public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver) { if (tokenRequirement == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenRequirement"); } string tokenType = tokenRequirement.TokenType; outOfBandTokenResolver = null; SecurityTokenAuthenticator authenticator = null; if (((tokenRequirement is InitiatorServiceModelSecurityTokenRequirement) && (tokenType == SecurityTokenTypes.X509Certificate)) && (tokenRequirement.KeyUsage == SecurityKeyUsage.Exchange)) { return new X509SecurityTokenAuthenticator(X509CertificateValidator.None, false); } RecipientServiceModelSecurityTokenRequirement recipientRequirement = tokenRequirement as RecipientServiceModelSecurityTokenRequirement; if (recipientRequirement == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(System.ServiceModel.SR.GetString("SecurityTokenManagerCannotCreateAuthenticatorForRequirement", new object[] { tokenRequirement }))); } if (tokenType == SecurityTokenTypes.X509Certificate) { authenticator = this.CreateClientX509TokenAuthenticator(); } else if (tokenType == SecurityTokenTypes.Kerberos) { authenticator = new KerberosSecurityTokenAuthenticatorWrapper(new KerberosSecurityTokenAuthenticator(this.parent.WindowsAuthentication.IncludeWindowsGroups)); } else if (tokenType == SecurityTokenTypes.UserName) { if (this.parent.UserNameAuthentication.UserNamePasswordValidationMode == UserNamePasswordValidationMode.Windows) { if (this.parent.UserNameAuthentication.CacheLogonTokens) { authenticator = new WindowsUserNameCachingSecurityTokenAuthenticator(this.parent.UserNameAuthentication.IncludeWindowsGroups, this.parent.UserNameAuthentication.MaxCachedLogonTokens, this.parent.UserNameAuthentication.CachedLogonTokenLifetime); } else { authenticator = new WindowsUserNameSecurityTokenAuthenticator(this.parent.UserNameAuthentication.IncludeWindowsGroups); } } else { authenticator = new CustomUserNameSecurityTokenAuthenticator(this.parent.UserNameAuthentication.GetUserNamePasswordValidator()); } } else if (tokenType == SecurityTokenTypes.Rsa) { authenticator = new RsaSecurityTokenAuthenticator(); } else if (tokenType == ServiceModelSecurityTokenTypes.AnonymousSslnego) { authenticator = this.CreateTlsnegoSecurityTokenAuthenticator(recipientRequirement, false, out outOfBandTokenResolver); } else if (tokenType == ServiceModelSecurityTokenTypes.MutualSslnego) { authenticator = this.CreateTlsnegoSecurityTokenAuthenticator(recipientRequirement, true, out outOfBandTokenResolver); } else if (tokenType == ServiceModelSecurityTokenTypes.Spnego) { authenticator = this.CreateSpnegoSecurityTokenAuthenticator(recipientRequirement, out outOfBandTokenResolver); } else if (tokenType == ServiceModelSecurityTokenTypes.SecureConversation) { authenticator = this.CreateSecureConversationTokenAuthenticator(recipientRequirement, false, out outOfBandTokenResolver); } else if (((tokenType == SecurityTokenTypes.Saml) || (tokenType == "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1")) || ((tokenType == "urn:oasis:names:tc:SAML:1.0:assertion") || ((tokenType == null) && this.IsIssuedSecurityTokenRequirement(recipientRequirement)))) { authenticator = this.CreateSamlTokenAuthenticator(recipientRequirement, out outOfBandTokenResolver); } if (authenticator == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(System.ServiceModel.SR.GetString("SecurityTokenManagerCannotCreateAuthenticatorForRequirement", new object[] { tokenRequirement }))); } return authenticator; }
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver) { if (tokenRequirement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenRequirement"); } string tokenType = tokenRequirement.TokenType; outOfBandTokenResolver = null; SecurityTokenAuthenticator result = null; if (tokenRequirement is InitiatorServiceModelSecurityTokenRequirement) { // this is the uncorrelated duplex case in which the server is asking for // an authenticator to validate its provisioned client certificate if (tokenType == SecurityTokenTypes.X509Certificate && tokenRequirement.KeyUsage == SecurityKeyUsage.Exchange) { return(new X509SecurityTokenAuthenticator(X509CertificateValidator.None, false)); } } RecipientServiceModelSecurityTokenRequirement recipientRequirement = tokenRequirement as RecipientServiceModelSecurityTokenRequirement; if (recipientRequirement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.SecurityTokenManagerCannotCreateAuthenticatorForRequirement, tokenRequirement))); } if (tokenType == SecurityTokenTypes.X509Certificate) { result = CreateClientX509TokenAuthenticator(); } else if (tokenType == SecurityTokenTypes.Kerberos) { result = new KerberosSecurityTokenAuthenticatorWrapper( new KerberosSecurityTokenAuthenticator(parent.WindowsAuthentication.IncludeWindowsGroups)); } else if (tokenType == SecurityTokenTypes.UserName) { if (parent.UserNameAuthentication.UserNamePasswordValidationMode == UserNamePasswordValidationMode.Windows) { if (parent.UserNameAuthentication.CacheLogonTokens) { result = new WindowsUserNameCachingSecurityTokenAuthenticator(parent.UserNameAuthentication.IncludeWindowsGroups, parent.UserNameAuthentication.MaxCachedLogonTokens, parent.UserNameAuthentication.CachedLogonTokenLifetime); } else { result = new WindowsUserNameSecurityTokenAuthenticator(parent.UserNameAuthentication.IncludeWindowsGroups); } } else { result = new CustomUserNameSecurityTokenAuthenticator(parent.UserNameAuthentication.GetUserNamePasswordValidator()); } } else if (tokenType == SecurityTokenTypes.Rsa) { result = new RsaSecurityTokenAuthenticator(); } else if (tokenType == ServiceModelSecurityTokenTypes.AnonymousSslnego) { result = CreateTlsnegoSecurityTokenAuthenticator(recipientRequirement, false, out outOfBandTokenResolver); } else if (tokenType == ServiceModelSecurityTokenTypes.MutualSslnego) { result = CreateTlsnegoSecurityTokenAuthenticator(recipientRequirement, true, out outOfBandTokenResolver); } else if (tokenType == ServiceModelSecurityTokenTypes.Spnego) { result = CreateSpnegoSecurityTokenAuthenticator(recipientRequirement, out outOfBandTokenResolver); } else if (tokenType == ServiceModelSecurityTokenTypes.SecureConversation) { result = CreateSecureConversationTokenAuthenticator(recipientRequirement, false, out outOfBandTokenResolver); } else if ((tokenType == SecurityTokenTypes.Saml) || (tokenType == SecurityXXX2005Strings.SamlTokenType) || (tokenType == SecurityJan2004Strings.SamlUri) || (tokenType == null && IsIssuedSecurityTokenRequirement(recipientRequirement))) { result = CreateSamlTokenAuthenticator(recipientRequirement, out outOfBandTokenResolver); } if (result == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.SecurityTokenManagerCannotCreateAuthenticatorForRequirement, tokenRequirement))); } return(result); }
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver) { if (tokenRequirement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenRequirement"); } string tokenType = tokenRequirement.TokenType; outOfBandTokenResolver = null; SecurityTokenAuthenticator result = null; if (tokenRequirement is InitiatorServiceModelSecurityTokenRequirement) { // this is the uncorrelated duplex case in which the server is asking for // an authenticator to validate its provisioned client certificate if (tokenType == SecurityTokenTypes.X509Certificate && tokenRequirement.KeyUsage == SecurityKeyUsage.Exchange) { return new X509SecurityTokenAuthenticator(X509CertificateValidator.None, false); } } RecipientServiceModelSecurityTokenRequirement recipientRequirement = tokenRequirement as RecipientServiceModelSecurityTokenRequirement; if (recipientRequirement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.SecurityTokenManagerCannotCreateAuthenticatorForRequirement, tokenRequirement))); } if (tokenType == SecurityTokenTypes.X509Certificate) { result = CreateClientX509TokenAuthenticator(); } else if (tokenType == SecurityTokenTypes.Kerberos) { result = new KerberosSecurityTokenAuthenticatorWrapper( new KerberosSecurityTokenAuthenticator(parent.WindowsAuthentication.IncludeWindowsGroups)); } else if (tokenType == SecurityTokenTypes.UserName) { if (parent.UserNameAuthentication.UserNamePasswordValidationMode == UserNamePasswordValidationMode.Windows) { if (parent.UserNameAuthentication.CacheLogonTokens) { result = new WindowsUserNameCachingSecurityTokenAuthenticator(parent.UserNameAuthentication.IncludeWindowsGroups, parent.UserNameAuthentication.MaxCachedLogonTokens, parent.UserNameAuthentication.CachedLogonTokenLifetime); } else { result = new WindowsUserNameSecurityTokenAuthenticator(parent.UserNameAuthentication.IncludeWindowsGroups); } } else { result = new CustomUserNameSecurityTokenAuthenticator(parent.UserNameAuthentication.GetUserNamePasswordValidator()); } } else if (tokenType == SecurityTokenTypes.Rsa) { result = new RsaSecurityTokenAuthenticator(); } else if (tokenType == ServiceModelSecurityTokenTypes.AnonymousSslnego) { result = CreateTlsnegoSecurityTokenAuthenticator(recipientRequirement, false, out