private static void WriteRightAttribute(Claim claim, SctClaimDictionary dictionary, XmlDictionaryWriter writer)
{
if (!Rights.PossessProperty.Equals(claim.Right))
{
writer.WriteAttributeString(dictionary.Right, dictionary.EmptyString, claim.Right);
}
}
static void SerializePrimaryIdentity(IIdentity identity, SctClaimDictionary dictionary, XmlDictionaryWriter writer, XmlObjectSerializer serializer)
{
if (identity != null && identity != SecurityUtils.AnonymousIdentity)
{
writer.WriteStartElement(dictionary.PrimaryIdentity, dictionary.EmptyString);
if (identity is WindowsIdentity)
{
WindowsIdentity wid = (WindowsIdentity)identity;
writer.WriteStartElement(dictionary.WindowsSidIdentity, dictionary.EmptyString);
WriteSidAttribute(wid.User, dictionary, writer);
// This is to work around WOW64 bug Windows OS 1491447
string authenticationType = null;
using (WindowsIdentity self = WindowsIdentity.GetCurrent())
{
// is owner or admin? AuthenticationType could throw un-authorized exception
if ((self.User == wid.Owner) ||
(wid.Owner != null && self.Groups.Contains(wid.Owner)) ||
(wid.Owner != SecurityUtils.AdministratorsSid && self.Groups.Contains(SecurityUtils.AdministratorsSid)))
{
authenticationType = wid.AuthenticationType;
}
}
if (!String.IsNullOrEmpty(authenticationType))
{
writer.WriteAttributeString(dictionary.AuthenticationType, dictionary.EmptyString, authenticationType);
}
writer.WriteString(wid.Name);
writer.WriteEndElement();
}
else if (identity is WindowsSidIdentity)
{
WindowsSidIdentity wsid = (WindowsSidIdentity)identity;
writer.WriteStartElement(dictionary.WindowsSidIdentity, dictionary.EmptyString);
WriteSidAttribute(wsid.SecurityIdentifier, dictionary, writer);
if (!String.IsNullOrEmpty(wsid.AuthenticationType))
{
writer.WriteAttributeString(dictionary.AuthenticationType, dictionary.EmptyString, wsid.AuthenticationType);
}
writer.WriteString(wsid.Name);
writer.WriteEndElement();
}
else if (identity is GenericIdentity)
{
GenericIdentity genericIdentity = (GenericIdentity)identity;
writer.WriteStartElement(dictionary.GenericIdentity, dictionary.EmptyString);
if (!String.IsNullOrEmpty(genericIdentity.AuthenticationType))
{
writer.WriteAttributeString(dictionary.AuthenticationType, dictionary.EmptyString, genericIdentity.AuthenticationType);
}
writer.WriteString(genericIdentity.Name);
writer.WriteEndElement();
}
else
{
serializer.WriteObject(writer, identity);
}
writer.WriteEndElement();
}
}
static IIdentity DeserializePrimaryIdentity(XmlDictionaryReader reader, SctClaimDictionary dictionary, XmlObjectSerializer serializer)
{
IIdentity identity = null;
if (reader.IsStartElement(dictionary.PrimaryIdentity, dictionary.EmptyString))
{
reader.ReadStartElement();
if (reader.IsStartElement(dictionary.WindowsSidIdentity, dictionary.EmptyString))
{
SecurityIdentifier sid = ReadSidAttribute(reader, dictionary);
string authenticationType = reader.GetAttribute(dictionary.AuthenticationType, dictionary.EmptyString);
reader.ReadStartElement();
string name = reader.ReadContentAsString();
identity = new WindowsSidIdentity(sid, name, authenticationType ?? String.Empty);
reader.ReadEndElement();
}
else if (reader.IsStartElement(dictionary.GenericIdentity, dictionary.EmptyString))
{
string authenticationType = reader.GetAttribute(dictionary.AuthenticationType, dictionary.EmptyString);
reader.ReadStartElement();
string name = reader.ReadContentAsString();
identity = SecurityUtils.CreateIdentity(name, authenticationType ?? String.Empty);
reader.ReadEndElement();
}
else
{
identity = (IIdentity)serializer.ReadObject(reader);
}
reader.ReadEndElement();
}
return(identity);
}
static IAuthorizationPolicy RetrievePolicyFromBlob(byte[] contextBlob, string id, DateTime expirationTime, IList <Type> knownTypes)
{
if (contextBlob == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("contextBlob");
}
if (id == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("id");
}
SctClaimDictionary claimDictionary = SctClaimDictionary.Instance;
XmlDictionaryReader reader = XmlDictionaryReader.CreateBinaryReader(contextBlob, 0, contextBlob.Length, claimDictionary, XmlDictionaryReaderQuotas.Max, null, null);
IList <IIdentity> identities = null;
IList <ClaimSet> claimSets = null;
int versionNumber = -1;
reader.ReadFullStartElement(claimDictionary.SecurityContextSecurityToken, claimDictionary.EmptyString);
while (reader.IsStartElement())
{
if (reader.IsStartElement(claimDictionary.Version, claimDictionary.EmptyString))
{
versionNumber = reader.ReadElementContentAsInt();
if (versionNumber != 1)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR2.GetString(SR2.SerializedAuthorizationContextVersionUnsupported, versionNumber)));
}
}
else
{
if (reader.IsStartElement(claimDictionary.Identities, claimDictionary.EmptyString))
{
identities = SctClaimSerializer.DeserializeIdentities(reader, claimDictionary, DataContractSerializerDefaults.CreateSerializer(typeof(IIdentity), knownTypes, 0x7fffffff));
continue;
}
if (reader.IsStartElement(claimDictionary.ClaimSets, claimDictionary.EmptyString))
{
reader.ReadStartElement();
DataContractSerializer claimSetSerializer = DataContractSerializerDefaults.CreateSerializer(typeof(ClaimSet), knownTypes, 0x7fffffff);
DataContractSerializer claimSerializer = DataContractSerializerDefaults.CreateSerializer(typeof(Claim), knownTypes, 0x7fffffff);
claimSets = new List <ClaimSet>(1);
while (reader.IsStartElement())
{
claimSets.Add(SctClaimSerializer.DeserializeClaimSet(reader, claimDictionary, claimSetSerializer, claimSerializer));
}
reader.ReadEndElement();
continue;
}
}
}
reader.ReadEndElement();
return(new SctUnconditionalPolicy(identities, id, claimSets, expirationTime));
}
public static ClaimSet DeserializeClaimSet(XmlDictionaryReader reader, SctClaimDictionary dictionary, XmlObjectSerializer serializer, XmlObjectSerializer claimSerializer)
{
if (reader.IsStartElement(dictionary.NullValue, dictionary.EmptyString))
{
reader.ReadElementString();
return(null);
}
else if (reader.IsStartElement(dictionary.X509CertificateClaimSet, dictionary.EmptyString))
{
reader.ReadStartElement();
byte[] rawData = reader.ReadContentAsBase64();
reader.ReadEndElement();
return(new X509CertificateClaimSet(new X509Certificate2(rawData), false));
}
else if (reader.IsStartElement(dictionary.SystemClaimSet, dictionary.EmptyString))
{
reader.ReadElementString();
return(ClaimSet.System);
}
else if (reader.IsStartElement(dictionary.WindowsClaimSet, dictionary.EmptyString))
{
reader.ReadElementString();
return(ClaimSet.Windows);
}
else if (reader.IsStartElement(dictionary.AnonymousClaimSet, dictionary.EmptyString))
{
reader.ReadElementString();
return(ClaimSet.Anonymous);
}
else if (reader.IsStartElement(dictionary.ClaimSet, dictionary.EmptyString))
{
ClaimSet issuer = null;
List <Claim> claims = new List <Claim>();
reader.ReadStartElement();
if (reader.IsStartElement(dictionary.PrimaryIssuer, dictionary.EmptyString))
{
reader.ReadStartElement();
issuer = DeserializeClaimSet(reader, dictionary, serializer, claimSerializer);
reader.ReadEndElement();
}
while (reader.IsStartElement())
{
reader.ReadStartElement();
claims.Add(DeserializeClaim(reader, dictionary, claimSerializer));
reader.ReadEndElement();
}
reader.ReadEndElement();
return(issuer != null ? new DefaultClaimSet(issuer, claims) : new DefaultClaimSet(claims));
