protected virtual void OnVerifyIncomingMessageFailure(Message message, Exception exception)
{
SecurityTraceRecordHelper.TraceVerifyIncomingMessageFailure(this, message);
if ((PerformanceCounters.PerformanceCountersEnabled && (null != this.factory.ListenUri)) && (((exception.GetType() == typeof(MessageSecurityException)) || exception.GetType().IsSubclassOf(typeof(MessageSecurityException))) || ((exception.GetType() == typeof(SecurityTokenException)) || exception.GetType().IsSubclassOf(typeof(SecurityTokenException)))))
{
PerformanceCounters.AuthenticationFailed(message, this.factory.ListenUri);
}
if (AuditLevel.Failure == (this.factory.MessageAuthenticationAuditLevel & AuditLevel.Failure))
{
try
{
string identityNamesFromContext;
SecurityMessageProperty security = message.Properties.Security;
if ((security != null) && (security.ServiceSecurityContext != null))
{
identityNamesFromContext = System.ServiceModel.Security.SecurityUtils.GetIdentityNamesFromContext(security.ServiceSecurityContext.AuthorizationContext);
}
else
{
identityNamesFromContext = System.ServiceModel.Security.SecurityUtils.AnonymousIdentity.Name;
}
SecurityAuditHelper.WriteMessageAuthenticationFailureEvent(this.factory.AuditLogLocation, this.factory.SuppressAuditFailure, message, message.Headers.To, message.Headers.Action, identityNamesFromContext, exception);
}
catch (Exception exception2)
{
if (Fx.IsFatal(exception2))
{
throw;
}
DiagnosticUtility.ExceptionUtility.TraceHandledException(exception2, TraceEventType.Error);
}
}
}
protected virtual void OnIncomingMessageVerified(Message verifiedMessage)
{
SecurityTraceRecordHelper.TraceIncomingMessageVerified(this, verifiedMessage);
if (AuditLevel.Success == (this.factory.MessageAuthenticationAuditLevel & AuditLevel.Success))
{
SecurityAuditHelper.WriteMessageAuthenticationSuccessEvent(this.factory.AuditLogLocation, this.factory.SuppressAuditFailure, verifiedMessage, verifiedMessage.Headers.To, verifiedMessage.Headers.Action, System.ServiceModel.Security.SecurityUtils.GetIdentityNamesFromContext(verifiedMessage.Properties.Security.ServiceSecurityContext.AuthorizationContext));
}
}
protected virtual void OnVerifyIncomingMessageFailure(Message message, Exception exception)
{
SecurityTraceRecordHelper.TraceVerifyIncomingMessageFailure(this, message);
if (PerformanceCounters.PerformanceCountersEnabled && null != this.factory.ListenUri) //service side
{
if ((exception.GetType() == typeof(MessageSecurityException) || exception.GetType().IsSubclassOf(typeof(MessageSecurityException))) ||
(exception.GetType() == typeof(SecurityTokenException) || exception.GetType().IsSubclassOf(typeof(SecurityTokenException))))
{
PerformanceCounters.AuthenticationFailed(message, this.factory.ListenUri);
}
}
if (AuditLevel.Failure == (this.factory.MessageAuthenticationAuditLevel & AuditLevel.Failure))
{
try
{
SecurityMessageProperty security = message.Properties.Security;
string primaryIdentity;
if (security != null && security.ServiceSecurityContext != null)
{
primaryIdentity = SecurityUtils.GetIdentityNamesFromContext(security.ServiceSecurityContext.AuthorizationContext);
}
else
{
primaryIdentity = SecurityUtils.AnonymousIdentity.Name;
}
SecurityAuditHelper.WriteMessageAuthenticationFailureEvent(this.factory.AuditLogLocation,
this.factory.SuppressAuditFailure, message, message.Headers.To, message.Headers.Action, primaryIdentity, exception);
}
#pragma warning suppress 56500
catch (Exception auditException)
{
if (Fx.IsFatal(auditException))
{
throw;
}
DiagnosticUtility.TraceHandledException(auditException, TraceEventType.Error);
}
}
}
Message ProcessRequestCore(Message request)
{
if (request == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("request");
}
Uri to = null;
RequestSecurityToken rst = null;
RequestSecurityTokenResponse rstr = null;
string context = null;
bool disposeRequest = false;
bool isNegotiationFailure = true;
T negotiationState = null;
try
{
// validate the message size if needed
if (this.maxMessageSize < int.MaxValue)
{
string action = request.Headers.Action;
try
{
using (MessageBuffer buffer = request.CreateBufferedCopy(this.maxMessageSize))
{
request = buffer.CreateMessage();
disposeRequest = true;
}
}
catch (QuotaExceededException e)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.SecurityNegotiationMessageTooLarge, action, this.maxMessageSize), e));
