SecurityMessageProperty CreateClientSecurity(NegotiateStream negotiateStream, bool extractGroupsForWindowsAccounts) { IIdentity remoteIdentity = negotiateStream.RemoteIdentity; SecurityToken token; ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies; if (remoteIdentity is WindowsIdentity) { WindowsIdentity windowIdentity = (WindowsIdentity)remoteIdentity; Security.SecurityUtils.ValidateAnonymityConstraint(windowIdentity, false); WindowsSecurityTokenAuthenticator authenticator = new WindowsSecurityTokenAuthenticator(extractGroupsForWindowsAccounts); token = new WindowsSecurityToken(windowIdentity, SecurityUniqueId.Create().Value, windowIdentity.AuthenticationType); authorizationPolicies = authenticator.ValidateToken(token); } else { token = new GenericSecurityToken(remoteIdentity.Name, SecurityUniqueId.Create().Value); GenericSecurityTokenAuthenticator authenticator = new GenericSecurityTokenAuthenticator(); authorizationPolicies = authenticator.ValidateToken(token); } SecurityMessageProperty clientSecurity = new SecurityMessageProperty(); clientSecurity.TransportToken = new SecurityTokenSpecification(token, authorizationPolicies); clientSecurity.ServiceSecurityContext = new ServiceSecurityContext(authorizationPolicies); return(clientSecurity); }
private SecurityMessageProperty CreateClientSecurity(NegotiateStream negotiateStream, bool extractGroupsForWindowsAccounts) { WindowsIdentity remoteIdentity = (WindowsIdentity)negotiateStream.RemoteIdentity; System.ServiceModel.Security.SecurityUtils.ValidateAnonymityConstraint(remoteIdentity, false); WindowsSecurityTokenAuthenticator authenticator = new WindowsSecurityTokenAuthenticator(extractGroupsForWindowsAccounts); SecurityToken token = new WindowsSecurityToken(remoteIdentity, SecurityUniqueId.Create().Value, remoteIdentity.AuthenticationType); ReadOnlyCollection <IAuthorizationPolicy> tokenPolicies = authenticator.ValidateToken(token); this.clientSecurity = new SecurityMessageProperty(); this.clientSecurity.TransportToken = new SecurityTokenSpecification(token, tokenPolicies); this.clientSecurity.ServiceSecurityContext = new ServiceSecurityContext(tokenPolicies); return(this.clientSecurity); }
SecurityMessageProperty CreateClientSecurity(NegotiateStream negotiateStream, bool extractGroupsForWindowsAccounts) { WindowsIdentity remoteIdentity = (WindowsIdentity)negotiateStream.RemoteIdentity; SecurityUtils.ValidateAnonymityConstraint(remoteIdentity, false); WindowsSecurityTokenAuthenticator authenticator = new WindowsSecurityTokenAuthenticator(extractGroupsForWindowsAccounts); // When NegotiateStream returns a WindowsIdentity the AuthenticationType is passed in the constructor to WindowsIdentity // by it's internal NegoState class. If this changes, then the call to remoteIdentity.AuthenticationType could fail if the // current process token doesn't have sufficient priviledges. It is a first class exception, and caught by the CLR // null is returned. SecurityToken token = new WindowsSecurityToken(remoteIdentity, SecurityUniqueId.Create().Value, remoteIdentity.AuthenticationType); ReadOnlyCollection<IAuthorizationPolicy> authorizationPolicies = authenticator.ValidateToken(token); this.clientSecurity = new SecurityMessageProperty(); this.clientSecurity.TransportToken = new SecurityTokenSpecification(token, authorizationPolicies); this.clientSecurity.ServiceSecurityContext = new ServiceSecurityContext(authorizationPolicies); return this.clientSecurity; }