public void SecureConvProviderGetToken() { InitiatorServiceModelSecurityTokenRequirement r = CreateRequirement(); // it still requires SecurityAlgorithmSuite on GetToken(). r.SecurityAlgorithmSuite = SecurityAlgorithmSuite.Default; // the actual security binding element requires // ProtectionTokenParameters. r.SecureConversationSecurityBindingElement = SecurityBindingElement.CreateAnonymousForCertificateBindingElement(); // the above requires service certificate BindingContext ctx = r.GetProperty <BindingContext> (ReqType.IssuerBindingContextProperty); ClientCredentials cred = new ClientCredentials(); cred.ServiceCertificate.DefaultCertificate = cert; ctx.BindingParameters.Add(cred); // without it, identity check fails on IssuerAddress // (TargetAddress is used when IssuerAddress is not set) r.TargetAddress = new EndpointAddress(new Uri("http://localhost:8080"), new X509CertificateEndpointIdentity(cert)); SecurityTokenProvider p = def_c.CreateSecurityTokenProvider(r); Assert.IsNotNull(p, "#1"); // non-standard provider, it looks similar to IssuedSecurityTokenProvider. ((ICommunicationObject)p).Open(); p.GetToken(TimeSpan.FromSeconds(5)); }
SecurityTokenProvider CreateSpnegoTokenProvider(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement) { EndpointAddress targetAddress = initiatorRequirement.TargetAddress; if (targetAddress == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenRequirementDoesNotSpecifyTargetAddress, initiatorRequirement)); } SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement; if (securityBindingElement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenProviderRequiresSecurityBindingElement, initiatorRequirement)); } SspiIssuanceChannelParameter sspiChannelParameter = GetSspiIssuanceChannelParameter(initiatorRequirement); bool negotiateTokenOnOpen = (sspiChannelParameter == null ? true : sspiChannelParameter.GetTokenOnOpen); LocalClientSecuritySettings localClientSettings = securityBindingElement.LocalClientSettings; BindingContext issuerBindingContext = initiatorRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty); SpnegoTokenProvider spnegoTokenProvider = new SpnegoTokenProvider(sspiChannelParameter != null ? sspiChannelParameter.CredentialsHandle : null, securityBindingElement); SspiSecurityToken clientSspiToken = GetSpnegoClientCredential(initiatorRequirement); spnegoTokenProvider.ClientCredential = clientSspiToken.NetworkCredential; spnegoTokenProvider.IssuerAddress = initiatorRequirement.IssuerAddress; spnegoTokenProvider.AllowedImpersonationLevel = parent.Windows.AllowedImpersonationLevel; spnegoTokenProvider.AllowNtlm = clientSspiToken.AllowNtlm; spnegoTokenProvider.IdentityVerifier = localClientSettings.IdentityVerifier; spnegoTokenProvider.SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite; // if this is not a supporting token, authenticate the server spnegoTokenProvider.AuthenticateServer = !initiatorRequirement.Properties.ContainsKey(ServiceModelSecurityTokenRequirement.SupportingTokenAttachmentModeProperty); spnegoTokenProvider.NegotiateTokenOnOpen = negotiateTokenOnOpen; spnegoTokenProvider.CacheServiceTokens = negotiateTokenOnOpen || localClientSettings.CacheCookies; spnegoTokenProvider.IssuerBindingContext = issuerBindingContext; spnegoTokenProvider.MaxServiceTokenCachingTime = localClientSettings.MaxCookieCachingTime; spnegoTokenProvider.ServiceTokenValidityThresholdPercentage = localClientSettings.CookieRenewalThresholdPercentage; spnegoTokenProvider.StandardsManager = SecurityUtils.CreateSecurityStandardsManager(initiatorRequirement, this); spnegoTokenProvider.TargetAddress = targetAddress; spnegoTokenProvider.Via = initiatorRequirement.GetPropertyOrDefault <Uri>(InitiatorServiceModelSecurityTokenRequirement.ViaProperty, null); spnegoTokenProvider.ApplicationProtectionRequirements = (issuerBindingContext != null) ? issuerBindingContext.BindingParameters.Find <ChannelProtectionRequirements>() : null; spnegoTokenProvider.InteractiveNegoExLogonEnabled = this.ClientCredentials.SupportInteractive; return(spnegoTokenProvider); }
