protected SecurityTokenAuthenticator CreateSecureConversationTokenAuthenticator(RecipientServiceModelSecurityTokenRequirement recipientRequirement, bool preserveBootstrapTokens, out SecurityTokenResolver sctResolver) { SecurityBindingElement securityBindingElement = recipientRequirement.SecurityBindingElement; if (securityBindingElement == null) { throw CoreWCF.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.Format(SR.TokenAuthenticatorRequiresSecurityBindingElement, (object)recipientRequirement)); } bool flag = !recipientRequirement.SupportSecurityContextCancellation; LocalServiceSecuritySettings localServiceSettings = securityBindingElement.LocalServiceSettings; IMessageFilterTable <EndpointAddress> propertyOrDefault = recipientRequirement.GetPropertyOrDefault <IMessageFilterTable <EndpointAddress> >(ServiceModelSecurityTokenRequirement.EndpointFilterTableProperty, (IMessageFilterTable <EndpointAddress>)null); if (!flag) { sctResolver = (SecurityTokenResolver) new SecurityContextSecurityTokenResolver(int.MaxValue, false); return((SecurityTokenAuthenticator) new SecuritySessionSecurityTokenAuthenticator() { BootstrapSecurityBindingElement = SecurityUtils.GetIssuerSecurityBindingElement((ServiceModelSecurityTokenRequirement)recipientRequirement), IssuedSecurityTokenParameters = recipientRequirement.GetProperty <SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty), IssuedTokenCache = (ISecurityContextSecurityTokenCache)sctResolver, IssuerBindingContext = recipientRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty), KeyEntropyMode = securityBindingElement.KeyEntropyMode, ListenUri = recipientRequirement.ListenUri, SecurityAlgorithmSuite = recipientRequirement.SecurityAlgorithmSuite, SessionTokenLifetime = TimeSpan.MaxValue, KeyRenewalInterval = securityBindingElement.LocalServiceSettings.SessionKeyRenewalInterval, StandardsManager = SecurityUtils.CreateSecurityStandardsManager((SecurityTokenRequirement)recipientRequirement, (SecurityTokenManager)this), EndpointFilterTable = propertyOrDefault, MaximumConcurrentNegotiations = localServiceSettings.MaxStatefulNegotiations, NegotiationTimeout = localServiceSettings.NegotiationTimeout, PreserveBootstrapTokens = preserveBootstrapTokens }); } throw new NotImplementedException(); /* TODO later * sctResolver = (SecurityTokenResolver)new SecurityContextSecurityTokenResolver(localServiceSettings.MaxCachedCookies, true, localServiceSettings.MaxClockSkew); * AcceleratedTokenAuthenticator tokenAuthenticator = new AcceleratedTokenAuthenticator(); * tokenAuthenticator.BootstrapSecurityBindingElement = SecurityUtils.GetIssuerSecurityBindingElement((ServiceModelSecurityTokenRequirement)recipientRequirement); * tokenAuthenticator.KeyEntropyMode = securityBindingElement.KeyEntropyMode; * tokenAuthenticator.EncryptStateInServiceToken = true; * tokenAuthenticator.IssuedSecurityTokenParameters = recipientRequirement.GetProperty<SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty); * tokenAuthenticator.IssuedTokenCache = (ISecurityContextSecurityTokenCache)sctResolver; * tokenAuthenticator.IssuerBindingContext = recipientRequirement.GetProperty<BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty); * tokenAuthenticator.ListenUri = recipientRequirement.ListenUri; * tokenAuthenticator.SecurityAlgorithmSuite = recipientRequirement.SecurityAlgorithmSuite; * tokenAuthenticator.StandardsManager = SecurityUtils.CreateSecurityStandardsManager((SecurityTokenRequirement)recipientRequirement, (SecurityTokenManager)this); * tokenAuthenticator.SecurityStateEncoder = this.parent.SecureConversationAuthentication.SecurityStateEncoder; * tokenAuthenticator.KnownTypes = (IList<System.Type>)this.parent.SecureConversationAuthentication.SecurityContextClaimTypes; * tokenAuthenticator.PreserveBootstrapTokens = preserveBootstrapTokens; * tokenAuthenticator.MaximumCachedNegotiationState = localServiceSettings.MaxStatefulNegotiations; * tokenAuthenticator.NegotiationTimeout = localServiceSettings.NegotiationTimeout; * tokenAuthenticator.ServiceTokenLifetime = localServiceSettings.IssuedCookieLifetime; * tokenAuthenticator.MaximumConcurrentNegotiations = localServiceSettings.MaxStatefulNegotiations; * tokenAuthenticator.AuditLogLocation = recipientRequirement.AuditLogLocation; * tokenAuthenticator.SuppressAuditFailure = recipientRequirement.SuppressAuditFailure; * tokenAuthenticator.MessageAuthenticationAuditLevel = recipientRequirement.MessageAuthenticationAuditLevel; * tokenAuthenticator.EndpointFilterTable = propertyOrDefault; * return (SecurityTokenAuthenticator)tokenAuthenticator;*/ }
protected SecurityTokenAuthenticator CreateSecureConversationTokenAuthenticator(RecipientServiceModelSecurityTokenRequirement recipientRequirement, bool preserveBootstrapTokens, out SecurityTokenResolver sctResolver) { SecurityBindingElement securityBindingElement = recipientRequirement.SecurityBindingElement; if (securityBindingElement == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenAuthenticatorRequiresSecurityBindingElement", new object[] { recipientRequirement })); } bool flag = !recipientRequirement.SupportSecurityContextCancellation; LocalServiceSecuritySettings localServiceSettings = securityBindingElement.LocalServiceSettings; IMessageFilterTable <EndpointAddress> propertyOrDefault = recipientRequirement.GetPropertyOrDefault <IMessageFilterTable <EndpointAddress> >(ServiceModelSecurityTokenRequirement.EndpointFilterTableProperty, null); if (!flag) { sctResolver = new SecurityContextSecurityTokenResolver(0x7fffffff, false); return(new SecuritySessionSecurityTokenAuthenticator { BootstrapSecurityBindingElement = System.ServiceModel.Security.SecurityUtils.GetIssuerSecurityBindingElement(recipientRequirement), IssuedSecurityTokenParameters = recipientRequirement.GetProperty <SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty), IssuedTokenCache = (ISecurityContextSecurityTokenCache)sctResolver, IssuerBindingContext = recipientRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty), KeyEntropyMode = securityBindingElement.KeyEntropyMode, ListenUri = recipientRequirement.ListenUri, SecurityAlgorithmSuite = recipientRequirement.SecurityAlgorithmSuite, SessionTokenLifetime = TimeSpan.MaxValue, KeyRenewalInterval = securityBindingElement.LocalServiceSettings.SessionKeyRenewalInterval, StandardsManager = System.ServiceModel.Security.SecurityUtils.CreateSecurityStandardsManager(recipientRequirement, this), EndpointFilterTable = propertyOrDefault, MaximumConcurrentNegotiations = localServiceSettings.MaxStatefulNegotiations, NegotiationTimeout = localServiceSettings.NegotiationTimeout, PreserveBootstrapTokens = preserveBootstrapTokens }); } sctResolver = new SecurityContextSecurityTokenResolver(localServiceSettings.MaxCachedCookies, true, localServiceSettings.MaxClockSkew); return(new AcceleratedTokenAuthenticator { BootstrapSecurityBindingElement = System.ServiceModel.Security.SecurityUtils.GetIssuerSecurityBindingElement(recipientRequirement), KeyEntropyMode = securityBindingElement.KeyEntropyMode, EncryptStateInServiceToken = true, IssuedSecurityTokenParameters = recipientRequirement.GetProperty <SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty), IssuedTokenCache = (ISecurityContextSecurityTokenCache)sctResolver, IssuerBindingContext = recipientRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty), ListenUri = recipientRequirement.ListenUri, SecurityAlgorithmSuite = recipientRequirement.SecurityAlgorithmSuite, StandardsManager = System.ServiceModel.Security.SecurityUtils.CreateSecurityStandardsManager(recipientRequirement, this), SecurityStateEncoder = this.parent.SecureConversationAuthentication.SecurityStateEncoder, KnownTypes = this.parent.SecureConversationAuthentication.SecurityContextClaimTypes, PreserveBootstrapTokens = preserveBootstrapTokens, MaximumCachedNegotiationState = localServiceSettings.MaxStatefulNegotiations, NegotiationTimeout = localServiceSettings.NegotiationTimeout, ServiceTokenLifetime = localServiceSettings.IssuedCookieLifetime, MaximumConcurrentNegotiations = localServiceSettings.MaxStatefulNegotiations, AuditLogLocation = recipientRequirement.AuditLogLocation, SuppressAuditFailure = recipientRequirement.SuppressAuditFailure, MessageAuthenticationAuditLevel = recipientRequirement.MessageAuthenticationAuditLevel, EndpointFilterTable = propertyOrDefault }); }
