/// <summary>
        /// Loads configuration elements pertaining to the <see cref="SecurityTokenHandlerCollection"/>
        /// </summary>
        /// <param name="baseConfiguration">Base <see cref="SecurityTokenHandlerConfiguration"/> from which to inherit default values.</param>
        /// <param name="element">The <see cref="SecurityTokenHandlerConfigurationElement"/> from the configuration file.</param>
        /// <returns></returns>
        protected SecurityTokenHandlerConfiguration LoadHandlerConfiguration(SecurityTokenHandlerConfiguration baseConfiguration, SecurityTokenHandlerConfigurationElement element)
        {
            SecurityTokenHandlerConfiguration handlerConfiguration = (baseConfiguration == null) ? new SecurityTokenHandlerConfiguration() : baseConfiguration;

            if (element.AudienceUris.IsConfigured)
            {
                //
                // There is no inheritance of the content of the element from base to child, only the whole element. If the
                // user specifies any part, they must specify it all.
                //
                handlerConfiguration.AudienceRestriction.AudienceMode = AudienceUriMode.Always;
                handlerConfiguration.AudienceRestriction.AllowedAudienceUris.Clear();

                handlerConfiguration.AudienceRestriction.AudienceMode = element.AudienceUris.Mode;

                foreach (AudienceUriElement audienceUriElement in element.AudienceUris)
                {
                    handlerConfiguration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(audienceUriElement.Value, UriKind.RelativeOrAbsolute));
                }
            }

            if (element.Caches.IsConfigured)
            {
                if (element.Caches.TokenReplayCache.IsConfigured)
                {
                    handlerConfiguration.Caches.TokenReplayCache = CustomTypeElement.Resolve<TokenReplayCache>(element.Caches.TokenReplayCache);
                }

                if (element.Caches.SessionSecurityTokenCache.IsConfigured)
                {
                    handlerConfiguration.Caches.SessionSecurityTokenCache = CustomTypeElement.Resolve<SessionSecurityTokenCache>(element.Caches.SessionSecurityTokenCache);
                }
            }

            if (element.CertificateValidation.IsConfigured)
            {
                handlerConfiguration.RevocationMode = element.CertificateValidation.RevocationMode;
                handlerConfiguration.CertificateValidationMode = element.CertificateValidation.CertificateValidationMode;
                handlerConfiguration.TrustedStoreLocation = element.CertificateValidation.TrustedStoreLocation;

                if (element.CertificateValidation.CertificateValidator.IsConfigured)
                {
                    handlerConfiguration.CertificateValidator = CustomTypeElement.Resolve<X509CertificateValidator>(element.CertificateValidation.CertificateValidator);
                }
            }

            //
            // Load the issuer name registry
            //
            if (element.IssuerNameRegistry.IsConfigured)
            {
                handlerConfiguration.IssuerNameRegistry = GetIssuerNameRegistry(element.IssuerNameRegistry);
            }

            //
            // Load the issuer token resolver
            //
            if (element.IssuerTokenResolver.IsConfigured)
            {
                handlerConfiguration.IssuerTokenResolver = CustomTypeElement.Resolve<SecurityTokenResolver>(element.IssuerTokenResolver);
            }

            //
            // Load MaxClockSkew
            //
            try
            {
                if (element.ElementInformation.Properties[ConfigurationStrings.MaximumClockSkew].ValueOrigin != PropertyValueOrigin.Default)
                {
                    handlerConfiguration.MaxClockSkew = element.MaximumClockSkew;
                }
            }
            catch (ArgumentException inner)
            {
                throw DiagnosticUtility.ThrowHelperConfigurationError(element, ConfigurationStrings.MaximumClockSkew, inner);
            }

            //
            // SaveBootstrapTokens
            //
            if (element.ElementInformation.Properties[ConfigurationStrings.SaveBootstrapContext].ValueOrigin != PropertyValueOrigin.Default)
            {
                handlerConfiguration.SaveBootstrapContext = element.SaveBootstrapContext;
            }

            //
            // Load the service token resolver
            //
            if (element.ServiceTokenResolver.IsConfigured)
            {
                handlerConfiguration.ServiceTokenResolver = CustomTypeElement.Resolve<SecurityTokenResolver>(element.ServiceTokenResolver);
            }

            //
            // TokenReplayCache related items
            //
            if (element.TokenReplayDetection.IsConfigured)
            {
                //
                // Set on SecurityTokenHandlerConfiguration
                //

                //
                // DetectReplayedTokens set - { true | false }
                //
                handlerConfiguration.DetectReplayedTokens = element.TokenReplayDetection.Enabled;

                //
                // ExpirationPeriod { TimeSpan }
                //
                handlerConfiguration.TokenReplayCacheExpirationPeriod = element.TokenReplayDetection.ExpirationPeriod;