}
else
{
return((ClaimSet)serializer.ReadObject(reader));
}
}
private static string ReadRightAttribute(XmlDictionaryReader reader, SctClaimDictionary dictionary)
{
string attribute = reader.GetAttribute(dictionary.Right, dictionary.EmptyString);
if (!string.IsNullOrEmpty(attribute))
{
return(attribute);
}
return(Rights.PossessProperty);
}
private static void SerializePrimaryIdentity(IIdentity identity, SctClaimDictionary dictionary, XmlDictionaryWriter writer, XmlObjectSerializer serializer)
{
if ((identity != null) && (identity != System.ServiceModel.Security.SecurityUtils.AnonymousIdentity))
{
writer.WriteStartElement(dictionary.PrimaryIdentity, dictionary.EmptyString);
if (identity is WindowsIdentity)
{
WindowsIdentity identity2 = (WindowsIdentity)identity;
writer.WriteStartElement(dictionary.WindowsSidIdentity, dictionary.EmptyString);
WriteSidAttribute(identity2.User, dictionary, writer);
string authenticationType = null;
using (WindowsIdentity identity3 = WindowsIdentity.GetCurrent())
{
if (((identity3.User == identity2.Owner) || ((identity2.Owner != null) && identity3.Groups.Contains(identity2.Owner))) || ((identity2.Owner != System.ServiceModel.Security.SecurityUtils.AdministratorsSid) && identity3.Groups.Contains(System.ServiceModel.Security.SecurityUtils.AdministratorsSid)))
{
authenticationType = identity2.AuthenticationType;
}
}
if (!string.IsNullOrEmpty(authenticationType))
{
writer.WriteAttributeString(dictionary.AuthenticationType, dictionary.EmptyString, authenticationType);
}
writer.WriteString(identity2.Name);
writer.WriteEndElement();
}
else if (identity is WindowsSidIdentity)
{
WindowsSidIdentity identity4 = (WindowsSidIdentity)identity;
writer.WriteStartElement(dictionary.WindowsSidIdentity, dictionary.EmptyString);
WriteSidAttribute(identity4.SecurityIdentifier, dictionary, writer);
if (!string.IsNullOrEmpty(identity4.AuthenticationType))
{
writer.WriteAttributeString(dictionary.AuthenticationType, dictionary.EmptyString, identity4.AuthenticationType);
}
writer.WriteString(identity4.Name);
writer.WriteEndElement();
}
else if (identity is GenericIdentity)
{
GenericIdentity identity5 = (GenericIdentity)identity;
writer.WriteStartElement(dictionary.GenericIdentity, dictionary.EmptyString);
if (!string.IsNullOrEmpty(identity5.AuthenticationType))
{
writer.WriteAttributeString(dictionary.AuthenticationType, dictionary.EmptyString, identity5.AuthenticationType);
}
writer.WriteString(identity5.Name);
writer.WriteEndElement();
}
else
{
serializer.WriteObject(writer, identity);
}
writer.WriteEndElement();
}
}
public static void SerializeClaimSet(ClaimSet claimSet, SctClaimDictionary dictionary, XmlDictionaryWriter writer, XmlObjectSerializer serializer, XmlObjectSerializer claimSerializer)
{
if (claimSet is X509CertificateClaimSet)
{
X509CertificateClaimSet x509ClaimSet = (X509CertificateClaimSet)claimSet;
writer.WriteStartElement(dictionary.X509CertificateClaimSet, dictionary.EmptyString);
byte[] rawData = x509ClaimSet.X509Certificate.RawData;
writer.WriteBase64(rawData, 0, rawData.Length);
writer.WriteEndElement();
}
else if (claimSet == ClaimSet.System)
{
writer.WriteElementString(dictionary.SystemClaimSet, dictionary.EmptyString, String.Empty);
}
else if (claimSet == ClaimSet.Windows)
{
writer.WriteElementString(dictionary.WindowsClaimSet, dictionary.EmptyString, String.Empty);
}
else if (claimSet == ClaimSet.Anonymous)
{
writer.WriteElementString(dictionary.AnonymousClaimSet, dictionary.EmptyString, String.Empty);
}
else if (claimSet is WindowsClaimSet || claimSet is DefaultClaimSet)
{
writer.WriteStartElement(dictionary.ClaimSet, dictionary.EmptyString);
writer.WriteStartElement(dictionary.PrimaryIssuer, dictionary.EmptyString);
if (claimSet.Issuer == claimSet)
{
writer.WriteElementString(dictionary.NullValue, dictionary.EmptyString, string.Empty);
}
else
{
SerializeClaimSet(claimSet.Issuer, dictionary, writer, serializer, claimSerializer);
}
writer.WriteEndElement();
foreach (Claim claim in claimSet)
{
writer.WriteStartElement(dictionary.Claim, dictionary.EmptyString);
SerializeClaim(claim, dictionary, writer, claimSerializer);
writer.WriteEndElement();
}
writer.WriteEndElement();
}
else
{
serializer.WriteObject(writer, claimSet);
}
}
public static void SerializeIdentities(AuthorizationContext authContext, SctClaimDictionary dictionary, XmlDictionaryWriter writer, XmlObjectSerializer serializer)
{
object obj2;
if (authContext.Properties.TryGetValue("Identities", out obj2))
{
IList <IIdentity> list = obj2 as IList <IIdentity>;
if ((list != null) && (list.Count > 0))
{
writer.WriteStartElement(dictionary.Identities, dictionary.EmptyString);
for (int i = 0; i < list.Count; i++)
{
SerializePrimaryIdentity(list[i], dictionary, writer, serializer);
}
writer.WriteEndElement();
}
}
}
public static void SerializeIdentities(AuthorizationContext authContext, SctClaimDictionary dictionary, XmlDictionaryWriter writer, XmlObjectSerializer serializer)
{
object obj;
IList <IIdentity> identities;
if (authContext.Properties.TryGetValue(SecurityUtils.Identities, out obj))
{
identities = obj as IList <IIdentity>;
if (identities != null && identities.Count > 0)
{
writer.WriteStartElement(dictionary.Identities, dictionary.EmptyString);
for (int i = 0; i < identities.Count; ++i)
{
SerializePrimaryIdentity(identities[i], dictionary, writer, serializer);
}
writer.WriteEndElement();
}
}
}
static byte[] CreateSerializableBlob(AuthorizationContext authorizationContext, IList <Type> knownTypes)
{
if (authorizationContext == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("authorizationContext");
}
MemoryStream stream = new MemoryStream();
XmlDictionaryWriter writer = XmlDictionaryWriter.CreateBinaryWriter(stream, SctClaimDictionary.Instance, null);
SctClaimDictionary claimDictionary = SctClaimDictionary.Instance;
writer.WriteStartElement(claimDictionary.SecurityContextSecurityToken, claimDictionary.EmptyString);
writer.WriteStartElement(claimDictionary.Version, claimDictionary.EmptyString);
writer.WriteValue(1);
writer.WriteEndElement();
if ((authorizationContext != null) && (authorizationContext.ClaimSets.Count != 0))
{
DataContractSerializer identitySerializer = DataContractSerializerDefaults.CreateSerializer(typeof(IIdentity), knownTypes, 0x7fffffff);
DataContractSerializer claimSetSerializer = DataContractSerializerDefaults.CreateSerializer(typeof(ClaimSet), knownTypes, 0x7fffffff);
DataContractSerializer claimSerializer = DataContractSerializerDefaults.CreateSerializer(typeof(Claim), knownTypes, 0x7fffffff);
SctClaimSerializer.SerializeIdentities(authorizationContext, claimDictionary, writer, identitySerializer);
writer.WriteStartElement(claimDictionary.ClaimSets, claimDictionary.EmptyString);
for (int i = 0; i < authorizationContext.ClaimSets.Count; i++)
{
SctClaimSerializer.SerializeClaimSet(authorizationContext.ClaimSets[i], claimDictionary, writer, claimSetSerializer, claimSerializer);
}
writer.WriteEndElement();
}
writer.WriteEndElement();
writer.Flush();
return(stream.ToArray());
}
public static IList<IIdentity> DeserializeIdentities(XmlDictionaryReader reader, SctClaimDictionary dictionary, XmlObjectSerializer serializer)
{
List<IIdentity> identities = null;
if (reader.IsStartElement(dictionary.Identities, dictionary.EmptyString))