private SecurityTokenProvider CreateSpnegoTokenProvider(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement) { EndpointAddress targetAddress = initiatorRequirement.TargetAddress; if (targetAddress == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenRequirementDoesNotSpecifyTargetAddress", new object[] { initiatorRequirement })); } SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement; if (securityBindingElement == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenProviderRequiresSecurityBindingElement", new object[] { initiatorRequirement })); } SspiIssuanceChannelParameter sspiIssuanceChannelParameter = this.GetSspiIssuanceChannelParameter(initiatorRequirement); bool flag = (sspiIssuanceChannelParameter == null) || sspiIssuanceChannelParameter.GetTokenOnOpen; LocalClientSecuritySettings localClientSettings = securityBindingElement.LocalClientSettings; BindingContext property = initiatorRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty); SpnegoTokenProvider provider = new SpnegoTokenProvider((sspiIssuanceChannelParameter != null) ? sspiIssuanceChannelParameter.CredentialsHandle : null, securityBindingElement); SspiSecurityToken spnegoClientCredential = this.GetSpnegoClientCredential(initiatorRequirement); provider.ClientCredential = spnegoClientCredential.NetworkCredential; provider.IssuerAddress = initiatorRequirement.IssuerAddress; provider.AllowedImpersonationLevel = this.parent.Windows.AllowedImpersonationLevel; provider.AllowNtlm = spnegoClientCredential.AllowNtlm; provider.IdentityVerifier = localClientSettings.IdentityVerifier; provider.SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite; provider.AuthenticateServer = !initiatorRequirement.Properties.ContainsKey(ServiceModelSecurityTokenRequirement.SupportingTokenAttachmentModeProperty); provider.NegotiateTokenOnOpen = flag; provider.CacheServiceTokens = flag || localClientSettings.CacheCookies; provider.IssuerBindingContext = property; provider.MaxServiceTokenCachingTime = localClientSettings.MaxCookieCachingTime; provider.ServiceTokenValidityThresholdPercentage = localClientSettings.CookieRenewalThresholdPercentage; provider.StandardsManager = System.ServiceModel.Security.SecurityUtils.CreateSecurityStandardsManager(initiatorRequirement, this); provider.TargetAddress = targetAddress; provider.Via = initiatorRequirement.GetPropertyOrDefault <Uri>(ServiceModelSecurityTokenRequirement.ViaProperty, null); provider.ApplicationProtectionRequirements = (property != null) ? property.BindingParameters.Find <ChannelProtectionRequirements>() : null; provider.InteractiveNegoExLogonEnabled = this.ClientCredentials.SupportInteractive; return(provider); }
SecurityTokenProvider CreateTlsnegoTokenProvider(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement, bool requireClientCertificate) { EndpointAddress targetAddress = initiatorRequirement.TargetAddress; if (targetAddress == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenRequirementDoesNotSpecifyTargetAddress, initiatorRequirement)); } SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement; if (securityBindingElement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenProviderRequiresSecurityBindingElement, initiatorRequirement)); } SspiIssuanceChannelParameter sspiChannelParameter = GetSspiIssuanceChannelParameter(initiatorRequirement); bool negotiateTokenOnOpen = sspiChannelParameter != null && sspiChannelParameter.GetTokenOnOpen; LocalClientSecuritySettings localClientSettings = securityBindingElement.LocalClientSettings; BindingContext issuerBindingContext = initiatorRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty); TlsnegoTokenProvider tlsnegoTokenProvider = new TlsnegoTokenProvider(); tlsnegoTokenProvider.IssuerAddress = initiatorRequirement.IssuerAddress; tlsnegoTokenProvider.NegotiateTokenOnOpen = negotiateTokenOnOpen; tlsnegoTokenProvider.CacheServiceTokens = negotiateTokenOnOpen || localClientSettings.CacheCookies; if (requireClientCertificate) { tlsnegoTokenProvider.ClientTokenProvider = this.CreateTlsnegoClientX509TokenProvider(initiatorRequirement); } tlsnegoTokenProvider.IssuerBindingContext = issuerBindingContext; tlsnegoTokenProvider.ApplicationProtectionRequirements = (issuerBindingContext != null) ? issuerBindingContext.BindingParameters.Find <ChannelProtectionRequirements>() : null; tlsnegoTokenProvider.MaxServiceTokenCachingTime = localClientSettings.MaxCookieCachingTime; tlsnegoTokenProvider.SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite; tlsnegoTokenProvider.ServerTokenAuthenticator = this.CreateTlsnegoServerX509TokenAuthenticator(initiatorRequirement); tlsnegoTokenProvider.ServiceTokenValidityThresholdPercentage = localClientSettings.CookieRenewalThresholdPercentage; tlsnegoTokenProvider.StandardsManager = SecurityUtils.CreateSecurityStandardsManager(initiatorRequirement, this); tlsnegoTokenProvider.TargetAddress = initiatorRequirement.TargetAddress; tlsnegoTokenProvider.Via = initiatorRequirement.GetPropertyOrDefault <Uri>(InitiatorServiceModelSecurityTokenRequirement.ViaProperty, null); return(tlsnegoTokenProvider); }
private SecurityTokenProvider CreateTlsnegoTokenProvider(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement, bool requireClientCertificate) { if (initiatorRequirement.TargetAddress == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenRequirementDoesNotSpecifyTargetAddress", new object[] { initiatorRequirement })); } SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement; if (securityBindingElement == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenProviderRequiresSecurityBindingElement", new object[] { initiatorRequirement })); } SspiIssuanceChannelParameter sspiIssuanceChannelParameter = this.GetSspiIssuanceChannelParameter(initiatorRequirement); bool flag = (sspiIssuanceChannelParameter != null) && sspiIssuanceChannelParameter.GetTokenOnOpen; LocalClientSecuritySettings localClientSettings = securityBindingElement.LocalClientSettings; BindingContext property = initiatorRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty); TlsnegoTokenProvider provider = new TlsnegoTokenProvider { IssuerAddress = initiatorRequirement.IssuerAddress, NegotiateTokenOnOpen = flag, CacheServiceTokens = flag || localClientSettings.CacheCookies }; if (requireClientCertificate) { provider.ClientTokenProvider = this.CreateTlsnegoClientX509TokenProvider(initiatorRequirement); } provider.IssuerBindingContext = property; provider.ApplicationProtectionRequirements = (property != null) ? property.BindingParameters.Find <ChannelProtectionRequirements>() : null; provider.MaxServiceTokenCachingTime = localClientSettings.MaxCookieCachingTime; provider.SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite; provider.ServerTokenAuthenticator = this.CreateTlsnegoServerX509TokenAuthenticator(initiatorRequirement); provider.ServiceTokenValidityThresholdPercentage = localClientSettings.CookieRenewalThresholdPercentage; provider.StandardsManager = System.ServiceModel.Security.SecurityUtils.CreateSecurityStandardsManager(initiatorRequirement, this); provider.TargetAddress = initiatorRequirement.TargetAddress; provider.Via = initiatorRequirement.GetPropertyOrDefault <Uri>(ServiceModelSecurityTokenRequirement.ViaProperty, null); return(provider); }
