// callback from schannel private bool ValidateRemoteCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { if (_parent.RequireClientCertificate) { if (certificate == null) { Contract.Assert(certificate != null, "certificate MUST NOT be null"); return(false); } // Note: add ref to handle since the caller will reset the cert after the callback return. X509Certificate2 certificate2 = new X509Certificate2(certificate.Handle); _clientCertificate = certificate2; try { SecurityToken token = new X509SecurityToken(certificate2, false); ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies = _parent.ClientCertificateAuthenticator.ValidateToken(token); _clientSecurity = new SecurityMessageProperty(); _clientSecurity.TransportToken = new SecurityTokenSpecification(token, authorizationPolicies); _clientSecurity.ServiceSecurityContext = new ServiceSecurityContext(authorizationPolicies); } catch (SecurityTokenException) { return(false); } } return(true); }
protected override Stream OnAcceptUpgrade(Stream stream, out SecurityMessageProperty remoteSecurity) { SslStream stream2 = new SslStream(stream, false, new RemoteCertificateValidationCallback(this.ValidateRemoteCertificate)); try { stream2.AuthenticateAsServer(this.parent.ServerCertificate, this.parent.RequireClientCertificate, SslProtocols.Default, false); } catch (AuthenticationException exception) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(exception.Message, exception)); } catch (IOException exception2) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("NegotiationFailedIO", new object[] { exception2.Message }), exception2)); } if (System.ServiceModel.Security.SecurityUtils.ShouldValidateSslCipherStrength()) { System.ServiceModel.Security.SecurityUtils.ValidateSslCipherStrength(stream2.CipherStrength); } remoteSecurity = this.clientSecurity; if (this.IsChannelBindingSupportEnabled) { this.channelBindingToken = ChannelBindingUtility.GetToken(stream2); } return(stream2); }
private bool ValidateRemoteCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { if (this.parent.RequireClientCertificate) { if (certificate == null) { if (DiagnosticUtility.ShouldTraceError) { TraceUtility.TraceEvent(TraceEventType.Error, 0x4002d, System.ServiceModel.SR.GetString("TraceCodeSslClientCertMissing"), this); } return(false); } X509Certificate2 certificate2 = new X509Certificate2(certificate); this.clientCertificate = certificate2; try { SecurityToken token = new X509SecurityToken(certificate2, false); ReadOnlyCollection <IAuthorizationPolicy> tokenPolicies = this.parent.ClientCertificateAuthenticator.ValidateToken(token); this.clientSecurity = new SecurityMessageProperty(); this.clientSecurity.TransportToken = new SecurityTokenSpecification(token, tokenPolicies); this.clientSecurity.ServiceSecurityContext = new ServiceSecurityContext(tokenPolicies); } catch (SecurityTokenException exception) { if (DiagnosticUtility.ShouldTraceInformation) { DiagnosticUtility.ExceptionUtility.TraceHandledException(exception, TraceEventType.Information); } return(false); } } return(true); }
protected override Stream OnAcceptUpgrade(Stream stream, out SecurityMessageProperty remoteSecurity) { if (TD.SslOnAcceptUpgradeIsEnabled()) { TD.SslOnAcceptUpgrade(this.EventTraceActivity); } SslStream sslStream = new SslStream(stream, false, this.ValidateRemoteCertificate); try { sslStream.AuthenticateAsServer(_parent.ServerCertificate, _parent.RequireClientCertificate, _parent.SslProtocols, false); } catch (AuthenticationException exception) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(exception.Message, exception)); } catch (IOException ioException) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException( SR.Format(SR.NegotiationFailedIO, ioException.Message), ioException)); } remoteSecurity = _clientSecurity; if (this.IsChannelBindingSupportEnabled) { _channelBindingToken = ChannelBindingUtility.GetToken(sslStream); } return(sslStream); }
public static Stream End(IAsyncResult result, out SecurityMessageProperty remoteSecurity, out ChannelBinding channelBinding) { Stream stream = StreamSecurityUpgradeAcceptorAsyncResult.End(result, out remoteSecurity); channelBinding = ((SslStreamSecurityUpgradeAcceptor.AcceptUpgradeAsyncResult)result).channelBindingToken; return(stream); }
