public override ArraySegment<byte> WriteMessage(Message message, int maxMessageSize, BufferManager bufferManager, int messageOffset)
{
ArraySegment<byte> messageBuffer;
byte[] writeBuffer = null;
int messageLength;
using (MemoryStream stream = new MemoryStream())
{
using (XmlWriter writer = XmlWriter.Create(stream, _writerSettings))
{
message.WriteMessage(writer);
}
// TryGetBuffer is the preferred path but requires 4.6
//stream.TryGetBuffer(out messageBuffer);
writeBuffer = stream.ToArray();
messageBuffer = new ArraySegment<byte>(writeBuffer);
messageLength = (int)stream.Position;
}
int totalLength = messageLength + messageOffset;
byte[] totalBytes = bufferManager.TakeBuffer(totalLength);
Array.Copy(messageBuffer.Array, 0, totalBytes, messageOffset, messageLength);
ArraySegment<byte> byteArray = new ArraySegment<byte>(totalBytes, messageOffset, messageLength);
return byteArray;
}
public override bool CheckAccess(OperationContext operationContext, ref Message message)
{
var contractName = operationContext.EndpointDispatcher.ContractName;
if (contractName == "IMetadataExchange" || contractName == "IHttpGetHelpPageAndMetadataContract")
{
// support for MEX
return true;
}
var digestState = new DigestAuthenticationState(operationContext, GetRealm(ref message));
if (!digestState.IsRequestDigestAuth)
{
return UnauthorizedResponse(digestState);
}
string password;
if (!GetPassword(ref message, digestState.Username, out password))
{
return UnauthorizedResponse(digestState);
}
digestState.Password = password;
if (!digestState.Authorized || digestState.IsNonceStale)
{
return UnauthorizedResponse(digestState);
}
return Authorized(digestState, operationContext, ref message);
}
public override void WriteMessage(Message message, Stream stream)
{
using (XmlWriter writer = XmlWriter.Create(stream, _writerSettings))
{
message.WriteMessage(writer);
}
}
public override string GetRealm(ref Message message)
{
if (!message.Properties.ContainsKey(HttpRequestMessageProperty.Name))
{
return base.GetRealm(ref message);
}
var requestProperty = (HttpRequestMessageProperty)message.Properties[HttpRequestMessageProperty.Name];
return requestProperty.Headers.Get(DigestRealmHeaderName);
}
public override void OnReceive(ref Message msg)
{
// Verify the additional Header inserted by the ChannelMessageInterceptor exists
if (msg.Headers.FindHeader("ByPass", "urn:InterceptorNamespace") > 0)
{
return;
}
// Drop incoming Message if the Message does not have the special header
msg = null;
}
private void LogIncomingRequest(OperationContext operationContext, ref Message message, bool authenticated)
{
try
{
if (_logCallback != null)
{
_logCallback(operationContext, ref message, authenticated);
}
}
catch { /* Swallow any exceptions */ }
}
public Message MessageRequestReply(Message message)
{
var reader = message.GetReaderAtBodyContents();
Message requestmessage = Message.CreateMessage(
message.Version,
"http://tempuri.org/IWcfService/MessageRequestReplyResponse",
reader.ReadString() + "[service] Request received, this is my Reply.");
return requestmessage;
}
public override void OnReceive(ref Message msg)
{
if (msg.Headers.FindHeader("ByPass", "urn:InterceptorNamespace") > 0)
{
if (++_messagesSinceLastReport == _reportPeriod)
{
Console.WriteLine(_reportPeriod + " wind speed reports have been received.");
}
return;
}
// Drop incoming Message if the Message does not have the special header
msg = null;
}
private bool Authorized(DigestAuthenticationState digestState, OperationContext operationContext, ref Message message)
{
object identitiesListObject;
if (!operationContext.ServiceSecurityContext.AuthorizationContext.Properties.TryGetValue("Identities",
out identitiesListObject))
{
identitiesListObject = new List<IIdentity>(1);
operationContext.ServiceSecurityContext.AuthorizationContext.Properties.Add("Identities", identitiesListObject);
}
var identities = identitiesListObject as IList<IIdentity>;
identities.Add(new GenericIdentity(digestState.Username, "GenericPrincipal"));
return true;
}
public override bool GetPassword(ref Message message, string username, out string password)
{
if (!message.Properties.ContainsKey(HttpRequestMessageProperty.Name))
{
password = null;
return false;
}
var requestProperty = (HttpRequestMessageProperty) message.Properties[HttpRequestMessageProperty.Name];
string sentUsername = requestProperty.Headers.Get(DigestUsernameHeaderName);
if (username.Equals(sentUsername))
{
password = requestProperty.Headers.Get(DigestPasswordHeaderName);
return true;
}
password = null;
return false;
}
public static void SimpleConsoleLogger(OperationContext operationContext, ref Message message, bool authenticated)
{
var log = new StringBuilder();
log.Append("Via:");
object requestMessagePropertyObject;
if (operationContext.IncomingMessageProperties.TryGetValue(HttpRequestMessageProperty.Name,
out requestMessagePropertyObject))
{
var requestMessageProperty = requestMessagePropertyObject as HttpRequestMessageProperty;
if (requestMessageProperty != null)
{
log.Append(requestMessageProperty.Method).Append(' ');
}
}
log.AppendLine(message.Properties.Via.ToString());
log.Append("To Header:").AppendLine(message.Headers.Action);
log.Append("Authentication ").AppendLine(authenticated ? "succeeded" : "failed");
Console.WriteLine(log.ToString());
}
public override bool CheckAccess(OperationContext operationContext, ref Message message)
{
var digestState = new DigestAuthenticationState(operationContext, GetRealm(ref message));
if (!digestState.IsRequestDigestAuth)
{
return UnauthorizedResponse(digestState);
}
string password;
if (!GetPassword(ref message, digestState.Username, out password))
{
return UnauthorizedResponse(digestState);
}
digestState.Password = password;
if (!digestState.Authorized || digestState.IsNonceStale)
{
return UnauthorizedResponse(digestState);
}
return Authorized(digestState, operationContext, ref message);
}
public override bool CheckAccess(OperationContext operationContext, ref Message message)
{
var basicState = new BasicAuthenticationState(operationContext, GetRealm(ref message));
if (!basicState.IsRequestBasicAuth)
{
return UnauthorizedResponse(basicState);
}
string password;
if (!GetPassword(ref message, basicState.Username, out password))
{
return UnauthorizedResponse(basicState);
}
if(basicState.Password != password)
{
// According to RFC2616, a forbidden response should be in response to valid credentials where the
// authenticated user is not allowed to use the site but WCF responds with Forbbiden with an incorrect
// password. We should be returning Unauthorized, but this matches WCF behavior.
return ForbiddenResponse(basicState);
}
return Authorized(basicState, operationContext, ref message);
}
public override bool CheckAccess(OperationContext operationContext, ref Message message)
{
bool success = false;
try
{
if (_parent != null)
{
success = _parent.CheckAccess(operationContext);
}
else
{
success = true;
}
return success;
}
finally
{
_requestLogger.LogIncomingRequest(operationContext, ref message, success);
}
}
public abstract bool GetPassword(ref Message message, string username, out string password);
public virtual string GetRealm(ref Message message)
{
return _realm;
}
public object GetInstance(InstanceContext instanceContext, Message message) => (GetInstance(instanceContext));