private BasicOpClient CreateClient()
{
if (string.IsNullOrEmpty(this.EndPointConfigurationName))
{
EndpointAddress endPointAddress;
if (string.IsNullOrEmpty(SpnName))
{
endPointAddress = new EndpointAddress(new Uri(Address));
}
else
{
var identity = new SpnEndpointIdentity(SpnName);
endPointAddress = new EndpointAddress(new Uri(Address), identity);
}
WSHttpBinding binding;
if (endPointAddress.Uri.Scheme == "https")
{
binding = new WSHttpBinding(SecurityMode.Transport);
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
}
else
{
binding = new WSHttpBinding();
}
return(new BasicOpClient(binding, endPointAddress));
}
else
{
return(new BasicOpClient(EndPointConfigurationName));
}
}
public override bool CheckAccess(EndpointIdentity identity, AuthorizationContext authContext)
{
if (identity == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("identity");
}
if (authContext == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("authContext");
}
for (int i = 0; i < authContext.ClaimSets.Count; i++)
{
ClaimSet claimSet = authContext.ClaimSets[i];
if (claimSet.ContainsClaim(identity.IdentityClaim))
{
SecurityTraceRecordHelper.TraceIdentityVerificationSuccess(identity, identity.IdentityClaim, base.GetType());
return(true);
}
string expectedSpn = null;
if (ClaimTypes.Dns.Equals(identity.IdentityClaim.ClaimType))
{
expectedSpn = string.Format(CultureInfo.InvariantCulture, "host/{0}", new object[] { (string)identity.IdentityClaim.Resource });
Claim claim = this.CheckDnsEquivalence(claimSet, expectedSpn);
if (claim != null)
{
SecurityTraceRecordHelper.TraceIdentityVerificationSuccess(identity, claim, base.GetType());
return(true);
}
}
SecurityIdentifier identitySid = null;
if (ClaimTypes.Sid.Equals(identity.IdentityClaim.ClaimType))
{
identitySid = this.GetSecurityIdentifier(identity.IdentityClaim);
}
else if (ClaimTypes.Upn.Equals(identity.IdentityClaim.ClaimType))
{
identitySid = ((UpnEndpointIdentity)identity).GetUpnSid();
}
else if (ClaimTypes.Spn.Equals(identity.IdentityClaim.ClaimType))
{
identitySid = ((SpnEndpointIdentity)identity).GetSpnSid();
}
else if (ClaimTypes.Dns.Equals(identity.IdentityClaim.ClaimType))
{
identitySid = new SpnEndpointIdentity(expectedSpn).GetSpnSid();
}
if (identitySid != null)
{
Claim claim2 = this.CheckSidEquivalence(identitySid, claimSet);
if (claim2 != null)
{
SecurityTraceRecordHelper.TraceIdentityVerificationSuccess(identity, claim2, base.GetType());
return(true);
}
}
}
SecurityTraceRecordHelper.TraceIdentityVerificationFailure(identity, authContext, base.GetType());
return(false);
}
public SpnEndpointIdentityExtension(SpnEndpointIdentity identity)
{
if (identity == null)
{
throw FxTrace.Exception.ArgumentNull("identity");
}
this.SpnName = (string)identity.IdentityClaim.Resource;
}
public static void Ctor_NullSpn()
{
string spnName = null;
Assert.Throws <ArgumentNullException>("spnName", () =>
{
SpnEndpointIdentity spnEndpointEntity = new SpnEndpointIdentity(spnName);
});
}
public SpnEndpointIdentityExtension(SpnEndpointIdentity identity)
{
if (identity == null)
{
throw FxTrace.Exception.ArgumentNull("identity");
}
Fx.Assert(identity.IdentityClaim.Resource is string, "SpnEndpointIdentity claim resource is not string");
this.SpnName = (string)identity.IdentityClaim.Resource;
}
public SpnEndpointIdentityExtension(SpnEndpointIdentity identity)
{
if (identity == null)
{
throw FxTrace.Exception.ArgumentNull("identity");
}
Fx.Assert(identity.IdentityClaim.Resource is string, "SpnEndpointIdentity claim resource is not string");
this.SpnName = (string)identity.IdentityClaim.Resource;
}
// </snippet2>
// <snippet3>
static EndpointIdentity CreateSpnIdentity()
{
WindowsIdentity self = WindowsIdentity.GetCurrent();
SecurityIdentifier sid = self.User;
SpnEndpointIdentity identity = null;
identity = new SpnEndpointIdentity(String.Format(CultureInfo.InvariantCulture, "host/{0}", GetMachineName()));
return(identity);
}
static void Main(string[] args)
{
int[] counts = new int[] { 500, 600, 700, 800, 850, 851 };
foreach (var count in counts)
{
Console.WriteLine(string.Format("Attempting with count = {0}", count));
SqlDataAdapter adpt = new SqlDataAdapter(
string.Format("select top {0} cprNo from T_PM_CPR", count),
"");
DataTable table = new DataTable();
int found = adpt.Fill(table);
Console.WriteLine(string.Format("Found = {0}", found));