private SecurityTokenProvider CreateSecureConversationSecurityTokenProvider(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement) { EndpointAddress targetAddress = initiatorRequirement.TargetAddress; if (targetAddress == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.Format(SR.TokenRequirementDoesNotSpecifyTargetAddress, initiatorRequirement)); } SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement; if (securityBindingElement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.Format(SR.TokenProviderRequiresSecurityBindingElement, initiatorRequirement)); } LocalClientSecuritySettings localClientSettings = securityBindingElement.LocalClientSettings; BindingContext issuerBindingContext = initiatorRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty); ChannelParameterCollection channelParameters = initiatorRequirement.GetPropertyOrDefault <ChannelParameterCollection>(ServiceModelSecurityTokenRequirement.ChannelParametersCollectionProperty, null); bool isSessionMode = initiatorRequirement.SupportSecurityContextCancellation; if (isSessionMode) { SecuritySessionSecurityTokenProvider sessionTokenProvider = new SecuritySessionSecurityTokenProvider(); sessionTokenProvider.BootstrapSecurityBindingElement = SecurityUtils.GetIssuerSecurityBindingElement(initiatorRequirement); sessionTokenProvider.IssuedSecurityTokenParameters = initiatorRequirement.GetProperty <SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty); sessionTokenProvider.IssuerBindingContext = issuerBindingContext; sessionTokenProvider.KeyEntropyMode = securityBindingElement.KeyEntropyMode; sessionTokenProvider.SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite; sessionTokenProvider.StandardsManager = SecurityUtils.CreateSecurityStandardsManager(initiatorRequirement, this); sessionTokenProvider.TargetAddress = targetAddress; sessionTokenProvider.Via = initiatorRequirement.GetPropertyOrDefault <Uri>(InitiatorServiceModelSecurityTokenRequirement.ViaProperty, null); Uri privacyNoticeUri; if (initiatorRequirement.TryGetProperty(ServiceModelSecurityTokenRequirement.PrivacyNoticeUriProperty, out privacyNoticeUri)) { sessionTokenProvider.PrivacyNoticeUri = privacyNoticeUri; } int privacyNoticeVersion; if (initiatorRequirement.TryGetProperty(ServiceModelSecurityTokenRequirement.PrivacyNoticeVersionProperty, out privacyNoticeVersion)) { sessionTokenProvider.PrivacyNoticeVersion = privacyNoticeVersion; } EndpointAddress localAddress; if (initiatorRequirement.TryGetProperty(ServiceModelSecurityTokenRequirement.DuplexClientLocalAddressProperty, out localAddress)) { sessionTokenProvider.LocalAddress = localAddress; } sessionTokenProvider.ChannelParameters = channelParameters; sessionTokenProvider.WebHeaders = initiatorRequirement.WebHeaders; return(sessionTokenProvider); } else { AcceleratedTokenProvider acceleratedTokenProvider = new AcceleratedTokenProvider(); acceleratedTokenProvider.IssuerAddress = initiatorRequirement.IssuerAddress; acceleratedTokenProvider.BootstrapSecurityBindingElement = SecurityUtils.GetIssuerSecurityBindingElement(initiatorRequirement); acceleratedTokenProvider.CacheServiceTokens = localClientSettings.CacheCookies; acceleratedTokenProvider.IssuerBindingContext = issuerBindingContext; acceleratedTokenProvider.KeyEntropyMode = securityBindingElement.KeyEntropyMode; acceleratedTokenProvider.MaxServiceTokenCachingTime = localClientSettings.MaxCookieCachingTime; acceleratedTokenProvider.SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite; acceleratedTokenProvider.ServiceTokenValidityThresholdPercentage = localClientSettings.CookieRenewalThresholdPercentage; acceleratedTokenProvider.StandardsManager = SecurityUtils.CreateSecurityStandardsManager(initiatorRequirement, this); acceleratedTokenProvider.TargetAddress = targetAddress; acceleratedTokenProvider.Via = initiatorRequirement.GetPropertyOrDefault <Uri>(InitiatorServiceModelSecurityTokenRequirement.ViaProperty, null); return(acceleratedTokenProvider); } }