private ServiceSecurityContext GetAndCacheSecurityContext(MessageRpc rpc) { ServiceSecurityContext securityContext = rpc.SecurityContext; if (!rpc.HasSecurityContext) { SecurityMessageProperty securityContextProperty = rpc.Request.Properties.Security; if (securityContextProperty == null) { securityContext = null; // SecurityContext.Anonymous } else { securityContext = securityContextProperty.ServiceSecurityContext; if (securityContext == null) { throw TraceUtility.ThrowHelperError(new InvalidOperationException(SR.Format(SR.SecurityContextMissing, rpc.Operation.Name)), rpc.Request); } } rpc.SecurityContext = securityContext; rpc.HasSecurityContext = true; } return(securityContext); }
protected override Stream OnAcceptUpgrade(Stream stream, out SecurityMessageProperty remoteSecurity) { // wrap stream NegotiateStream negotiateStream = new NegotiateStream(stream); // authenticate try { if (TD.WindowsStreamSecurityOnAcceptUpgradeIsEnabled()) { TD.WindowsStreamSecurityOnAcceptUpgrade(this.EventTraceActivity); } negotiateStream.AuthenticateAsServer(parent.ServerCredential, parent.ProtectionLevel, TokenImpersonationLevel.Identification); } catch (AuthenticationException exception) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(exception.Message, exception)); } catch (IOException ioException) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException( SR.GetString(SR.NegotiationFailedIO, ioException.Message), ioException)); } remoteSecurity = CreateClientSecurity(negotiateStream, parent.ExtractGroupsForWindowsAccounts); return(negotiateStream); }
SecurityMessageProperty CreateClientSecurity(NegotiateStream negotiateStream, bool extractGroupsForWindowsAccounts) { IIdentity remoteIdentity = negotiateStream.RemoteIdentity; SecurityToken token; ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies; if (remoteIdentity is WindowsIdentity) { WindowsIdentity windowIdentity = (WindowsIdentity)remoteIdentity; Security.SecurityUtils.ValidateAnonymityConstraint(windowIdentity, false); WindowsSecurityTokenAuthenticator authenticator = new WindowsSecurityTokenAuthenticator(extractGroupsForWindowsAccounts); token = new WindowsSecurityToken(windowIdentity, SecurityUniqueId.Create().Value, windowIdentity.AuthenticationType); authorizationPolicies = authenticator.ValidateToken(token); } else { token = new GenericSecurityToken(remoteIdentity.Name, SecurityUniqueId.Create().Value); GenericSecurityTokenAuthenticator authenticator = new GenericSecurityTokenAuthenticator(); authorizationPolicies = authenticator.ValidateToken(token); } SecurityMessageProperty clientSecurity = new SecurityMessageProperty(); clientSecurity.TransportToken = new SecurityTokenSpecification(token, authorizationPolicies); clientSecurity.ServiceSecurityContext = new ServiceSecurityContext(authorizationPolicies); return(clientSecurity); }
protected override SecurityMessageProperty ValidateCreateSecurity() { SecurityMessageProperty remoteSecurity = WindowsStreamSecurityUpgradeProvider.WindowsStreamSecurityUpgradeInitiator.CreateServerSecurity(this.negotiateStream); this.initiator.ValidateMutualAuth(this.expectedIdentity, this.negotiateStream, remoteSecurity, this.initiator.allowNtlm); return(remoteSecurity); }
// callback from schannel private bool ValidateRemoteCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { if (_parent.RequireClientCertificate) { if (certificate == null) { return(false); } // Note: add ref to handle since the caller will reset the cert after the callback return. X509Certificate2 certificate2 = new X509Certificate2(certificate); _clientCertificate = certificate2; try { SecurityToken token = new X509SecurityToken(certificate2, false); ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies; var validationValueTask = _parent.ClientCertificateAuthenticator.ValidateTokenAsync(token); authorizationPolicies = validationValueTask.IsCompleted ? validationValueTask.Result : validationValueTask.AsTask().GetAwaiter().GetResult(); _clientSecurity = new SecurityMessageProperty { TransportToken = new SecurityTokenSpecification(token, authorizationPolicies), ServiceSecurityContext = new ServiceSecurityContext(authorizationPolicies) }; } catch (SecurityTokenException e) { DiagnosticUtility.TraceHandledException(e, TraceEventType.Information); return(false); } } return(true); }
