internal void ValidateCreateContext( string package, NetworkCredential credential, string servicePrincipalName, ExtendedProtectionPolicy policy, ProtectionLevel protectionLevel, TokenImpersonationLevel impersonationLevel) { if (policy != null) { // One of these must be set if EP is turned on if (policy.CustomChannelBinding == null && policy.CustomServiceNames == null) { throw new ArgumentException(SR.net_auth_must_specify_extended_protection_scheme, nameof(policy)); } _extendedProtectionPolicy = policy; } else { _extendedProtectionPolicy = new ExtendedProtectionPolicy(PolicyEnforcement.Never); } ValidateCreateContext(package, true, credential, servicePrincipalName, _extendedProtectionPolicy.CustomChannelBinding, protectionLevel, impersonationLevel); }
public static WindowsIdentity CreateWindowsIdentity(string userName, string password, TokenImpersonationLevel tokenImpersonationLevel) { IntPtr token = IntPtr.Zero; IntPtr duplicateToken = IntPtr.Zero; if (LogonUser(userName, string.Empty, password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref token)) { int impersonationLevel; switch (tokenImpersonationLevel) { case TokenImpersonationLevel.Anonymous: { impersonationLevel = 0; break; } case TokenImpersonationLevel.Impersonation: { impersonationLevel = 2; break; } case TokenImpersonationLevel.Delegation: { impersonationLevel = 3; break; } default: { impersonationLevel = 1; break; } } if (DuplicateToken(token, impersonationLevel, ref duplicateToken)) { return new WindowsIdentity(duplicateToken); } else { throw new InvalidOperationException(string.Format("创建模拟令牌失败 (错误代码: {0}) ", Marshal.GetLastWin32Error())); } } else { throw new InvalidOperationException(string.Format("用户登录失败 (错误代码: {0}) ", Marshal.GetLastWin32Error())); } }
internal static int Compare(TokenImpersonationLevel x, TokenImpersonationLevel y) { int num = 0; if (x == y) { return num; } switch (x) { case TokenImpersonationLevel.Identification: return -1; case TokenImpersonationLevel.Impersonation: switch (y) { case TokenImpersonationLevel.Identification: return 1; case TokenImpersonationLevel.Delegation: return -1; } break; case TokenImpersonationLevel.Delegation: return 1; default: throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidEnumArgumentException("x", (int) x, typeof(TokenImpersonationLevel))); } throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidEnumArgumentException("y", (int) y, typeof(TokenImpersonationLevel))); }
// public virtual void AuthenticateAsClient( NetworkCredential credential, string targetName, ProtectionLevel requiredProtectionLevel, //this will be the ultimate result or exception TokenImpersonationLevel allowedImpersonationLevel) //this OR LOWER will be ultimate result in auth context { AuthenticateAsClient(credential, null, targetName, requiredProtectionLevel, allowedImpersonationLevel); }
internal static void ValidateImpersonationLevel(TokenImpersonationLevel impersonationLevel) { if (impersonationLevel != TokenImpersonationLevel.Identification) { throw new ArgumentOutOfRangeException(nameof(impersonationLevel), impersonationLevel.ToString(), SR.net_auth_supported_impl_levels); } }
internal static bool IsDefined(TokenImpersonationLevel value) { if (((value != TokenImpersonationLevel.None) && (value != TokenImpersonationLevel.Anonymous)) && ((value != TokenImpersonationLevel.Identification) && (value != TokenImpersonationLevel.Impersonation))) { return (value == TokenImpersonationLevel.Delegation); } return true; }
public SspiSecurityToken(TokenImpersonationLevel impersonationLevel, bool allowNtlm, System.Net.NetworkCredential networkCredential) { this.impersonationLevel = impersonationLevel; this.allowNtlm = allowNtlm; this.networkCredential = System.ServiceModel.Security.SecurityUtils.GetNetworkCredentialsCopy(networkCredential); this.effectiveTime = DateTime.UtcNow; this.expirationTime = this.effectiveTime.AddHours(10.0); }
public SspiSecurityToken(TokenImpersonationLevel impersonationLevel, bool allowNtlm, NetworkCredential networkCredential) { _impersonationLevel = impersonationLevel; _allowNtlm = allowNtlm; _networkCredential = SecurityUtils.GetNetworkCredentialsCopy(networkCredential); _effectiveTime = DateTime.UtcNow; _expirationTime = _effectiveTime.AddHours(10); }
