static void GetTokensCallback(IAsyncResult result) { if (result.CompletedSynchronously) { return; } CreateSspiStateAsyncResult typedResult = (CreateSspiStateAsyncResult)result.AsyncState; try { SecurityToken token = typedResult.tlsTokenProvider.ClientTokenProvider.EndGetToken(result); X509SecurityToken clientToken = TlsnegoTokenProvider.ValidateToken(token); typedResult.sspiState = typedResult.tlsTokenProvider.CreateTlsSspiState(clientToken); typedResult.Complete(false); } catch (Exception e) { if (Fx.IsFatal(e)) { throw; } typedResult.Complete(false, e); } }
public CreateSspiStateAsyncResult(EndpointAddress target, Uri via, TlsnegoTokenProvider tlsTokenProvider, TimeSpan timeout, AsyncCallback callback, object state) : base(callback, state) { this.tlsTokenProvider = tlsTokenProvider; IAsyncResult result = this.tlsTokenProvider.ClientTokenProvider.BeginGetToken(timeout, getTokensCallback, this); if (result.CompletedSynchronously) { X509SecurityToken token = TlsnegoTokenProvider.ValidateToken(this.tlsTokenProvider.ClientTokenProvider.EndGetToken(result)); this.sspiState = this.tlsTokenProvider.CreateTlsSspiState(token); base.Complete(true); } }
private static void GetTokensCallback(IAsyncResult result) { if (!result.CompletedSynchronously) { TlsnegoTokenProvider.CreateSspiStateAsyncResult asyncState = (TlsnegoTokenProvider.CreateSspiStateAsyncResult)result.AsyncState; try { X509SecurityToken token = TlsnegoTokenProvider.ValidateToken(asyncState.tlsTokenProvider.ClientTokenProvider.EndGetToken(result)); asyncState.sspiState = asyncState.tlsTokenProvider.CreateTlsSspiState(token); asyncState.Complete(false); } catch (Exception exception) { if (Fx.IsFatal(exception)) { throw; } asyncState.Complete(false, exception); } } }
public CreateSspiStateAsyncResult(EndpointAddress target, Uri via, TlsnegoTokenProvider tlsTokenProvider, TimeSpan timeout, AsyncCallback callback, object state) : base(callback, state) { this.tlsTokenProvider = tlsTokenProvider; IAsyncResult result = this.tlsTokenProvider.ClientTokenProvider.BeginGetToken(timeout, getTokensCallback, this); if (!result.CompletedSynchronously) { return; } SecurityToken token = this.tlsTokenProvider.ClientTokenProvider.EndGetToken(result); X509SecurityToken clientToken = ValidateToken(token); this.sspiState = this.tlsTokenProvider.CreateTlsSspiState(clientToken); base.Complete(true); }
SecurityTokenProvider CreateTlsnegoTokenProvider(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement, bool requireClientCertificate) { EndpointAddress targetAddress = initiatorRequirement.TargetAddress; if (targetAddress == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenRequirementDoesNotSpecifyTargetAddress, initiatorRequirement)); } SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement; if (securityBindingElement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenProviderRequiresSecurityBindingElement, initiatorRequirement)); } SspiIssuanceChannelParameter sspiChannelParameter = GetSspiIssuanceChannelParameter(initiatorRequirement); bool negotiateTokenOnOpen = sspiChannelParameter != null && sspiChannelParameter.GetTokenOnOpen; LocalClientSecuritySettings localClientSettings = securityBindingElement.LocalClientSettings; BindingContext issuerBindingContext = initiatorRequirement.GetProperty<BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty); TlsnegoTokenProvider tlsnegoTokenProvider = new TlsnegoTokenProvider(); tlsnegoTokenProvider.IssuerAddress = initiatorRequirement.IssuerAddress; tlsnegoTokenProvider.NegotiateTokenOnOpen = negotiateTokenOnOpen; tlsnegoTokenProvider.CacheServiceTokens = negotiateTokenOnOpen || localClientSettings.CacheCookies; if (requireClientCertificate) { tlsnegoTokenProvider.ClientTokenProvider = this.CreateTlsnegoClientX509TokenProvider(initiatorRequirement); } tlsnegoTokenProvider.IssuerBindingContext = issuerBindingContext; tlsnegoTokenProvider.ApplicationProtectionRequirements = (issuerBindingContext != null) ? issuerBindingContext.BindingParameters.Find<ChannelProtectionRequirements>() : null; tlsnegoTokenProvider.MaxServiceTokenCachingTime = localClientSettings.MaxCookieCachingTime; tlsnegoTokenProvider.SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite; tlsnegoTokenProvider.ServerTokenAuthenticator = this.CreateTlsnegoServerX509TokenAuthenticator(initiatorRequirement); tlsnegoTokenProvider.ServiceTokenValidityThresholdPercentage = localClientSettings.CookieRenewalThresholdPercentage; tlsnegoTokenProvider.StandardsManager = SecurityUtils.CreateSecurityStandardsManager(initiatorRequirement, this); tlsnegoTokenProvider.TargetAddress = initiatorRequirement.TargetAddress; tlsnegoTokenProvider.Via = initiatorRequirement.GetPropertyOrDefault<Uri>(InitiatorServiceModelSecurityTokenRequirement.ViaProperty, null); return tlsnegoTokenProvider; }
private SecurityTokenProvider CreateTlsnegoTokenProvider(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement, bool requireClientCertificate) { if (initiatorRequirement.TargetAddress == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenRequirementDoesNotSpecifyTargetAddress", new object[] { initiatorRequirement })); } SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement; if (securityBindingElement == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenProviderRequiresSecurityBindingElement", new object[] { initiatorRequirement })); } SspiIssuanceChannelParameter sspiIssuanceChannelParameter = this.GetSspiIssuanceChannelParameter(initiatorRequirement); bool flag = (sspiIssuanceChannelParameter != null) && sspiIssuanceChannelParameter.GetTokenOnOpen; LocalClientSecuritySettings localClientSettings = securityBindingElement.LocalClientSettings; BindingContext property = initiatorRequirement.GetProperty<BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty); TlsnegoTokenProvider provider = new TlsnegoTokenProvider { IssuerAddress = initiatorRequirement.IssuerAddress, NegotiateTokenOnOpen = flag, CacheServiceTokens = flag || localClientSettings.CacheCookies }; if (requireClientCertificate) { provider.ClientTokenProvider = this.CreateTlsnegoClientX509TokenProvider(initiatorRequirement); } provider.IssuerBindingContext = property; provider.ApplicationProtectionRequirements = (property != null) ? property.BindingParameters.Find<ChannelProtectionRequirements>() : null; provider.MaxServiceTokenCachingTime = localClientSettings.MaxCookieCachingTime; provider.SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite; provider.ServerTokenAuthenticator = this.CreateTlsnegoServerX509TokenAuthenticator(initiatorRequirement); provider.ServiceTokenValidityThresholdPercentage = localClientSettings.CookieRenewalThresholdPercentage; provider.StandardsManager = System.ServiceModel.Security.SecurityUtils.CreateSecurityStandardsManager(initiatorRequirement, this); provider.TargetAddress = initiatorRequirement.TargetAddress; provider.Via = initiatorRequirement.GetPropertyOrDefault<Uri>(ServiceModelSecurityTokenRequirement.ViaProperty, null); return provider; }