private SecurityTokenAuthenticator CreateSpnegoSecurityTokenAuthenticator(RecipientServiceModelSecurityTokenRequirement recipientRequirement, out SecurityTokenResolver sctResolver) { SecurityBindingElement securityBindingElement = recipientRequirement.SecurityBindingElement; if (securityBindingElement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.Format(SR.TokenAuthenticatorRequiresSecurityBindingElement, recipientRequirement)); } bool isCookieMode = !recipientRequirement.SupportSecurityContextCancellation; LocalServiceSecuritySettings localServiceSettings = securityBindingElement.LocalServiceSettings; sctResolver = new SecurityContextSecurityTokenResolver(localServiceSettings.MaxCachedCookies, true); recipientRequirement.TryGetProperty <ExtendedProtectionPolicy>(ServiceModelSecurityTokenRequirement.ExtendedProtectionPolicy, out _); SpnegoTokenAuthenticator authenticator = new SpnegoTokenAuthenticator { ExtendedProtectionPolicy = null, AllowUnauthenticatedCallers = ServiceCredentials.WindowsAuthentication.AllowAnonymousLogons, ExtractGroupsForWindowsAccounts = ServiceCredentials.WindowsAuthentication.IncludeWindowsGroups, IsClientAnonymous = false, EncryptStateInServiceToken = isCookieMode, IssuedSecurityTokenParameters = recipientRequirement.GetProperty <SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty), IssuedTokenCache = (ISecurityContextSecurityTokenCache)sctResolver, IssuerBindingContext = recipientRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty), ListenUri = recipientRequirement.ListenUri, SecurityAlgorithmSuite = recipientRequirement.SecurityAlgorithmSuite, StandardsManager = SecurityUtils.CreateSecurityStandardsManager(recipientRequirement, this), SecurityStateEncoder = ServiceCredentials.SecureConversationAuthentication.SecurityStateEncoder, KnownTypes = ServiceCredentials.SecureConversationAuthentication.SecurityContextClaimTypes, LdapSettings = ServiceCredentials.WindowsAuthentication.LdapSetting }; // if the SPNEGO is being done in mixed-mode, the nego blobs are from an anonymous client and so there size bound needs to be enforced. if (securityBindingElement is TransportSecurityBindingElement) { authenticator.MaxMessageSize = SecurityUtils.GetMaxNegotiationBufferSize(authenticator.IssuerBindingContext); } // local security quotas authenticator.MaximumCachedNegotiationState = localServiceSettings.MaxStatefulNegotiations; authenticator.NegotiationTimeout = localServiceSettings.NegotiationTimeout; authenticator.ServiceTokenLifetime = localServiceSettings.IssuedCookieLifetime; authenticator.MaximumConcurrentNegotiations = localServiceSettings.MaxStatefulNegotiations; // audit settings //authenticator.AuditLogLocation = recipientRequirement.AuditLogLocation; //authenticator.SuppressAuditFailure = recipientRequirement.SuppressAuditFailure; //authenticator.MessageAuthenticationAuditLevel = recipientRequirement.MessageAuthenticationAuditLevel; return(authenticator); }
