WSFederationHttpSecurity(WSFederationHttpSecurityMode mode, FederatedMessageSecurityOverHttp messageSecurity)
        {
            Fx.Assert(WSFederationHttpSecurityModeHelper.IsDefined(mode), string.Format("Invalid WSFederationHttpSecurityMode value: {0}", mode.ToString()));

            this.mode = mode;
            this.messageSecurity = messageSecurity == null ? new FederatedMessageSecurityOverHttp() : messageSecurity;
        }
 internal void ApplyConfiguration(FederatedMessageSecurityOverHttp security)
 {
     if (security == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("security");
     }
     security.NegotiateServiceCredential = this.NegotiateServiceCredential;
     security.AlgorithmSuite = this.AlgorithmSuite;
     security.IssuedKeyType = this.IssuedKeyType;
     security.EstablishSecurityContext = this.EstablishSecurityContext;
     if (!string.IsNullOrEmpty(this.IssuedTokenType))
     {
         security.IssuedTokenType = this.IssuedTokenType;
     }
     if (base.ElementInformation.Properties["issuer"].ValueOrigin != PropertyValueOrigin.Default)
     {
         security.IssuerAddress = ConfigLoader.LoadEndpointAddress(this.Issuer);
         if (!string.IsNullOrEmpty(this.Issuer.Binding))
         {
             security.IssuerBinding = ConfigLoader.LookupBinding(this.Issuer.Binding, this.Issuer.BindingConfiguration, base.EvaluationContext);
         }
     }
     if (base.ElementInformation.Properties["issuerMetadata"].ValueOrigin != PropertyValueOrigin.Default)
     {
         security.IssuerMetadataAddress = ConfigLoader.LoadEndpointAddress(this.IssuerMetadata);
     }
     foreach (XmlElementElement element in this.TokenRequestParameters)
     {
         security.TokenRequestParameters.Add(element.XmlElement);
     }
     foreach (ClaimTypeElement element2 in this.ClaimTypeRequirements)
     {
         security.ClaimTypeRequirements.Add(new ClaimTypeRequirement(element2.ClaimType, element2.IsOptional));
     }
 }
        public void IssueToken_CalledOnFederationBinding_CallsIssueToken()
        {
            // Arrange
            var returnToken = MockRepository.GenerateStub<SecurityToken>();
            var mockRepository = new MockRepository();
            var securityTokenProvider = mockRepository.PartialMock<SecurityTokenProvider>();
            securityTokenProvider.Stub(x => x.IssueToken(Arg<IWSTrustChannelContract>.Is.Anything, Arg<string>.Is.Anything, Arg<SecurityToken>.Is.Anything, Arg<SecurityToken>.Is.Anything)).Return(returnToken);
            securityTokenProvider.Replay();

            var binding = MockRepository.GenerateStub<WS2007FederationHttpBinding>();
            var messageSecurityOverHttp = new FederatedMessageSecurityOverHttp
            {
                IssuerAddress = new EndpointAddress("http://localhost/issuer"),
                IssuerBinding = new WS2007HttpBinding()
            };
            binding.Security.Message = messageSecurityOverHttp;
            var actAsToken = MockRepository.GenerateStub<SecurityToken>();

            // Act
            var actual = securityTokenProvider.IssueToken(binding, "http://localhost/service", actAsToken);

            // Assert
            securityTokenProvider.AssertWasCalled(
                x => x.IssueToken(Arg<IWSTrustChannelContract>.Is.Anything, Arg<string>.Is.Anything, Arg<SecurityToken>.Is.Anything, Arg<SecurityToken>.Is.Anything));
            Assert.AreEqual(returnToken, actual);
        }
        internal static bool TryCreate(SecurityBindingElement sbe,
                                       WSFederationHttpSecurityMode mode,
                                       HttpTransportSecurity transportSecurity,
                                       bool isReliableSessionEnabled,
                                       MessageSecurityVersion version,
                                       out WSFederationHttpSecurity security)
        {
            security = null;
            FederatedMessageSecurityOverHttp messageSecurity = null;

