/// <summary>
/// Reads the ClaimsIdentites from a XmlDictionaryReader and adds them to a ClaimIdentityColleciton.
/// </summary>
/// <param name="dictionaryReader">XmlDictionaryReader positioned at dictionary.Identities</param>
/// <param name="dictionary">SessionDictionary to provide dictionary strings.</param>
/// <param name="identities">A collection of <see cref="ClaimsIdentity"/> to populate.</param>
/// <exception cref="ArgumentNullException">The input argument 'dictionaryReader', 'dictionary' or 'identities' is null.</exception>
/// <remarks>Reads 'n' identies and adds them to identies.</remarks>
void ReadIdentities(XmlDictionaryReader dictionaryReader, SessionDictionary dictionary, Collection<ClaimsIdentity> identities)
{
if (dictionaryReader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("dictionaryReader");
}
if (dictionary == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("dictionary");
}
if (identities == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("identities");
}
dictionaryReader.MoveToContent();
if (dictionaryReader.IsStartElement(dictionary.Identities, dictionary.EmptyString))
{
dictionaryReader.ReadFullStartElement();
while (dictionaryReader.IsStartElement(dictionary.Identity, dictionary.EmptyString))
{
identities.Add(ReadIdentity(dictionaryReader, dictionary));
}
dictionaryReader.ReadEndElement();
}
}
/// <summary>
/// Reads a single ClaimsIdentity from a XmlDictionaryReader.
/// </summary>
/// <param name="dictionaryReader">XmlDictionaryReader positioned at dictionary.Identity.</param>
/// <param name="dictionary">SessionDictionary to provide dictionary strings.</param>
/// <exception cref="ArgumentNullException">The input argument 'dictionaryReader' or 'dictionary' is null.</exception>
/// <exception cref="SecurityTokenException">The dictionaryReader is not positioned a SessionDictionary.Identity.</exception>
/// <returns>ClaimsIdentity</returns>
ClaimsIdentity ReadIdentity(XmlDictionaryReader dictionaryReader, SessionDictionary dictionary)
{
if (dictionaryReader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("dictionaryReader");
}
if (dictionary == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("dictionary");
}
dictionaryReader.MoveToContent();
ClaimsIdentity identity = null;
if (!dictionaryReader.IsStartElement(dictionary.Identity, dictionary.EmptyString))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.ID3007, dictionaryReader.LocalName, dictionaryReader.NamespaceURI)));
}
// @NameClaimType
string nameClaimType = dictionaryReader.GetAttribute(dictionary.NameClaimType, dictionary.EmptyString);
// @RoleClaimType
string roleClaimType = dictionaryReader.GetAttribute(dictionary.RoleClaimType, dictionary.EmptyString);
// @WindowsLogonName (optional) => windows claims identity
string logonName = dictionaryReader.GetAttribute(dictionary.WindowsLogonName, dictionary.EmptyString);
string authenticationType = dictionaryReader.GetAttribute(dictionary.AuthenticationType, dictionary.EmptyString);
if (string.IsNullOrEmpty(logonName))
{
identity = new ClaimsIdentity(authenticationType, nameClaimType, roleClaimType);
}
else
{
// The WindowsIdentity(string, string) c'tor does not set the Auth type. Hence we use that c'tor to get a intPtr and
// call the other c'tor that actually sets the authType passed in.