DataRow[] rows = new DataRow[found];
table.Rows.CopyTo(rows, 0);
string[] cprNumbers = (from DataRow dr in rows
select dr["cprNo"].ToString()).ToArray();
WSHttpBinding binding = new WSHttpBinding();
string SpnName = "syddjurs.dk";
string Address = "http://personmaster-service/PersonmasterServiceLibrary.BasicOp.svc";
var identity = new SpnEndpointIdentity(SpnName);
EndpointAddress endPointAddress = new EndpointAddress(new Uri(Address + "/PersonMasterService12"), identity);
BasicOpClient client = new BasicOpClient(binding, endPointAddress);
string aux = "";
try
{
client.GetObjectIDsFromCprArray("", cprNumbers, ref aux);
Console.WriteLine("Succeeded !!");
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
finally
{
Console.WriteLine(string.Format("Aux={0}", aux));
}
}
}
public override void ProcessPerson(string joinedPnrBatch)
{
EndpointAddress endPointAddress;
if (string.IsNullOrEmpty(this.PersonMasterSpnName))
{
endPointAddress = new EndpointAddress(new Uri(this.PersonMasterUrl));
}
else
{
var identity = new SpnEndpointIdentity(this.PersonMasterSpnName);
endPointAddress = new EndpointAddress(new Uri(this.PersonMasterUrl), identity);
}
WSHttpBinding binding;
if (endPointAddress.Uri.Scheme == "https")
{
binding = new WSHttpBinding(SecurityMode.Transport);
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
}
else
{
binding = new WSHttpBinding();
}
PersonMaster.BasicOpClient client = new PersonMaster.BasicOpClient(binding, endPointAddress);
string[] pnrs = joinedPnrBatch.Split(',');
string aux = "";
var result = client.GetObjectIDsFromCprArray("BacthClient", pnrs, ref aux);
Succeeded += result.Where(res => res.HasValue).Count();
Failed += result.Where(res => !res.HasValue).Count();
Console.WriteLine(string.Format("Batch finished: Size={0}, Succeeded So far={1}; Failed So far={2}", pnrs.Length, Succeeded, Failed));
}
public static void Ctor_SpnName(string spn)
{
SpnEndpointIdentity spnEndpointEntity = new SpnEndpointIdentity(spn);
}
public override bool CheckAccess(EndpointIdentity identity, AuthorizationContext authContext)
{
//EventTraceActivity eventTraceActivity = null;
if (identity == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(identity));
}
if (authContext == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(authContext));
}
//if (FxTrace.Trace.IsEnd2EndActivityTracingEnabled)
//{
// eventTraceActivity = EventTraceActivityHelper.TryExtractActivity((OperationContext.Current != null) ? OperationContext.Current.IncomingMessage : null);
//}
for (int i = 0; i < authContext.ClaimSets.Count; ++i)
{
ClaimSet claimSet = authContext.ClaimSets[i];
if (claimSet.ContainsClaim(identity.IdentityClaim))
{
//SecurityTraceRecordHelper.TraceIdentityVerificationSuccess(eventTraceActivity, identity, identity.IdentityClaim, this.GetType());
return(true);
}
// try Claim equivalence
string expectedSpn = null;
if (ClaimTypes.Dns.Equals(identity.IdentityClaim.ClaimType))
{
expectedSpn = string.Format(CultureInfo.InvariantCulture, "host/{0}", (string)identity.IdentityClaim.Resource);
Claim claim = CheckDnsEquivalence(claimSet, expectedSpn);
if (claim != null)
{
//SecurityTraceRecordHelper.TraceIdentityVerificationSuccess(eventTraceActivity, identity, claim, this.GetType());
return(true);
}
}
// Allow a Sid claim to support UPN, and SPN identities
SecurityIdentifier identitySid = null;
if (ClaimTypes.Sid.Equals(identity.IdentityClaim.ClaimType))
{
identitySid = GetSecurityIdentifier(identity.IdentityClaim);
}
else if (ClaimTypes.Upn.Equals(identity.IdentityClaim.ClaimType))
{
identitySid = ((UpnEndpointIdentity)identity).GetUpnSid();
}
else if (ClaimTypes.Spn.Equals(identity.IdentityClaim.ClaimType))
{
identitySid = ((SpnEndpointIdentity)identity).GetSpnSid();
}
else if (ClaimTypes.Dns.Equals(identity.IdentityClaim.ClaimType))
{
identitySid = new SpnEndpointIdentity(expectedSpn).GetSpnSid();
}
if (identitySid != null)
{
Claim claim = CheckSidEquivalence(identitySid, claimSet);
if (claim != null)
{
//SecurityTraceRecordHelper.TraceIdentityVerificationSuccess(eventTraceActivity, identity, claim, this.GetType());
return(true);
}
}
}
SecurityTraceRecordHelper.TraceIdentityVerificationFailure(identity, authContext, GetType());
//if (TD.SecurityIdentityVerificationFailureIsEnabled())
//{
// TD.SecurityIdentityVerificationFailure(eventTraceActivity);
//}
return(false);
}
