예제 #1
0
 public RequestSecurityTokenResponse(MessageSecurityVersion messageSecurityVersion,
                                     SecurityTokenSerializer securityTokenSerializer,
                                     XmlElement requestSecurityTokenResponseXml,
                                     string context,
                                     string tokenType,
                                     int keySize,
                                     SecurityKeyIdentifierClause requestedAttachedReference,
                                     SecurityKeyIdentifierClause requestedUnattachedReference,
                                     bool computeKey,
                                     DateTime validFrom,
                                     DateTime validTo,
                                     bool isRequestedTokenClosed)
     : this(SecurityUtils.CreateSecurityStandardsManager(messageSecurityVersion, securityTokenSerializer),
            requestSecurityTokenResponseXml,
            context,
            tokenType,
            keySize,
            requestedAttachedReference,
            requestedUnattachedReference,
            computeKey,
            validFrom,
            validTo,
            isRequestedTokenClosed)
 {
 }
예제 #2
0
        protected SecurityTokenAuthenticator CreateSecureConversationTokenAuthenticator(RecipientServiceModelSecurityTokenRequirement recipientRequirement, bool preserveBootstrapTokens, out SecurityTokenResolver sctResolver)
        {
            SecurityBindingElement securityBindingElement = recipientRequirement.SecurityBindingElement;

            if (securityBindingElement == null)
            {
                throw CoreWCF.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.Format(SR.TokenAuthenticatorRequiresSecurityBindingElement, (object)recipientRequirement));
            }
            bool flag = !recipientRequirement.SupportSecurityContextCancellation;
            LocalServiceSecuritySettings          localServiceSettings = securityBindingElement.LocalServiceSettings;
            IMessageFilterTable <EndpointAddress> propertyOrDefault    = recipientRequirement.GetPropertyOrDefault <IMessageFilterTable <EndpointAddress> >(ServiceModelSecurityTokenRequirement.EndpointFilterTableProperty, (IMessageFilterTable <EndpointAddress>)null);

            if (!flag)
            {
                sctResolver = (SecurityTokenResolver) new SecurityContextSecurityTokenResolver(int.MaxValue, false);
                return((SecurityTokenAuthenticator) new SecuritySessionSecurityTokenAuthenticator()
                {
                    BootstrapSecurityBindingElement = SecurityUtils.GetIssuerSecurityBindingElement((ServiceModelSecurityTokenRequirement)recipientRequirement),
                    IssuedSecurityTokenParameters = recipientRequirement.GetProperty <SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty),
                    IssuedTokenCache = (ISecurityContextSecurityTokenCache)sctResolver,
                    IssuerBindingContext = recipientRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty),
                    KeyEntropyMode = securityBindingElement.KeyEntropyMode,
                    ListenUri = recipientRequirement.ListenUri,
                    SecurityAlgorithmSuite = recipientRequirement.SecurityAlgorithmSuite,
                    SessionTokenLifetime = TimeSpan.MaxValue,
                    KeyRenewalInterval = securityBindingElement.LocalServiceSettings.SessionKeyRenewalInterval,
                    StandardsManager = SecurityUtils.CreateSecurityStandardsManager((SecurityTokenRequirement)recipientRequirement, (SecurityTokenManager)this),
                    EndpointFilterTable = propertyOrDefault,
                    MaximumConcurrentNegotiations = localServiceSettings.MaxStatefulNegotiations,
                    NegotiationTimeout = localServiceSettings.NegotiationTimeout,
                    PreserveBootstrapTokens = preserveBootstrapTokens
                });
            }
            throw new NotImplementedException();

            /* TODO later
             * sctResolver = (SecurityTokenResolver)new SecurityContextSecurityTokenResolver(localServiceSettings.MaxCachedCookies, true, localServiceSettings.MaxClockSkew);
             * AcceleratedTokenAuthenticator tokenAuthenticator = new AcceleratedTokenAuthenticator();
             * tokenAuthenticator.BootstrapSecurityBindingElement = SecurityUtils.GetIssuerSecurityBindingElement((ServiceModelSecurityTokenRequirement)recipientRequirement);
             * tokenAuthenticator.KeyEntropyMode = securityBindingElement.KeyEntropyMode;
             * tokenAuthenticator.EncryptStateInServiceToken = true;
             * tokenAuthenticator.IssuedSecurityTokenParameters = recipientRequirement.GetProperty<SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty);
             * tokenAuthenticator.IssuedTokenCache = (ISecurityContextSecurityTokenCache)sctResolver;
             * tokenAuthenticator.IssuerBindingContext = recipientRequirement.GetProperty<BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty);
             * tokenAuthenticator.ListenUri = recipientRequirement.ListenUri;
             * tokenAuthenticator.SecurityAlgorithmSuite = recipientRequirement.SecurityAlgorithmSuite;
             * tokenAuthenticator.StandardsManager = SecurityUtils.CreateSecurityStandardsManager((SecurityTokenRequirement)recipientRequirement, (SecurityTokenManager)this);
             * tokenAuthenticator.SecurityStateEncoder = this.parent.SecureConversationAuthentication.SecurityStateEncoder;
             * tokenAuthenticator.KnownTypes = (IList<System.Type>)this.parent.SecureConversationAuthentication.SecurityContextClaimTypes;
             * tokenAuthenticator.PreserveBootstrapTokens = preserveBootstrapTokens;
             * tokenAuthenticator.MaximumCachedNegotiationState = localServiceSettings.MaxStatefulNegotiations;
             * tokenAuthenticator.NegotiationTimeout = localServiceSettings.NegotiationTimeout;
             * tokenAuthenticator.ServiceTokenLifetime = localServiceSettings.IssuedCookieLifetime;
             * tokenAuthenticator.MaximumConcurrentNegotiations = localServiceSettings.MaxStatefulNegotiations;
             * tokenAuthenticator.AuditLogLocation = recipientRequirement.AuditLogLocation;
             * tokenAuthenticator.SuppressAuditFailure = recipientRequirement.SuppressAuditFailure;
             * tokenAuthenticator.MessageAuthenticationAuditLevel = recipientRequirement.MessageAuthenticationAuditLevel;
             * tokenAuthenticator.EndpointFilterTable = propertyOrDefault;
             * return (SecurityTokenAuthenticator)tokenAuthenticator;*/
        }
        private SecurityTokenAuthenticator CreateSpnegoSecurityTokenAuthenticator(RecipientServiceModelSecurityTokenRequirement recipientRequirement, out SecurityTokenResolver sctResolver)
        {
            SecurityBindingElement securityBindingElement = recipientRequirement.SecurityBindingElement;