}
}
try
{
to = request.Headers.To;
ParseMessageBody(request, out context, out rst, out rstr);
// check if there is existing state
if (context != null)
{
negotiationState = this.stateCache.GetState(context);
}
else
{
negotiationState = null;
}
bool disposeState = false;
BodyWriter replyBody;
try
{
if (rst != null)
{
if (negotiationState != null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new SecurityNegotiationException(SR.GetString(SR.NegotiationStateAlreadyPresent, context)));
}
replyBody = this.ProcessRequestSecurityToken(request, rst, out negotiationState);
lock (negotiationState.ThisLock)
{
if (negotiationState.IsNegotiationCompleted)
{
// if session-sct add it to cache and add a redirect header
if (!negotiationState.ServiceToken.IsCookieMode)
{
this.IssuedTokenCache.AddContext(negotiationState.ServiceToken);
}
this.OnTokenIssued(negotiationState.ServiceToken);
SecurityTraceRecordHelper.TraceServiceSecurityNegotiationCompleted(request, this, negotiationState.ServiceToken);
disposeState = true;
}
else
{
this.stateCache.AddState(context, negotiationState);
disposeState = false;
}
AddNegotiationChannelForIdleTracking();
}
}
else
{
if (negotiationState == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new SecurityNegotiationException(SR.GetString(SR.CannotFindNegotiationState, context)));
}
lock (negotiationState.ThisLock)
{
replyBody = this.ProcessRequestSecurityTokenResponse(negotiationState, request, rstr);
if (negotiationState.IsNegotiationCompleted)
{
// if session-sct add it to cache and add a redirect header
if (!negotiationState.ServiceToken.IsCookieMode)
{
this.IssuedTokenCache.AddContext(negotiationState.ServiceToken);
}
this.OnTokenIssued(negotiationState.ServiceToken);
SecurityTraceRecordHelper.TraceServiceSecurityNegotiationCompleted(request, this, negotiationState.ServiceToken);
disposeState = true;
}
else
{
disposeState = false;
}
}
}
if (negotiationState.IsNegotiationCompleted && null != this.ListenUri)
{
if (AuditLevel.Success == (this.messageAuthenticationAuditLevel & AuditLevel.Success))
{
string primaryIdentity = negotiationState.GetRemoteIdentityName();
SecurityAuditHelper.WriteSecurityNegotiationSuccessEvent(this.auditLogLocation,
this.suppressAuditFailure, request, request.Headers.To, request.Headers.Action,
primaryIdentity, this.GetType().Name);
}
}
isNegotiationFailure = false;
}
catch (Exception exception)
{
if (Fx.IsFatal(exception))
{
throw;
}
if (PerformanceCounters.PerformanceCountersEnabled && null != this.ListenUri)
{
PerformanceCounters.AuthenticationFailed(request, this.ListenUri);
}
if (AuditLevel.Failure == (this.messageAuthenticationAuditLevel & AuditLevel.Failure))
{
try
{
string primaryIdentity = (negotiationState != null) ? negotiationState.GetRemoteIdentityName() : String.Empty;
SecurityAuditHelper.WriteSecurityNegotiationFailureEvent(this.auditLogLocation,
this.suppressAuditFailure, request, request.Headers.To, request.Headers.Action,
primaryIdentity, this.GetType().Name, exception);
}
#pragma warning suppress 56500
catch (Exception auditException)
{
if (Fx.IsFatal(auditException))
{
throw;
}
DiagnosticUtility.TraceHandledException(auditException, TraceEventType.Error);
}
}
disposeState = true;
throw;
}
finally
{
if (disposeState)
{
if (negotiationState != null)
{
if (context != null)
{
stateCache.RemoveState(context);
}
negotiationState.Dispose();
}
}
}
return(CreateReply(request, (replyBody is RequestSecurityTokenResponseCollection) ? RequestSecurityTokenResponseFinalAction : RequestSecurityTokenResponseAction, replyBody));
}
finally
{
if (disposeRequest)
{
request.Close();
}
}
}
finally
{
if (isNegotiationFailure)
{
AddNegotiationChannelForIdleTracking();
}
else if (negotiationState != null && negotiationState.IsNegotiationCompleted)
{
RemoveNegotiationChannelFromIdleTracking();
}
}
}
private Message ProcessRequestCore(Message request)
{
Message message;
if (request == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("request");
}
RequestSecurityToken requestSecurityToken = null;
RequestSecurityTokenResponse requestSecurityTokenResponse = null;
string context = null;
bool flag = false;
bool flag2 = true;
T negotiationState = default(T);
try
{
if (this.maxMessageSize < 0x7fffffff)
{
string action = request.Headers.Action;
try
{
using (MessageBuffer buffer = request.CreateBufferedCopy(this.maxMessageSize))