{
identities = new List<IIdentity>();
reader.ReadStartElement();
while (reader.IsStartElement(dictionary.PrimaryIdentity, dictionary.EmptyString))
{
IIdentity identity = DeserializePrimaryIdentity(reader, dictionary, serializer);
if (identity != null && identity != SecurityUtils.AnonymousIdentity)
{
identities.Add(identity);
}
}
reader.ReadEndElement();
}
return identities;
}
static SecurityIdentifier ReadSidAttribute(XmlDictionaryReader reader, SctClaimDictionary dictionary)
{
byte[] sidBytes = Convert.FromBase64String(reader.GetAttribute(dictionary.Sid, dictionary.EmptyString));
return new SecurityIdentifier(sidBytes, 0);
}
static string ReadRightAttribute(XmlDictionaryReader reader, SctClaimDictionary dictionary)
{
string right = reader.GetAttribute(dictionary.Right, dictionary.EmptyString);
return String.IsNullOrEmpty(right) ? Rights.PossessProperty : right;
}
static void SerializePrimaryIdentity(IIdentity identity, SctClaimDictionary dictionary, XmlDictionaryWriter writer, XmlObjectSerializer serializer)
{
if (identity != null && identity != SecurityUtils.AnonymousIdentity)
{
writer.WriteStartElement(dictionary.PrimaryIdentity, dictionary.EmptyString);
if (identity is WindowsIdentity)
{
WindowsIdentity wid = (WindowsIdentity)identity;
writer.WriteStartElement(dictionary.WindowsSidIdentity, dictionary.EmptyString);
WriteSidAttribute(wid.User, dictionary, writer);
// This is to work around WOW64 bug Windows OS 1491447
string authenticationType = null;
using (WindowsIdentity self = WindowsIdentity.GetCurrent())
{
// is owner or admin? AuthenticationType could throw un-authorized exception
if ((self.User == wid.Owner) ||
(wid.Owner != null && self.Groups.Contains(wid.Owner)) ||
(wid.Owner != SecurityUtils.AdministratorsSid && self.Groups.Contains(SecurityUtils.AdministratorsSid)))
{
authenticationType = wid.AuthenticationType;
}
}
if (!String.IsNullOrEmpty(authenticationType))
writer.WriteAttributeString(dictionary.AuthenticationType, dictionary.EmptyString, authenticationType);
writer.WriteString(wid.Name);
writer.WriteEndElement();
}
else if (identity is WindowsSidIdentity)
{
WindowsSidIdentity wsid = (WindowsSidIdentity)identity;
writer.WriteStartElement(dictionary.WindowsSidIdentity, dictionary.EmptyString);
WriteSidAttribute(wsid.SecurityIdentifier, dictionary, writer);
if (!String.IsNullOrEmpty(wsid.AuthenticationType))
writer.WriteAttributeString(dictionary.AuthenticationType, dictionary.EmptyString, wsid.AuthenticationType);
writer.WriteString(wsid.Name);
writer.WriteEndElement();
}
else if (identity is GenericIdentity)
{
GenericIdentity genericIdentity = (GenericIdentity)identity;
writer.WriteStartElement(dictionary.GenericIdentity, dictionary.EmptyString);
if (!String.IsNullOrEmpty(genericIdentity.AuthenticationType))
writer.WriteAttributeString(dictionary.AuthenticationType, dictionary.EmptyString, genericIdentity.AuthenticationType);
writer.WriteString(genericIdentity.Name);
writer.WriteEndElement();
}
else
{
serializer.WriteObject(writer, identity);
}
writer.WriteEndElement();
}
}
public static Claim DeserializeClaim(XmlDictionaryReader reader, SctClaimDictionary dictionary, XmlObjectSerializer serializer)
{
if (reader.IsStartElement(dictionary.NullValue, dictionary.EmptyString))
{
reader.ReadElementString();
return null;
}
else if (reader.IsStartElement(dictionary.WindowsSidClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
byte[] sidBytes = reader.ReadContentAsBase64();
reader.ReadEndElement();
return new Claim(ClaimTypes.Sid, new SecurityIdentifier(sidBytes, 0), right);
}
else if (reader.IsStartElement(dictionary.DenyOnlySidClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
byte[] sidBytes = reader.ReadContentAsBase64();
reader.ReadEndElement();
return new Claim(ClaimTypes.DenyOnlySid, new SecurityIdentifier(sidBytes, 0), right);
}
else if (reader.IsStartElement(dictionary.X500DistinguishedNameClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
byte[] rawData = reader.ReadContentAsBase64();
reader.ReadEndElement();
return new Claim(ClaimTypes.X500DistinguishedName, new X500DistinguishedName(rawData), right);
}
else if (reader.IsStartElement(dictionary.X509ThumbprintClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
byte[] thumbprint = reader.ReadContentAsBase64();
reader.ReadEndElement();
return new Claim(ClaimTypes.Thumbprint, thumbprint, right);
}
else if (reader.IsStartElement(dictionary.NameClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string name = reader.ReadString();
reader.ReadEndElement();
return new Claim(ClaimTypes.Name, name, right);
}
else if (reader.IsStartElement(dictionary.DnsClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string dns = reader.ReadString();
reader.ReadEndElement();
return new Claim(ClaimTypes.Dns, dns, right);
}
else if (reader.IsStartElement(dictionary.RsaClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string rsaXml = reader.ReadString();
reader.ReadEndElement();
System.Security.Cryptography.RSACryptoServiceProvider rsa = new System.Security.Cryptography.RSACryptoServiceProvider();
rsa.FromXmlString(rsaXml);
return new Claim(ClaimTypes.Rsa, rsa, right);
}
else if (reader.IsStartElement(dictionary.MailAddressClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string address = reader.ReadString();
reader.ReadEndElement();
return new Claim(ClaimTypes.Email, new System.Net.Mail.MailAddress(address), right);
}
else if (reader.IsStartElement(dictionary.SystemClaim, dictionary.EmptyString))
{
reader.ReadElementString();
return Claim.System;
}
else if (reader.IsStartElement(dictionary.HashClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
byte[] hash = reader.ReadContentAsBase64();
reader.ReadEndElement();
return new Claim(ClaimTypes.Hash, hash, right);
}
else if (reader.IsStartElement(dictionary.SpnClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string spn = reader.ReadString();
reader.ReadEndElement();
return new Claim(ClaimTypes.Spn, spn, right);
}
else if (reader.IsStartElement(dictionary.UpnClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string upn = reader.ReadString();
reader.ReadEndElement();
return new Claim(ClaimTypes.Upn, upn, right);
}
else if (reader.IsStartElement(dictionary.UrlClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string url = reader.ReadString();
reader.ReadEndElement();
return new Claim(ClaimTypes.Uri, new Uri(url), right);
}
else
{
return (Claim)serializer.ReadObject(reader);
}
}
static void WriteRightAttribute(Claim claim, SctClaimDictionary dictionary, XmlDictionaryWriter writer)
{
if (Rights.PossessProperty.Equals(claim.Right))
return;
writer.WriteAttributeString(dictionary.Right, dictionary.EmptyString, claim.Right);
}
private static void SerializeSid(SecurityIdentifier sid, SctClaimDictionary dictionary, XmlDictionaryWriter writer)
{
byte[] binaryForm = new byte[sid.BinaryLength];
sid.GetBinaryForm(binaryForm, 0);
writer.WriteBase64(binaryForm, 0, binaryForm.Length);
}
private static void WriteSidAttribute(SecurityIdentifier sid, SctClaimDictionary dictionary, XmlDictionaryWriter writer)
{
byte[] binaryForm = new byte[sid.BinaryLength];
sid.GetBinaryForm(binaryForm, 0);
writer.WriteAttributeString(dictionary.Sid, dictionary.EmptyString, Convert.ToBase64String(binaryForm));