SecurityTokenAuthenticator CreateTlsnegoSecurityTokenAuthenticator(RecipientServiceModelSecurityTokenRequirement recipientRequirement, bool requireClientCertificate, out SecurityTokenResolver sctResolver) { SecurityBindingElement securityBindingElement = recipientRequirement.SecurityBindingElement; if (securityBindingElement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenAuthenticatorRequiresSecurityBindingElement, recipientRequirement)); } bool isCookieMode = !recipientRequirement.SupportSecurityContextCancellation; LocalServiceSecuritySettings localServiceSettings = securityBindingElement.LocalServiceSettings; sctResolver = new SecurityContextSecurityTokenResolver(localServiceSettings.MaxCachedCookies, true); TlsnegoTokenAuthenticator authenticator = new TlsnegoTokenAuthenticator(); authenticator.IsClientAnonymous = !requireClientCertificate; if (requireClientCertificate) { authenticator.ClientTokenAuthenticator = this.CreateTlsnegoClientX509TokenAuthenticator(recipientRequirement); authenticator.MapCertificateToWindowsAccount = this.ServiceCredentials.ClientCertificate.Authentication.MapClientCertificateToWindowsAccount; } authenticator.EncryptStateInServiceToken = isCookieMode; authenticator.IssuedSecurityTokenParameters = recipientRequirement.GetProperty <SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty); authenticator.IssuedTokenCache = (ISecurityContextSecurityTokenCache)sctResolver; authenticator.IssuerBindingContext = recipientRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty); authenticator.ListenUri = recipientRequirement.ListenUri; authenticator.SecurityAlgorithmSuite = recipientRequirement.SecurityAlgorithmSuite; authenticator.StandardsManager = SecurityUtils.CreateSecurityStandardsManager(recipientRequirement, this); authenticator.SecurityStateEncoder = parent.SecureConversationAuthentication.SecurityStateEncoder; authenticator.KnownTypes = parent.SecureConversationAuthentication.SecurityContextClaimTypes; authenticator.ServerTokenProvider = CreateTlsnegoServerX509TokenProvider(recipientRequirement); // local security quotas authenticator.MaximumCachedNegotiationState = localServiceSettings.MaxStatefulNegotiations; authenticator.NegotiationTimeout = localServiceSettings.NegotiationTimeout; authenticator.ServiceTokenLifetime = localServiceSettings.IssuedCookieLifetime; authenticator.MaximumConcurrentNegotiations = localServiceSettings.MaxStatefulNegotiations; // if the TLSNEGO is being done in mixed-mode, the nego blobs are from an anonymous client and so there size bound needs to be enforced. if (securityBindingElement is TransportSecurityBindingElement) { authenticator.MaxMessageSize = SecurityUtils.GetMaxNegotiationBufferSize(authenticator.IssuerBindingContext); } // audit settings authenticator.AuditLogLocation = recipientRequirement.AuditLogLocation; authenticator.SuppressAuditFailure = recipientRequirement.SuppressAuditFailure; authenticator.MessageAuthenticationAuditLevel = recipientRequirement.MessageAuthenticationAuditLevel; return(authenticator); }
private void ShowUse() { //<snippet17> // Create an instance of the binding to use. WSHttpBinding b = new WSHttpBinding(); // Get the binding element collection. BindingElementCollection bec = b.CreateBindingElements(); // Find the SymmetricSecurityBindingElement in the colllection. // Important: Cast to the SymmetricSecurityBindingElement when using the Find // method. SymmetricSecurityBindingElement sbe = (SymmetricSecurityBindingElement) bec.Find <SecurityBindingElement>(); // Get the LocalServiceSettings from the binding element. LocalServiceSecuritySettings lss = sbe.LocalServiceSettings; // Print out values. Console.WriteLine("DetectReplays: {0} days", lss.DetectReplays); Console.WriteLine("ReplayWindow: {0} minutes", lss.ReplayWindow.Minutes); Console.WriteLine("MaxClockSkew: {0} minutes", lss.MaxClockSkew.Minutes); Console.ReadLine(); Console.WriteLine("Press Enter to Continue"); // Change the MaxClockSkew to 3 minutes. lss.MaxClockSkew = new TimeSpan(0, 0, 3, 0); // Print the new value. Console.WriteLine("New MaxClockSkew: {0} minutes", lss.MaxClockSkew.Minutes); Console.WriteLine("Press Enter to End"); Console.ReadLine(); // Create a URI for the service. Uri httpUri = new Uri("http://localhost/calculator"); // Create a ServiceHost. The binding has the changed MaxClockSkew. ServiceHost sh = new ServiceHost(typeof(Calculator), httpUri); sh.AddServiceEndpoint(typeof(ICalculator), b, ""); // sh.Open(); // Console.WriteLine("Listening"); // Console.ReadLine(); // sh.Close(); //</snippet17> }