            if (sbe == null)
            {
                mode = WSFederationHttpSecurityMode.None;
            }
            else
            {
                mode &= WSFederationHttpSecurityMode.Message | WSFederationHttpSecurityMode.TransportWithMessageCredential;
                Fx.Assert(WSFederationHttpSecurityModeHelper.IsDefined(mode), string.Format("Invalid WSFederationHttpSecurityMode value: {0}", mode.ToString()));

                if (!FederatedMessageSecurityOverHttp.TryCreate(sbe, mode == WSFederationHttpSecurityMode.TransportWithMessageCredential, isReliableSessionEnabled, version, out messageSecurity))
                {
                    return(false);
                }
            }
            security = new WSFederationHttpSecurity(mode, messageSecurity);
            return(true);
        }
        WSFederationHttpSecurity(WSFederationHttpSecurityMode mode, FederatedMessageSecurityOverHttp messageSecurity)
        {
            Fx.Assert(WSFederationHttpSecurityModeHelper.IsDefined(mode), string.Format("Invalid WSFederationHttpSecurityMode value: {0}", mode.ToString()));

            this.mode            = mode;
            this.messageSecurity = messageSecurity == null ? new FederatedMessageSecurityOverHttp() : messageSecurity;
        }
 internal void InitializeFrom(FederatedMessageSecurityOverHttp security)
 {
     if (security == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("security");
     }
     this.NegotiateServiceCredential = security.NegotiateServiceCredential;
     this.AlgorithmSuite = security.AlgorithmSuite;
     this.IssuedKeyType = security.IssuedKeyType;
     if (!security.EstablishSecurityContext)
     {
         this.EstablishSecurityContext = security.EstablishSecurityContext;
     }
     if (security.IssuedTokenType != null)
     {
         this.IssuedTokenType = security.IssuedTokenType;
     }
     if (security.IssuerAddress != null)
     {
         this.Issuer.InitializeFrom(security.IssuerAddress);
     }
     if (security.IssuerMetadataAddress != null)
     {
         this.IssuerMetadata.InitializeFrom(security.IssuerMetadataAddress);
     }
     string bindingSectionName = null;
     if (security.IssuerBinding != null)
     {
         if (null == this.Issuer.Address)
         {
             throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ConfigurationErrorsException(System.ServiceModel.SR.GetString("ConfigNullIssuerAddress")));
         }
         this.Issuer.BindingConfiguration = this.Issuer.Address.ToString();
         BindingsSection.TryAdd(this.Issuer.BindingConfiguration, security.IssuerBinding, out bindingSectionName);
         this.Issuer.Binding = bindingSectionName;
     }
     foreach (XmlElement element in security.TokenRequestParameters)
     {
         this.TokenRequestParameters.Add(new XmlElementElement(element));
     }
     foreach (ClaimTypeRequirement requirement in security.ClaimTypeRequirements)
     {
         ClaimTypeElement element2 = new ClaimTypeElement(requirement.ClaimType, requirement.IsOptional);
         this.ClaimTypeRequirements.Add(element2);
     }
 }
        internal static bool TryCreate(SecurityBindingElement sbe, WSFederationHttpSecurityMode mode, HttpTransportSecurity transportSecurity, bool isReliableSessionEnabled, MessageSecurityVersion version, out WSFederationHttpSecurity security)
        {
            security = null;
            FederatedMessageSecurityOverHttp messageSecurity = null;

