public TcpTransportSecurity()
{
this.clientCredentialType = DefaultClientCredentialType;
this.protectionLevel = DefaultProtectionLevel;
this.extendedProtectionPolicy = ChannelBindingUtility.DefaultPolicy;
this.sslProtocols = TransportDefaults.SslProtocols;
}
public WindowsStreamSecurityUpgradeProvider(WindowsStreamSecurityBindingElement bindingElement,
BindingContext context, bool isClient)
: base(context.Binding)
{
_extractGroupsForWindowsAccounts = TransportDefaults.ExtractGroupsForWindowsAccounts;
_protectionLevel = bindingElement.ProtectionLevel;
_scheme = context.Binding.Scheme;
_isClient = isClient;
_listenUri = TransportSecurityHelpers.GetListenUri(context.ListenUriBaseAddress, context.ListenUriRelativeAddress);
SecurityCredentialsManager credentialProvider = context.BindingParameters.Find<SecurityCredentialsManager>();
if (credentialProvider == null)
{
if (isClient)
{
credentialProvider = ClientCredentials.CreateDefaultCredentials();
}
else
{
throw ExceptionHelper.PlatformNotSupported("WindowsStreamSecurityUpgradeProvider for server is not supported.");
}
}
_securityTokenManager = credentialProvider.CreateSecurityTokenManager();
}
public WindowsStreamSecurityUpgradeProvider(WindowsStreamSecurityBindingElement bindingElement,
BindingContext context, bool isClient)
: base(context.Binding)
{
this.extractGroupsForWindowsAccounts = TransportDefaults.ExtractGroupsForWindowsAccounts;
this.protectionLevel = bindingElement.ProtectionLevel;
this.scheme = context.Binding.Scheme;
this.isClient = isClient;
this.listenUri = TransportSecurityHelpers.GetListenUri(context.ListenUriBaseAddress, context.ListenUriRelativeAddress);
SecurityCredentialsManager credentialProvider = context.BindingParameters.Find<SecurityCredentialsManager>();
if (credentialProvider == null)
{
if (isClient)
{
credentialProvider = ClientCredentials.CreateDefaultCredentials();
}
else
{
credentialProvider = ServiceCredentials.CreateDefaultCredentials();
}
}
this.securityTokenManager = credentialProvider.CreateSecurityTokenManager();
}
//
public virtual void AuthenticateAsClient( NetworkCredential credential,
string targetName,
ProtectionLevel requiredProtectionLevel, //this will be the ultimate result or exception
TokenImpersonationLevel allowedImpersonationLevel) //this OR LOWER will be ultimate result in auth context
{
AuthenticateAsClient(credential, null, targetName, requiredProtectionLevel, allowedImpersonationLevel);
}
public MsmqTransportSecurity()
{
this.msmqAuthenticationMode = System.ServiceModel.MsmqAuthenticationMode.WindowsDomain;
this.msmqEncryptionAlgorithm = System.ServiceModel.MsmqEncryptionAlgorithm.RC4Stream;
this.msmqHashAlgorithm = System.ServiceModel.MsmqSecureHashAlgorithm.Sha1;
this.msmqProtectionLevel = ProtectionLevel.Sign;
}
internal void ValidateCreateContext(
string package,
NetworkCredential credential,
string servicePrincipalName,
ExtendedProtectionPolicy policy,
ProtectionLevel protectionLevel,
TokenImpersonationLevel impersonationLevel)
{
if (policy != null)
{
// One of these must be set if EP is turned on
if (policy.CustomChannelBinding == null && policy.CustomServiceNames == null)
{
throw new ArgumentException(SR.net_auth_must_specify_extended_protection_scheme, nameof(policy));
}
_extendedProtectionPolicy = policy;
}
else
{
_extendedProtectionPolicy = new ExtendedProtectionPolicy(PolicyEnforcement.Never);
}
ValidateCreateContext(package, true, credential, servicePrincipalName, _extendedProtectionPolicy.CustomChannelBinding, protectionLevel, impersonationLevel);
}
public BindingProperties(SecurityMode securityMode, MessageCredentialType messageCredentialType,
TcpClientCredentialType tcpClientCredentialType, ProtectionLevel protectionLevel,