private SecurityTokenAuthenticator CreateTlsnegoSecurityTokenAuthenticator(RecipientServiceModelSecurityTokenRequirement recipientRequirement, bool requireClientCertificate, out SecurityTokenResolver sctResolver) { SecurityBindingElement securityBindingElement = recipientRequirement.SecurityBindingElement; if (securityBindingElement == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenAuthenticatorRequiresSecurityBindingElement", new object[] { recipientRequirement })); } bool flag = !recipientRequirement.SupportSecurityContextCancellation; LocalServiceSecuritySettings localServiceSettings = securityBindingElement.LocalServiceSettings; sctResolver = new SecurityContextSecurityTokenResolver(localServiceSettings.MaxCachedCookies, true); TlsnegoTokenAuthenticator authenticator = new TlsnegoTokenAuthenticator { IsClientAnonymous = !requireClientCertificate }; if (requireClientCertificate) { authenticator.ClientTokenAuthenticator = this.CreateTlsnegoClientX509TokenAuthenticator(recipientRequirement); authenticator.MapCertificateToWindowsAccount = this.ServiceCredentials.ClientCertificate.Authentication.MapClientCertificateToWindowsAccount; } authenticator.EncryptStateInServiceToken = flag; authenticator.IssuedSecurityTokenParameters = recipientRequirement.GetProperty <SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty); authenticator.IssuedTokenCache = (ISecurityContextSecurityTokenCache)sctResolver; authenticator.IssuerBindingContext = recipientRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty); authenticator.ListenUri = recipientRequirement.ListenUri; authenticator.SecurityAlgorithmSuite = recipientRequirement.SecurityAlgorithmSuite; authenticator.StandardsManager = System.ServiceModel.Security.SecurityUtils.CreateSecurityStandardsManager(recipientRequirement, this); authenticator.SecurityStateEncoder = this.parent.SecureConversationAuthentication.SecurityStateEncoder; authenticator.KnownTypes = this.parent.SecureConversationAuthentication.SecurityContextClaimTypes; authenticator.ServerTokenProvider = this.CreateTlsnegoServerX509TokenProvider(recipientRequirement); authenticator.MaximumCachedNegotiationState = localServiceSettings.MaxStatefulNegotiations; authenticator.NegotiationTimeout = localServiceSettings.NegotiationTimeout; authenticator.ServiceTokenLifetime = localServiceSettings.IssuedCookieLifetime; authenticator.MaximumConcurrentNegotiations = localServiceSettings.MaxStatefulNegotiations; if (securityBindingElement is TransportSecurityBindingElement) { authenticator.MaxMessageSize = System.ServiceModel.Security.SecurityUtils.GetMaxNegotiationBufferSize(authenticator.IssuerBindingContext); } authenticator.AuditLogLocation = recipientRequirement.AuditLogLocation; authenticator.SuppressAuditFailure = recipientRequirement.SuppressAuditFailure; authenticator.MessageAuthenticationAuditLevel = recipientRequirement.MessageAuthenticationAuditLevel; return(authenticator); }
private SecurityTokenAuthenticator CreateSpnegoSecurityTokenAuthenticator(RecipientServiceModelSecurityTokenRequirement recipientRequirement, out SecurityTokenResolver sctResolver) { SecurityBindingElement securityBindingElement = recipientRequirement.SecurityBindingElement; if (securityBindingElement == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenAuthenticatorRequiresSecurityBindingElement", new object[] { recipientRequirement })); } bool flag = !recipientRequirement.SupportSecurityContextCancellation; LocalServiceSecuritySettings localServiceSettings = securityBindingElement.LocalServiceSettings; sctResolver = new