private IssuedSecurityTokenProvider CreateIssuedSecurityTokenProvider(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement) { KeyedByTypeCollection <IEndpointBehavior> localIssuerChannelBehaviors; MessageSecurityVersion version; SecurityTokenSerializer serializer; ChannelParameterCollection parameters2; if (initiatorRequirement.TargetAddress == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenRequirementDoesNotSpecifyTargetAddress", new object[] { initiatorRequirement })); } SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement; if (securityBindingElement == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenProviderRequiresSecurityBindingElement", new object[] { initiatorRequirement })); } EndpointAddress issuerAddress = initiatorRequirement.IssuerAddress; Binding issuerBinding = initiatorRequirement.IssuerBinding; bool flag = (issuerAddress == null) || issuerAddress.Equals(EndpointAddress.AnonymousAddress); if (flag) { issuerAddress = this.parent.IssuedToken.LocalIssuerAddress; issuerBinding = this.parent.IssuedToken.LocalIssuerBinding; } if (issuerAddress == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("StsAddressNotSet", new object[] { initiatorRequirement.TargetAddress }))); } if (issuerBinding == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("StsBindingNotSet", new object[] { issuerAddress }))); } Uri uri = issuerAddress.Uri; if (!this.parent.IssuedToken.IssuerChannelBehaviors.TryGetValue(issuerAddress.Uri, out localIssuerChannelBehaviors) && flag) { localIssuerChannelBehaviors = this.parent.IssuedToken.LocalIssuerChannelBehaviors; } IssuedSecurityTokenProvider federationTokenProvider = new IssuedSecurityTokenProvider(this.GetCredentialsHandle(initiatorRequirement)) { TargetAddress = initiatorRequirement.TargetAddress }; this.CopyIssuerChannelBehaviorsAndAddSecurityCredentials(federationTokenProvider, localIssuerChannelBehaviors, issuerAddress); federationTokenProvider.CacheIssuedTokens = this.parent.IssuedToken.CacheIssuedTokens; federationTokenProvider.IdentityVerifier = securityBindingElement.LocalClientSettings.IdentityVerifier; federationTokenProvider.IssuerAddress = issuerAddress; federationTokenProvider.IssuerBinding = issuerBinding; federationTokenProvider.KeyEntropyMode = this.GetIssuerBindingKeyEntropyModeOrDefault(issuerBinding); federationTokenProvider.MaxIssuedTokenCachingTime = this.parent.IssuedToken.MaxIssuedTokenCachingTime; federationTokenProvider.SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite; IssuedSecurityTokenParameters property = initiatorRequirement.GetProperty <IssuedSecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty); this.GetIssuerBindingSecurityVersion(issuerBinding, property.DefaultMessageSecurityVersion, initiatorRequirement.SecurityBindingElement, out version, out serializer); federationTokenProvider.MessageSecurityVersion = version; federationTokenProvider.SecurityTokenSerializer = serializer; federationTokenProvider.IssuedTokenRenewalThresholdPercentage = this.parent.IssuedToken.IssuedTokenRenewalThresholdPercentage; IEnumerable <XmlElement> enumerable = property.CreateRequestParameters(version, serializer); if (enumerable != null) { foreach (XmlElement element2 in enumerable) { federationTokenProvider.TokenRequestParameters.Add(element2); } } if (initiatorRequirement.TryGetProperty <ChannelParameterCollection>(ServiceModelSecurityTokenRequirement.ChannelParametersCollectionProperty, out parameters2)) { federationTokenProvider.ChannelParameters = parameters2; } return(federationTokenProvider); }