// DevDiv 279196 tracks the issue and in WindowsIdentity c'tor. Its too late to fix it in 4.5 cycle as we are in Beta and would not be
// able to complete the analysis of the change for the current release. This should be investigated in 5.0
WindowsIdentity winId = new WindowsIdentity(GetUpn(logonName));
identity = new WindowsIdentity(winId.Token, authenticationType);
}
// @Label
identity.Label = dictionaryReader.GetAttribute(dictionary.Label, dictionary.EmptyString);
dictionaryReader.ReadFullStartElement();
// <ClaimCollection>
if (dictionaryReader.IsStartElement(dictionary.ClaimCollection, dictionary.EmptyString))
{
dictionaryReader.ReadStartElement();
Collection<Claim> claims = new Collection<Claim>();
ReadClaims(dictionaryReader, dictionary, claims);
identity.AddClaims(claims);
dictionaryReader.ReadEndElement();
}
// <Actor>
if (dictionaryReader.IsStartElement(dictionary.Actor, dictionary.EmptyString))
{
dictionaryReader.ReadStartElement();
identity.Actor = ReadIdentity(dictionaryReader, dictionary);
dictionaryReader.ReadEndElement();
}
if (dictionaryReader.IsStartElement(dictionary.BootstrapToken, dictionary.EmptyString))
{
dictionaryReader.ReadStartElement();
byte[] bytes = dictionaryReader.ReadContentAsBase64();
using (MemoryStream ms = new MemoryStream(bytes))
{
BinaryFormatter formatter = new BinaryFormatter();
identity.BootstrapContext = (BootstrapContext)formatter.Deserialize(ms);
}
dictionaryReader.ReadEndElement();
}
dictionaryReader.ReadEndElement(); // Identity
return identity;
}
static void WriteRightAttribute(SysClaim claim, SessionDictionary dictionary, XmlDictionaryWriter writer)
{
if (System.IdentityModel.Claims.Rights.PossessProperty.Equals(claim.Right))
return;
writer.WriteAttributeString(dictionary.Right, dictionary.EmptyString, claim.Right);
}
/// <summary>
/// Reads a ClaimsPrincipal from a XmlDictionaryReader.
/// </summary>
/// <param name="dictionaryReader">XmlDictionaryReader positioned at dictionary.ClaimsPrincipal.</param>
/// <param name="dictionary">SessionDictionary to provide dictionary strings.</param>
/// <exception cref="ArgumentNullException">The input argument 'dictionaryReader' or 'dictionary' is null.</exception>
/// <returns>ClaimsPrincipal</returns>
ClaimsPrincipal ReadPrincipal(XmlDictionaryReader dictionaryReader, SessionDictionary dictionary)
{
if (dictionaryReader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("dictionaryReader");
}
if (dictionary == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("dictionary");
}
ClaimsPrincipal principal = null;
Collection<ClaimsIdentity> identities = new Collection<ClaimsIdentity>();
dictionaryReader.MoveToContent();
if (dictionaryReader.IsStartElement(dictionary.ClaimsPrincipal, dictionary.EmptyString))
{
dictionaryReader.ReadFullStartElement();
ReadIdentities(dictionaryReader, dictionary, identities);
dictionaryReader.ReadEndElement();
}
// If we find a WindowsIdentity in the identities we just read, we should be creating a WindowsPrincipal using it
WindowsIdentity wi = null;
foreach (ClaimsIdentity identity in identities)
{
wi = identity as WindowsIdentity;
if (wi != null)
{
principal = new WindowsPrincipal(wi);
break;
}
}
// If we did create a WindowsPrincipal we can remove the associated WindowsIdentity from the identities collection
// so that we dont add it twice in the subsequent step
if (principal != null)
{
identities.Remove(wi);
}
else if (identities.Count > 0)
{
// If we did not create a WindowsPrincipal, default to a ClaimsPrincipal
principal = new ClaimsPrincipal();
}
if (principal != null)
{
// Add the identities we just read to the principal
principal.AddIdentities(identities);
}
return principal;
}
static void SerializeSid(SecurityIdentifier sid, SessionDictionary dictionary, XmlDictionaryWriter writer)
{
byte[] sidBytes = new byte[sid.BinaryLength];
sid.GetBinaryForm(sidBytes, 0);
writer.WriteBase64(sidBytes, 0, sidBytes.Length);
}
static string ReadRightAttribute(XmlDictionaryReader reader, SessionDictionary dictionary)
{
string right = reader.GetAttribute(dictionary.Right, dictionary.EmptyString);
return string.IsNullOrEmpty(right) ? System.IdentityModel.Claims.Rights.PossessProperty : right;
}
/// <summary>
/// Writes a collection of claims using a XmlDictionaryWriter.