}
public static void SerializeIdentities(AuthorizationContext authContext, SctClaimDictionary dictionary, XmlDictionaryWriter writer, XmlObjectSerializer serializer)
{
object obj2;
if (authContext.Properties.TryGetValue("Identities", out obj2))
{
IList<IIdentity> list = obj2 as IList<IIdentity>;
if ((list != null) && (list.Count > 0))
{
writer.WriteStartElement(dictionary.Identities, dictionary.EmptyString);
for (int i = 0; i < list.Count; i++)
{
SerializePrimaryIdentity(list[i], dictionary, writer, serializer);
}
writer.WriteEndElement();
}
}
}
private static void SerializePrimaryIdentity(IIdentity identity, SctClaimDictionary dictionary, XmlDictionaryWriter writer, XmlObjectSerializer serializer)
{
if ((identity != null) && (identity != System.ServiceModel.Security.SecurityUtils.AnonymousIdentity))
{
writer.WriteStartElement(dictionary.PrimaryIdentity, dictionary.EmptyString);
if (identity is WindowsIdentity)
{
WindowsIdentity identity2 = (WindowsIdentity) identity;
writer.WriteStartElement(dictionary.WindowsSidIdentity, dictionary.EmptyString);
WriteSidAttribute(identity2.User, dictionary, writer);
string authenticationType = null;
using (WindowsIdentity identity3 = WindowsIdentity.GetCurrent())
{
if (((identity3.User == identity2.Owner) || ((identity2.Owner != null) && identity3.Groups.Contains(identity2.Owner))) || ((identity2.Owner != System.ServiceModel.Security.SecurityUtils.AdministratorsSid) && identity3.Groups.Contains(System.ServiceModel.Security.SecurityUtils.AdministratorsSid)))
{
authenticationType = identity2.AuthenticationType;
}
}
if (!string.IsNullOrEmpty(authenticationType))
{
writer.WriteAttributeString(dictionary.AuthenticationType, dictionary.EmptyString, authenticationType);
}
writer.WriteString(identity2.Name);
writer.WriteEndElement();
}
else if (identity is WindowsSidIdentity)
{
WindowsSidIdentity identity4 = (WindowsSidIdentity) identity;
writer.WriteStartElement(dictionary.WindowsSidIdentity, dictionary.EmptyString);
WriteSidAttribute(identity4.SecurityIdentifier, dictionary, writer);
if (!string.IsNullOrEmpty(identity4.AuthenticationType))
{
writer.WriteAttributeString(dictionary.AuthenticationType, dictionary.EmptyString, identity4.AuthenticationType);
}
writer.WriteString(identity4.Name);
writer.WriteEndElement();
}
else if (identity is GenericIdentity)
{
GenericIdentity identity5 = (GenericIdentity) identity;
writer.WriteStartElement(dictionary.GenericIdentity, dictionary.EmptyString);
if (!string.IsNullOrEmpty(identity5.AuthenticationType))
{
writer.WriteAttributeString(dictionary.AuthenticationType, dictionary.EmptyString, identity5.AuthenticationType);
}
writer.WriteString(identity5.Name);
writer.WriteEndElement();
}
else
{
serializer.WriteObject(writer, identity);
}
writer.WriteEndElement();
}
}
public static void SerializeClaim(Claim claim, SctClaimDictionary dictionary, XmlDictionaryWriter writer, XmlObjectSerializer serializer)
{
if (claim == null)
{
writer.WriteElementString(dictionary.NullValue, dictionary.EmptyString, string.Empty);
}
else if (ClaimTypes.Sid.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.WindowsSidClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
SerializeSid((SecurityIdentifier) claim.Resource, dictionary, writer);
writer.WriteEndElement();
}
else if (ClaimTypes.DenyOnlySid.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.DenyOnlySidClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
SerializeSid((SecurityIdentifier) claim.Resource, dictionary, writer);
writer.WriteEndElement();
}
else if (ClaimTypes.X500DistinguishedName.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.X500DistinguishedNameClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
byte[] rawData = ((X500DistinguishedName) claim.Resource).RawData;
writer.WriteBase64(rawData, 0, rawData.Length);
writer.WriteEndElement();
}
else if (ClaimTypes.Thumbprint.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.X509ThumbprintClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
byte[] resource = (byte[]) claim.Resource;
writer.WriteBase64(resource, 0, resource.Length);
writer.WriteEndElement();
}
else if (ClaimTypes.Name.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.NameClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
writer.WriteString((string) claim.Resource);
writer.WriteEndElement();
}
else if (ClaimTypes.Dns.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.DnsClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
writer.WriteString((string) claim.Resource);
writer.WriteEndElement();
}
else if (ClaimTypes.Rsa.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.RsaClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
writer.WriteString(((RSA) claim.Resource).ToXmlString(false));
writer.WriteEndElement();
}
else if (ClaimTypes.Email.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.MailAddressClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
writer.WriteString(((MailAddress) claim.Resource).Address);
writer.WriteEndElement();
}
else if (claim == Claim.System)
{
writer.WriteElementString(dictionary.SystemClaim, dictionary.EmptyString, string.Empty);
}
else if (ClaimTypes.Hash.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.HashClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
byte[] buffer = (byte[]) claim.Resource;
writer.WriteBase64(buffer, 0, buffer.Length);
writer.WriteEndElement();
}
else if (ClaimTypes.Spn.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.SpnClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
writer.WriteString((string) claim.Resource);
writer.WriteEndElement();
}
else if (ClaimTypes.Upn.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.UpnClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
writer.WriteString((string) claim.Resource);
writer.WriteEndElement();
}
else if (ClaimTypes.Uri.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.UrlClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
writer.WriteString(((Uri) claim.Resource).AbsoluteUri);
writer.WriteEndElement();
}
else
{
serializer.WriteObject(writer, claim);
}
}
private static string ReadRightAttribute(XmlDictionaryReader reader, SctClaimDictionary dictionary)
{
string attribute = reader.GetAttribute(dictionary.Right, dictionary.EmptyString);
if (!string.IsNullOrEmpty(attribute))
{
return attribute;
}
return Rights.PossessProperty;
}
public static IList<IIdentity> DeserializeIdentities(XmlDictionaryReader reader, SctClaimDictionary dictionary, XmlObjectSerializer serializer)
{
List<IIdentity> list = null;
if (reader.IsStartElement(dictionary.Identities, dictionary.EmptyString))
{
list = new List<IIdentity>();
reader.ReadStartElement();
while (reader.IsStartElement(dictionary.PrimaryIdentity, dictionary.EmptyString))
{
IIdentity item = DeserializePrimaryIdentity(reader, dictionary, serializer);
if ((item != null) && (item != System.ServiceModel.Security.SecurityUtils.AnonymousIdentity))
{
list.Add(item);
}
}
reader.ReadEndElement();
}
return list;
}
public static Claim DeserializeClaim(XmlDictionaryReader reader, SctClaimDictionary dictionary, XmlObjectSerializer serializer)
{
if (reader.IsStartElement(dictionary.NullValue, dictionary.EmptyString))
{
reader.ReadElementString();
return null;
}
if (reader.IsStartElement(dictionary.WindowsSidClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