internal WindowsClientCredential(WindowsClientCredential other) { if (other._windowsCredentials != null) _windowsCredentials = SecurityUtils.GetNetworkCredentialsCopy(other._windowsCredentials); _allowedImpersonationLevel = other._allowedImpersonationLevel; _allowNtlm = other._allowNtlm; _isReadOnly = other._isReadOnly; }
public SpnegoTokenProvider(System.IdentityModel.SafeFreeCredentials credentialsHandle, SecurityBindingElement securityBindingElement) : base(securityBindingElement) { this.allowedImpersonationLevel = TokenImpersonationLevel.Identification; this.identityVerifier = System.ServiceModel.Security.IdentityVerifier.CreateDefault(); this.allowNtlm = true; this.authenticateServer = true; this.interactiveNegoExLogonEnabled = true; this.credentialsHandle = credentialsHandle; }
static TokenImpersonationLevelHelper() { TokenImpersonationLevel[] levelArray = new TokenImpersonationLevel[5]; levelArray[1] = TokenImpersonationLevel.Anonymous; levelArray[2] = TokenImpersonationLevel.Identification; levelArray[3] = TokenImpersonationLevel.Impersonation; levelArray[4] = TokenImpersonationLevel.Delegation; TokenImpersonationLevelOrder = levelArray; }
internal void ValidateCreateContext(string package, NetworkCredential credential, string servicePrincipalName, ExtendedProtectionPolicy policy, ProtectionLevel protectionLevel, TokenImpersonationLevel impersonationLevel) { throw new PlatformNotSupportedException(); }
public SspiSecurityTokenProvider (NetworkCredential credential, bool allowNtlm, TokenImpersonationLevel impersonationLevel) { if (credential == null) throw new ArgumentNullException ("credential"); this.credential = credential; allow_ntlm = allowNtlm; impersonation_level = impersonationLevel; }
public static NetworkCredential End(IAsyncResult result, out TokenImpersonationLevel impersonationLevel, out bool allowNtlm) { GetSspiCredentialAsyncResult thisPtr = AsyncResult.End <GetSspiCredentialAsyncResult>(result); impersonationLevel = thisPtr.impersonationLevel; allowNtlm = thisPtr.allowNtlm; return(thisPtr.credential); }
/// <summary> /// Gets an X509 certificate. /// </summary> /// <param name="subjectOrThumbprint">Subject or Thumbprint string for the certificate to get.</param> /// <returns><see cref="X509Certificate2"/>.</returns> /// <exception cref="CryptographicException">Error getting certificate from the store.</exception> /// <exception cref="ConfigurationErrorsException">Number of certificates found is not exactly one.</exception> private static X509Certificate2 GetCertificate(string subjectOrThumbprint) { WindowsImpersonationContext context = null; try { // If the website is using impersonation use the configured Application Pool // account to access the certificate store. WindowsIdentity windowsIdentity = WindowsIdentity.GetCurrent(); if (windowsIdentity != null) { TokenImpersonationLevel impersonationLevel = windowsIdentity.ImpersonationLevel; if (impersonationLevel == TokenImpersonationLevel.Delegation || impersonationLevel == TokenImpersonationLevel.Impersonation) { context = WindowsIdentity.Impersonate(IntPtr.Zero); } } X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadOnly); // Change: Product Backlog Item 10247: .NET Connector - support loading certificate by Thumbprint // By default find certificates using SubjectName X509FindType findType = X509FindType.FindBySubjectName; // Check to see if finding certificates by Thumbprint is activated in the configuration settings var findCertificatesByThumbprint = GetOptionalAppSetting("FindCertificatesByThumbprint", "False"); if (findCertificatesByThumbprint.ToLowerInvariant().Equals("true")) { findType = X509FindType.FindByThumbprint; } X509Certificate2Collection certs = store.Certificates.Find(findType, subjectOrThumbprint, false); if (certs.Count != 1) { string errMsg = Format("Found {0} certificates by subject/thumbprint {1}, expected 1.", certs.Count, subjectOrThumbprint); if (traceSwitch.TraceError) { TraceLine(errMsg); } throw new ConfigurationErrorsException(errMsg); } store.Close(); return(certs[0]); } finally { if (context != null) { context.Undo(); } } }