outOfBandTokenResolver); } else if (tokenType == ServiceModelSecurityTokenTypes.MutualSslnego) { result = CreateTlsnegoSecurityTokenAuthenticator(recipientRequirement, true, out outOfBandTokenResolver); } else if (tokenType == ServiceModelSecurityTokenTypes.Spnego) { result = CreateSpnegoSecurityTokenAuthenticator(recipientRequirement, out outOfBandTokenResolver); } else if (tokenType == ServiceModelSecurityTokenTypes.SecureConversation) { result = CreateSecureConversationTokenAuthenticator(recipientRequirement, false, out outOfBandTokenResolver); } else if ((tokenType == SecurityTokenTypes.Saml) || (tokenType == SecurityXXX2005Strings.SamlTokenType) || (tokenType == SecurityJan2004Strings.SamlUri) || (tokenType == null && IsIssuedSecurityTokenRequirement(recipientRequirement))) { result = CreateSamlTokenAuthenticator(recipientRequirement, out outOfBandTokenResolver); } if (result == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.SecurityTokenManagerCannotCreateAuthenticatorForRequirement, tokenRequirement))); return result; }
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver) { if (tokenRequirement == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenRequirement"); } string tokenType = tokenRequirement.TokenType; outOfBandTokenResolver = null; SecurityTokenAuthenticator authenticator = null; if (((tokenRequirement is InitiatorServiceModelSecurityTokenRequirement) && (tokenType == SecurityTokenTypes.X509Certificate)) && (tokenRequirement.KeyUsage == SecurityKeyUsage.Exchange)) { return(new X509SecurityTokenAuthenticator(X509CertificateValidator.None, false)); } RecipientServiceModelSecurityTokenRequirement recipientRequirement = tokenRequirement as RecipientServiceModelSecurityTokenRequirement; if (recipientRequirement == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(System.ServiceModel.SR.GetString("SecurityTokenManagerCannotCreateAuthenticatorForRequirement", new object[] { tokenRequirement }))); } if (tokenType == SecurityTokenTypes.X509Certificate) { authenticator = this.CreateClientX509TokenAuthenticator(); } else if (tokenType == SecurityTokenTypes.Kerberos) { authenticator = new KerberosSecurityTokenAuthenticatorWrapper(new KerberosSecurityTokenAuthenticator(this.parent.WindowsAuthentication.IncludeWindowsGroups)); } else if (tokenType == SecurityTokenTypes.UserName) { if (this.parent.UserNameAuthentication.UserNamePasswordValidationMode == UserNamePasswordValidationMode.Windows) { if (this.parent.UserNameAuthentication.CacheLogonTokens) { authenticator = new WindowsUserNameCachingSecurityTokenAuthenticator(this.parent.UserNameAuthentication.IncludeWindowsGroups, this.parent.UserNameAuthentication.MaxCachedLogonTokens, this.parent.UserNameAuthentication.CachedLogonTokenLifetime); } else { authenticator = new WindowsUserNameSecurityTokenAuthenticator(this.parent.UserNameAuthentication.IncludeWindowsGroups); } } else { authenticator = new CustomUserNameSecurityTokenAuthenticator(this.parent.UserNameAuthentication.GetUserNamePasswordValidator()); } } else if (tokenType == SecurityTokenTypes.Rsa) { authenticator = new RsaSecurityTokenAuthenticator(); } else if (tokenType == ServiceModelSecurityTokenTypes.AnonymousSslnego) { authenticator = this.CreateTlsnegoSecurityTokenAuthenticator(recipientRequirement, false, out outOfBandTokenResolver); } else if (tokenType == ServiceModelSecurityTokenTypes.MutualSslnego) { authenticator = this.CreateTlsnegoSecurityTokenAuthenticator(recipientRequirement, true, out outOfBandTokenResolver); } else if (tokenType == ServiceModelSecurityTokenTypes.Spnego) { authenticator = this.CreateSpnegoSecurityTokenAuthenticator(recipientRequirement, out outOfBandTokenResolver); } else if (tokenType == ServiceModelSecurityTokenTypes.SecureConversation) { authenticator = this.CreateSecureConversationTokenAuthenticator(recipientRequirement, false, out outOfBandTokenResolver); } else if (((tokenType == SecurityTokenTypes.Saml) || (tokenType == "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1")) || ((tokenType == "urn:oasis:names:tc:SAML:1.0:assertion") || ((tokenType == null) && this.IsIssuedSecurityTokenRequirement(recipientRequirement)))) { authenticator = this.CreateSamlTokenAuthenticator(recipientRequirement, out outOfBandTokenResolver); } if (authenticator == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(System.ServiceModel.SR.GetString("SecurityTokenManagerCannotCreateAuthenticatorForRequirement", new object[] { tokenRequirement }))); } return(authenticator); }