byte[] binaryForm = reader.ReadContentAsBase64();
reader.ReadEndElement();
return new Claim(ClaimTypes.Sid, new SecurityIdentifier(binaryForm, 0), right);
}
if (reader.IsStartElement(dictionary.DenyOnlySidClaim, dictionary.EmptyString))
{
string str2 = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
byte[] buffer2 = reader.ReadContentAsBase64();
reader.ReadEndElement();
return new Claim(ClaimTypes.DenyOnlySid, new SecurityIdentifier(buffer2, 0), str2);
}
if (reader.IsStartElement(dictionary.X500DistinguishedNameClaim, dictionary.EmptyString))
{
string str3 = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
byte[] encodedDistinguishedName = reader.ReadContentAsBase64();
reader.ReadEndElement();
return new Claim(ClaimTypes.X500DistinguishedName, new X500DistinguishedName(encodedDistinguishedName), str3);
}
if (reader.IsStartElement(dictionary.X509ThumbprintClaim, dictionary.EmptyString))
{
string str4 = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
byte[] resource = reader.ReadContentAsBase64();
reader.ReadEndElement();
return new Claim(ClaimTypes.Thumbprint, resource, str4);
}
if (reader.IsStartElement(dictionary.NameClaim, dictionary.EmptyString))
{
string str5 = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string str6 = reader.ReadString();
reader.ReadEndElement();
return new Claim(ClaimTypes.Name, str6, str5);
}
if (reader.IsStartElement(dictionary.DnsClaim, dictionary.EmptyString))
{
string str7 = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string str8 = reader.ReadString();
reader.ReadEndElement();
return new Claim(ClaimTypes.Dns, str8, str7);
}
if (reader.IsStartElement(dictionary.RsaClaim, dictionary.EmptyString))
{
string str9 = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string xmlString = reader.ReadString();
reader.ReadEndElement();
RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
provider.FromXmlString(xmlString);
return new Claim(ClaimTypes.Rsa, provider, str9);
}
if (reader.IsStartElement(dictionary.MailAddressClaim, dictionary.EmptyString))
{
string str11 = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string address = reader.ReadString();
reader.ReadEndElement();
return new Claim(ClaimTypes.Email, new MailAddress(address), str11);
}
if (reader.IsStartElement(dictionary.SystemClaim, dictionary.EmptyString))
{
reader.ReadElementString();
return Claim.System;
}
if (reader.IsStartElement(dictionary.HashClaim, dictionary.EmptyString))
{
string str13 = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
byte[] buffer5 = reader.ReadContentAsBase64();
reader.ReadEndElement();
return new Claim(ClaimTypes.Hash, buffer5, str13);
}
if (reader.IsStartElement(dictionary.SpnClaim, dictionary.EmptyString))
{
string str14 = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string str15 = reader.ReadString();
reader.ReadEndElement();
return new Claim(ClaimTypes.Spn, str15, str14);
}
if (reader.IsStartElement(dictionary.UpnClaim, dictionary.EmptyString))
{
string str16 = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string str17 = reader.ReadString();
reader.ReadEndElement();
return new Claim(ClaimTypes.Upn, str17, str16);
}
if (reader.IsStartElement(dictionary.UrlClaim, dictionary.EmptyString))
{
string str18 = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string uriString = reader.ReadString();
reader.ReadEndElement();
return new Claim(ClaimTypes.Uri, new Uri(uriString), str18);
}
return (Claim) serializer.ReadObject(reader);
}
public static Claim DeserializeClaim(XmlDictionaryReader reader, SctClaimDictionary dictionary, XmlObjectSerializer serializer)
{
if (reader.IsStartElement(dictionary.NullValue, dictionary.EmptyString))
{
reader.ReadElementString();
return(null);
}
if (reader.IsStartElement(dictionary.WindowsSidClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
byte[] binaryForm = reader.ReadContentAsBase64();
reader.ReadEndElement();
return(new Claim(ClaimTypes.Sid, new SecurityIdentifier(binaryForm, 0), right));
}
if (reader.IsStartElement(dictionary.DenyOnlySidClaim, dictionary.EmptyString))
{
string str2 = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
byte[] buffer2 = reader.ReadContentAsBase64();
reader.ReadEndElement();
return(new Claim(ClaimTypes.DenyOnlySid, new SecurityIdentifier(buffer2, 0), str2));
}
if (reader.IsStartElement(dictionary.X500DistinguishedNameClaim, dictionary.EmptyString))
{
string str3 = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
byte[] encodedDistinguishedName = reader.ReadContentAsBase64();
reader.ReadEndElement();
return(new Claim(ClaimTypes.X500DistinguishedName, new X500DistinguishedName(encodedDistinguishedName), str3));
}
if (reader.IsStartElement(dictionary.X509ThumbprintClaim, dictionary.EmptyString))
{
string str4 = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
byte[] resource = reader.ReadContentAsBase64();
reader.ReadEndElement();
return(new Claim(ClaimTypes.Thumbprint, resource, str4));
}
if (reader.IsStartElement(dictionary.NameClaim, dictionary.EmptyString))
{
string str5 = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string str6 = reader.ReadString();
reader.ReadEndElement();
return(new Claim(ClaimTypes.Name, str6, str5));
}
if (reader.IsStartElement(dictionary.DnsClaim, dictionary.EmptyString))
{
string str7 = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string str8 = reader.ReadString();
reader.ReadEndElement();
return(new Claim(ClaimTypes.Dns, str8, str7));
}
if (reader.IsStartElement(dictionary.RsaClaim, dictionary.EmptyString))
{
string str9 = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string xmlString = reader.ReadString();
reader.ReadEndElement();
RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
provider.FromXmlString(xmlString);
return(new Claim(ClaimTypes.Rsa, provider, str9));
}
if (reader.IsStartElement(dictionary.MailAddressClaim, dictionary.EmptyString))
{
string str11 = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string address = reader.ReadString();
reader.ReadEndElement();
return(new Claim(ClaimTypes.Email, new MailAddress(address), str11));
}
if (reader.IsStartElement(dictionary.SystemClaim, dictionary.EmptyString))
{
reader.ReadElementString();
return(Claim.System);
}
if (reader.IsStartElement(dictionary.HashClaim, dictionary.EmptyString))
{
string str13 = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
byte[] buffer5 = reader.ReadContentAsBase64();
reader.ReadEndElement();
return(new Claim(ClaimTypes.Hash, buffer5, str13));
}
if (reader.IsStartElement(dictionary.SpnClaim, dictionary.EmptyString))
{
string str14 = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string str15 = reader.ReadString();
reader.ReadEndElement();
return(new Claim(ClaimTypes.Spn, str15, str14));
}
if (reader.IsStartElement(dictionary.UpnClaim, dictionary.EmptyString))
{
string str16 = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string str17 = reader.ReadString();
reader.ReadEndElement();
return(new Claim(ClaimTypes.Upn, str17, str16));
}
if (reader.IsStartElement(dictionary.UrlClaim, dictionary.EmptyString))
{
string str18 = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string uriString = reader.ReadString();
reader.ReadEndElement();
return(new Claim(ClaimTypes.Uri, new Uri(uriString), str18));
}