internal IpcClientTransportSink(string channelURI, IpcClientChannel channel) { string str; this.portCache = new ConnectionCache(); this._tokenImpersonationLevel = TokenImpersonationLevel.Identification; this._timeout = 0x3e8; this._channel = channel; string str2 = IpcChannelHelper.ParseURL(channelURI, out str); int startIndex = str2.IndexOf("://") + 3; this._portName = str2.Substring(startIndex); }
public WebRequestChannel() { // Set HWR default values this.allowPipelining = true; this.authenticationLevel = AuthenticationLevel.MutualAuthRequested; this.cachePolicy = WebRequest.DefaultCachePolicy; this.impersonationLevel = TokenImpersonationLevel.Delegation; this.maxResponseHeadersLength = HttpWebRequest.DefaultMaximumResponseHeadersLength; this.readWriteTimeout = 5 * 60 * 1000; // 5 minutes this.unsafeAuthenticatedConnectionSharing = false; }
public KerberosSecurityTokenProvider(string servicePrincipalName, TokenImpersonationLevel tokenImpersonationLevel, NetworkCredential networkCredential) { if (tokenImpersonationLevel != TokenImpersonationLevel.Identification && tokenImpersonationLevel != TokenImpersonationLevel.Impersonation) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException(nameof(tokenImpersonationLevel), SR.Format(SR.ImpersonationLevelNotSupported, tokenImpersonationLevel))); } ServicePrincipalName = servicePrincipalName ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(servicePrincipalName)); TokenImpersonationLevel = tokenImpersonationLevel; _networkCredential = networkCredential; }
private IAsyncResult BeginAuthenticateAsClient( NetworkCredential credential, string targetName, ProtectionLevel requiredProtectionLevel, TokenImpersonationLevel allowedImpersonationLevel, AsyncCallback asyncCallback, object asyncState) { return BeginAuthenticateAsClient(credential, null, targetName, requiredProtectionLevel, allowedImpersonationLevel, asyncCallback, asyncState); }
internal void ValidateCreateContext( string package, bool isServer, NetworkCredential credential, string servicePrincipalName, ChannelBinding channelBinding, ProtectionLevel protectionLevel, TokenImpersonationLevel impersonationLevel ) { throw new PlatformNotSupportedException(); }
public WebRequestHandler () { allowPipelining = true; authenticationLevel = AuthenticationLevel.MutualAuthRequested; cachePolicy = System.Net.WebRequest.DefaultCachePolicy; continueTimeout = TimeSpan.FromMilliseconds (350); impersonationLevel = TokenImpersonationLevel.Delegation; maxResponseHeadersLength = HttpWebRequest.DefaultMaximumResponseHeadersLength; readWriteTimeout = 300000; serverCertificateValidationCallback = null; unsafeAuthenticatedConnectionSharing = false; }
internal WindowsClientCredential(WindowsClientCredential other) { this.allowedImpersonationLevel = TokenImpersonationLevel.Identification; this.allowNtlm = true; if (other.windowsCredentials != null) { this.windowsCredentials = System.ServiceModel.Security.SecurityUtils.GetNetworkCredentialsCopy(other.windowsCredentials); } this.allowedImpersonationLevel = other.allowedImpersonationLevel; this.allowNtlm = other.allowNtlm; this.isReadOnly = other.isReadOnly; }
public void Copy(HttpDigestClientElement from) { if (this.IsReadOnly()) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ConfigurationErrorsException(SR.GetString(SR.ConfigReadOnly))); } if (null == from) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("from"); } this.ImpersonationLevel = from.ImpersonationLevel; }
public KerberosSecurityTokenProvider(string servicePrincipalName, TokenImpersonationLevel tokenImpersonationLevel, NetworkCredential networkCredential) { if (servicePrincipalName == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("servicePrincipalName"); if (tokenImpersonationLevel != TokenImpersonationLevel.Identification && tokenImpersonationLevel != TokenImpersonationLevel.Impersonation) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("tokenImpersonationLevel", SR.GetString(SR.ImpersonationLevelNotSupported, tokenImpersonationLevel))); } this.servicePrincipalName = servicePrincipalName; this.tokenImpersonationLevel = tokenImpersonationLevel; this.networkCredential = networkCredential; }
public static void ValidateDigestCredential(NetworkCredential credential, TokenImpersonationLevel impersonationLevel) { if (!SecurityUtils.NetworkCredentialHelper.IsDefault(credential)) { // With a non-default credential, Digest will not honor a client impersonation constraint of // TokenImpersonationLevel.Identification. if (!TokenImpersonationLevelHelper.IsGreaterOrEqual(impersonationLevel, TokenImpersonationLevel.Impersonation)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.Format( SR.DigestExplicitCredsImpersonationLevel, impersonationLevel))); } } }