            }

            return handlerConfiguration;
        }
예제 #2
0
        /// <summary>
        /// Loads configuration elements pertaining to the <see cref="SecurityTokenHandlerCollection"/>
        /// </summary>
        /// <param name="baseConfiguration">Base <see cref="SecurityTokenHandlerConfiguration"/> from which to inherit default values.</param>
        /// <param name="element">The <see cref="SecurityTokenHandlerConfigurationElement"/> from the configuration file.</param>
        /// <returns></returns>
        protected SecurityTokenHandlerConfiguration LoadHandlerConfiguration(SecurityTokenHandlerConfiguration baseConfiguration, SecurityTokenHandlerConfigurationElement element)
        {
            SecurityTokenHandlerConfiguration handlerConfiguration = (baseConfiguration == null) ? new SecurityTokenHandlerConfiguration() : baseConfiguration;

            if (element.AudienceUris.IsConfigured)
            {
                //
                // There is no inheritance of the content of the element from base to child, only the whole element. If the
                // user specifies any part, they must specify it all.
                //
                handlerConfiguration.AudienceRestriction.AudienceMode = AudienceUriMode.Always;
                handlerConfiguration.AudienceRestriction.AllowedAudienceUris.Clear();

                handlerConfiguration.AudienceRestriction.AudienceMode = element.AudienceUris.Mode;

                foreach (AudienceUriElement audienceUriElement in element.AudienceUris)
                {
                    handlerConfiguration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(audienceUriElement.Value, UriKind.RelativeOrAbsolute));
                }
            }

            if (element.Caches.IsConfigured)
            {
                if (element.Caches.TokenReplayCache.IsConfigured)
                {
                    handlerConfiguration.Caches.TokenReplayCache = CustomTypeElement.Resolve <TokenReplayCache>(element.Caches.TokenReplayCache);
                }

                if (element.Caches.SessionSecurityTokenCache.IsConfigured)
                {
                    handlerConfiguration.Caches.SessionSecurityTokenCache = CustomTypeElement.Resolve <SessionSecurityTokenCache>(element.Caches.SessionSecurityTokenCache);
                }
            }

            if (element.CertificateValidation.IsConfigured)
            {
                handlerConfiguration.RevocationMode            = element.CertificateValidation.RevocationMode;
                handlerConfiguration.CertificateValidationMode = element.CertificateValidation.CertificateValidationMode;
                handlerConfiguration.TrustedStoreLocation      = element.CertificateValidation.TrustedStoreLocation;

                if (element.CertificateValidation.CertificateValidator.IsConfigured)
                {
                    handlerConfiguration.CertificateValidator = CustomTypeElement.Resolve <X509CertificateValidator>(element.CertificateValidation.CertificateValidator);
                }
            }

            //
            // Load the issuer name registry
            //
            if (element.IssuerNameRegistry.IsConfigured)
            {
                handlerConfiguration.IssuerNameRegistry = GetIssuerNameRegistry(element.IssuerNameRegistry);
            }

            //
            // Load the issuer token resolver
            //
            if (element.IssuerTokenResolver.IsConfigured)
            {
                handlerConfiguration.IssuerTokenResolver = CustomTypeElement.Resolve <SecurityTokenResolver>(element.IssuerTokenResolver);
            }

            //
            // Load MaxClockSkew
            //
            try
            {
                if (element.ElementInformation.Properties[ConfigurationStrings.MaximumClockSkew].ValueOrigin != PropertyValueOrigin.Default)
                {
                    handlerConfiguration.MaxClockSkew = element.MaximumClockSkew;
                }
            }
            catch (ArgumentException inner)
            {
                throw DiagnosticUtility.ThrowHelperConfigurationError(element, ConfigurationStrings.MaximumClockSkew, inner);
            }

            //
            // SaveBootstrapTokens
            //
            if (element.ElementInformation.Properties[ConfigurationStrings.SaveBootstrapContext].ValueOrigin != PropertyValueOrigin.Default)
            {
                handlerConfiguration.SaveBootstrapContext = element.SaveBootstrapContext;
            }

            //
            // Load the service token resolver
            //
            if (element.ServiceTokenResolver.IsConfigured)
            {
                handlerConfiguration.ServiceTokenResolver = CustomTypeElement.Resolve <SecurityTokenResolver>(element.ServiceTokenResolver);
            }

            //
            // TokenReplayCache related items
            //
            if (element.TokenReplayDetection.IsConfigured)
            {
                //
                // Set on SecurityTokenHandlerConfiguration
                //

                //
                // DetectReplayedTokens set - { true | false }
                //
                handlerConfiguration.DetectReplayedTokens = element.TokenReplayDetection.Enabled;

                //
                // ExpirationPeriod { TimeSpan }
                //
                handlerConfiguration.TokenReplayCacheExpirationPeriod = element.TokenReplayDetection.ExpirationPeriod;
            }

            return(handlerConfiguration);
        }