public InitiatorSecureMessageDecryptor( Message source, SecurityMessageProperty secprop, InitiatorMessageSecurityBindingSupport security) : base(source, security) { this.security = security; request_security = secprop; }
// Define the set of policies taking part in chaining. We will provide // the safe default set (primary token + all supporting tokens except token with // with SecurityTokenAttachmentMode.Signed + transport token). Implementor // can override and provide different selection of policies set. protected virtual ReadOnlyCollection <IAuthorizationPolicy> GetAuthorizationPolicies(OperationContext operationContext) { SecurityMessageProperty security = operationContext.IncomingMessageProperties.Security; if (security == null) { return(EmptyReadOnlyCollection <IAuthorizationPolicy> .Instance); } ReadOnlyCollection <IAuthorizationPolicy> externalPolicies = security.ExternalAuthorizationPolicies; if (security.ServiceSecurityContext == null) { return(externalPolicies ?? EmptyReadOnlyCollection <IAuthorizationPolicy> .Instance); } ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies = security.ServiceSecurityContext.AuthorizationPolicies; if (externalPolicies == null || externalPolicies.Count <= 0) { return(authorizationPolicies); } // Combine List <IAuthorizationPolicy> policies = new List <IAuthorizationPolicy>(authorizationPolicies); policies.AddRange(externalPolicies); return(policies.AsReadOnly()); }
public void Clear() { if (_disposed) { ThrowDisposed(); } if (_properties != null) { for (int i = 0; i < _properties.Length; i++) { if (_properties[i].Name == null) { break; } _properties[i] = new Property(); } } _via = null; _allowOutputBatching = null; _security = null; _encoder = null; _propertyCount = 0; }
protected override Stream OnAcceptUpgrade(Stream stream, out SecurityMessageProperty remoteSecurity) { #if SUPPORTS_WINDOWSIDENTITY // NegotiateStream // wrap stream NegotiateStream negotiateStream = new NegotiateStream(stream); // authenticate try { if (WcfEventSource.Instance.WindowsStreamSecurityOnAcceptUpgradeIsEnabled()) { WcfEventSource.Instance.WindowsStreamSecurityOnAcceptUpgrade(EventTraceActivity); } negotiateStream.AuthenticateAsServerAsync(_parent.ServerCredential, _parent.ProtectionLevel, TokenImpersonationLevel.Identification).GetAwaiter().GetResult(); } catch (AuthenticationException exception) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(exception.Message, exception)); } catch (IOException ioException) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException( SR.Format(SR.NegotiationFailedIO, ioException.Message), ioException)); } remoteSecurity = CreateClientSecurity(negotiateStream, _parent.ExtractGroupsForWindowsAccounts); return(negotiateStream); #else throw ExceptionHelper.PlatformNotSupported(ExceptionHelper.WinsdowsStreamSecurityNotSupported); #endif // SUPPORTS_WINDOWSIDENTITY }
protected override async Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { IPrincipal originalPrincipal = Thread.CurrentPrincipal; // here you can see the requestor's identity via the request message // convert the Generic Identity to some IPrincipal object, and set it in the request's property // later the authorization filter will use the role information to authorize request. SecurityMessageProperty property = request.GetSecurityMessageProperty(); if (property != null) { ServiceSecurityContext context = property.ServiceSecurityContext; if (context.PrimaryIdentity.Name == "username") { Thread.CurrentPrincipal = new GenericPrincipal(context.PrimaryIdentity, new string[] { "Administrators" }); } } try { return(await base.SendAsync(request, cancellationToken)); } finally { Thread.CurrentPrincipal = originalPrincipal; } }