            if (sbe == null)
            {
                mode = WSFederationHttpSecurityMode.None;
            }
            else
            {
                mode &= WSFederationHttpSecurityMode.TransportWithMessageCredential | WSFederationHttpSecurityMode.Message;
                if (!FederatedMessageSecurityOverHttp.TryCreate(sbe, mode == WSFederationHttpSecurityMode.TransportWithMessageCredential, isReliableSessionEnabled, version, out messageSecurity))
                {
                    return(false);
                }
            }
            security = new WSFederationHttpSecurity(mode, messageSecurity);
            return(true);
        }
Esempio n. 8
0
		internal WSFederationHttpSecurity (WSFederationHttpSecurityMode mode)
		{
			this.Mode = mode;
			message = new FederatedMessageSecurityOverHttp ();
		}
 private WSFederationHttpSecurity(WSFederationHttpSecurityMode mode, FederatedMessageSecurityOverHttp messageSecurity)
 {
     this.mode = mode;
     this.messageSecurity = (messageSecurity == null) ? new FederatedMessageSecurityOverHttp() : messageSecurity;
 }
        internal static bool TryCreate(SecurityBindingElement sbe, bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version, out FederatedMessageSecurityOverHttp messageSecurity)
        {
            Fx.Assert(null != sbe, string.Empty);

            messageSecurity = null;

            // do not check local settings: sbe.LocalServiceSettings and sbe.LocalClientSettings

            if (!sbe.IncludeTimestamp)
            {
                return(false);
            }

            if (sbe.SecurityHeaderLayout != SecurityProtocolFactory.defaultSecurityHeaderLayout)
            {
                return(false);
            }

            bool emitBspAttributes = true;

            // Do not check MessageSecurityVersion: it maybe changed by the wrapper element and gets checked later in the SecuritySection.AreBindingsMatching()

            SecurityBindingElement bootstrapSecurity;

            bool establishSecurityContext = SecurityBindingElement.IsSecureConversationBinding(sbe, true, out bootstrapSecurity);

            bootstrapSecurity = establishSecurityContext ? bootstrapSecurity : sbe;

            if (isSecureTransportMode && !(bootstrapSecurity is TransportSecurityBindingElement))
            {
                return(false);
            }

            bool negotiateServiceCredential = DefaultNegotiateServiceCredential;
            IssuedSecurityTokenParameters issuedTokenParameters;

            if (isSecureTransportMode)
            {
                if (!SecurityBindingElement.IsIssuedTokenOverTransportBinding(bootstrapSecurity, out issuedTokenParameters))
                {
                    return(false);
                }
            }
            else
            {
                // We should have passed 'true' as RequireCancelation to be consistent with other standard bindings.
                // However, to limit the change for Orcas, we scope down to just newer version of WSSecurityPolicy.
                if (SecurityBindingElement.IsIssuedTokenForSslBinding(bootstrapSecurity, version.SecurityPolicyVersion != SecurityPolicyVersion.WSSecurityPolicy11, out issuedTokenParameters))
                {
                    negotiateServiceCredential = true;
                }
                else if (SecurityBindingElement.IsIssuedTokenForCertificateBinding(bootstrapSecurity, out issuedTokenParameters))
                {
                    negotiateServiceCredential = false;
                }
                else
                {
                    return(false);
                }
            }

            if ((issuedTokenParameters.KeyType == SecurityKeyType.BearerKey) &&
                (version.TrustVersion == TrustVersion.WSTrustFeb2005))
            {
                return(false);
            }

            Collection <XmlElement>   nonAlgorithmRequestParameters;
            WSSecurityTokenSerializer versionSpecificSerializer = new WSSecurityTokenSerializer(version.SecurityVersion,
                                                                                                version.TrustVersion,
                                                                                                version.SecureConversationVersion,
                                                                                                emitBspAttributes,
                                                                                                null, null, null);
            SecurityStandardsManager versionSpecificStandardsManager = new SecurityStandardsManager(version, versionSpecificSerializer);

            if (!issuedTokenParameters.DoAlgorithmsMatch(sbe.DefaultAlgorithmSuite,
                                                         versionSpecificStandardsManager,
                                                         out nonAlgorithmRequestParameters))
            {
                return(false);
            }
            messageSecurity = new FederatedMessageSecurityOverHttp();