/// </summary>
/// <param name="dictionaryWriter">XmlDictionaryWriter to write to.</param>
/// <param name="dictionary">SessionDictionary to provide dictionary strings.</param>
/// <param name="claims">ClaimCollection to write.</param>
/// <param name="outboundClaimsFilter">Filter to apply when writing claims. If parameter is not null and filter returns true, claim will not be written.</param>
/// <exception cref="ArgumentNullException">The input argument 'dictionaryWriter', 'dictionary' or 'claims' is null.</exception>
void WriteClaims(XmlDictionaryWriter dictionaryWriter, SessionDictionary dictionary, IEnumerable<Claim> claims, OutboundClaimsFilter outboundClaimsFilter)
{
if (dictionaryWriter == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("dictionaryWriter");
}
if (dictionary == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("dictionary");
}
if (claims == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("claims");
}
foreach (Claim claim in claims)
{
if (claim == null)
{
continue;
}
if (outboundClaimsFilter != null && outboundClaimsFilter(claim))
{
continue;
}
// <Claim>
dictionaryWriter.WriteStartElement(dictionary.Claim, dictionary.EmptyString);
// @Issuer
if (!String.IsNullOrEmpty(claim.Issuer))
{
dictionaryWriter.WriteAttributeString(dictionary.Issuer, dictionary.EmptyString, claim.Issuer);
}
// @OriginalIssuer
if (!String.IsNullOrEmpty(claim.OriginalIssuer))
{
dictionaryWriter.WriteAttributeString(dictionary.OriginalIssuer, dictionary.EmptyString, claim.OriginalIssuer);
}
// @Type
dictionaryWriter.WriteAttributeString(dictionary.Type, dictionary.EmptyString, claim.Type);
// @Value
dictionaryWriter.WriteAttributeString(dictionary.Value, dictionary.EmptyString, claim.Value);
// @ValueType
dictionaryWriter.WriteAttributeString(dictionary.ValueType, dictionary.EmptyString, claim.ValueType);
// <Properties>
if (claim.Properties != null && claim.Properties.Count > 0)
{
WriteClaimProperties(dictionaryWriter, dictionary, claim.Properties);
}
dictionaryWriter.WriteEndElement();
}
}
/// <summary>
/// Writes a collection of ClaimProperties using a XmlDictionaryWriter.
/// </summary>
/// <param name="dictionaryWriter">XmlDictionaryWriter to write to.</param>
/// <param name="dictionary">SessionDictionary to provide dictionary strings.</param>
/// <param name="properties">ClaimProperties to write.</param>
/// <exception cref="ArgumentNullException">The input argument 'dictionaryWriter', 'dictionary' or 'properties' is null.</exception>
void WriteClaimProperties(XmlDictionaryWriter dictionaryWriter, SessionDictionary dictionary, IDictionary<string, string> properties)
{
if (dictionaryWriter == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("dictionaryWriter");
}
if (dictionary == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("dictionary");
}
if (properties == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("properties");
}
if (properties.Count > 0)
{
dictionaryWriter.WriteStartElement(dictionary.ClaimProperties, dictionary.EmptyString);
foreach (KeyValuePair<string, string> property in properties)
{
// <ClaimProperty>
if (!String.IsNullOrEmpty(property.Key) && !String.IsNullOrEmpty(property.Value))
{
dictionaryWriter.WriteStartElement(dictionary.ClaimProperty, dictionary.EmptyString);
// @Name
dictionaryWriter.WriteAttributeString(dictionary.ClaimPropertyName, dictionary.EmptyString, property.Key);
// @Value
dictionaryWriter.WriteAttributeString(dictionary.ClaimPropertyValue, dictionary.EmptyString, property.Value);
dictionaryWriter.WriteEndElement();
}
}
dictionaryWriter.WriteEndElement();
}
}
/// <summary>
/// Writes a single ClaimsIdentity using a XmlDictionaryWriter.