private bool CheckNtTokenForSid(SecurityIdentifier sid) { Contract.EndContractBlock(); // special case the anonymous identity. if (_safeTokenHandle.IsInvalid) { return(false); } // CheckTokenMembership expects an impersonation token SafeAccessTokenHandle token = SafeAccessTokenHandle.InvalidHandle; TokenImpersonationLevel til = ImpersonationLevel; bool isMember = false; try { if (til == TokenImpersonationLevel.None) { if (!Interop.mincore.DuplicateTokenEx(_safeTokenHandle, (uint)TokenAccessLevels.Query, IntPtr.Zero, (uint)TokenImpersonationLevel.Identification, (uint)TokenType.TokenImpersonation, ref token)) { throw new SecurityException(Interop.mincore.GetMessage(Marshal.GetLastWin32Error())); } } // CheckTokenMembership will check if the SID is both present and enabled in the access token. if (!Interop.mincore.CheckTokenMembership((til != TokenImpersonationLevel.None ? _safeTokenHandle : token), sid.BinaryForm, ref isMember)) { throw new SecurityException(Interop.mincore.GetMessage(Marshal.GetLastWin32Error())); } } finally { if (token != SafeAccessTokenHandle.InvalidHandle) { token.Dispose(); } } return(isMember); }
private async Task <IRpcServerChannel> CreateServer <T>(T instance, ChannelType channelType, IRpcSerializer serializer = null, TokenImpersonationLevel tokenImpersonationLevel = TokenImpersonationLevel.None, IRpcObjectRepository localRepository = null) where T : class { if (serializer == null) { serializer = new BinaryRpcSerializer(); } switch (channelType) { case ChannelType.Tcp: { var server = new TcpRpcServerChannel( serializer, new RpcMessageFactory(), IPAddress.Loopback, 11234, localRepository); if (instance != null) { server.ObjectRepository.RegisterSingleton(instance); } await server.ListenAsync(); return(server); } case ChannelType.NamedPipe: { _pipeName = Guid.NewGuid().ToString(); var server = new NamedPipeRpcServerChannel( serializer, new RpcMessageFactory(), _pipeName, localRepository: localRepository); if (instance != null) { server.ObjectRepository.RegisterSingleton(instance); } await server.ListenAsync(); return(server); } default: throw new NotSupportedException(); } }
private void CompleteGetToken(IAsyncResult result) { SspiSecurityToken token = (SspiSecurityToken)this.credentialProvider.EndGetToken(result); if (token != null) { this.impersonationLevel = token.ImpersonationLevel; this.allowNtlm = token.AllowNtlm; if (token.NetworkCredential != null) { this.credential = token.NetworkCredential; System.ServiceModel.Security.SecurityUtils.FixNetworkCredential(ref this.credential); } } this.EnsureCredentialInitialized(); }
public KerberosSecurityTokenProvider(string servicePrincipalName, TokenImpersonationLevel tokenImpersonationLevel, NetworkCredential networkCredential) { if (servicePrincipalName == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("servicePrincipalName"); } if (tokenImpersonationLevel != TokenImpersonationLevel.Identification && tokenImpersonationLevel != TokenImpersonationLevel.Impersonation) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("tokenImpersonationLevel", SR.GetString(SR.ImpersonationLevelNotSupported, tokenImpersonationLevel))); } this.servicePrincipalName = servicePrincipalName; this.tokenImpersonationLevel = tokenImpersonationLevel; this.networkCredential = networkCredential; }
/// <summary> /// Initializes a new instance of the <see cref="OverlappingPipeClientStream"/> class. /// </summary> /// <param name="serverName">Name of the server.</param> /// <param name="pipeName">Name of the pipe.</param> /// <param name="transmissionMode"></param> /// <param name="impersonationLevel">The impersonation level.</param> /// <param name="inheritability">The inheritability.</param> public OverlappingPipeClientStream( [NotNull] string serverName, [NotNull] string pipeName, PipeTransmissionMode transmissionMode, TokenImpersonationLevel impersonationLevel = TokenImpersonationLevel.None, HandleInheritability inheritability = HandleInheritability.None) : base(new NamedPipeClientStream( serverName, pipeName, PipeDirection.InOut, PipeOptions.Asynchronous, impersonationLevel, inheritability)) { Debug.Assert(Stream != null); ReadMode = transmissionMode; }