            messageSecurity.AlgorithmSuite             = sbe.DefaultAlgorithmSuite;
            messageSecurity.NegotiateServiceCredential = negotiateServiceCredential;
            messageSecurity.EstablishSecurityContext   = establishSecurityContext;
            messageSecurity.IssuedTokenType            = issuedTokenParameters.TokenType;
            messageSecurity.IssuerAddress         = issuedTokenParameters.IssuerAddress;
            messageSecurity.IssuerBinding         = issuedTokenParameters.IssuerBinding;
            messageSecurity.IssuerMetadataAddress = issuedTokenParameters.IssuerMetadataAddress;
            messageSecurity.IssuedKeyType         = issuedTokenParameters.KeyType;
            foreach (ClaimTypeRequirement c in issuedTokenParameters.ClaimTypeRequirements)
            {
                messageSecurity.ClaimTypeRequirements.Add(c);
            }
            foreach (XmlElement p in nonAlgorithmRequestParameters)
            {
                messageSecurity.TokenRequestParameters.Add(p);
            }
            if (issuedTokenParameters.AlternativeIssuerEndpoints != null && issuedTokenParameters.AlternativeIssuerEndpoints.Count > 0)
            {
                return(false);
            }
            return(true);
        }
		// Methods
		internal void ApplyConfiguration (FederatedMessageSecurityOverHttp s)
		{
			s.AlgorithmSuite = AlgorithmSuite;
			foreach (ClaimTypeElement cte in ClaimTypeRequirements)
				s.ClaimTypeRequirements.Add (cte.Create ());
			s.EstablishSecurityContext = EstablishSecurityContext;
			s.IssuedKeyType = IssuedKeyType;
			s.IssuedTokenType = IssuedTokenType;
			if (Issuer.Address != null)
				s.IssuerAddress = new EndpointAddress (Issuer.Address, Issuer.Identity.Create (), Issuer.Headers.Headers);
			if (!String.IsNullOrEmpty (Issuer.Binding))
				s.IssuerBinding = ConfigUtil.CreateBinding (Issuer.Binding, Issuer.BindingConfiguration);
			if (IssuerMetadata.Address != null)
				s.IssuerMetadataAddress = new EndpointAddress (IssuerMetadata.Address, IssuerMetadata.Identity.Create (), IssuerMetadata.Headers.Headers);
			s.NegotiateServiceCredential = NegotiateServiceCredential;
			foreach (XmlElementElement xee in TokenRequestParameters)
				s.TokenRequestParameters.Add (xee.XmlElement);
		}
        internal static bool TryCreate(SecurityBindingElement sbe, bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version, out FederatedMessageSecurityOverHttp messageSecurity)
        {
            Fx.Assert(null != sbe, string.Empty);

            messageSecurity = null;

            // do not check local settings: sbe.LocalServiceSettings and sbe.LocalClientSettings

            if (!sbe.IncludeTimestamp)
                return false;

            if (sbe.SecurityHeaderLayout != SecurityProtocolFactory.defaultSecurityHeaderLayout)
                return false;

            bool emitBspAttributes = true;

            // Do not check MessageSecurityVersion: it maybe changed by the wrapper element and gets checked later in the SecuritySection.AreBindingsMatching()

            SecurityBindingElement bootstrapSecurity;

            bool establishSecurityContext = SecurityBindingElement.IsSecureConversationBinding(sbe, true, out bootstrapSecurity);
            bootstrapSecurity = establishSecurityContext ? bootstrapSecurity : sbe;

            if (isSecureTransportMode && !(bootstrapSecurity is TransportSecurityBindingElement))
                return false;

            bool negotiateServiceCredential = DefaultNegotiateServiceCredential;
            IssuedSecurityTokenParameters issuedTokenParameters;

            if (isSecureTransportMode)
            {
                if (!SecurityBindingElement.IsIssuedTokenOverTransportBinding(bootstrapSecurity, out issuedTokenParameters))
                    return false;
            }
            else
            {
                // We should have passed 'true' as RequireCancelation to be consistent with other standard bindings.
                // However, to limit the change for Orcas, we scope down to just newer version of WSSecurityPolicy.
                if (SecurityBindingElement.IsIssuedTokenForSslBinding(bootstrapSecurity, version.SecurityPolicyVersion != SecurityPolicyVersion.WSSecurityPolicy11, out issuedTokenParameters))
                    negotiateServiceCredential = true;
                else if (SecurityBindingElement.IsIssuedTokenForCertificateBinding(bootstrapSecurity, out issuedTokenParameters))
                    negotiateServiceCredential = false;
                else
                    return false;
            }

            if ((issuedTokenParameters.KeyType == SecurityKeyType.BearerKey) &&
               (version.TrustVersion == TrustVersion.WSTrustFeb2005))
            {
                return false;
            }