/// </summary>
/// <param name="dictionaryWriter">XmlDictionaryWriter to write to.</param>
/// <param name="dictionary">SessionDictionary to provide dictionary strings.</param>
/// <param name="identity">ClaimsIdentiy to write.</param>
/// <exception cref="ArgumentNullException">The input argument 'dictionaryWriter', 'dictionary' or 'identity' is null.</exception>
void WriteIdentity(XmlDictionaryWriter dictionaryWriter, SessionDictionary dictionary, ClaimsIdentity identity)
{
if (dictionaryWriter == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("dictionaryWriter");
}
if (dictionary == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("dictionary");
}
if (identity == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("identity");
}
//
// WindowsIdentity needs special handling
//
// <Identity>
dictionaryWriter.WriteStartElement(dictionary.Identity, dictionary.EmptyString);
WindowsIdentity wci = identity as WindowsIdentity;
if (wci != null)
{
// @WindowsLogonName (optional)
dictionaryWriter.WriteAttributeString(dictionary.WindowsLogonName, dictionary.EmptyString, wci.Name);
}
// @AuthenticationType (optional)
if (!String.IsNullOrEmpty(identity.AuthenticationType))
{
dictionaryWriter.WriteAttributeString(dictionary.AuthenticationType, dictionary.EmptyString, identity.AuthenticationType);
}
// @LabelWrite (optional)
if (!String.IsNullOrEmpty(identity.Label))
{
dictionaryWriter.WriteAttributeString(dictionary.Label, dictionary.EmptyString, identity.Label);
}
// @NameClaimType (optional)
if (identity.NameClaimType != null)
{
dictionaryWriter.WriteAttributeString(dictionary.NameClaimType, dictionary.EmptyString, identity.NameClaimType);
}
// @RoleClaimType (optional)
if (identity.RoleClaimType != null)
{
dictionaryWriter.WriteAttributeString(dictionary.RoleClaimType, dictionary.EmptyString, identity.RoleClaimType);
}
// <ClaimCollection> (optional)
if (identity.Claims != null)
{
dictionaryWriter.WriteStartElement(dictionary.ClaimCollection, dictionary.EmptyString);
WriteClaims(dictionaryWriter, dictionary, identity.Claims, (wci == null) ?
(OutboundClaimsFilter)null
:
// do not serialize SID claims for WindowsIdentities as they will be created when the
// windows identity is recreated.
delegate(Claim c)
{
if (c.Type == ClaimTypes.GroupSid
|| c.Type == ClaimTypes.PrimaryGroupSid
|| c.Type == ClaimTypes.PrimarySid
|| c.Type == ClaimTypes.DenyOnlyPrimaryGroupSid
|| c.Type == ClaimTypes.DenyOnlyPrimarySid
|| c.Type == ClaimTypes.Name && c.Issuer == ClaimsIdentity.DefaultIssuer && c.ValueType == ClaimValueTypes.String)
{
return true;
}
return false;
}
);
dictionaryWriter.WriteEndElement();
}
// <Actor> (optional)
if (identity.Actor != null)
{
dictionaryWriter.WriteStartElement(dictionary.Actor, dictionary.EmptyString);
WriteIdentity(dictionaryWriter, dictionary, identity.Actor);
dictionaryWriter.WriteEndElement();
}
if (identity.BootstrapContext != null)
{
dictionaryWriter.WriteStartElement(dictionary.BootstrapToken, dictionary.EmptyString);
using (MemoryStream ms = new MemoryStream())
{
BinaryFormatter formatter = new BinaryFormatter();
formatter.Serialize(ms, identity.BootstrapContext);
byte[] bootstrapArray = ms.ToArray();
dictionaryWriter.WriteBase64(bootstrapArray, 0, bootstrapArray.Length);
}
dictionaryWriter.WriteEndElement(); // </BootstrapToken>
}
dictionaryWriter.WriteEndElement();
}
/// <summary>
/// Writes a collection of ClaimsIdentity using a XmlDictionaryWriter.
/// </summary>
/// <param name="dictionaryWriter">XmlDictionaryWriter to write to.</param>
/// <param name="dictionary">SessionDictionary to provide dictionary strings.</param>
/// <param name="identities">The collection of ClaimsIdentity to write.</param>
/// <exception cref="ArgumentNullException">The input argument 'dictionaryWriter', 'dictionary' or 'identities' is null.</exception>
void WriteIdentities(XmlDictionaryWriter dictionaryWriter, SessionDictionary dictionary, IEnumerable<ClaimsIdentity> identities)
{
if (dictionaryWriter == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("dictionaryWriter");
}
if (dictionary == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("dictionary");
}
if (identities == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("identities");
}
// <Identities>
dictionaryWriter.WriteStartElement(dictionary.Identities, dictionary.EmptyString);
foreach (ClaimsIdentity ci in identities)
{
WriteIdentity(dictionaryWriter, dictionary, ci);
}
dictionaryWriter.WriteEndElement();
}
/// <summary>
/// Writes out a ClaimsPrincipal using a XmlDictionaryWriter.