int maxConnections, long maxReceivedMessageSize, long maxBufferPoolSize, int maxArrayLength,
int maxBytesPerRead, int maxDepth, int maxStringContentLength, int maxBufferSize,
TimeSpan openTimeout, TimeSpan closeTimeout, TimeSpan receiveTimeout, TimeSpan sendTimeout)
{
m_SecurityMode = securityMode;
m_MessageCredentialType = messageCredentialType;
m_TcpClientCredentialType = tcpClientCredentialType;
m_ProtectionLevel = protectionLevel;
m_MaxConnections = maxConnections;
m_MaxReceivedMessageSize = maxReceivedMessageSize;
m_MaxBufferPoolSize = maxBufferPoolSize;
m_MaxArrayLength = maxArrayLength;
m_MaxBytesPerRead = maxBytesPerRead;
m_MaxDepth = maxDepth;
m_MaxStringContentLength = maxStringContentLength;
m_MaxBufferSize = maxBufferSize;
m_OpenTimeout = openTimeout;
m_CloseTimeout = closeTimeout;
m_ReceiveTimeout = receiveTimeout;
m_SendTimeout = sendTimeout;
}
public MsmqTransportSecurity()
{
this.msmqAuthenticationMode = MsmqDefaults.MsmqAuthenticationMode;
this.msmqEncryptionAlgorithm = MsmqDefaults.MsmqEncryptionAlgorithm;
this.msmqHashAlgorithm = MsmqDefaults.MsmqSecureHashAlgorithm;
this.msmqProtectionLevel = MsmqDefaults.MsmqProtectionLevel;
}
public SecurityCapabilities(bool supportsClientAuth, bool supportsServerAuth, bool supportsClientWindowsIdentity, ProtectionLevel requestProtectionLevel, ProtectionLevel responseProtectionLevel)
{
this.supportsClientAuth = supportsClientAuth;
this.supportsServerAuth = supportsServerAuth;
this.supportsClientWindowsIdentity = supportsClientWindowsIdentity;
this.requestProtectionLevel = requestProtectionLevel;
this.responseProtectionLevel = responseProtectionLevel;
}
private WSHttpContextBinding(WSHttpBinding wsHttpBinding)
{
this.contextProtectionLevel = ProtectionLevel.Sign;
this.contextManagementEnabled = true;
WSHttpContextBindingPropertyTransferHelper helper = new WSHttpContextBindingPropertyTransferHelper();
helper.InitializeFrom(wsHttpBinding);
helper.SetBindingElementType(typeof(WSHttpContextBinding));
helper.ApplyConfiguration(this);
}
internal void ValidateCreateContext(string package,
NetworkCredential credential,
string servicePrincipalName,
ExtendedProtectionPolicy policy,
ProtectionLevel protectionLevel,
TokenImpersonationLevel impersonationLevel)
{
throw new PlatformNotSupportedException();
}
public MsmqTransportSecurity(MsmqTransportSecurity other)
{
if (null == other)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("other");
this.msmqAuthenticationMode = other.MsmqAuthenticationMode;
this.msmqEncryptionAlgorithm = other.MsmqEncryptionAlgorithm;
this.msmqHashAlgorithm = other.MsmqSecureHashAlgorithm;
this.msmqProtectionLevel = other.MsmqProtectionLevel;
}
private NetTcpContextBinding(NetTcpBinding netTcpBinding)
{
this.contextManagementEnabled = true;
this.contextProtectionLevel = ProtectionLevel.Sign;
NetTcpContextBindingPropertyTransferHelper helper = new NetTcpContextBindingPropertyTransferHelper();
helper.InitializeFrom(netTcpBinding);
helper.SetBindingElementType(typeof(NetTcpContextBinding));
helper.ApplyConfiguration(this);
}
void SetProtectionLevel(ProtectionLevel protectionLevel)
{
m_NonProtectionRadioButton.Enabled = true;
m_SignedRadioButton.Enabled = true;
m_EncryptRadioButton.Enabled = true;
m_NonProtectionRadioButton.Checked = protectionLevel == ProtectionLevel.None;
m_SignedRadioButton.Checked = protectionLevel == ProtectionLevel.Sign;
m_EncryptRadioButton.Checked = protectionLevel == ProtectionLevel.EncryptAndSign;
}
internal ChannelProtectionRequirements(ChannelProtectionRequirements other, ProtectionLevel newBodyProtectionLevel)
{
if (other == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("other"));
_incomingSignatureParts = new ScopedMessagePartSpecification(other._incomingSignatureParts, newBodyProtectionLevel != ProtectionLevel.None);