            Collection<XmlElement> nonAlgorithmRequestParameters;
            WSSecurityTokenSerializer versionSpecificSerializer = new WSSecurityTokenSerializer(version.SecurityVersion,
                                                                                                version.TrustVersion,
                                                                                                version.SecureConversationVersion,
                                                                                                emitBspAttributes,
                                                                                                null, null, null);
            SecurityStandardsManager versionSpecificStandardsManager = new SecurityStandardsManager(version, versionSpecificSerializer);

            if (!issuedTokenParameters.DoAlgorithmsMatch(sbe.DefaultAlgorithmSuite,
                                                         versionSpecificStandardsManager,
                                                         out nonAlgorithmRequestParameters))
            {
                return false;
            }
            messageSecurity = new FederatedMessageSecurityOverHttp();

            messageSecurity.AlgorithmSuite = sbe.DefaultAlgorithmSuite;
            messageSecurity.NegotiateServiceCredential = negotiateServiceCredential;
            messageSecurity.EstablishSecurityContext = establishSecurityContext;
            messageSecurity.IssuedTokenType = issuedTokenParameters.TokenType;
            messageSecurity.IssuerAddress = issuedTokenParameters.IssuerAddress;
            messageSecurity.IssuerBinding = issuedTokenParameters.IssuerBinding;
            messageSecurity.IssuerMetadataAddress = issuedTokenParameters.IssuerMetadataAddress;
            messageSecurity.IssuedKeyType = issuedTokenParameters.KeyType;
            foreach (ClaimTypeRequirement c in issuedTokenParameters.ClaimTypeRequirements)
            {
                messageSecurity.ClaimTypeRequirements.Add(c);
            }
            foreach (XmlElement p in nonAlgorithmRequestParameters)
            {
                messageSecurity.TokenRequestParameters.Add(p);
            }
            if (issuedTokenParameters.AlternativeIssuerEndpoints != null && issuedTokenParameters.AlternativeIssuerEndpoints.Count > 0)
            {
                return false;
            }
            return true;
        }
 internal static bool TryCreate(SecurityBindingElement sbe, bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version, out FederatedMessageSecurityOverHttp messageSecurity)
 {
     bool flag;
     bool flag2;
     bool flag3;
     IssuedSecurityTokenParameters parameters;
     Collection<XmlElement> collection;
     messageSecurity = null;
     if (sbe.IncludeTimestamp)
     {
         SecurityBindingElement element;
         if (sbe.SecurityHeaderLayout != SecurityHeaderLayout.Strict)
         {
             return false;
         }
         flag = true;
         flag2 = SecurityBindingElement.IsSecureConversationBinding(sbe, true, out element);
         element = flag2 ? element : sbe;
         if (isSecureTransportMode && !(element is TransportSecurityBindingElement))
         {
             return false;
         }
         flag3 = true;
         if (isSecureTransportMode)
         {
             if (!SecurityBindingElement.IsIssuedTokenOverTransportBinding(element, out parameters))
             {
                 return false;
             }
             goto Label_0078;
         }
         if (SecurityBindingElement.IsIssuedTokenForSslBinding(element, version.SecurityPolicyVersion != SecurityPolicyVersion.WSSecurityPolicy11, out parameters))
         {
             flag3 = true;
             goto Label_0078;
         }
         if (SecurityBindingElement.IsIssuedTokenForCertificateBinding(element, out parameters))
         {
             flag3 = false;
             goto Label_0078;
         }
     }
     return false;
 Label_0078:
     if ((parameters.KeyType == SecurityKeyType.BearerKey) && (version.TrustVersion == TrustVersion.WSTrustFeb2005))