            if (securityBindingElement == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.Format(SR.TokenAuthenticatorRequiresSecurityBindingElement, recipientRequirement));
            }
            bool isCookieMode = !recipientRequirement.SupportSecurityContextCancellation;
            LocalServiceSecuritySettings localServiceSettings = securityBindingElement.LocalServiceSettings;

            sctResolver = new SecurityContextSecurityTokenResolver(localServiceSettings.MaxCachedCookies, true);
            recipientRequirement.TryGetProperty <ExtendedProtectionPolicy>(ServiceModelSecurityTokenRequirement.ExtendedProtectionPolicy, out _);

            SpnegoTokenAuthenticator authenticator = new SpnegoTokenAuthenticator
            {
                ExtendedProtectionPolicy        = null,
                AllowUnauthenticatedCallers     = ServiceCredentials.WindowsAuthentication.AllowAnonymousLogons,
                ExtractGroupsForWindowsAccounts = ServiceCredentials.WindowsAuthentication.IncludeWindowsGroups,
                IsClientAnonymous             = false,
                EncryptStateInServiceToken    = isCookieMode,
                IssuedSecurityTokenParameters = recipientRequirement.GetProperty <SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty),
                IssuedTokenCache       = (ISecurityContextSecurityTokenCache)sctResolver,
                IssuerBindingContext   = recipientRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty),
                ListenUri              = recipientRequirement.ListenUri,
                SecurityAlgorithmSuite = recipientRequirement.SecurityAlgorithmSuite,
                StandardsManager       = SecurityUtils.CreateSecurityStandardsManager(recipientRequirement, this),
                SecurityStateEncoder   = ServiceCredentials.SecureConversationAuthentication.SecurityStateEncoder,
                KnownTypes             = ServiceCredentials.SecureConversationAuthentication.SecurityContextClaimTypes,
                LdapSettings           = ServiceCredentials.WindowsAuthentication.LdapSetting
            };

            // if the SPNEGO is being done in mixed-mode, the nego blobs are from an anonymous client and so there size bound needs to be enforced.
            if (securityBindingElement is TransportSecurityBindingElement)
            {
                authenticator.MaxMessageSize = SecurityUtils.GetMaxNegotiationBufferSize(authenticator.IssuerBindingContext);
            }

            // local security quotas
            authenticator.MaximumCachedNegotiationState = localServiceSettings.MaxStatefulNegotiations;
            authenticator.NegotiationTimeout            = localServiceSettings.NegotiationTimeout;
            authenticator.ServiceTokenLifetime          = localServiceSettings.IssuedCookieLifetime;
            authenticator.MaximumConcurrentNegotiations = localServiceSettings.MaxStatefulNegotiations;

            // audit settings
            //authenticator.AuditLogLocation = recipientRequirement.AuditLogLocation;
            //authenticator.SuppressAuditFailure = recipientRequirement.SuppressAuditFailure;
            //authenticator.MessageAuthenticationAuditLevel = recipientRequirement.MessageAuthenticationAuditLevel;
            return(authenticator);
        }
예제 #4
0
 public RequestSecurityToken(MessageSecurityVersion messageSecurityVersion,
                             SecurityTokenSerializer securityTokenSerializer,
                             XmlElement requestSecurityTokenXml,
                             string context,
                             string tokenType,
                             string requestType,
                             int keySize,
                             SecurityKeyIdentifierClause renewTarget,
                             SecurityKeyIdentifierClause closeTarget)
     : this(SecurityUtils.CreateSecurityStandardsManager(messageSecurityVersion, securityTokenSerializer),
            requestSecurityTokenXml,
            context,
            tokenType,
            requestType,
            keySize,
            renewTarget,
            closeTarget)
 {
 }
예제 #5
0
 public static RequestSecurityToken CreateFrom(XmlReader reader, MessageSecurityVersion messageSecurityVersion, SecurityTokenSerializer securityTokenSerializer)
 {
     return(CreateFrom(SecurityUtils.CreateSecurityStandardsManager(messageSecurityVersion, securityTokenSerializer), reader));
 }
예제 #6
0
 public RequestSecurityToken(MessageSecurityVersion messageSecurityVersion, SecurityTokenSerializer securityTokenSerializer)
     : this(SecurityUtils.CreateSecurityStandardsManager(messageSecurityVersion, securityTokenSerializer))
 {
 }