SecurityContextSecurityTokenResolver(localServiceSettings.MaxCachedCookies, true); ExtendedProtectionPolicy result = null; recipientRequirement.TryGetProperty <ExtendedProtectionPolicy>(ServiceModelSecurityTokenRequirement.ExtendedProtectionPolicy, out result); SpnegoTokenAuthenticator authenticator = new SpnegoTokenAuthenticator { ExtendedProtectionPolicy = result, AllowUnauthenticatedCallers = this.parent.WindowsAuthentication.AllowAnonymousLogons, ExtractGroupsForWindowsAccounts = this.parent.WindowsAuthentication.IncludeWindowsGroups, IsClientAnonymous = false, EncryptStateInServiceToken = flag, IssuedSecurityTokenParameters = recipientRequirement.GetProperty <SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty), IssuedTokenCache = (ISecurityContextSecurityTokenCache)sctResolver, IssuerBindingContext = recipientRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty), ListenUri = recipientRequirement.ListenUri, SecurityAlgorithmSuite = recipientRequirement.SecurityAlgorithmSuite, StandardsManager = System.ServiceModel.Security.SecurityUtils.CreateSecurityStandardsManager(recipientRequirement, this), SecurityStateEncoder = this.parent.SecureConversationAuthentication.SecurityStateEncoder, KnownTypes = this.parent.SecureConversationAuthentication.SecurityContextClaimTypes }; if (securityBindingElement is TransportSecurityBindingElement) { authenticator.MaxMessageSize = System.ServiceModel.Security.SecurityUtils.GetMaxNegotiationBufferSize(authenticator.IssuerBindingContext); } authenticator.MaximumCachedNegotiationState = localServiceSettings.MaxStatefulNegotiations; authenticator.NegotiationTimeout = localServiceSettings.NegotiationTimeout; authenticator.ServiceTokenLifetime = localServiceSettings.IssuedCookieLifetime; authenticator.MaximumConcurrentNegotiations = localServiceSettings.MaxStatefulNegotiations; authenticator.AuditLogLocation = recipientRequirement.AuditLogLocation; authenticator.SuppressAuditFailure = recipientRequirement.SuppressAuditFailure; authenticator.MessageAuthenticationAuditLevel = recipientRequirement.MessageAuthenticationAuditLevel; return(authenticator); }
internal void InitializeFrom(LocalServiceSecuritySettings settings) { if (settings == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("settings"); } this.DetectReplays = settings.DetectReplays; this.IssuedCookieLifetime = settings.IssuedCookieLifetime; this.MaxClockSkew = settings.MaxClockSkew; this.MaxPendingSessions = settings.MaxPendingSessions; this.MaxStatefulNegotiations = settings.MaxStatefulNegotiations; this.NegotiationTimeout = settings.NegotiationTimeout; this.ReconnectTransportOnFailure = settings.ReconnectTransportOnFailure; this.ReplayCacheSize = settings.ReplayCacheSize; this.ReplayWindow = settings.ReplayWindow; this.SessionKeyRenewalInterval = settings.SessionKeyRenewalInterval; this.SessionKeyRolloverInterval = settings.SessionKeyRolloverInterval; this.InactivityTimeout = settings.InactivityTimeout; this.TimestampValidityDuration = settings.TimestampValidityDuration; this.MaxCachedCookies = settings.MaxCachedCookies; }
internal void InitializeFrom(LocalServiceSecuritySettings settings) { if (settings == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("settings"); } this.DetectReplays = settings.DetectReplays; // can't use default value optimization here because runtime default doesn't match config default