protected override BodyWriter GetNextOutgoingMessageBody(Message incomingMessage, AcceleratedTokenProviderState negotiationState) { ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies; IssuanceTokenProviderBase <AcceleratedTokenProviderState> .ThrowIfFault(incomingMessage, base.TargetAddress); if (incomingMessage.Headers.Action != this.RequestSecurityTokenResponseAction.Value) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("InvalidActionForNegotiationMessage", new object[] { incomingMessage.Headers.Action })), incomingMessage); } SecurityMessageProperty security = incomingMessage.Properties.Security; if ((security != null) && (security.ServiceSecurityContext != null)) { authorizationPolicies = security.ServiceSecurityContext.AuthorizationPolicies; } else { authorizationPolicies = System.ServiceModel.Security.EmptyReadOnlyCollection <IAuthorizationPolicy> .Instance; } RequestSecurityTokenResponse response = null; XmlDictionaryReader readerAtBodyContents = incomingMessage.GetReaderAtBodyContents(); using (readerAtBodyContents) { if (base.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005) { response = RequestSecurityTokenResponse.CreateFrom(base.StandardsManager, readerAtBodyContents); } else { if (base.StandardsManager.MessageSecurityVersion.TrustVersion != TrustVersion.WSTrust13) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException()); } foreach (RequestSecurityTokenResponse response2 in base.StandardsManager.TrustDriver.CreateRequestSecurityTokenResponseCollection(readerAtBodyContents).RstrCollection) { if (response != null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("MoreThanOneRSTRInRSTRC"))); } response = response2; } } incomingMessage.ReadFromBodyContentsToEnd(readerAtBodyContents); } if (response.Context != negotiationState.Context) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("BadSecurityNegotiationContext")), incomingMessage); } byte[] requestorEntropy = negotiationState.GetRequestorEntropy(); GenericXmlSecurityToken serviceToken = response.GetIssuedToken(null, null, this.keyEntropyMode, requestorEntropy, base.SecurityContextTokenUri, authorizationPolicies, base.SecurityAlgorithmSuite.DefaultSymmetricKeyLength, false); negotiationState.SetServiceToken(serviceToken); return(null); }
protected override BodyWriter GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState) { byte[] negotiationData; try { IssuanceTokenProviderBase <SspiNegotiationTokenProviderState> .ThrowIfFault(incomingMessage, base.TargetAddress); } catch (FaultException exception) { if (!exception.Code.IsSenderFault) { throw; } if (!(exception.Code.SubCode.Name == "FailedAuthentication") && !(exception.Code.SubCode.Name == "FailedAuthentication")) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("FailedSspiNegotiation"), exception), incomingMessage); } throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("AuthenticationOfClientFailed"), exception), incomingMessage); } RequestSecurityTokenResponse rstr = null; RequestSecurityTokenResponse authenticatorRstr = null; XmlDictionaryReader readerAtBodyContents = incomingMessage.GetReaderAtBodyContents(); using (readerAtBodyContents) { if (base.StandardsManager.TrustDriver.IsAtRequestSecurityTokenResponseCollection(readerAtBodyContents)) { using (IEnumerator <RequestSecurityTokenResponse> enumerator = base.StandardsManager.TrustDriver.CreateRequestSecurityTokenResponseCollection(readerAtBodyContents).RstrCollection.GetEnumerator()) { enumerator.MoveNext(); rstr = enumerator.Current; if (enumerator.MoveNext()) { authenticatorRstr = enumerator.Current; } } if (authenticatorRstr == null) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("AuthenticatorNotPresentInRSTRCollection")), incomingMessage); } if (authenticatorRstr.Context != rstr.Context) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("RSTRAuthenticatorHasBadContext")), incomingMessage); } this.AddToDigest(sspiState, rstr, true, true); } else if (base.StandardsManager.TrustDriver.IsAtRequestSecurityTokenResponse(readerAtBodyContents)) { rstr = RequestSecurityTokenResponse.CreateFrom(base.StandardsManager, readerAtBodyContents); this.AddToDigest(sspiState, rstr, true, false); } else { base.StandardsManager.TrustDriver.OnRSTRorRSTRCMissingException(); } incomingMessage.ReadFromBodyContentsToEnd(readerAtBodyContents); } if (rstr.Context != sspiState.Context) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("BadSecurityNegotiationContext")), incomingMessage); } BinaryNegotiation binaryNegotiation = rstr.GetBinaryNegotiation(); if (binaryNegotiation != null) { this.ValidateIncomingBinaryNegotiation(binaryNegotiation); negotiationData = binaryNegotiation.GetNegotiationData(); } else { negotiationData = null; } if ((negotiationData == null) && !sspiState.SspiNegotiation.IsCompleted) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("NoBinaryNegoToReceive")), incomingMessage); } if ((negotiationData == null) && sspiState.SspiNegotiation.IsCompleted) { this.OnNegotiationComplete(sspiState, rstr, authenticatorRstr); return(null); } byte[] outgoingBlob = sspiState.SspiNegotiation.GetOutgoingBlob(negotiationData, System.ServiceModel.Security.SecurityUtils.GetChannelBindingFromMessage(incomingMessage), null); if ((outgoingBlob == null) && !sspiState.SspiNegotiation.IsCompleted) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("NoBinaryNegoToSend")), incomingMessage); } if ((outgoingBlob == null) && sspiState.SspiNegotiation.IsCompleted) { this.OnNegotiationComplete(sspiState, rstr, authenticatorRstr); return(null); } return(this.PrepareRstr(sspiState, outgoingBlob)); }