_incomingEncryptionParts = new ScopedMessagePartSpecification(other._incomingEncryptionParts, newBodyProtectionLevel == ProtectionLevel.EncryptAndSign);
_outgoingSignatureParts = new ScopedMessagePartSpecification(other._outgoingSignatureParts, newBodyProtectionLevel != ProtectionLevel.None);
_outgoingEncryptionParts = new ScopedMessagePartSpecification(other._outgoingEncryptionParts, newBodyProtectionLevel == ProtectionLevel.EncryptAndSign);
}
public WSHttpContextBinding(string configName)
{
this.contextProtectionLevel = ProtectionLevel.Sign;
this.contextManagementEnabled = true;
if (configName == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("configName");
}
this.ApplyConfiguration(configName);
}
public static HtmlBuilder protectionLevel(this HtmlBuilder builder, ProtectionLevel plevel)
{
switch (plevel)
{
case ProtectionLevel.PRIVATE: return builder.text("private");
case ProtectionLevel.INTERNAL: return builder.text("internal"); ;
case ProtectionLevel.PROTECTED: return builder.text("protected");
default:
case ProtectionLevel.PUBLIC: return builder.text("public");
}
}
internal void ValidateCreateContext(
string package,
bool isServer,
NetworkCredential credential,
string servicePrincipalName,
ChannelBinding channelBinding,
ProtectionLevel protectionLevel,
TokenImpersonationLevel impersonationLevel
)
{
throw new PlatformNotSupportedException();
}
private IAsyncResult BeginAuthenticateAsClient(
NetworkCredential credential,
string targetName,
ProtectionLevel requiredProtectionLevel,
TokenImpersonationLevel allowedImpersonationLevel,
AsyncCallback asyncCallback,
object asyncState)
{
return BeginAuthenticateAsClient(credential, null, targetName,
requiredProtectionLevel, allowedImpersonationLevel,
asyncCallback, asyncState);
}
public TcpServerChannel(int port)
{
this._channelPriority = 1;
this._channelName = "tcp";
this._port = -1;
this._bUseIpAddress = true;
this._bindToAddr = Socket.OSSupportsIPv4 ? IPAddress.Any : IPAddress.IPv6Any;
this._protectionLevel = ProtectionLevel.EncryptAndSign;
this._bExclusiveAddressUse = true;
this._port = port;
this.SetupMachineName();
this.SetupChannel();
}
internal MessagePartDescription(MessagePartDescription other)
{
_name = other._name;
_ns = other._ns;
_index = other._index;
_type = other._type;
_serializationPosition = other._serializationPosition;
_hasProtectionLevel = other._hasProtectionLevel;
_protectionLevel = other._protectionLevel;
_memberInfo = other._memberInfo;
_multiple = other._multiple;
_additionalAttributesProvider = other._additionalAttributesProvider;
_baseType = other._baseType;
_uniquePartName = other._uniquePartName;
}
// Methods
internal MessagePartDescription(MessagePartDescription other)
{
this.name = other.name;
this.ns = other.ns;
this.index = other.index;
this.type = other.type;
this.serializationPosition = other.serializationPosition;
this.hasProtectionLevel = other.hasProtectionLevel;
this.protectionLevel = other.protectionLevel;
this.memberInfo = other.memberInfo;
this.multiple = other.multiple;
this.additionalAttributesProvider = other.additionalAttributesProvider;
this.baseType = other.baseType;
this.uniquePartName = other.uniquePartName;
}
internal static void EnterXPSendLock(out bool lockHeld, ProtectionLevel protectionLevel)
{
lockHeld = false;
if ((xpSendLock != null) && (protectionLevel != ProtectionLevel.None))
{
try
{
}
finally
{
Monitor.Enter(xpSendLock);
lockHeld = true;
}
}
}
internal TcpClientTransportSink(string channelURI, TcpClientChannel channel)
{
string str;
this._socketCacheTimeout = TimeSpan.FromSeconds(10.0);
this._spn = string.Empty;
this._retryCount = 1;
this._tokenImpersonationLevel = TokenImpersonationLevel.Identification;
this._protectionLevel = ProtectionLevel.EncryptAndSign;