return((Claim)serializer.ReadObject(reader));
}
public static Claim DeserializeClaim(XmlDictionaryReader reader, SctClaimDictionary dictionary, XmlObjectSerializer serializer)
{
if (reader.IsStartElement(dictionary.NullValue, dictionary.EmptyString))
{
reader.ReadElementString();
return(null);
}
else if (reader.IsStartElement(dictionary.WindowsSidClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
byte[] sidBytes = reader.ReadContentAsBase64();
reader.ReadEndElement();
return(new Claim(ClaimTypes.Sid, new SecurityIdentifier(sidBytes, 0), right));
}
else if (reader.IsStartElement(dictionary.DenyOnlySidClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
byte[] sidBytes = reader.ReadContentAsBase64();
reader.ReadEndElement();
return(new Claim(ClaimTypes.DenyOnlySid, new SecurityIdentifier(sidBytes, 0), right));
}
else if (reader.IsStartElement(dictionary.X500DistinguishedNameClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
byte[] rawData = reader.ReadContentAsBase64();
reader.ReadEndElement();
return(new Claim(ClaimTypes.X500DistinguishedName, new X500DistinguishedName(rawData), right));
}
else if (reader.IsStartElement(dictionary.X509ThumbprintClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
byte[] thumbprint = reader.ReadContentAsBase64();
reader.ReadEndElement();
return(new Claim(ClaimTypes.Thumbprint, thumbprint, right));
}
else if (reader.IsStartElement(dictionary.NameClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string name = reader.ReadString();
reader.ReadEndElement();
return(new Claim(ClaimTypes.Name, name, right));
}
else if (reader.IsStartElement(dictionary.DnsClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string dns = reader.ReadString();
reader.ReadEndElement();
return(new Claim(ClaimTypes.Dns, dns, right));
}
else if (reader.IsStartElement(dictionary.RsaClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string rsaXml = reader.ReadString();
reader.ReadEndElement();
System.Security.Cryptography.RSACryptoServiceProvider rsa = new System.Security.Cryptography.RSACryptoServiceProvider();
rsa.FromXmlString(rsaXml);
return(new Claim(ClaimTypes.Rsa, rsa, right));
}
else if (reader.IsStartElement(dictionary.MailAddressClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string address = reader.ReadString();
reader.ReadEndElement();
return(new Claim(ClaimTypes.Email, new System.Net.Mail.MailAddress(address), right));
}
else if (reader.IsStartElement(dictionary.SystemClaim, dictionary.EmptyString))
{
reader.ReadElementString();
return(Claim.System);
}
else if (reader.IsStartElement(dictionary.HashClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
byte[] hash = reader.ReadContentAsBase64();
reader.ReadEndElement();
return(new Claim(ClaimTypes.Hash, hash, right));
}
else if (reader.IsStartElement(dictionary.SpnClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string spn = reader.ReadString();
reader.ReadEndElement();
return(new Claim(ClaimTypes.Spn, spn, right));
}
else if (reader.IsStartElement(dictionary.UpnClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string upn = reader.ReadString();
reader.ReadEndElement();
return(new Claim(ClaimTypes.Upn, upn, right));
}
else if (reader.IsStartElement(dictionary.UrlClaim, dictionary.EmptyString))
{
string right = ReadRightAttribute(reader, dictionary);
reader.ReadStartElement();
string url = reader.ReadString();
reader.ReadEndElement();
return(new Claim(ClaimTypes.Uri, new Uri(url), right));
}
else
{
return((Claim)serializer.ReadObject(reader));
}
}
public static IList <IIdentity> DeserializeIdentities(XmlDictionaryReader reader, SctClaimDictionary dictionary, XmlObjectSerializer serializer)
{
List <IIdentity> list = null;
if (reader.IsStartElement(dictionary.Identities, dictionary.EmptyString))
{
list = new List <IIdentity>();
reader.ReadStartElement();
while (reader.IsStartElement(dictionary.PrimaryIdentity, dictionary.EmptyString))
{
IIdentity item = DeserializePrimaryIdentity(reader, dictionary, serializer);
if ((item != null) && (item != System.ServiceModel.Security.SecurityUtils.AnonymousIdentity))
{
list.Add(item);
}
}
reader.ReadEndElement();
}
return(list);
}
public static void SerializeClaimSet(ClaimSet claimSet, SctClaimDictionary dictionary, XmlDictionaryWriter writer, XmlObjectSerializer serializer, XmlObjectSerializer claimSerializer)
{
if (claimSet is X509CertificateClaimSet)
{
X509CertificateClaimSet x509ClaimSet = (X509CertificateClaimSet)claimSet;
writer.WriteStartElement(dictionary.X509CertificateClaimSet, dictionary.EmptyString);
byte[] rawData = x509ClaimSet.X509Certificate.RawData;
writer.WriteBase64(rawData, 0, rawData.Length);
writer.WriteEndElement();
}
else if (claimSet == ClaimSet.System)
{
writer.WriteElementString(dictionary.SystemClaimSet, dictionary.EmptyString, String.Empty);
}
else if (claimSet == ClaimSet.Windows)
{
writer.WriteElementString(dictionary.WindowsClaimSet, dictionary.EmptyString, String.Empty);
}
else if (claimSet == ClaimSet.Anonymous)
{
writer.WriteElementString(dictionary.AnonymousClaimSet, dictionary.EmptyString, String.Empty);
}
else if (claimSet is WindowsClaimSet || claimSet is DefaultClaimSet)
{
writer.WriteStartElement(dictionary.ClaimSet, dictionary.EmptyString);
writer.WriteStartElement(dictionary.PrimaryIssuer, dictionary.EmptyString);
if (claimSet.Issuer == claimSet)
{
writer.WriteElementString(dictionary.NullValue, dictionary.EmptyString, string.Empty);
}
else
{
SerializeClaimSet(claimSet.Issuer, dictionary, writer, serializer, claimSerializer);
}
writer.WriteEndElement();
foreach (Claim claim in claimSet)
{
writer.WriteStartElement(dictionary.Claim, dictionary.EmptyString);
SerializeClaim(claim, dictionary, writer, claimSerializer);
writer.WriteEndElement();
}
writer.WriteEndElement();
}
else
{
serializer.WriteObject(writer, claimSet);
}
}
public static IList <IIdentity> DeserializeIdentities(XmlDictionaryReader reader, SctClaimDictionary dictionary, XmlObjectSerializer serializer)
{
List <IIdentity> identities = null;
if (reader.IsStartElement(dictionary.Identities, dictionary.EmptyString))
{
identities = new List <IIdentity>();
reader.ReadStartElement();
while (reader.IsStartElement(dictionary.PrimaryIdentity, dictionary.EmptyString))
{
IIdentity identity = DeserializePrimaryIdentity(reader, dictionary, serializer);
if (identity != null && identity != SecurityUtils.AnonymousIdentity)
{
identities.Add(identity);
}
}
reader.ReadEndElement();
}
return(identities);
}
static void SerializeSid(SecurityIdentifier sid, SctClaimDictionary dictionary, XmlDictionaryWriter writer)
{
byte[] sidBytes = new byte[sid.BinaryLength];
sid.GetBinaryForm(sidBytes, 0);
writer.WriteBase64(sidBytes, 0, sidBytes.Length);
}
private static SecurityIdentifier ReadSidAttribute(XmlDictionaryReader reader, SctClaimDictionary dictionary)
{
return(new SecurityIdentifier(Convert.FromBase64String(reader.GetAttribute(dictionary.Sid, dictionary.EmptyString)), 0));
}
public static ClaimSet DeserializeClaimSet(XmlDictionaryReader reader, SctClaimDictionary dictionary, XmlObjectSerializer serializer, XmlObjectSerializer claimSerializer)
{
if (reader.IsStartElement(dictionary.NullValue, dictionary.EmptyString))
{
reader.ReadElementString();
return null;
}
else if (reader.IsStartElement(dictionary.X509CertificateClaimSet, dictionary.EmptyString))