/// </summary>
/// <param name="dictionaryWriter">XmlDictionaryWriter to write to.</param>
/// <param name="dictionary">SessionDictionary to provide dictionary strings.</param>
/// <param name="principal">ClaimsPrincipal to write.</param>
/// <exception cref="ArgumentNullException">The input argument 'dictionaryWriter', 'dictionary' or 'principal' is null.</exception>
void WritePrincipal(XmlDictionaryWriter dictionaryWriter, SessionDictionary dictionary, ClaimsPrincipal principal)
{
if (dictionaryWriter == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("dictionaryWriter");
}
if (dictionary == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("dictionary");
}
if (principal == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("principal");
}
// <ClaimsPrincipal>
dictionaryWriter.WriteStartElement(dictionary.ClaimsPrincipal, dictionary.EmptyString);
if (principal.Identities != null)
{
WriteIdentities(dictionaryWriter, dictionary, principal.Identities);
}
dictionaryWriter.WriteEndElement();
}
/// <summary>
/// Reads ClaimProperties from a XmlDictionaryReader and adds them to a Dictionary.
/// </summary>
/// <param name="dictionaryReader">XmlDictionaryReader positioned at the element dictionary.ClaimProperties </param>
/// <param name="dictionary">SessionDictionary to provide dictionary strings.</param>
/// <param name="properties">Dictionary to add properties to.</param>
/// <exception cref="ArgumentNullException">The input argument 'dictionaryReader', 'dictionary' or 'properties' is null.</exception>
/// <exception cref="SecurityTokenException">Is thrown if the 'name' of a property is null or an empty string.</exception>
/// <exception cref="SecurityTokenException">Is thrown if the 'value' of a property is null.</exception>
/// <remarks>Reads 'n' properties.</remarks>
void ReadClaimProperties(XmlDictionaryReader dictionaryReader, SessionDictionary dictionary, IDictionary<string, string> properties)
{
if (dictionaryReader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("dictionaryReader");
}
if (dictionary == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("dictionary");
}
if (properties == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("properties");
}
dictionaryReader.ReadStartElement();
// <Property>
while (dictionaryReader.IsStartElement(dictionary.ClaimProperty, dictionary.EmptyString))
{
// @Name, @Value
string name = dictionaryReader.GetAttribute(dictionary.ClaimPropertyName, dictionary.EmptyString);
string value = dictionaryReader.GetAttribute(dictionary.ClaimPropertyValue, dictionary.EmptyString);
if (string.IsNullOrEmpty(name))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.ID4249)));
}
if (string.IsNullOrEmpty(value))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.ID4250)));
}
properties.Add(new KeyValuePair<string, string>(name, value));
dictionaryReader.ReadFullStartElement();
dictionaryReader.ReadEndElement();
}
dictionaryReader.ReadEndElement();
}
/// <summary>
/// Reads Claims from a XmlDictionaryReader and adds them to a ClaimCollection.
/// </summary>
/// <param name="dictionaryReader">XmlDictionaryReader positioned at dictionary.Claim.</param>
/// <param name="dictionary">SessionDictionary to provide dictionary strings.</param>
/// <param name="claims">ClaimCollection to add the claims to.</param>
/// <exception cref="ArgumentNullException">The input argument 'dictionaryReader', 'dictionary' or 'claims' is null.</exception>
/// <remarks>Reads 'n' claims and adds them to claims.</remarks>
void ReadClaims(XmlDictionaryReader dictionaryReader, SessionDictionary dictionary, Collection<Claim> claims)
{
if (dictionaryReader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("dictionaryReader");
}
if (dictionary == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("dictionary");
}
if (claims == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("claims");
}
while (dictionaryReader.IsStartElement(dictionary.Claim, dictionary.EmptyString))
{
// @Issuer (optional), @OriginalIssuer (optional), @Type, @Value, @ValueType
Claim claim = new Claim(dictionaryReader.GetAttribute(dictionary.Type, dictionary.EmptyString),
dictionaryReader.GetAttribute(dictionary.Value, dictionary.EmptyString),
dictionaryReader.GetAttribute(dictionary.ValueType, dictionary.EmptyString),
dictionaryReader.GetAttribute(dictionary.Issuer, dictionary.EmptyString),
dictionaryReader.GetAttribute(dictionary.OriginalIssuer, dictionary.EmptyString));
dictionaryReader.ReadFullStartElement();
// <Properties> (optional)
if (dictionaryReader.IsStartElement(dictionary.ClaimProperties, dictionary.EmptyString))
{
ReadClaimProperties(dictionaryReader, dictionary, claim.Properties);
}
dictionaryReader.ReadEndElement();
claims.Add(claim);
}
}