this._channel = channel;
string uriString = TcpChannelHelper.ParseURL(channelURI, out str);
this.ClientSocketCache = new SocketCache(new SocketHandlerFactory(this.CreateSocketHandler), this._socketCachePolicy, this._socketCacheTimeout);
Uri uri = new Uri(uriString);
if (uri.IsDefaultPort)
{
throw new RemotingException(string.Format(CultureInfo.CurrentCulture, CoreChannel.GetResourceString("Remoting_Tcp_UrlMustHavePort"), new object[] { channelURI }));
}
this.m_machineName = uri.Host;
this.m_port = uri.Port;
this._machineAndPort = this.m_machineName + ":" + this.m_port;
}
public WindowsStreamSecurityUpgradeProvider(WindowsStreamSecurityBindingElement bindingElement,
BindingContext context, bool isClient)
: base(context.Binding)
{
Contract.Assert(isClient, ".NET Core and .NET Native does not support server side");
_extractGroupsForWindowsAccounts = TransportDefaults.ExtractGroupsForWindowsAccounts;
_protectionLevel = bindingElement.ProtectionLevel;
_scheme = context.Binding.Scheme;
_isClient = isClient;
_listenUri = TransportSecurityHelpers.GetListenUri(context.ListenUriBaseAddress, context.ListenUriRelativeAddress);
SecurityCredentialsManager credentialProvider = context.BindingParameters.Find<SecurityCredentialsManager>();
if (credentialProvider == null)
{
credentialProvider = ClientCredentials.CreateDefaultCredentials();
}
_securityTokenManager = credentialProvider.CreateSecurityTokenManager();
}
internal static ChannelProtectionRequirements GetChannelProtectionRequirements(ProtectionLevel protectionLevel)
{
ChannelProtectionRequirements result;
if (protectionLevel == ProtectionLevel.EncryptAndSign)
{
if (encryptAndSignChannelProtectionRequirements == null)
{
MessagePartSpecification header = new MessagePartSpecification();
header.HeaderTypes.Add(new XmlQualifiedName(CallbackContextHeaderName, CallbackContextHeaderNamespace));
ChannelProtectionRequirements requirements = new ChannelProtectionRequirements();
requirements.IncomingSignatureParts.AddParts(header);
requirements.IncomingEncryptionParts.AddParts(header);
requirements.OutgoingSignatureParts.AddParts(header);
requirements.OutgoingEncryptionParts.AddParts(header);
requirements.MakeReadOnly();
encryptAndSignChannelProtectionRequirements = requirements;
}
result = encryptAndSignChannelProtectionRequirements;
}
else if (protectionLevel == ProtectionLevel.Sign)
{
if (signChannelProtectionRequirements == null)
{
MessagePartSpecification header = new MessagePartSpecification();
header.HeaderTypes.Add(new XmlQualifiedName(CallbackContextHeaderName, CallbackContextHeaderNamespace));
ChannelProtectionRequirements requirements = new ChannelProtectionRequirements();
requirements.IncomingSignatureParts.AddParts(header);
requirements.OutgoingSignatureParts.AddParts(header);
requirements.MakeReadOnly();
signChannelProtectionRequirements = requirements;
}
result = signChannelProtectionRequirements;
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("protectionLevel"));
}
return result;
}
internal static ChannelProtectionRequirements GetChannelProtectionRequirements(ProtectionLevel protectionLevel)
{
if (protectionLevel == ProtectionLevel.EncryptAndSign)
{
if (encryptAndSignChannelProtectionRequirements == null)
{
MessagePartSpecification parts = new MessagePartSpecification {
HeaderTypes = { new XmlQualifiedName("CallbackContext", "http://schemas.microsoft.com/ws/2008/02/context") }
};
ChannelProtectionRequirements requirements2 = new ChannelProtectionRequirements();
requirements2.IncomingSignatureParts.AddParts(parts);
requirements2.IncomingEncryptionParts.AddParts(parts);
requirements2.OutgoingSignatureParts.AddParts(parts);
requirements2.OutgoingEncryptionParts.AddParts(parts);
requirements2.MakeReadOnly();