{
reader.ReadStartElement();
byte[] rawData = reader.ReadContentAsBase64();
reader.ReadEndElement();
return new X509CertificateClaimSet(new X509Certificate2(rawData), false);
}
else if (reader.IsStartElement(dictionary.SystemClaimSet, dictionary.EmptyString))
{
reader.ReadElementString();
return ClaimSet.System;
}
else if (reader.IsStartElement(dictionary.WindowsClaimSet, dictionary.EmptyString))
{
reader.ReadElementString();
return ClaimSet.Windows;
}
else if (reader.IsStartElement(dictionary.AnonymousClaimSet, dictionary.EmptyString))
{
reader.ReadElementString();
return ClaimSet.Anonymous;
}
else if (reader.IsStartElement(dictionary.ClaimSet, dictionary.EmptyString))
{
ClaimSet issuer = null;
List<Claim> claims = new List<Claim>();
reader.ReadStartElement();
if (reader.IsStartElement(dictionary.PrimaryIssuer, dictionary.EmptyString))
{
reader.ReadStartElement();
issuer = DeserializeClaimSet(reader, dictionary, serializer, claimSerializer);
reader.ReadEndElement();
}
while (reader.IsStartElement())
{
reader.ReadStartElement();
claims.Add(DeserializeClaim(reader, dictionary, claimSerializer));
reader.ReadEndElement();
}
reader.ReadEndElement();
return issuer != null ? new DefaultClaimSet(issuer, claims) : new DefaultClaimSet(claims);
}
else
{
return (ClaimSet)serializer.ReadObject(reader);
}
}
public static void SerializeClaim(Claim claim, SctClaimDictionary dictionary, XmlDictionaryWriter writer, XmlObjectSerializer serializer)
{
if (claim == null)
{
writer.WriteElementString(dictionary.NullValue, dictionary.EmptyString, string.Empty);
}
else if (ClaimTypes.Sid.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.WindowsSidClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
SerializeSid((SecurityIdentifier)claim.Resource, dictionary, writer);
writer.WriteEndElement();
}
else if (ClaimTypes.DenyOnlySid.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.DenyOnlySidClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
SerializeSid((SecurityIdentifier)claim.Resource, dictionary, writer);
writer.WriteEndElement();
}
else if (ClaimTypes.X500DistinguishedName.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.X500DistinguishedNameClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
byte[] rawData = ((X500DistinguishedName)claim.Resource).RawData;
writer.WriteBase64(rawData, 0, rawData.Length);
writer.WriteEndElement();
}
else if (ClaimTypes.Thumbprint.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.X509ThumbprintClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
byte[] resource = (byte[])claim.Resource;
writer.WriteBase64(resource, 0, resource.Length);
writer.WriteEndElement();
}
else if (ClaimTypes.Name.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.NameClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
writer.WriteString((string)claim.Resource);
writer.WriteEndElement();
}
else if (ClaimTypes.Dns.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.DnsClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
writer.WriteString((string)claim.Resource);
writer.WriteEndElement();
}
else if (ClaimTypes.Rsa.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.RsaClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
writer.WriteString(((RSA)claim.Resource).ToXmlString(false));
writer.WriteEndElement();
}
else if (ClaimTypes.Email.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.MailAddressClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
writer.WriteString(((MailAddress)claim.Resource).Address);
writer.WriteEndElement();
}
else if (claim == Claim.System)
{
writer.WriteElementString(dictionary.SystemClaim, dictionary.EmptyString, string.Empty);
}
else if (ClaimTypes.Hash.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.HashClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
byte[] buffer = (byte[])claim.Resource;
writer.WriteBase64(buffer, 0, buffer.Length);
writer.WriteEndElement();
}
else if (ClaimTypes.Spn.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.SpnClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
writer.WriteString((string)claim.Resource);
writer.WriteEndElement();
}
else if (ClaimTypes.Upn.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.UpnClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
writer.WriteString((string)claim.Resource);
writer.WriteEndElement();
}
else if (ClaimTypes.Uri.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.UrlClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
writer.WriteString(((Uri)claim.Resource).AbsoluteUri);
writer.WriteEndElement();
}
else
{
serializer.WriteObject(writer, claim);
}
}
public static void SerializeIdentities(AuthorizationContext authContext, SctClaimDictionary dictionary, XmlDictionaryWriter writer, XmlObjectSerializer serializer)
{
object obj;
IList<IIdentity> identities;
if (authContext.Properties.TryGetValue(SecurityUtils.Identities, out obj))
{
identities = obj as IList<IIdentity>;
if (identities != null && identities.Count > 0)
{
writer.WriteStartElement(dictionary.Identities, dictionary.EmptyString);
for (int i = 0; i < identities.Count; ++i)
{
SerializePrimaryIdentity(identities[i], dictionary, writer, serializer);
}
writer.WriteEndElement();
}
}
}
static string ReadRightAttribute(XmlDictionaryReader reader, SctClaimDictionary dictionary)
{
string right = reader.GetAttribute(dictionary.Right, dictionary.EmptyString);
return(String.IsNullOrEmpty(right) ? Rights.PossessProperty : right);
}
static void WriteSidAttribute(SecurityIdentifier sid, SctClaimDictionary dictionary, XmlDictionaryWriter writer)
{
byte[] sidBytes = new byte[sid.BinaryLength];
sid.GetBinaryForm(sidBytes, 0);
writer.WriteAttributeString(dictionary.Sid, dictionary.EmptyString, Convert.ToBase64String(sidBytes));
}
static void SerializeSid(SecurityIdentifier sid, SctClaimDictionary dictionary, XmlDictionaryWriter writer)
{
byte[] sidBytes = new byte[sid.BinaryLength];
sid.GetBinaryForm(sidBytes, 0);
writer.WriteBase64(sidBytes, 0, sidBytes.Length);
}
static IIdentity DeserializePrimaryIdentity(XmlDictionaryReader reader, SctClaimDictionary dictionary, XmlObjectSerializer serializer)
{
IIdentity identity = null;
if (reader.IsStartElement(dictionary.PrimaryIdentity, dictionary.EmptyString))
{
reader.ReadStartElement();
if (reader.IsStartElement(dictionary.WindowsSidIdentity, dictionary.EmptyString))
{
SecurityIdentifier sid = ReadSidAttribute(reader, dictionary);
string authenticationType = reader.GetAttribute(dictionary.AuthenticationType, dictionary.EmptyString);
reader.ReadStartElement();
string name = reader.ReadContentAsString();
identity = new WindowsSidIdentity(sid, name, authenticationType ?? String.Empty);
reader.ReadEndElement();
}
else if (reader.IsStartElement(dictionary.GenericIdentity, dictionary.EmptyString))
{
string authenticationType = reader.GetAttribute(dictionary.AuthenticationType, dictionary.EmptyString);
reader.ReadStartElement();
string name = reader.ReadContentAsString();
identity = SecurityUtils.CreateIdentity(name, authenticationType ?? String.Empty);
reader.ReadEndElement();
}
else
{
identity = (IIdentity)serializer.ReadObject(reader);
}
reader.ReadEndElement();
}
return identity;
}
private static void SerializeSid(SecurityIdentifier sid, SctClaimDictionary dictionary, XmlDictionaryWriter writer)