SetPropertyValueIfNotDefaultValue(ConfigurationStrings.IssuedCookieLifetime, settings.IssuedCookieLifetime); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.MaxClockSkew, settings.MaxClockSkew); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.MaxPendingSessions, settings.MaxPendingSessions); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.MaxStatefulNegotiations, settings.MaxStatefulNegotiations); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.NegotiationTimeout, settings.NegotiationTimeout); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.ReconnectTransportOnFailure, settings.ReconnectTransportOnFailure); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.ReplayCacheSize, settings.ReplayCacheSize); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.ReplayWindow, settings.ReplayWindow); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.SessionKeyRenewalInterval, settings.SessionKeyRenewalInterval); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.SessionKeyRolloverInterval, settings.SessionKeyRolloverInterval); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.InactivityTimeout, settings.InactivityTimeout); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.TimestampValidityDuration, settings.TimestampValidityDuration); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.MaxCachedCookies, settings.MaxCachedCookies); }
internal void ApplyConfiguration(LocalServiceSecuritySettings settings) { if (settings == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("settings"); } if (base.ElementInformation.Properties["detectReplays"].ValueOrigin != PropertyValueOrigin.Default) { settings.DetectReplays = this.DetectReplays; } settings.IssuedCookieLifetime = this.IssuedCookieLifetime; settings.MaxClockSkew = this.MaxClockSkew; settings.MaxPendingSessions = this.MaxPendingSessions; settings.MaxStatefulNegotiations = this.MaxStatefulNegotiations; settings.NegotiationTimeout = this.NegotiationTimeout; settings.ReconnectTransportOnFailure = this.ReconnectTransportOnFailure; settings.ReplayCacheSize = this.ReplayCacheSize; settings.ReplayWindow = this.ReplayWindow; settings.SessionKeyRenewalInterval = this.SessionKeyRenewalInterval; settings.SessionKeyRolloverInterval = this.SessionKeyRolloverInterval; settings.InactivityTimeout = this.InactivityTimeout; settings.TimestampValidityDuration = this.TimestampValidityDuration; settings.MaxCachedCookies = this.MaxCachedCookies; }
static void Main() { // <Snippet2> // <Snippet0> // <Snippet1> LocalServiceSecuritySettings settings = new LocalServiceSecuritySettings(); // </Snippet1> bool detectReplays = settings.DetectReplays; // </Snippet0> // </Snippet2> // <Snippet3> TimeSpan inactivityTimeout = settings.InactivityTimeout; // </Snippet3> // <Snippet4> TimeSpan issuedCookieLifetime = settings.IssuedCookieLifetime; // </Snippet4> // <Snippet5> int maxCachedCookies = settings.MaxCachedCookies; // </Snippet5> // <Snippet6> TimeSpan maxClockSkew = settings.MaxClockSkew; // </Snippet6> // <Snippet7> int maxPendingSessions = settings.MaxPendingSessions; // </Snippet7> // <Snippet8> int maxStatefulNegotiationsNegotiations = settings.MaxStatefulNegotiations; // </Snippet8> // <Snippet9> TimeSpan negotiationTimeout = settings.NegotiationTimeout; // </Snippet9> // <Snippet10> int maxStatefulNegotiations = settings.MaxStatefulNegotiations; // </Snippet10> // <Snippet11> int replayCacheSize = settings.ReplayCacheSize; // </Snippet11> // <Snippet12> TimeSpan replayWindow = settings.ReplayWindow; // </Snippet12> // <Snippet13> TimeSpan sessionKeyRenewalInterval = settings.SessionKeyRenewalInterval; // </Snippet13> // <Snippet14> TimeSpan rolloverInterval = settings.SessionKeyRolloverInterval; // </Snippet14> // <Snippet15> TimeSpan timestampValidityDuration = settings.TimestampValidityDuration; // </Snippet15> // <Snippet16> LocalServiceSecuritySettings localServiceSecuritySettings = settings.Clone(); // </Snippet16> }