encryptAndSignChannelProtectionRequirements = requirements2;
}
return encryptAndSignChannelProtectionRequirements;
}
if (protectionLevel != ProtectionLevel.Sign)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("protectionLevel"));
}
if (signChannelProtectionRequirements == null)
{
MessagePartSpecification specification2 = new MessagePartSpecification {
HeaderTypes = { new XmlQualifiedName("CallbackContext", "http://schemas.microsoft.com/ws/2008/02/context") }
};
ChannelProtectionRequirements requirements3 = new ChannelProtectionRequirements();
requirements3.IncomingSignatureParts.AddParts(specification2);
requirements3.OutgoingSignatureParts.AddParts(specification2);
requirements3.MakeReadOnly();
signChannelProtectionRequirements = requirements3;
}
return signChannelProtectionRequirements;
}
public virtual void AuthenticateAsServer(NetworkCredential credential, ProtectionLevel requiredProtectionLevel, TokenImpersonationLevel requiredImpersonationLevel)
{
AuthenticateAsServer(credential, null, requiredProtectionLevel, requiredImpersonationLevel);
}
public virtual void AuthenticateAsClient(
NetworkCredential credential, string targetName, ProtectionLevel requiredProtectionLevel, TokenImpersonationLevel allowedImpersonationLevel)
{
AuthenticateAsClient(credential, null, targetName, requiredProtectionLevel, allowedImpersonationLevel);
}
public virtual void AuthenticateAsServer(NetworkCredential credential, ExtendedProtectionPolicy policy, ProtectionLevel requiredProtectionLevel, TokenImpersonationLevel requiredImpersonationLevel)
{
#if DEBUG
using (DebugThreadTracking.SetThreadKind(ThreadKinds.User | ThreadKinds.Sync))
{
#endif
_negoState.ValidateCreateContext(_package, credential, string.Empty, policy, requiredProtectionLevel, requiredImpersonationLevel);
_negoState.ProcessAuthentication(null);
#if DEBUG
}
#endif
}
internal void Disable()
{
this.msmqAuthenticationMode = MsmqAuthenticationMode.None;
this.msmqProtectionLevel = ProtectionLevel.None;
}
public virtual Task AuthenticateAsServerAsync(NetworkCredential credential, ProtectionLevel requiredProtectionLevel, TokenImpersonationLevel requiredImpersonationLevel)
{
return(Task.Factory.FromAsync(BeginAuthenticateAsServer, EndAuthenticateAsServer, credential, requiredProtectionLevel, requiredImpersonationLevel, null));
}
public WindowsStreamSecurityBindingElement()
: base()
{
_protectionLevel = ConnectionOrientedTransportDefaults.ProtectionLevel;
}
public static bool IsStronger(ProtectionLevel v1, ProtectionLevel v2)
{
return((v1 == ProtectionLevel.EncryptAndSign && v2 != ProtectionLevel.EncryptAndSign) ||
(v1 == ProtectionLevel.Sign && v2 == ProtectionLevel.None));
}
public virtual Task AuthenticateAsServerAsync(NetworkCredential credential, ProtectionLevel requiredProtectionLevel, TokenImpersonationLevel requiredImpersonationLevel)
{
return Task.Factory.FromAsync(BeginAuthenticateAsServer, EndAuthenticateAsServer, credential, requiredProtectionLevel, requiredImpersonationLevel, null);
}
public static bool IsStrongerOrEqual(ProtectionLevel v1, ProtectionLevel v2)
{
return(v1 == ProtectionLevel.EncryptAndSign ||
(v1 == ProtectionLevel.Sign && v2 != ProtectionLevel.EncryptAndSign));
}
public virtual System.IAsyncResult BeginAuthenticateAsServer(System.Net.NetworkCredential credential, ProtectionLevel requiredProtectionLevel, System.Security.Principal.TokenImpersonationLevel requiredImpersonationLevel, System.AsyncCallback asyncCallback, object asyncState)
{
}
private static void AddFaultProtectionRequirements(FaultDescriptionCollection faults, ChannelProtectionRequirements requirements, ProtectionLevel defaultProtectionLevel, bool addToIncoming)
{
if (faults == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("faults"));
