public static Task<NetworkCredential> GetCredentialAsync(AuthenticationSchemes authenticationScheme, SecurityTokenProviderContainer credentialProvider,
OutWrapper<TokenImpersonationLevel> impersonationLevelWrapper, OutWrapper<AuthenticationLevel> authenticationLevelWrapper,
CancellationToken cancellationToken)
{
impersonationLevelWrapper.Value = TokenImpersonationLevel.None;
authenticationLevelWrapper.Value = AuthenticationLevel.None;
if (authenticationScheme == AuthenticationSchemes.Anonymous)
{
return Task.FromResult((NetworkCredential)null);
}
return GetCredentialCoreAsync(authenticationScheme, credentialProvider, impersonationLevelWrapper,
authenticationLevelWrapper, cancellationToken);
}
static async Task<NetworkCredential> GetCredentialCoreAsync(AuthenticationSchemes authenticationScheme,
SecurityTokenProviderContainer credentialProvider, OutWrapper<TokenImpersonationLevel> impersonationLevelWrapper,
OutWrapper<AuthenticationLevel> authenticationLevelWrapper, CancellationToken cancellationToken)
{
impersonationLevelWrapper.Value = TokenImpersonationLevel.None;
authenticationLevelWrapper.Value = AuthenticationLevel.None;
NetworkCredential result = null;
switch (authenticationScheme)
{
case AuthenticationSchemes.Basic:
result = await TransportSecurityHelpers.GetUserNameCredentialAsync(credentialProvider, cancellationToken);
impersonationLevelWrapper.Value = TokenImpersonationLevel.Delegation;
break;
case AuthenticationSchemes.Digest:
result = await TransportSecurityHelpers.GetSspiCredentialAsync(credentialProvider,
impersonationLevelWrapper, authenticationLevelWrapper, cancellationToken);
ValidateDigestCredential(result, impersonationLevelWrapper.Value);
break;
case AuthenticationSchemes.Negotiate:
result = await TransportSecurityHelpers.GetSspiCredentialAsync(credentialProvider,
impersonationLevelWrapper, authenticationLevelWrapper, cancellationToken);
break;
case AuthenticationSchemes.Ntlm:
result = await TransportSecurityHelpers.GetSspiCredentialAsync(credentialProvider,
impersonationLevelWrapper, authenticationLevelWrapper, cancellationToken);
if (authenticationLevelWrapper.Value == AuthenticationLevel.MutualAuthRequired)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(
new InvalidOperationException(SR.CredentialDisallowsNtlm));
}
break;
default:
// The setter for this property should prevent this.
throw Fx.AssertAndThrow("GetCredential: Invalid authentication scheme");
}
return result;
}
protected override Task<Stream> OnInitiateUpgradeAsync(Stream stream, OutWrapper<SecurityMessageProperty> remoteSecurity)
{
throw ExceptionHelper.PlatformNotSupported(ExceptionHelper.WinsdowsStreamSecurityNotSupported);
}
protected override async Task<Stream> OnInitiateUpgradeAsync(Stream stream, OutWrapper<SecurityMessageProperty> remoteSecurity)
{
NegotiateStream negotiateStream;
string targetName;
EndpointIdentity identity;
if (WcfEventSource.Instance.WindowsStreamSecurityOnInitiateUpgradeIsEnabled())
{
WcfEventSource.Instance.WindowsStreamSecurityOnInitiateUpgrade();
}
// prepare
InitiateUpgradePrepare(stream, out negotiateStream, out targetName, out identity);
// authenticate
try
{
await negotiateStream.AuthenticateAsClientAsync(_credential, targetName, _parent.ProtectionLevel, _impersonationLevel);
}
catch (AuthenticationException exception)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(exception.Message,
exception));
}
catch (IOException ioException)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(
SR.Format(SR.NegotiationFailedIO, ioException.Message), ioException));
}
remoteSecurity.Value = CreateServerSecurity(negotiateStream);
ValidateMutualAuth(identity, negotiateStream, remoteSecurity.Value, _allowNtlm);
return negotiateStream;
}
protected override Stream OnInitiateUpgrade(Stream stream, out SecurityMessageProperty remoteSecurity)
{
OutWrapper<SecurityMessageProperty> remoteSecurityOut = new OutWrapper<SecurityMessageProperty>();