protected override async Task <(Stream, SecurityMessageProperty)> OnAcceptUpgradeAsync(Stream stream) { var sslStream = new SslStream(stream, false, ValidateRemoteCertificate); try { await sslStream.AuthenticateAsServerAsync(_parent.ServerCertificate, _parent.RequireClientCertificate, _parent.SslProtocols, false); } catch (AuthenticationException exception) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(exception.Message, exception)); } catch (IOException ioException) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException( SR.Format(SR.NegotiationFailedIO, ioException.Message), ioException)); } SecurityMessageProperty remoteSecurity = _clientSecurity; if (IsChannelBindingSupportEnabled) { _channelBindingToken = ChannelBindingUtility.GetToken(sslStream); } return(sslStream, remoteSecurity); }
bool HandleUpgrade(IAsyncResult result) { connection = ConnectionUpgradeHelper.EndInitiateUpgrade(result); if (this.channelBindingProvider != null && this.channelBindingProvider.IsChannelBindingSupportEnabled) { this.channel.channelBindingToken = this.channelBindingProvider.GetChannelBinding(this.upgradeInitiator, ChannelBindingKind.Endpoint); } this.remoteSecurity = StreamSecurityUpgradeInitiator.GetRemoteSecurity(this.upgradeInitiator); this.upgradeInitiator = null; // we're done with the initiator if (onWritePreambleEnd == null) { onWritePreambleEnd = Fx.ThunkCallback(new WaitCallback(OnWritePreambleEnd)); } AsyncCompletionResult writePreambleResult = connection.BeginWrite( ClientSingletonEncoder.PreambleEndBytes, 0, ClientSingletonEncoder.PreambleEndBytes.Length, true, timeoutHelper.RemainingTime(), onWritePreambleEnd, this); if (writePreambleResult == AsyncCompletionResult.Queued) { return(false); } connection.EndWrite(); return(ReadPreambleAck()); }
public static IConnection End(IAsyncResult result, out SecurityMessageProperty remoteSecurity) { SendPreambleAsyncResult thisPtr = AsyncResult.End <SendPreambleAsyncResult>(result); remoteSecurity = thisPtr.remoteSecurity; return(thisPtr.connection); }
public void ClientAcceptUpgrade() { ServiceCredentials cred = new ServiceCredentials(); X509Certificate2 cert = new X509Certificate2("Test/Resources/test.cer"); cred.ServiceCertificate.Certificate = cert; X509CertificateEndpointIdentity ident = new X509CertificateEndpointIdentity(cert); StreamSecurityUpgradeProvider p = CreateClientProvider(cred, ident); p.Open(); try { StreamSecurityUpgradeAcceptor a = p.CreateUpgradeAcceptor() as StreamSecurityUpgradeAcceptor; Assert.IsNotNull(a, "#1"); SecurityMessageProperty prop = a.GetRemoteSecurity(); Assert.IsNull(prop, "#2"); // hmm Stream s = a.AcceptUpgrade(new MemoryStream(new byte [] { 1, 2, 3, 4, 5 })); } finally { p.Close(); } }
private static X509Certificate2 RetrieveClientCertificate(HttpRequestMessage request) { if (request == null) { throw Error.ArgumentNull("request"); } SecurityMessageProperty property = request.GetSecurityMessageProperty(); X509Certificate2 result = null; if (property != null && property.ServiceSecurityContext != null && property.ServiceSecurityContext.AuthorizationContext != null) { X509CertificateClaimSet certClaimSet = null; foreach (ClaimSet claimSet in property.ServiceSecurityContext.AuthorizationContext.ClaimSets) { certClaimSet = claimSet as X509CertificateClaimSet; if (certClaimSet != null) { result = certClaimSet.X509Certificate; break; } } } return(result); }
private bool ProcessAuthentication(RequestContext requestContext) { var authorizationHeader = GetAuthorizationHeader(requestContext.RequestMessage); if (!authorizationHeader.StartsWith(BasicAuthenticationMechanism, StringComparison.Ordinal)) { return(false); } string authBase64Encoded = authorizationHeader.Substring(BasicAuthenticationMechanismLength); var authDecodedBytes = Convert.FromBase64String(authBase64Encoded); var authDecoded = Encoding.UTF8.GetString(authDecodedBytes); int colonPos = authDecoded.IndexOf(':'); if (colonPos <= 0) { return(false); } var username = authDecoded.Substring(0, colonPos); var password = authDecoded.Substring(colonPos + 1); SecurityToken securityToken = new UserNameSecurityToken(username, password); ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies = _parentListener.UserNameTokenAuthenticator.ValidateToken(securityToken); SecurityMessageProperty security = new SecurityMessageProperty(); security.TransportToken = new SecurityTokenSpecification(securityToken, authorizationPolicies); security.ServiceSecurityContext = new ServiceSecurityContext(authorizationPolicies); requestContext.RequestMessage.Properties.Security = security; return(true); }
