // it's implementation details.
            //Assert.AreEqual ("NoneUserNamePasswordValidator", ident.AuthenticationType, "#6-3");
            Assert.AreEqual("mono", ident.Name, "#6-4");
            Assert.AreEqual(1, ec.ClaimSets.Count, "#7");

            Assert.IsTrue(p.Evaluate(ec, ref o), "#8");
            identities = ec.Properties ["Identities"] as IList <IIdentity>;
            Assert.AreEqual(2, identities.Count, "#9");
            Assert.AreEqual(2, ec.ClaimSets.Count, "#10");
        }
 public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver)
 {
     if (tokenRequirement == null)
     {
         throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenRequirement");
     }
     string tokenType = tokenRequirement.TokenType;
     outOfBandTokenResolver = null;
     SecurityTokenAuthenticator authenticator = null;
     if (((tokenRequirement is InitiatorServiceModelSecurityTokenRequirement) && (tokenType == SecurityTokenTypes.X509Certificate)) && (tokenRequirement.KeyUsage == SecurityKeyUsage.Exchange))
     {
         return new X509SecurityTokenAuthenticator(X509CertificateValidator.None, false);
     }
     RecipientServiceModelSecurityTokenRequirement recipientRequirement = tokenRequirement as RecipientServiceModelSecurityTokenRequirement;
     if (recipientRequirement == null)
     {
         throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(System.ServiceModel.SR.GetString("SecurityTokenManagerCannotCreateAuthenticatorForRequirement", new object[] { tokenRequirement })));
     }
     if (tokenType == SecurityTokenTypes.X509Certificate)
     {
         authenticator = this.CreateClientX509TokenAuthenticator();
     }
     else if (tokenType == SecurityTokenTypes.Kerberos)
     {
         authenticator = new KerberosSecurityTokenAuthenticatorWrapper(new KerberosSecurityTokenAuthenticator(this.parent.WindowsAuthentication.IncludeWindowsGroups));
     }
     else if (tokenType == SecurityTokenTypes.UserName)
     {
         if (this.parent.UserNameAuthentication.UserNamePasswordValidationMode == UserNamePasswordValidationMode.Windows)
         {
             if (this.parent.UserNameAuthentication.CacheLogonTokens)
             {
                 authenticator = new WindowsUserNameCachingSecurityTokenAuthenticator(this.parent.UserNameAuthentication.IncludeWindowsGroups, this.parent.UserNameAuthentication.MaxCachedLogonTokens, this.parent.UserNameAuthentication.CachedLogonTokenLifetime);
             }
             else
             {
                 authenticator = new WindowsUserNameSecurityTokenAuthenticator(this.parent.UserNameAuthentication.IncludeWindowsGroups);
             }
         }
         else
         {
             authenticator = new CustomUserNameSecurityTokenAuthenticator(this.parent.UserNameAuthentication.GetUserNamePasswordValidator());
         }
     }
     else if (tokenType == SecurityTokenTypes.Rsa)
     {
         authenticator = new RsaSecurityTokenAuthenticator();
     }
     else if (tokenType == ServiceModelSecurityTokenTypes.AnonymousSslnego)
     {
         authenticator = this.CreateTlsnegoSecurityTokenAuthenticator(recipientRequirement, false, out outOfBandTokenResolver);
     }
     else if (tokenType == ServiceModelSecurityTokenTypes.MutualSslnego)
     {
         authenticator = this.CreateTlsnegoSecurityTokenAuthenticator(recipientRequirement, true, out outOfBandTokenResolver);
     }
     else if (tokenType == ServiceModelSecurityTokenTypes.Spnego)
     {
         authenticator = this.CreateSpnegoSecurityTokenAuthenticator(recipientRequirement, out outOfBandTokenResolver);
     }
     else if (tokenType == ServiceModelSecurityTokenTypes.SecureConversation)
     {
         authenticator = this.CreateSecureConversationTokenAuthenticator(recipientRequirement, false, out outOfBandTokenResolver);
     }
     else if (((tokenType == SecurityTokenTypes.Saml) || (tokenType == "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1")) || ((tokenType == "urn:oasis:names:tc:SAML:1.0:assertion") || ((tokenType == null) && this.IsIssuedSecurityTokenRequirement(recipientRequirement))))
     {
         authenticator = this.CreateSamlTokenAuthenticator(recipientRequirement, out outOfBandTokenResolver);
     }
     if (authenticator == null)
     {
         throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(System.ServiceModel.SR.GetString("SecurityTokenManagerCannotCreateAuthenticatorForRequirement", new object[] { tokenRequirement })));
     }
     return authenticator;
 }
        public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver)
        {
            if (tokenRequirement == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenRequirement");
            }
            string tokenType = tokenRequirement.TokenType;
            outOfBandTokenResolver = null;
            SecurityTokenAuthenticator result = null;
            if (tokenRequirement is InitiatorServiceModelSecurityTokenRequirement)
            {
                // this is the uncorrelated duplex case in which the server is asking for
                // an authenticator to validate its provisioned client certificate
                if (tokenType == SecurityTokenTypes.X509Certificate && tokenRequirement.KeyUsage == SecurityKeyUsage.Exchange)
                {
                    return new X509SecurityTokenAuthenticator(X509CertificateValidator.None, false);
                }
            }

