public HttpsChannelListener(HttpsTransportBindingElement httpsBindingElement, BindingContext context) : base(httpsBindingElement, context) { this.requireClientCertificate = httpsBindingElement.RequireClientCertificate; SecurityCredentialsManager manager = context.BindingParameters.Find <SecurityCredentialsManager>(); if (manager == null) { manager = ServiceCredentials.CreateDefaultCredentials(); } SecurityTokenManager tokenManager = manager.CreateSecurityTokenManager(); this.certificateAuthenticator = TransportSecurityHelpers.GetCertificateTokenAuthenticator(tokenManager, context.Binding.Scheme, TransportSecurityHelpers.GetListenUri(context.ListenUriBaseAddress, context.ListenUriRelativeAddress)); ServiceCredentials credentials = manager as ServiceCredentials; if ((credentials != null) && (credentials.ClientCertificate.Authentication.CertificateValidationMode == X509CertificateValidationMode.Custom)) { this.useCustomClientCertificateVerification = true; } else { this.useCustomClientCertificateVerification = false; X509SecurityTokenAuthenticator certificateAuthenticator = this.certificateAuthenticator as X509SecurityTokenAuthenticator; if (certificateAuthenticator != null) { this.certificateAuthenticator = new X509SecurityTokenAuthenticator(X509CertificateValidator.None, certificateAuthenticator.MapCertificateToWindowsAccount, base.ExtractGroupsForWindowsAccounts, false); } } if (this.RequireClientCertificate && (base.AuthenticationScheme != AuthenticationSchemes.Anonymous)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new InvalidOperationException(System.ServiceModel.SR.GetString("HttpAuthSchemeAndClientCert", new object[] { base.AuthenticationScheme })), TraceEventType.Error); } this.channelBindingProvider = new ChannelBindingProviderHelper(); }
internal HttpsChannelFactory(HttpsTransportBindingElement httpsBindingElement, BindingContext context) : base(httpsBindingElement, context) { this.requireClientCertificate = httpsBindingElement.RequireClientCertificate; this.channelBindingProvider = new ChannelBindingProviderHelper(); ClientCredentials credentials = context.BindingParameters.Find <ClientCredentials>(); if (credentials != null && credentials.ServiceCertificate.SslCertificateAuthentication != null) { this.sslCertificateValidator = credentials.ServiceCertificate.SslCertificateAuthentication.GetCertificateValidator(); this.remoteCertificateValidationCallback = new RemoteCertificateValidationCallback(RemoteCertificateValidationCallback); } }
protected override IRequestChannel CreateClientChannel(EndpointAddress target, Uri via) { IRequestChannel channel = base.CreateClientChannel(target, via); if (!System.ServiceModel.Security.SecurityUtils.IsChannelBindingDisabled && (this.securityBindingElement is TransportSecurityBindingElement)) { IChannelBindingProvider property = channel.GetProperty <IChannelBindingProvider>(); if (property != null) { property.EnableChannelBindingSupport(); } } return(channel); }
public HttpsChannelListener(HttpsTransportBindingElement httpsBindingElement, BindingContext context) : base(httpsBindingElement, context) { this.requireClientCertificate = httpsBindingElement.RequireClientCertificate; this.shouldValidateClientCertificate = ShouldValidateClientCertificate(this.requireClientCertificate, context); // Pick up the MapCertificateToWindowsAccount setting from the configured token authenticator. SecurityCredentialsManager credentialProvider = context.BindingParameters.Find <SecurityCredentialsManager>(); if (credentialProvider == null) { credentialProvider = ServiceCredentials.CreateDefaultCredentials(); } SecurityTokenManager tokenManager = credentialProvider.CreateSecurityTokenManager(); this.certificateAuthenticator = TransportSecurityHelpers.GetCertificateTokenAuthenticator(tokenManager, context.Binding.Scheme, TransportSecurityHelpers.GetListenUri(context.ListenUriBaseAddress, context.ListenUriRelativeAddress)); ServiceCredentials serviceCredentials = credentialProvider as ServiceCredentials; if (serviceCredentials != null && serviceCredentials.ClientCertificate.Authentication.CertificateValidationMode == X509CertificateValidationMode.Custom) { useCustomClientCertificateVerification = true; } else { useCustomClientCertificateVerification = false; X509SecurityTokenAuthenticator authenticator = this.certificateAuthenticator as X509SecurityTokenAuthenticator; if (authenticator != null) { this.certificateAuthenticator = new X509SecurityTokenAuthenticator(X509CertificateValidator.None, authenticator.MapCertificateToWindowsAccount, this.ExtractGroupsForWindowsAccounts, false); } } if (this.RequireClientCertificate && this.AuthenticationScheme.IsNotSet(AuthenticationSchemes.Anonymous)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new InvalidOperationException(SR.GetString( SR.HttpAuthSchemeAndClientCert, this.AuthenticationScheme)), TraceEventType.Error); } this.channelBindingProvider = new ChannelBindingProviderHelper(); }
private void EnableChannelBindingSupport() { if (((this.securityProtocolFactory != null) && (this.securityProtocolFactory.ExtendedProtectionPolicy != null)) && (this.securityProtocolFactory.ExtendedProtectionPolicy.CustomChannelBinding != null)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(System.ServiceModel.SR.GetString("ExtendedProtectionPolicyCustomChannelBindingNotSupported"))); } if ((!System.ServiceModel.Security.SecurityUtils.IsChannelBindingDisabled && System.ServiceModel.Security.SecurityUtils.IsSecurityBindingSuitableForChannelBinding(this.SecurityProtocolFactory.SecurityBindingElement as TransportSecurityBindingElement)) && (base.InnerChannel != null)) { IChannelBindingProvider property = base.InnerChannel.GetProperty <IChannelBindingProvider>(); if (property != null) { property.EnableChannelBindingSupport(); } } }
protected override IRequestChannel CreateClientChannel(EndpointAddress target, Uri via) { IRequestChannel rstChannel = base.CreateClientChannel(target, via); if (!SecurityUtils.IsChannelBindingDisabled && (this.securityBindingElement is TransportSecurityBindingElement)) { // enable channel binding on this side channel IChannelBindingProvider cbp = rstChannel.GetProperty <IChannelBindingProvider>(); if (cbp != null) { cbp.EnableChannelBindingSupport(); } } return(rstChannel); }
private void EnableChannelBindingSupport() { if (this.securityProtocolFactory != null && this.securityProtocolFactory.ExtendedProtectionPolicy != null && this.securityProtocolFactory.ExtendedProtectionPolicy.CustomChannelBinding != null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError((Exception) new NotSupportedException(SR.GetString("ExtendedProtectionPolicyCustomChannelBindingNotSupported"))); } if (System.ServiceModel.Security.SecurityUtils.IsChannelBindingDisabled || !System.ServiceModel.Security.SecurityUtils.IsSecurityBindingSuitableForChannelBinding(this.SecurityProtocolFactory.SecurityBindingElement as TransportSecurityBindingElement) || (object)this.InnerChannel == null) { return; } IChannelBindingProvider property = this.InnerChannel.GetProperty <IChannelBindingProvider>(); if (property == null) { return; } property.EnableChannelBindingSupport(); }
private void EnableChannelBindingSupport() { if (SecurityProtocolFactory != null && SecurityProtocolFactory.ExtendedProtectionPolicy != null && SecurityProtocolFactory.ExtendedProtectionPolicy.CustomChannelBinding != null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.Format(SR.ExtendedProtectionPolicyCustomChannelBindingNotSupported))); } // Do not enable channel binding if there is no reason as it sets up chunking mode. if ((SecurityUtils.IsChannelBindingDisabled) || (!SecurityUtils.IsSecurityBindingSuitableForChannelBinding(SecurityProtocolFactory.SecurityBindingElement as TransportSecurityBindingElement))) { return; } if (InnerChannel != null) { IChannelBindingProvider cbp = InnerChannel.GetProperty <IChannelBindingProvider>(); if (cbp != null) { cbp.EnableChannelBindingSupport(); } } }
internal HttpsChannelFactory(HttpsTransportBindingElement httpsBindingElement, BindingContext context) : base(httpsBindingElement, context) { this.requireClientCertificate = httpsBindingElement.RequireClientCertificate; this.channelBindingProvider = new ChannelBindingProviderHelper(); }