     {
         return false;
     }
     WSSecurityTokenSerializer tokenSerializer = new WSSecurityTokenSerializer(version.SecurityVersion, version.TrustVersion, version.SecureConversationVersion, flag, null, null, null);
     SecurityStandardsManager standardsManager = new SecurityStandardsManager(version, tokenSerializer);
     if (!parameters.DoAlgorithmsMatch(sbe.DefaultAlgorithmSuite, standardsManager, out collection))
     {
         return false;
     }
     messageSecurity = new FederatedMessageSecurityOverHttp();
     messageSecurity.AlgorithmSuite = sbe.DefaultAlgorithmSuite;
     messageSecurity.NegotiateServiceCredential = flag3;
     messageSecurity.EstablishSecurityContext = flag2;
     messageSecurity.IssuedTokenType = parameters.TokenType;
     messageSecurity.IssuerAddress = parameters.IssuerAddress;
     messageSecurity.IssuerBinding = parameters.IssuerBinding;
     messageSecurity.IssuerMetadataAddress = parameters.IssuerMetadataAddress;
     messageSecurity.IssuedKeyType = parameters.KeyType;
     foreach (ClaimTypeRequirement requirement in parameters.ClaimTypeRequirements)
     {
         messageSecurity.ClaimTypeRequirements.Add(requirement);
     }
     foreach (XmlElement element2 in collection)
     {
         messageSecurity.TokenRequestParameters.Add(element2);
     }
     if ((parameters.AlternativeIssuerEndpoints != null) && (parameters.AlternativeIssuerEndpoints.Count > 0))
     {
         return false;
     }
     return true;
 }
        internal void InitializeFrom(FederatedMessageSecurityOverHttp security)
        {
            if (security == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("security");
            }
            SetPropertyValueIfNotDefaultValue(ConfigurationStrings.NegotiateServiceCredential, security.NegotiateServiceCredential);
            SetPropertyValueIfNotDefaultValue(ConfigurationStrings.AlgorithmSuite, security.AlgorithmSuite);
            SetPropertyValueIfNotDefaultValue(ConfigurationStrings.IssuedKeyType, security.IssuedKeyType);
            SetPropertyValueIfNotDefaultValue(ConfigurationStrings.EstablishSecurityContext, security.EstablishSecurityContext);
            if (security.IssuedTokenType != null)
            {
                this.IssuedTokenType = security.IssuedTokenType;
            }
            if (security.IssuerAddress != null)
            {
                this.Issuer.InitializeFrom(security.IssuerAddress);
            }
            if (security.IssuerMetadataAddress != null)
            {
                this.IssuerMetadata.InitializeFrom(security.IssuerMetadataAddress);
            }
            string bindingType = null;
            if (security.IssuerBinding != null)
            {
                if (null == this.Issuer.Address)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ConfigurationErrorsException(SR.GetString(SR.ConfigNullIssuerAddress)));
                }

                this.Issuer.BindingConfiguration = this.Issuer.Address.ToString();
                BindingsSection.TryAdd(this.Issuer.BindingConfiguration,
                    security.IssuerBinding, out bindingType);
                this.Issuer.Binding = bindingType;
            }
            foreach (XmlElement element in security.TokenRequestParameters)
            {
                this.TokenRequestParameters.Add(new XmlElementElement(element));
            }
            foreach (ClaimTypeRequirement claimTypeRequirement in security.ClaimTypeRequirements)
            {
                ClaimTypeElement element = new ClaimTypeElement(claimTypeRequirement.ClaimType, claimTypeRequirement.IsOptional);
                this.ClaimTypeRequirements.Add(element);
            }
        }
        internal static bool TryCreate(SecurityBindingElement sbe, bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version, out FederatedMessageSecurityOverHttp messageSecurity)
        {
            bool flag;
            bool flag2;
            bool flag3;
            IssuedSecurityTokenParameters parameters;
            Collection <XmlElement>       collection;