private SecurityTokenProvider CreateSecureConversationSecurityTokenProvider(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement) { Uri uri2; int num2; EndpointAddress targetAddress = initiatorRequirement.TargetAddress; if (targetAddress == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenRequirementDoesNotSpecifyTargetAddress", new object[] { initiatorRequirement })); } SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement; if (securityBindingElement == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenProviderRequiresSecurityBindingElement", new object[] { initiatorRequirement })); } LocalClientSecuritySettings localClientSettings = securityBindingElement.LocalClientSettings; BindingContext property = initiatorRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty); ChannelParameterCollection propertyOrDefault = initiatorRequirement.GetPropertyOrDefault <ChannelParameterCollection>(ServiceModelSecurityTokenRequirement.ChannelParametersCollectionProperty, null); if (initiatorRequirement.SupportSecurityContextCancellation) { Uri uri; int num; EndpointAddress address2; SecuritySessionSecurityTokenProvider provider = new SecuritySessionSecurityTokenProvider(this.GetCredentialsHandle(initiatorRequirement)) { BootstrapSecurityBindingElement = System.ServiceModel.Security.SecurityUtils.GetIssuerSecurityBindingElement(initiatorRequirement), IssuedSecurityTokenParameters = initiatorRequirement.GetProperty <SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty), IssuerBindingContext = property, KeyEntropyMode = securityBindingElement.KeyEntropyMode, SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite, StandardsManager = System.ServiceModel.Security.SecurityUtils.CreateSecurityStandardsManager(initiatorRequirement, this), TargetAddress = targetAddress, Via = initiatorRequirement.GetPropertyOrDefault <Uri>(ServiceModelSecurityTokenRequirement.ViaProperty, null) }; if (initiatorRequirement.TryGetProperty <Uri>(ServiceModelSecurityTokenRequirement.PrivacyNoticeUriProperty, out uri)) { provider.PrivacyNoticeUri = uri; } if (initiatorRequirement.TryGetProperty <int>(ServiceModelSecurityTokenRequirement.PrivacyNoticeVersionProperty, out num)) { provider.PrivacyNoticeVersion = num; } if (initiatorRequirement.TryGetProperty <EndpointAddress>(ServiceModelSecurityTokenRequirement.DuplexClientLocalAddressProperty, out address2)) { provider.LocalAddress = address2; } provider.ChannelParameters = propertyOrDefault; return(provider); } AcceleratedTokenProvider provider2 = new AcceleratedTokenProvider(this.GetCredentialsHandle(initiatorRequirement)) { IssuerAddress = initiatorRequirement.IssuerAddress, BootstrapSecurityBindingElement = System.ServiceModel.Security.SecurityUtils.GetIssuerSecurityBindingElement(initiatorRequirement), CacheServiceTokens = localClientSettings.CacheCookies, IssuerBindingContext = property, KeyEntropyMode = securityBindingElement.KeyEntropyMode, MaxServiceTokenCachingTime = localClientSettings.MaxCookieCachingTime, SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite, ServiceTokenValidityThresholdPercentage = localClientSettings.CookieRenewalThresholdPercentage, StandardsManager = System.ServiceModel.Security.SecurityUtils.CreateSecurityStandardsManager(initiatorRequirement, this), TargetAddress = targetAddress, Via = initiatorRequirement.GetPropertyOrDefault <Uri>(ServiceModelSecurityTokenRequirement.ViaProperty, null) }; if (initiatorRequirement.TryGetProperty <Uri>(ServiceModelSecurityTokenRequirement.PrivacyNoticeUriProperty, out uri2)) { provider2.PrivacyNoticeUri = uri2; } provider2.ChannelParameters = propertyOrDefault; if (initiatorRequirement.TryGetProperty <int>(ServiceModelSecurityTokenRequirement.PrivacyNoticeVersionProperty, out num2)) { provider2.PrivacyNoticeVersion = num2; } return(provider2); }