var retVal = OnInitiateUpgradeAsync(stream, remoteSecurityOut).GetAwaiter().GetResult();
remoteSecurity = remoteSecurityOut.Value;
return retVal;
}
internal override async Task OpenAsync(TimeSpan timeout)
{
TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);
base.Open(timeoutHelper.RemainingTime());
OutWrapper<TokenImpersonationLevel> impersonationLevelWrapper = new OutWrapper<TokenImpersonationLevel>();
OutWrapper<bool> allowNtlmWrapper = new OutWrapper<bool>();
SecurityUtils.OpenTokenProviderIfRequired(_clientTokenProvider, timeoutHelper.RemainingTime());
_credential = await TransportSecurityHelpers.GetSspiCredentialAsync(
_clientTokenProvider,
impersonationLevelWrapper,
allowNtlmWrapper,
timeoutHelper.GetCancellationToken());
_impersonationLevel = impersonationLevelWrapper.Value;
_allowNtlm = allowNtlmWrapper;
return;
}
internal async Task<IConnection> SendPreambleAsync(IConnection connection, TimeoutHelper timeoutHelper, ClientFramingDecoder decoder)
{
await connection.WriteAsync(Preamble, 0, Preamble.Length, true, timeoutHelper.RemainingTime());
if (_upgrade != null)
{
StreamUpgradeInitiator upgradeInitiator = _upgrade.CreateUpgradeInitiator(this.RemoteAddress, this.Via);
await upgradeInitiator.OpenAsync(timeoutHelper.RemainingTime());
var connectionWrapper = new OutWrapper<IConnection>();
connectionWrapper.Value = connection;
bool upgradeInitiated = await ConnectionUpgradeHelper.InitiateUpgradeAsync(upgradeInitiator, connectionWrapper, decoder, this, timeoutHelper.RemainingTime());
connection = connectionWrapper.Value;
if (!upgradeInitiated)
{
await ConnectionUpgradeHelper.DecodeFramingFaultAsync(decoder, connection, this.Via, _messageEncoder.ContentType, timeoutHelper.RemainingTime());
}
await upgradeInitiator.CloseAsync(timeoutHelper.RemainingTime());
await connection.WriteAsync(ClientSingletonEncoder.PreambleEndBytes, 0, ClientSingletonEncoder.PreambleEndBytes.Length, true, timeoutHelper.RemainingTime());
}
byte[] ackBuffer = new byte[1];
int ackBytesRead = await connection.ReadAsync(ackBuffer, 0, ackBuffer.Length, timeoutHelper.RemainingTime());
if (!ConnectionUpgradeHelper.ValidatePreambleResponse(ackBuffer, ackBytesRead, decoder, Via))
{
await ConnectionUpgradeHelper.DecodeFramingFaultAsync(decoder, connection, Via,
_messageEncoder.ContentType, timeoutHelper.RemainingTime());
}
return connection;
}
public async Task<Message> ParseIncomingMessageAsync(HttpRequestMessage httpRequestMessage, OutWrapper<Exception> requestException)
{
Message message = null;
requestException.Value = null;
bool throwing = true;
try
{
ValidateContentType();
if (!this.HasContent)
{
if (_messageEncoder.MessageVersion == MessageVersion.None)
{
message = new NullMessage();
}
else
{
return null;
}
}
else
{
Stream stream = this.GetInputStream(true);
if (_streamed)
{
message = ReadStreamedMessage(stream);
}
else if (this.ContentLength == -1)
{
message = ReadChunkedBufferedMessage(stream);
}
else
{
if (httpRequestMessage == null)
{
message = await ReadBufferedMessageAsync(stream);
}
else
{
message = await ReadBufferedMessageAsync(httpRequestMessage);
}
}
}
requestException.Value = ProcessHttpAddressing(message);
throwing = false;
return message;
}
finally
{
if (throwing)
{
Close();
}
}
}
public Task<Message> ParseIncomingMessageAsync(OutWrapper<Exception> requestException)
{
return this.ParseIncomingMessageAsync(null, requestException);
}
internal override async Task<Stream> InitiateUpgradeAsync(Stream stream)
{
if (stream == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("stream");
}
if (!_isOpen)
{
Open(TimeSpan.Zero);
}
var remoteSecurityWrapper = new OutWrapper<SecurityMessageProperty>();
Stream result = await OnInitiateUpgradeAsync(stream, remoteSecurityWrapper);
_remoteSecurity = remoteSecurityWrapper;
_securityUpgraded = true;
return result;
}
protected abstract Task<Stream> OnInitiateUpgradeAsync(Stream stream, OutWrapper<SecurityMessageProperty> remoteSecurity);