            RecipientServiceModelSecurityTokenRequirement recipientRequirement = tokenRequirement as RecipientServiceModelSecurityTokenRequirement;
            if (recipientRequirement == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.SecurityTokenManagerCannotCreateAuthenticatorForRequirement, tokenRequirement)));
            }
            if (tokenType == SecurityTokenTypes.X509Certificate)
            {
                result = CreateClientX509TokenAuthenticator();
            }
            else if (tokenType == SecurityTokenTypes.Kerberos)
            {
                result = new KerberosSecurityTokenAuthenticatorWrapper(
                    new KerberosSecurityTokenAuthenticator(parent.WindowsAuthentication.IncludeWindowsGroups));
            }
            else if (tokenType == SecurityTokenTypes.UserName)
            {
                if (parent.UserNameAuthentication.UserNamePasswordValidationMode == UserNamePasswordValidationMode.Windows)
                {
                    if (parent.UserNameAuthentication.CacheLogonTokens)
                    {
                        result = new WindowsUserNameCachingSecurityTokenAuthenticator(parent.UserNameAuthentication.IncludeWindowsGroups,
                            parent.UserNameAuthentication.MaxCachedLogonTokens, parent.UserNameAuthentication.CachedLogonTokenLifetime);
                    }
                    else
                    {
                        result = new WindowsUserNameSecurityTokenAuthenticator(parent.UserNameAuthentication.IncludeWindowsGroups);
                    }
                }
                else
                {
                    result = new CustomUserNameSecurityTokenAuthenticator(parent.UserNameAuthentication.GetUserNamePasswordValidator());
                }
            }
            else if (tokenType == SecurityTokenTypes.Rsa)
            {
                result = new RsaSecurityTokenAuthenticator();
            }
            else if (tokenType == ServiceModelSecurityTokenTypes.AnonymousSslnego)
            {
                result = CreateTlsnegoSecurityTokenAuthenticator(recipientRequirement, false, out outOfBandTokenResolver);
            }
            else if (tokenType == ServiceModelSecurityTokenTypes.MutualSslnego)
            {
                result = CreateTlsnegoSecurityTokenAuthenticator(recipientRequirement, true, out outOfBandTokenResolver);
            }
            else if (tokenType == ServiceModelSecurityTokenTypes.Spnego)
            {
                result = CreateSpnegoSecurityTokenAuthenticator(recipientRequirement, out outOfBandTokenResolver);
            }
            else if (tokenType == ServiceModelSecurityTokenTypes.SecureConversation)
            {
                result = CreateSecureConversationTokenAuthenticator(recipientRequirement, false, out outOfBandTokenResolver);
            }
            else if ((tokenType == SecurityTokenTypes.Saml)
                || (tokenType == SecurityXXX2005Strings.SamlTokenType)
                || (tokenType == SecurityJan2004Strings.SamlUri)
                || (tokenType == null && IsIssuedSecurityTokenRequirement(recipientRequirement)))
            {
                result = CreateSamlTokenAuthenticator(recipientRequirement, out outOfBandTokenResolver);
            }

            if (result == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.SecurityTokenManagerCannotCreateAuthenticatorForRequirement, tokenRequirement)));

            return result;
        }