protected SecurityTokenAuthenticator CreateSecureConversationTokenAuthenticator(RecipientServiceModelSecurityTokenRequirement recipientRequirement, bool preserveBootstrapTokens, out SecurityTokenResolver sctResolver) { SecurityBindingElement securityBindingElement = recipientRequirement.SecurityBindingElement; if (securityBindingElement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenAuthenticatorRequiresSecurityBindingElement, recipientRequirement)); } bool isCookieMode = !recipientRequirement.SupportSecurityContextCancellation; LocalServiceSecuritySettings localServiceSettings = securityBindingElement.LocalServiceSettings; IMessageFilterTable <EndpointAddress> endpointFilterTable = recipientRequirement.GetPropertyOrDefault <IMessageFilterTable <EndpointAddress> >(ServiceModelSecurityTokenRequirement.EndpointFilterTableProperty, null); if (!isCookieMode) { sctResolver = new SecurityContextSecurityTokenResolver(Int32.MaxValue, false); // remember this authenticator for future reference SecuritySessionSecurityTokenAuthenticator authenticator = new SecuritySessionSecurityTokenAuthenticator(); authenticator.BootstrapSecurityBindingElement = SecurityUtils.GetIssuerSecurityBindingElement(recipientRequirement); authenticator.IssuedSecurityTokenParameters = recipientRequirement.GetProperty <SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty); authenticator.IssuedTokenCache = (ISecurityContextSecurityTokenCache)sctResolver; authenticator.IssuerBindingContext = recipientRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty); authenticator.KeyEntropyMode = securityBindingElement.KeyEntropyMode; authenticator.ListenUri = recipientRequirement.ListenUri; authenticator.SecurityAlgorithmSuite = recipientRequirement.SecurityAlgorithmSuite; authenticator.SessionTokenLifetime = TimeSpan.MaxValue; authenticator.KeyRenewalInterval = securityBindingElement.LocalServiceSettings.SessionKeyRenewalInterval; authenticator.StandardsManager = SecurityUtils.CreateSecurityStandardsManager(recipientRequirement, this); authenticator.EndpointFilterTable = endpointFilterTable; authenticator.MaximumConcurrentNegotiations = localServiceSettings.MaxStatefulNegotiations; authenticator.NegotiationTimeout = localServiceSettings.NegotiationTimeout; authenticator.PreserveBootstrapTokens = preserveBootstrapTokens; return(authenticator); } else { sctResolver = new SecurityContextSecurityTokenResolver(localServiceSettings.MaxCachedCookies, true, localServiceSettings.MaxClockSkew); AcceleratedTokenAuthenticator authenticator = new AcceleratedTokenAuthenticator(); authenticator.BootstrapSecurityBindingElement = SecurityUtils.GetIssuerSecurityBindingElement(recipientRequirement); authenticator.KeyEntropyMode = securityBindingElement.KeyEntropyMode; authenticator.EncryptStateInServiceToken = true; authenticator.IssuedSecurityTokenParameters = recipientRequirement.GetProperty <SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty); authenticator.IssuedTokenCache = (ISecurityContextSecurityTokenCache)sctResolver; authenticator.IssuerBindingContext = recipientRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty); authenticator.ListenUri = recipientRequirement.ListenUri; authenticator.SecurityAlgorithmSuite = recipientRequirement.SecurityAlgorithmSuite; authenticator.StandardsManager = SecurityUtils.CreateSecurityStandardsManager(recipientRequirement, this); authenticator.SecurityStateEncoder = parent.SecureConversationAuthentication.SecurityStateEncoder; authenticator.KnownTypes = parent.SecureConversationAuthentication.SecurityContextClaimTypes; authenticator.PreserveBootstrapTokens = preserveBootstrapTokens; // local security quotas authenticator.MaximumCachedNegotiationState = localServiceSettings.MaxStatefulNegotiations; authenticator.NegotiationTimeout = localServiceSettings.NegotiationTimeout; authenticator.ServiceTokenLifetime = localServiceSettings.IssuedCookieLifetime; authenticator.MaximumConcurrentNegotiations = localServiceSettings.MaxStatefulNegotiations; // audit settings authenticator.AuditLogLocation = recipientRequirement.AuditLogLocation; authenticator.SuppressAuditFailure = recipientRequirement.SuppressAuditFailure; authenticator.MessageAuthenticationAuditLevel = recipientRequirement.MessageAuthenticationAuditLevel; authenticator.EndpointFilterTable = endpointFilterTable; return(authenticator); } }