internal SecurityContextSecurityToken(SecurityContextSecurityToken sourceToken, string id, byte[] key, UniqueId keyGeneration, DateTime keyEffectiveTime, DateTime keyExpirationTime, ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies) { this.id = id; this.Initialize(sourceToken.contextId, key, sourceToken.ValidFrom, sourceToken.ValidTo, authorizationPolicies, sourceToken.isCookieMode, keyGeneration, keyEffectiveTime, keyExpirationTime); this.cookieBlob = sourceToken.cookieBlob; this.bootstrapMessageProperty = (sourceToken.bootstrapMessageProperty == null) ? null : ((SecurityMessageProperty)sourceToken.BootstrapMessageProperty.CreateCopy()); }
public static Stream End(IAsyncResult result, out SecurityMessageProperty remoteSecurity) { StreamSecurityUpgradeAcceptorAsyncResult result2 = AsyncResult.End <StreamSecurityUpgradeAcceptorAsyncResult>(result); remoteSecurity = result2.remoteSecurity; return(result2.upgradedStream); }
public static Stream End(IAsyncResult result, out SecurityMessageProperty remoteSecurity) { StreamSecurityUpgradeInitiatorAsyncResult thisPtr = AsyncResult.End <StreamSecurityUpgradeInitiatorAsyncResult>(result); remoteSecurity = thisPtr.remoteSecurity; return(thisPtr.upgradedStream); }
private async Task <SecurityMessageProperty> CreateClientSecurityAsync(NegotiateStream negotiateStream, bool extractGroupsForWindowsAccounts) { IIdentity remoteIdentity = negotiateStream.RemoteIdentity; SecurityToken token; ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies; WindowsSecurityTokenAuthenticator authenticator = new WindowsSecurityTokenAuthenticator(extractGroupsForWindowsAccounts, _ldapSettings); if (remoteIdentity is WindowsIdentity) { WindowsIdentity windowIdentity = (WindowsIdentity)remoteIdentity; SecurityUtils.ValidateAnonymityConstraint(windowIdentity, false); token = new WindowsSecurityToken(windowIdentity, SecurityUniqueId.Create().Value, windowIdentity.AuthenticationType); } else { ClaimsIdentity claimsIdentity = new ClaimsIdentity(remoteIdentity); token = new GenericSecurityToken(remoteIdentity.Name, SecurityUniqueId.Create().Value); } authorizationPolicies = await authenticator.ValidateTokenAsync(token); SecurityMessageProperty clientSecurity = new SecurityMessageProperty { TransportToken = new SecurityTokenSpecification(token, authorizationPolicies), ServiceSecurityContext = new ServiceSecurityContext(authorizationPolicies) }; return(clientSecurity); }
public void Authorize(ref MessageRpc rpc) { // TODO: Events SecurityMessageProperty security = SecurityMessageProperty.GetOrCreate(rpc.Request); security.ExternalAuthorizationPolicies = _externalAuthorizationPolicies; ServiceAuthorizationManager serviceAuthorizationManager = _serviceAuthorizationManager ?? s_defaultServiceAuthorizationManager; try { if (!serviceAuthorizationManager.CheckAccess(rpc.OperationContext, ref rpc.Request)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(CreateAccessDeniedFaultException()); } } catch (Exception ex) { // I know this code looks weird and it looks like the try/catch block should be removed, but I'm maintaining // this code structure in preparation for Perf counters and auditing to be put back in. if (Fx.IsFatal(ex)) { throw; } // TODO: PerformanceCounters // TODO: Auditing throw; } }
protected override async Task <(Stream, SecurityMessageProperty)> OnAcceptUpgradeAsync(Stream stream) { // wrap stream NegotiateStream negotiateStream = new NegotiateStream(stream, true); // authenticate try { await negotiateStream.AuthenticateAsServerAsync(_parent.ServerCredential, _parent.ProtectionLevel, TokenImpersonationLevel.Identification); } catch (AuthenticationException exception) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(exception.Message, exception)); } catch (IOException ioException) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException( SR.Format(SR.NegotiationFailedIO, ioException.Message), ioException)); } SecurityMessageProperty remoteSecurity = await CreateClientSecurityAsync(negotiateStream, _parent.ExtractGroupsForWindowsAccounts); return(negotiateStream, remoteSecurity); }
