/// <summary>
/// Deserializes the SecurityToken from the given XmlReader.
/// </summary>
/// <param name="reader">Reader to a Security token.</param>
/// <param name="tokenResolver">Instance of SecurityTokenResolver.</param>
/// <returns>'True' if the serializer can read the given Security Token.</returns>
/// <exception cref="ArgumentNullException">The input parameter 'reader' is null.</exception>
protected override SecurityToken ReadTokenCore(XmlReader reader, SecurityTokenResolver tokenResolver)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
try
{
foreach (SecurityTokenHandler securityTokenHandler in _securityTokenHandlers)
{
if (securityTokenHandler.CanReadToken(reader))
{
SecurityToken token = securityTokenHandler.ReadToken(reader, tokenResolver);
SessionSecurityToken sessionToken = token as SessionSecurityToken;
if (sessionToken != null)
{
if (sessionToken.SecureConversationVersion.AbsoluteUri != _scVersion.Namespace.Value)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID4053, sessionToken.SecureConversationVersion, _scVersion));
}
return(SecurityContextSecurityTokenHelper.ConvertSessionTokenToSecurityContextSecurityToken(sessionToken));
}
else
{
return(token);
}
}
}
return(base.ReadTokenCore(reader, tokenResolver));
}
catch (Exception ex)
{
if (!(MapExceptionsToSoapFaults && _exceptionMapper.HandleSecurityTokenProcessingException(ex)))
{
throw;
}
Fx.Assert(false, "ExceptionMapper did not handle an exception correctly.");
// This should never happen. ExceptionMapper will handle the exception, in which case,
// a fault exception is thrown or the original exception gets thrown.
}
return(null);
}
/// <summary>
/// Validates the token using the wrapped token handler and generates IAuthorizationPolicy
/// wrapping the returned ClaimsIdentities.
/// </summary>
/// <param name="token">Token to be validated.</param>
/// <returns>Read-only collection of IAuthorizationPolicy</returns>
protected override ReadOnlyCollection <IAuthorizationPolicy> ValidateTokenCore(SecurityToken token)
{
ReadOnlyCollection <ClaimsIdentity> identities = null;
try
{
identities = _wrappedX509SecurityTokenHandler.ValidateToken(token);
}
catch (Exception ex)
{
if (!_exceptionMapper.HandleSecurityTokenProcessingException(ex))
{
throw;
}
}
// tlsnego will dispose of the x509, when we write out the bootstrap we will get a dispose error.
bool shouldSaveBootstrapContext = SecurityTokenHandlerConfiguration.DefaultSaveBootstrapContext;
if (_wrappedX509SecurityTokenHandler.Configuration != null)
{
shouldSaveBootstrapContext = _wrappedX509SecurityTokenHandler.Configuration.SaveBootstrapContext;
}
if (shouldSaveBootstrapContext)
{
X509SecurityToken x509Token = token as X509SecurityToken;
SecurityToken tokenToCache;
if (x509Token != null)
{
tokenToCache = new X509SecurityToken(x509Token.Certificate);
}
else
{
tokenToCache = token;
}
BootstrapContext bootstrapContext = new BootstrapContext(tokenToCache, _wrappedX509SecurityTokenHandler);
foreach (ClaimsIdentity identity in identities)
{
identity.BootstrapContext = bootstrapContext;
}
}
List <IAuthorizationPolicy> policies = new List <IAuthorizationPolicy>(1);
policies.Add(new AuthorizationPolicy(identities));
return(policies.AsReadOnly());
}
/// <summary>
/// Validates the token using the wrapped token handler and generates IAuthorizationPolicy
/// wrapping the returned ClaimsIdentities.
/// </summary>
/// <param name="token">Token to be validated. This is always a SecurityContextSecurityToken.</param>
/// <returns>Read-only collection of IAuthorizationPolicy</returns>
protected override ReadOnlyCollection <IAuthorizationPolicy> ValidateTokenCore(SecurityToken token)
{
SecurityContextSecurityToken sct = token as SecurityContextSecurityToken;
SessionSecurityToken sessionToken = SecurityContextSecurityTokenHelper.ConvertSctToSessionToken(sct);
IEnumerable <ClaimsIdentity> identities = null;
try
{
identities = _sessionTokenHandler.ValidateToken(sessionToken, _sctClaimsHandler.EndpointId);
}
catch (Exception ex)
{
if (!_exceptionMapper.HandleSecurityTokenProcessingException(ex))
{
throw;
}
}
return(new List <IAuthorizationPolicy>(new AuthorizationPolicy[] { new AuthorizationPolicy(identities) }).AsReadOnly());
}
protected sealed override ReadOnlyCollection <IAuthorizationPolicy> ValidateTokenCore(SecurityToken token)
{
IEnumerable <ClaimsIdentity> subjectCollection = null;
try
{
subjectCollection = _securityTokenHandler.ValidateToken(token);
}
catch (Exception ex)
{
if (!_exceptionMapper.HandleSecurityTokenProcessingException(ex))
{
throw;
}
}
List <IAuthorizationPolicy> policies = new List <IAuthorizationPolicy>(1);
policies.Add(new AuthorizationPolicy(subjectCollection));
return(policies.AsReadOnly());
}
/// <summary>
/// Validates the token using the wrapped token handler and generates IAuthorizationPolicy
/// wrapping the returned ClaimsIdentities.
/// </summary>
/// <param name="token">Token to be validated.</param>
/// <returns>Read-only collection of IAuthorizationPolicy</returns>
protected override ReadOnlyCollection <IAuthorizationPolicy> ValidateTokenCore(SecurityToken token)
{
ReadOnlyCollection <ClaimsIdentity> identities = null;
try
{
identities = _wrappedUserNameSecurityTokenHandler.ValidateToken(token);
}
catch (Exception ex)
{
if (!_exceptionMapper.HandleSecurityTokenProcessingException(ex))
{
throw;
}
}
List <IAuthorizationPolicy> policies = new List <IAuthorizationPolicy>(1);
policies.Add(new AuthorizationPolicy(identities));
return(policies.AsReadOnly());
}