            messageSecurity = null;
            if (sbe.IncludeTimestamp)
            {
                SecurityBindingElement element;
                if (sbe.SecurityHeaderLayout != SecurityHeaderLayout.Strict)
                {
                    return(false);
                }
                flag    = true;
                flag2   = SecurityBindingElement.IsSecureConversationBinding(sbe, true, out element);
                element = flag2 ? element : sbe;
                if (isSecureTransportMode && !(element is TransportSecurityBindingElement))
                {
                    return(false);
                }
                flag3 = true;
                if (isSecureTransportMode)
                {
                    if (!SecurityBindingElement.IsIssuedTokenOverTransportBinding(element, out parameters))
                    {
                        return(false);
                    }
                    goto Label_0078;
                }
                if (SecurityBindingElement.IsIssuedTokenForSslBinding(element, version.SecurityPolicyVersion != SecurityPolicyVersion.WSSecurityPolicy11, out parameters))
                {
                    flag3 = true;
                    goto Label_0078;
                }
                if (SecurityBindingElement.IsIssuedTokenForCertificateBinding(element, out parameters))
                {
                    flag3 = false;
                    goto Label_0078;
                }
            }
            return(false);

Label_0078:
            if ((parameters.KeyType == SecurityKeyType.BearerKey) && (version.TrustVersion == TrustVersion.WSTrustFeb2005))
            {
                return(false);
            }
            WSSecurityTokenSerializer tokenSerializer  = new WSSecurityTokenSerializer(version.SecurityVersion, version.TrustVersion, version.SecureConversationVersion, flag, null, null, null);
            SecurityStandardsManager  standardsManager = new SecurityStandardsManager(version, tokenSerializer);

            if (!parameters.DoAlgorithmsMatch(sbe.DefaultAlgorithmSuite, standardsManager, out collection))
            {
                return(false);
            }
            messageSecurity = new FederatedMessageSecurityOverHttp();
            messageSecurity.AlgorithmSuite             = sbe.DefaultAlgorithmSuite;
            messageSecurity.NegotiateServiceCredential = flag3;
            messageSecurity.EstablishSecurityContext   = flag2;
            messageSecurity.IssuedTokenType            = parameters.TokenType;
            messageSecurity.IssuerAddress         = parameters.IssuerAddress;
            messageSecurity.IssuerBinding         = parameters.IssuerBinding;
            messageSecurity.IssuerMetadataAddress = parameters.IssuerMetadataAddress;
            messageSecurity.IssuedKeyType         = parameters.KeyType;
            foreach (ClaimTypeRequirement requirement in parameters.ClaimTypeRequirements)
            {
                messageSecurity.ClaimTypeRequirements.Add(requirement);
            }
            foreach (XmlElement element2 in collection)
            {
                messageSecurity.TokenRequestParameters.Add(element2);
            }
            if ((parameters.AlternativeIssuerEndpoints != null) && (parameters.AlternativeIssuerEndpoints.Count > 0))
            {
                return(false);
            }
            return(true);
        }
 internal static bool TryCreate(SecurityBindingElement sbe, bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version, out FederatedMessageSecurityOverHttp messageSecurity)
 {
     throw new NotImplementedException();
 }
 internal WSFederationHttpSecurity(WSFederationHttpSecurityMode mode)
 {
     this.Mode = mode;
     message   = new FederatedMessageSecurityOverHttp();
 }
Esempio n. 18
0
        internal static bool TryCreate(SecurityBindingElement sbe, bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version, out FederatedMessageSecurityOverHttp messageSecurity)
        {
            messageSecurity = null;

            //Currently dotnet-svcutil don't support FederationHttpBinding, do nothing here
            return(false);
        }
 private WSFederationHttpSecurity(WSFederationHttpSecurityMode mode, FederatedMessageSecurityOverHttp messageSecurity)
 {
     this.mode            = mode;
     this.messageSecurity = (messageSecurity == null) ? new FederatedMessageSecurityOverHttp() : messageSecurity;
 }