{
request = buffer.CreateMessage();
flag = true;
}
}
catch (QuotaExceededException exception)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("SecurityNegotiationMessageTooLarge", new object[] { action, this.maxMessageSize }), exception));
}
}
try
{
BodyWriter writer;
Uri to = request.Headers.To;
this.ParseMessageBody(request, out context, out requestSecurityToken, out requestSecurityTokenResponse);
if (context != null)
{
negotiationState = this.stateCache.GetState(context);
}
else
{
negotiationState = default(T);
}
bool flag3 = false;
try
{
if (requestSecurityToken != null)
{
if (negotiationState != null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new SecurityNegotiationException(System.ServiceModel.SR.GetString("NegotiationStateAlreadyPresent", new object[] { context })));
}
writer = this.ProcessRequestSecurityToken(request, requestSecurityToken, out negotiationState);
lock (negotiationState.ThisLock)
{
if (negotiationState.IsNegotiationCompleted)
{
if (!negotiationState.ServiceToken.IsCookieMode)
{
this.IssuedTokenCache.AddContext(negotiationState.ServiceToken);
}
this.OnTokenIssued(negotiationState.ServiceToken);
SecurityTraceRecordHelper.TraceServiceSecurityNegotiationCompleted <T>((NegotiationTokenAuthenticator <T>) this, negotiationState.ServiceToken);
flag3 = true;
}
else
{
this.stateCache.AddState(context, negotiationState);
flag3 = false;
}
this.AddNegotiationChannelForIdleTracking();
goto Label_0299;
}
}
if (negotiationState == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new SecurityNegotiationException(System.ServiceModel.SR.GetString("CannotFindNegotiationState", new object[] { context })));
}
lock (negotiationState.ThisLock)
{
writer = this.ProcessRequestSecurityTokenResponse(negotiationState, request, requestSecurityTokenResponse);
if (negotiationState.IsNegotiationCompleted)
{
if (!negotiationState.ServiceToken.IsCookieMode)
{
this.IssuedTokenCache.AddContext(negotiationState.ServiceToken);
}
this.OnTokenIssued(negotiationState.ServiceToken);
SecurityTraceRecordHelper.TraceServiceSecurityNegotiationCompleted <T>((NegotiationTokenAuthenticator <T>) this, negotiationState.ServiceToken);
flag3 = true;
}
else
{
flag3 = false;
}
}
Label_0299:
if ((negotiationState.IsNegotiationCompleted && (null != this.ListenUri)) && (AuditLevel.Success == (this.messageAuthenticationAuditLevel & AuditLevel.Success)))
{
string remoteIdentityName = negotiationState.GetRemoteIdentityName();
SecurityAuditHelper.WriteSecurityNegotiationSuccessEvent(this.auditLogLocation, this.suppressAuditFailure, request, request.Headers.To, request.Headers.Action, remoteIdentityName, base.GetType().Name);
}
flag2 = false;
}
catch (Exception exception2)
{
if (Fx.IsFatal(exception2))
{
throw;
}
if (PerformanceCounters.PerformanceCountersEnabled && (null != this.ListenUri))
{
PerformanceCounters.AuthenticationFailed(request, this.ListenUri);
}
if (AuditLevel.Failure == (this.messageAuthenticationAuditLevel & AuditLevel.Failure))
{
try
{
string clientIdentity = (negotiationState != null) ? negotiationState.GetRemoteIdentityName() : string.Empty;
SecurityAuditHelper.WriteSecurityNegotiationFailureEvent(this.auditLogLocation, this.suppressAuditFailure, request, request.Headers.To, request.Headers.Action, clientIdentity, base.GetType().Name, exception2);
}
catch (Exception exception3)
{
if (Fx.IsFatal(exception3))
{
throw;
}
DiagnosticUtility.ExceptionUtility.TraceHandledException(exception3, TraceEventType.Error);
}
}
flag3 = true;
throw;
}
finally
{
if (flag3 && (negotiationState != null))
{
if (context != null)
{
this.stateCache.RemoveState(context);
}
negotiationState.Dispose();
}
}
return(NegotiationTokenAuthenticator <T> .CreateReply(request, (writer is RequestSecurityTokenResponseCollection)?this.RequestSecurityTokenResponseFinalAction : this.RequestSecurityTokenResponseAction, writer));
}
finally
{
if (flag)
{
request.Close();
}
}
}
finally
{
if (flag2)
{
this.AddNegotiationChannelForIdleTracking();
}
else if ((negotiationState != null) && negotiationState.IsNegotiationCompleted)
{
this.RemoveNegotiationChannelFromIdleTracking();
}
}
return(message);
}
public static extern bool AuthzRegisterSecurityEventSource([In] uint dwFlags, [In] string szEventSourceName, out SecurityAuditHelper.SafeSecurityAuditHandle phEventProvider);
