public static WindowsIdentity GetProcessIdentity()
{
SafeCloseHandle tokenHandle = null;
lock (lockObject)
{
try
{
bool isSuccess = SafeNativeMethods.GetCurrentProcessToken(SafeNativeMethods.GetCurrentProcess(), TokenAccessLevels.Query, out tokenHandle);
if (!isSuccess)
{
int error = Marshal.GetLastWin32Error();
Utility.CloseInvalidOutSafeHandle(tokenHandle);
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error, SR.GetString(SR.OpenProcessTokenFailed, error)));
}
processIdentity = new WindowsIdentity(tokenHandle.DangerousGetHandle());
}
finally
{
if (tokenHandle != null)
{
tokenHandle.Dispose();
}
}
}
return(processIdentity);
}
protected override ReadOnlyCollection <IAuthorizationPolicy> ValidateSspiNegotiation(ISspiNegotiation sspiNegotiation)
{
WindowsSspiNegotiation windowsNegotiation = (WindowsSspiNegotiation)sspiNegotiation;
if (windowsNegotiation.IsValidContext == false)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new SecurityNegotiationException(SR.GetString(SR.InvalidSspiNegotiation)));
}
SecurityTraceRecordHelper.TraceServiceSpnego(windowsNegotiation);
if (this.IsClientAnonymous)
{
return(EmptyReadOnlyCollection <IAuthorizationPolicy> .Instance);
}
using (SafeCloseHandle contextToken = windowsNegotiation.GetContextToken())
{
WindowsIdentity windowsIdentity = new WindowsIdentity(contextToken.DangerousGetHandle(), windowsNegotiation.ProtocolName);
SecurityUtils.ValidateAnonymityConstraint(windowsIdentity, this.AllowUnauthenticatedCallers);
List <IAuthorizationPolicy> policies = new List <IAuthorizationPolicy>(1);
WindowsClaimSet wic = new WindowsClaimSet(windowsIdentity, windowsNegotiation.ProtocolName, this.extractGroupsForWindowsAccounts, false);
policies.Add(new System.IdentityModel.Policy.UnconditionalPolicy(wic, TimeoutHelper.Add(DateTime.UtcNow, base.ServiceTokenLifetime)));
return(policies.AsReadOnly());
}
}
public static WindowsIdentity GetAnonymousIdentity()
{
SafeCloseHandle tokenHandle = null;
bool isImpersonating = false;
lock (lockObject)
{
if (anonymousIdentity == null)
{
try
{
try
{
if (!SafeNativeMethods.ImpersonateAnonymousUserOnCurrentThread(SafeNativeMethods.GetCurrentThread()))
{
int error = Marshal.GetLastWin32Error();
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error, SR.GetString(SR.ImpersonateAnonymousTokenFailed, error)));
}
isImpersonating = true;
bool revertSuccess;
bool isSuccess = SafeNativeMethods.OpenCurrentThreadToken(SafeNativeMethods.GetCurrentThread(), TokenAccessLevels.Query, true, out tokenHandle);
if (!isSuccess)
{
int error = Marshal.GetLastWin32Error();
revertSuccess = SafeNativeMethods.RevertToSelf();
if (false == revertSuccess)
{
error = Marshal.GetLastWin32Error();
//this requires a failfast since failure to revert impersonation compromises security
DiagnosticUtility.FailFast("RevertToSelf() failed with " + error);
}
isImpersonating = false;
Utility.CloseInvalidOutSafeHandle(tokenHandle);
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error, SR.GetString(SR.OpenThreadTokenFailed, error)));
}
revertSuccess = SafeNativeMethods.RevertToSelf();
if (false == revertSuccess)
{
int error = Marshal.GetLastWin32Error();
//this requires a failfast since failure to revert impersonation compromises security
DiagnosticUtility.FailFast("RevertToSelf() failed with " + error);
}
isImpersonating = false;
using (tokenHandle)
{
anonymousIdentity = new WindowsIdentity(tokenHandle.DangerousGetHandle());
}
}
finally
{
if (isImpersonating)
{
bool revertSuccess = SafeNativeMethods.RevertToSelf();
if (false == revertSuccess)
{
int error = Marshal.GetLastWin32Error();
//this requires a failfast since failure to revert impersonation compromises security
DiagnosticUtility.FailFast("RevertToSelf() failed with " + error);
}
}
}
}
catch
{
// Force the finally to run before leaving the method.
throw;
}
}
}
return(anonymousIdentity);
}