public WindowsStreamSecurityUpgradeAcceptor(WindowsStreamSecurityUpgradeProvider parent) : base(FramingUpgradeString.Negotiate) { _parent = parent; _clientSecurity = new SecurityMessageProperty(); _ldapSettings = parent.LdapSettings; }
static void GetOrCreateSecureMessageAtClient(Message msg) { foreach (object o in msg.Properties) { if (o is SecurityMessageProperty) { Assert.Fail("The input msg should not contain SecurityMessageProperty yet."); } } SecurityMessageProperty p = SecurityMessageProperty.GetOrCreate(msg); Assert.AreEqual(null, p.InitiatorToken, "#1"); Assert.AreEqual(null, p.RecipientToken, "#2"); Assert.IsNull(p.ProtectionToken, "#3"); Assert.IsNull(p.TransportToken, "#4"); Assert.IsNull(p.ExternalAuthorizationPolicies, "#5"); // Assert.AreEqual (0, p.ExternalAuthorizationPolicies.Count, "#5"); Assert.IsFalse(p.HasIncomingSupportingTokens, "#6"); Assert.IsNotNull(p.IncomingSupportingTokens, "#6-2"); Assert.AreEqual("_", p.SenderIdPrefix, "#6-3"); ServiceSecurityContext ssc = p.ServiceSecurityContext; Assert.IsNotNull(ssc, "#7"); // not sure if it is worthy of testing though ... GenericIdentity identity = ssc.PrimaryIdentity as GenericIdentity; Assert.IsNotNull(identity, "#8-1"); Assert.AreEqual("", identity.Name, "#8-2"); Assert.AreEqual("", identity.AuthenticationType, "#8-3"); Assert.AreEqual(0, ssc.AuthorizationPolicies.Count, "#9"); Assert.IsTrue(ssc.IsAnonymous, "#10"); }
public void GetOrCreateNonSecureMessage() { Message m = Message.CreateMessage(MessageVersion.Default, "urn:myaction"); SecurityMessageProperty p = SecurityMessageProperty.GetOrCreate(m); Assert.IsNull(p.InitiatorToken, "#1"); Assert.IsNull(p.RecipientToken, "#2"); Assert.IsNull(p.ProtectionToken, "#3"); Assert.IsNull(p.TransportToken, "#4"); Assert.IsNull(p.ExternalAuthorizationPolicies, "#5"); // Assert.AreEqual (0, p.ExternalAuthorizationPolicies.Count, "#5"); Assert.IsFalse(p.HasIncomingSupportingTokens, "#6"); Assert.IsNotNull(p.IncomingSupportingTokens, "#6-2"); Assert.AreEqual("_", p.SenderIdPrefix, "#6-3"); ServiceSecurityContext ssc = p.ServiceSecurityContext; Assert.IsNotNull(ssc, "#7"); // not sure if it is worthy of testing though ... GenericIdentity identity = ssc.PrimaryIdentity as GenericIdentity; Assert.IsNotNull(identity, "#8-1"); Assert.AreEqual("", identity.Name, "#8-2"); Assert.AreEqual("", identity.AuthenticationType, "#8-3"); Assert.AreEqual(0, ssc.AuthorizationPolicies.Count, "#9"); Assert.IsTrue(ssc.IsAnonymous, "#10"); }
internal SecurityContextSecurityToken(SecurityContextSecurityToken sourceToken, string id, byte[] key, UniqueId keyGeneration, DateTime keyEffectiveTime, DateTime keyExpirationTime, ReadOnlyCollection<IAuthorizationPolicy> authorizationPolicies) : base() { _id = id; this.Initialize(sourceToken._contextId, key, sourceToken.ValidFrom, sourceToken.ValidTo, authorizationPolicies, sourceToken._isCookieMode, keyGeneration, keyEffectiveTime, keyExpirationTime); _cookieBlob = sourceToken._cookieBlob; _bootstrapMessageProperty = (sourceToken._bootstrapMessageProperty == null) ? null : (SecurityMessageProperty)sourceToken.BootstrapMessageProperty.CreateCopy(); }
private SecurityContextSecurityToken(SecurityContextSecurityToken from) { ReadOnlyCollection<IAuthorizationPolicy> authorizationPolicies = System.IdentityModel.SecurityUtils.CloneAuthorizationPoliciesIfNecessary(from._authorizationPolicies); _id = from._id; this.Initialize(from._contextId, from._key, from._tokenEffectiveTime, from._tokenExpirationTime, authorizationPolicies, from._isCookieMode, from._keyGeneration, from._keyEffectiveTime, from._keyExpirationTime); _cookieBlob = from._cookieBlob; _bootstrapMessageProperty = (from._bootstrapMessageProperty == null) ? null : (SecurityMessageProperty)from.BootstrapMessageProperty.CreateCopy(); }