{
byte[] binaryForm = new byte[sid.BinaryLength];
sid.GetBinaryForm(binaryForm, 0);
writer.WriteBase64(binaryForm, 0, binaryForm.Length);
}
public static void SerializeClaim(Claim claim, SctClaimDictionary dictionary, XmlDictionaryWriter writer, XmlObjectSerializer serializer)
{
// the order in which known claim types are checked is optimized for use patterns
if (claim == null)
{
writer.WriteElementString(dictionary.NullValue, dictionary.EmptyString, string.Empty);
return;
}
else if (ClaimTypes.Sid.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.WindowsSidClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
SerializeSid((SecurityIdentifier)claim.Resource, dictionary, writer);
writer.WriteEndElement();
return;
}
else if (ClaimTypes.DenyOnlySid.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.DenyOnlySidClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
SerializeSid((SecurityIdentifier)claim.Resource, dictionary, writer);
writer.WriteEndElement();
return;
}
else if (ClaimTypes.X500DistinguishedName.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.X500DistinguishedNameClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
byte[] rawData = ((X500DistinguishedName)claim.Resource).RawData;
writer.WriteBase64(rawData, 0, rawData.Length);
writer.WriteEndElement();
return;
}
else if (ClaimTypes.Thumbprint.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.X509ThumbprintClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
byte[] thumbprint = (byte[])claim.Resource;
writer.WriteBase64(thumbprint, 0, thumbprint.Length);
writer.WriteEndElement();
return;
}
else if (ClaimTypes.Name.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.NameClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
writer.WriteString((string)claim.Resource);
writer.WriteEndElement();
return;
}
else if (ClaimTypes.Dns.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.DnsClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
writer.WriteString((string)claim.Resource);
writer.WriteEndElement();
return;
}
else if (ClaimTypes.Rsa.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.RsaClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
writer.WriteString(((RSA)claim.Resource).ToXmlString(false));
writer.WriteEndElement();
return;
}
else if (ClaimTypes.Email.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.MailAddressClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
writer.WriteString(((MailAddress)claim.Resource).Address);
writer.WriteEndElement();
return;
}
else if (claim == Claim.System)
{
writer.WriteElementString(dictionary.SystemClaim, dictionary.EmptyString, string.Empty);
return;
}
else if (ClaimTypes.Hash.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.HashClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
byte[] hash = (byte[])claim.Resource;
writer.WriteBase64(hash, 0, hash.Length);
writer.WriteEndElement();
return;
}
else if (ClaimTypes.Spn.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.SpnClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
writer.WriteString((string)claim.Resource);
writer.WriteEndElement();
return;
}
else if (ClaimTypes.Upn.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.UpnClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
writer.WriteString((string)claim.Resource);
writer.WriteEndElement();
return;
}
else if (ClaimTypes.Uri.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.UrlClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
writer.WriteString(((Uri)claim.Resource).AbsoluteUri);
writer.WriteEndElement();
return;
}
else
{
// this is an extensible claim... need to delegate to xml object serializer
serializer.WriteObject(writer, claim);
}
}
public static void SerializeClaim(Claim claim, SctClaimDictionary dictionary, XmlDictionaryWriter writer, XmlObjectSerializer serializer)
{
// the order in which known claim types are checked is optimized for use patterns
if (claim == null)
{
writer.WriteElementString(dictionary.NullValue, dictionary.EmptyString, string.Empty);
return;
}
else if (ClaimTypes.Sid.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.WindowsSidClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
SerializeSid((SecurityIdentifier)claim.Resource, dictionary, writer);
writer.WriteEndElement();
return;
}
else if (ClaimTypes.DenyOnlySid.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.DenyOnlySidClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
SerializeSid((SecurityIdentifier)claim.Resource, dictionary, writer);
writer.WriteEndElement();
return;
}
else if (ClaimTypes.X500DistinguishedName.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.X500DistinguishedNameClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
byte[] rawData = ((X500DistinguishedName)claim.Resource).RawData;
writer.WriteBase64(rawData, 0, rawData.Length);
writer.WriteEndElement();
return;
}
else if (ClaimTypes.Thumbprint.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.X509ThumbprintClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
byte[] thumbprint = (byte[])claim.Resource;
writer.WriteBase64(thumbprint, 0, thumbprint.Length);
writer.WriteEndElement();
return;
}
else if (ClaimTypes.Name.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.NameClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
writer.WriteString((string)claim.Resource);
writer.WriteEndElement();
return;
}
else if (ClaimTypes.Dns.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.DnsClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
writer.WriteString((string)claim.Resource);
writer.WriteEndElement();
return;
}
else if (ClaimTypes.Rsa.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.RsaClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
writer.WriteString(((RSA)claim.Resource).ToXmlString(false));
writer.WriteEndElement();
return;
}
else if (ClaimTypes.Email.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.MailAddressClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
writer.WriteString(((MailAddress)claim.Resource).Address);
writer.WriteEndElement();
return;
}
else if (claim == Claim.System)
{
writer.WriteElementString(dictionary.SystemClaim, dictionary.EmptyString, string.Empty);
return;
}
else if (ClaimTypes.Hash.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.HashClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
byte[] hash = (byte[])claim.Resource;
writer.WriteBase64(hash, 0, hash.Length);
writer.WriteEndElement();
return;
}
else if (ClaimTypes.Spn.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.SpnClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
writer.WriteString((string)claim.Resource);
writer.WriteEndElement();
return;
}
else if (ClaimTypes.Upn.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.UpnClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
writer.WriteString((string)claim.Resource);
writer.WriteEndElement();
return;
}
else if (ClaimTypes.Uri.Equals(claim.ClaimType))
{
writer.WriteStartElement(dictionary.UrlClaim, dictionary.EmptyString);
WriteRightAttribute(claim, dictionary, writer);
writer.WriteString(((Uri)claim.Resource).AbsoluteUri);
writer.WriteEndElement();
return;
}
else
{
// this is an extensible claim... need to delegate to xml object serializer
serializer.WriteObject(writer, claim);
}
}
