protected override ReadOnlyCollection <IAuthorizationPolicy> ValidateSspiNegotiation(ISspiNegotiation sspiNegotiation)
{
WindowsSspiNegotiation windowsNegotiation = (WindowsSspiNegotiation)sspiNegotiation;
if (windowsNegotiation.IsValidContext == false)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new SecurityNegotiationException(SR.GetString(SR.InvalidSspiNegotiation)));
}
SecurityTraceRecordHelper.TraceServiceSpnego(windowsNegotiation);
if (this.IsClientAnonymous)
{
return(EmptyReadOnlyCollection <IAuthorizationPolicy> .Instance);
}
using (SafeCloseHandle contextToken = windowsNegotiation.GetContextToken())
{
WindowsIdentity windowsIdentity = new WindowsIdentity(contextToken.DangerousGetHandle(), windowsNegotiation.ProtocolName);
SecurityUtils.ValidateAnonymityConstraint(windowsIdentity, this.AllowUnauthenticatedCallers);
List <IAuthorizationPolicy> policies = new List <IAuthorizationPolicy>(1);
WindowsClaimSet wic = new WindowsClaimSet(windowsIdentity, windowsNegotiation.ProtocolName, this.extractGroupsForWindowsAccounts, false);
policies.Add(new System.IdentityModel.Policy.UnconditionalPolicy(wic, TimeoutHelper.Add(DateTime.UtcNow, base.ServiceTokenLifetime)));
return(policies.AsReadOnly());
}
}