IssuedSecurityTokenProvider CreateIssuedSecurityTokenProvider(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement, FederatedClientCredentialsParameters actAsOnBehalfOfParameters) { if (initiatorRequirement.TargetAddress == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenRequirementDoesNotSpecifyTargetAddress, initiatorRequirement)); } SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement; if (securityBindingElement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenProviderRequiresSecurityBindingElement, initiatorRequirement)); } EndpointAddress issuerAddress = initiatorRequirement.IssuerAddress; Binding issuerBinding = initiatorRequirement.IssuerBinding; // // If the issuer address is indeed anonymous or null, we will try the local issuer // bool isLocalIssuer = (issuerAddress == null || issuerAddress.Equals(EndpointAddress.AnonymousAddress)); if (isLocalIssuer) { issuerAddress = parent.IssuedToken.LocalIssuerAddress; issuerBinding = parent.IssuedToken.LocalIssuerBinding; } if (issuerAddress == null) { // if issuer address is still null then the user forgot to specify the local issuer throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.StsAddressNotSet, initiatorRequirement.TargetAddress))); } if (issuerBinding == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.StsBindingNotSet, issuerAddress))); } Uri issuerUri = issuerAddress.Uri; KeyedByTypeCollection <IEndpointBehavior> issuerChannelBehaviors; if (!parent.IssuedToken.IssuerChannelBehaviors.TryGetValue(issuerAddress.Uri, out issuerChannelBehaviors) && isLocalIssuer) { issuerChannelBehaviors = parent.IssuedToken.LocalIssuerChannelBehaviors; } IssuedSecurityTokenProvider federationTokenProvider = new IssuedSecurityTokenProvider(GetCredentialsHandle(initiatorRequirement)); federationTokenProvider.TokenHandlerCollectionManager = this.parent.SecurityTokenHandlerCollectionManager; federationTokenProvider.TargetAddress = initiatorRequirement.TargetAddress; CopyIssuerChannelBehaviorsAndAddSecurityCredentials(federationTokenProvider, issuerChannelBehaviors, issuerAddress); federationTokenProvider.CacheIssuedTokens = parent.IssuedToken.CacheIssuedTokens; federationTokenProvider.IdentityVerifier = securityBindingElement.LocalClientSettings.IdentityVerifier; federationTokenProvider.IssuerAddress = issuerAddress; federationTokenProvider.IssuerBinding = issuerBinding; federationTokenProvider.KeyEntropyMode = GetIssuerBindingKeyEntropyModeOrDefault(issuerBinding); federationTokenProvider.MaxIssuedTokenCachingTime = parent.IssuedToken.MaxIssuedTokenCachingTime; federationTokenProvider.SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite; MessageSecurityVersion issuerSecurityVersion; SecurityTokenSerializer issuerSecurityTokenSerializer; IssuedSecurityTokenParameters issuedTokenParameters = initiatorRequirement.GetProperty <IssuedSecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty); GetIssuerBindingSecurityVersion(issuerBinding, issuedTokenParameters.DefaultMessageSecurityVersion, initiatorRequirement.SecurityBindingElement, out issuerSecurityVersion, out issuerSecurityTokenSerializer); federationTokenProvider.MessageSecurityVersion = issuerSecurityVersion; federationTokenProvider.SecurityTokenSerializer = issuerSecurityTokenSerializer; federationTokenProvider.IssuedTokenRenewalThresholdPercentage = parent.IssuedToken.IssuedTokenRenewalThresholdPercentage; IEnumerable <XmlElement> tokenRequestParameters = issuedTokenParameters.CreateRequestParameters(issuerSecurityVersion, issuerSecurityTokenSerializer); if (tokenRequestParameters != null) { foreach (XmlElement requestParameter in tokenRequestParameters) { federationTokenProvider.TokenRequestParameters.Add(requestParameter); } } ChannelParameterCollection channelParameters; if (initiatorRequirement.TryGetProperty <ChannelParameterCollection>(ServiceModelSecurityTokenRequirement.ChannelParametersCollectionProperty, out channelParameters)) { federationTokenProvider.ChannelParameters = channelParameters; } federationTokenProvider.SetupActAsOnBehalfOfParameters(actAsOnBehalfOfParameters); return(federationTokenProvider); }