public NamedPipeClientStream(string serverName, string pipeName, PipeAccessRights desiredAccessRights, PipeOptions options, TokenImpersonationLevel impersonationLevel, HandleInheritability inheritability) : base(DirectionFromRights(desiredAccessRights), 0) { if (pipeName == null) { throw new ArgumentNullException("pipeName"); } if (serverName == null) { throw new ArgumentNullException("serverName", System.SR.GetString("ArgumentNull_ServerName")); } if (pipeName.Length == 0) { throw new ArgumentException(System.SR.GetString("Argument_NeedNonemptyPipeName")); } if (serverName.Length == 0) { throw new ArgumentException(System.SR.GetString("Argument_EmptyServerName")); } if ((options & ~(PipeOptions.Asynchronous | PipeOptions.WriteThrough)) != PipeOptions.None) { throw new ArgumentOutOfRangeException("options", System.SR.GetString("ArgumentOutOfRange_OptionsInvalid")); } if ((impersonationLevel < TokenImpersonationLevel.None) || (impersonationLevel > TokenImpersonationLevel.Delegation)) { throw new ArgumentOutOfRangeException("impersonationLevel", System.SR.GetString("ArgumentOutOfRange_ImpersonationInvalid")); } if ((inheritability < HandleInheritability.None) || (inheritability > HandleInheritability.Inheritable)) { throw new ArgumentOutOfRangeException("inheritability", System.SR.GetString("ArgumentOutOfRange_HandleInheritabilityNoneOrInheritable")); } if ((desiredAccessRights & ~(PipeAccessRights.AccessSystemSecurity | PipeAccessRights.FullControl)) != 0) { throw new ArgumentOutOfRangeException("desiredAccessRights", System.SR.GetString("ArgumentOutOfRange_InvalidPipeAccessRights")); } this.m_normalizedPipePath = Path.GetFullPath(@"\\" + serverName + @"\pipe\" + pipeName); if (string.Compare(this.m_normalizedPipePath, @"\\.\pipe\anonymous", StringComparison.OrdinalIgnoreCase) == 0) { throw new ArgumentOutOfRangeException("pipeName", System.SR.GetString("ArgumentOutOfRange_AnonymousReserved")); } this.m_inheritability = inheritability; this.m_impersonationLevel = impersonationLevel; this.m_pipeOptions = options; this.m_access = (int) desiredAccessRights; }
internal static IpcPort Connect(string portName, bool secure, TokenImpersonationLevel impersonationLevel, int timeout) { string lpFileName = @"\\.\pipe\" + portName; uint num = 0x100000; if (secure) { switch (impersonationLevel) { case TokenImpersonationLevel.None: num = 0x100000; break; case TokenImpersonationLevel.Identification: num = 0x110000; break; case TokenImpersonationLevel.Impersonation: num = 0x120000; break; case TokenImpersonationLevel.Delegation: num = 0x130000; break; } } while (true) { PipeHandle handle = NativePipe.CreateFile(lpFileName, 0xc0000000, 3, IntPtr.Zero, 3, 0x40000080 | num, IntPtr.Zero); if (handle.Handle.ToInt32() != -1) { return new IpcPort(portName, handle); } int errorCode = Marshal.GetLastWin32Error(); if (errorCode != 0xe7L) { throw new RemotingException(string.Format(CultureInfo.CurrentCulture, CoreChannel.GetResourceString("Remoting_Ipc_ConnectIpcFailed"), new object[] { GetMessage(errorCode) })); } if (!NativePipe.WaitNamedPipe(lpFileName, timeout)) { throw new RemotingException(string.Format(CultureInfo.CurrentCulture, CoreChannel.GetResourceString("Remoting_Ipc_Busy"), new object[] { GetMessage(errorCode) })); } } }
internal TcpClientTransportSink(string channelURI, TcpClientChannel channel) { string str; this._socketCacheTimeout = TimeSpan.FromSeconds(10.0); this._spn = string.Empty; this._retryCount = 1; this._tokenImpersonationLevel = TokenImpersonationLevel.Identification; this._protectionLevel = ProtectionLevel.EncryptAndSign; this._channel = channel; string uriString = TcpChannelHelper.ParseURL(channelURI, out str); this.ClientSocketCache = new SocketCache(new SocketHandlerFactory(this.CreateSocketHandler), this._socketCachePolicy, this._socketCacheTimeout); Uri uri = new Uri(uriString); if (uri.IsDefaultPort) { throw new RemotingException(string.Format(CultureInfo.CurrentCulture, CoreChannel.GetResourceString("Remoting_Tcp_UrlMustHavePort"), new object[] { channelURI })); } this.m_machineName = uri.Host; this.m_port = uri.Port; this._machineAndPort = this.m_machineName + ":" + this.m_port; }
WindowsSspiNegotiation(bool isServer, string package, SafeFreeCredentials credentialsHandle, TokenImpersonationLevel impersonationLevel, string servicePrincipalName, bool doMutualAuth, bool interactiveLogonEnabled, bool ntlmEnabled) { this.tokenSize = SspiWrapper.GetVerifyPackageInfo(package).MaxToken; this.isServer = isServer; this.servicePrincipalName = servicePrincipalName; this.securityContext = null; if (isServer) { this.impersonationLevel = TokenImpersonationLevel.Delegation; this.doMutualAuth = false; } else { this.impersonationLevel = impersonationLevel; this.doMutualAuth = doMutualAuth; this.interactiveNegoLogonEnabled = interactiveLogonEnabled; this.clientPackageName = package; this.allowNtlm = ntlmEnabled; } this.credentialsHandle = credentialsHandle; }
public IpcPort GetConnection(string portName, bool secure, TokenImpersonationLevel level, int timeout) { PortConnection connection = null; lock (_connections) { bool flag = true; if (secure) { try { WindowsIdentity current = WindowsIdentity.GetCurrent(true); if (current != null) { flag = false; current.Dispose(); } } catch (Exception) { flag = false; } } if (flag) { connection = (PortConnection) _connections[portName]; } if ((connection == null) || connection.Port.IsDisposed) { connection = new PortConnection(IpcPort.Connect(portName, secure, level, timeout)) { Port = { Cacheable = flag } }; } else { _connections.Remove(portName); } } return connection.Port; }
internal NamedPipeClientStream(String serverName, String pipeName, PipeDirection direction, PipeOptions options, TokenImpersonationLevel impersonationLevel, HandleInheritability inheritability) : base(direction, 0) { if (pipeName == null) { throw new ArgumentNullException("pipeName"); } if (serverName == null) { throw new ArgumentNullException("serverName", SR.ArgumentNull_ServerName); } if (pipeName.Length == 0) { throw new ArgumentException(SR.Argument_NeedNonemptyPipeName); } if (serverName.Length == 0) { throw new ArgumentException(SR.Argument_EmptyServerName); } if ((options & ~(PipeOptions.WriteThrough | PipeOptions.Asynchronous)) != 0) { throw new ArgumentOutOfRangeException("options", SR.ArgumentOutOfRange_OptionsInvalid); } if (impersonationLevel < TokenImpersonationLevel.None || impersonationLevel > TokenImpersonationLevel.Delegation) { throw new ArgumentOutOfRangeException("impersonationLevel", SR.ArgumentOutOfRange_ImpersonationInvalid); } if (inheritability < HandleInheritability.None || inheritability > HandleInheritability.Inheritable) { throw new ArgumentOutOfRangeException("inheritability", SR.ArgumentOutOfRange_HandleInheritabilityNoneOrInheritable); } _normalizedPipePath = GetPipePath(serverName, pipeName); _direction = direction; _inheritability = inheritability; _impersonationLevel = impersonationLevel; _pipeOptions = options; }
internal static bool IsGreaterOrEqual(TokenImpersonationLevel x, TokenImpersonationLevel y) { Validate(x); Validate(y); if (x == y) { return true; } int num = 0; int num2 = 0; for (int i = 0; i < TokenImpersonationLevelOrder.Length; i++) { if (x == TokenImpersonationLevelOrder[i]) { num = i; } if (y == TokenImpersonationLevelOrder[i]) { num2 = i; } } return (num > num2); }
internal KerberosRequestorSecurityToken(string servicePrincipalName, TokenImpersonationLevel tokenImpersonationLevel, NetworkCredential networkCredential, string id) { if (servicePrincipalName == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("servicePrincipalName"); if (tokenImpersonationLevel != TokenImpersonationLevel.Identification && tokenImpersonationLevel != TokenImpersonationLevel.Impersonation) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("tokenImpersonationLevel", SR.Format(SR.ImpersonationLevelNotSupported, tokenImpersonationLevel))); } if (id == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("id"); _servicePrincipalName = servicePrincipalName; if (networkCredential != null && networkCredential != CredentialCache.DefaultNetworkCredentials) { if (string.IsNullOrEmpty(networkCredential.UserName)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.ProvidedNetworkCredentialsForKerberosHasInvalidUserName); } // Note: we don't check the domain, since Lsa accepts // FQ userName. } _id = id; }