}
if (requirements == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("requirements"));
}
foreach (FaultDescription fault in faults)
{
MessagePartSpecification signedParts = new MessagePartSpecification();
MessagePartSpecification encryptedParts = new MessagePartSpecification();
ProtectionLevel p = fault.HasProtectionLevel ? fault.ProtectionLevel : defaultProtectionLevel;
if (p != ProtectionLevel.None)
{
signedParts.IsBodyIncluded = true;
if (p == ProtectionLevel.EncryptAndSign)
{
encryptedParts.IsBodyIncluded = true;
}
}
if (addToIncoming)
{
requirements.IncomingSignatureParts.AddParts(signedParts, fault.Action);
requirements.IncomingEncryptionParts.AddParts(encryptedParts, fault.Action);
}
else
{
requirements.OutgoingSignatureParts.AddParts(signedParts, fault.Action);
requirements.OutgoingEncryptionParts.AddParts(encryptedParts, fault.Action);
}
}
}
internal static ProtectionLevel Max(ProtectionLevel v1, ProtectionLevel v2)
{
return(IsStronger(v1, v2) ? v1 : v2);
}
public virtual void AuthenticateAsServer(NetworkCredential credential, System.Security.Authentication.ExtendedProtection.ExtendedProtectionPolicy policy, ProtectionLevel requiredProtectionLevel, System.Security.Principal.TokenImpersonationLevel requiredImpersonationLevel)
{
}
public virtual System.Threading.Tasks.Task AuthenticateAsClientAsync(NetworkCredential credential, System.Security.Authentication.ExtendedProtection.ChannelBinding binding, string targetName, ProtectionLevel requiredProtectionLevel, System.Security.Principal.TokenImpersonationLevel allowedImpersonationLevel)
{
throw null;
}
public virtual System.Threading.Tasks.Task AuthenticateAsServerAsync(NetworkCredential credential, System.Security.Authentication.ExtendedProtection.ExtendedProtectionPolicy policy, ProtectionLevel requiredProtectionLevel, System.Security.Principal.TokenImpersonationLevel requiredImpersonationLevel)
{
throw null;
}
public static bool IsDefined(ProtectionLevel value)
{
return(value == ProtectionLevel.None ||
value == ProtectionLevel.Sign ||
value == ProtectionLevel.EncryptAndSign);
}
public virtual void AuthenticateAsClient(System.Net.NetworkCredential credential, string targetName, ProtectionLevel requiredProtectionLevel, System.Security.Principal.TokenImpersonationLevel allowedImpersonationLevel)
{
}
protected WindowsStreamSecurityBindingElement(WindowsStreamSecurityBindingElement elementToBeCloned)
: base(elementToBeCloned)
{
_protectionLevel = elementToBeCloned._protectionLevel;
}
public virtual Task AuthenticateAsServerAsync(
NetworkCredential credential, ExtendedProtectionPolicy policy,
ProtectionLevel requiredProtectionLevel,
TokenImpersonationLevel requiredImpersonationLevel)
{
return Task.Factory.FromAsync((callback, state) => BeginAuthenticateAsServer(credential, policy, requiredProtectionLevel, requiredImpersonationLevel, callback, state), EndAuthenticateAsClient, null);
}
private static void AddHeaderProtectionRequirements(MessageHeaderDescription header, MessagePartSpecification signedParts,
MessagePartSpecification encryptedParts, ProtectionLevel defaultProtectionLevel)
{
ProtectionLevel p = header.HasProtectionLevel ? header.ProtectionLevel : defaultProtectionLevel;
if (p != ProtectionLevel.None)
{
XmlQualifiedName headerName = new XmlQualifiedName(header.Name, header.Namespace);
signedParts.HeaderTypes.Add(headerName);
if (p == ProtectionLevel.EncryptAndSign)
{
encryptedParts.HeaderTypes.Add(headerName);
}
}
}
private IAsyncResult BeginAuthenticateAsClient(
NetworkCredential credential,
ChannelBinding binding,
string targetName,
ProtectionLevel requiredProtectionLevel,
TokenImpersonationLevel allowedImpersonationLevel,
AsyncCallback asyncCallback,
object asyncState)
{
#if DEBUG
using (GlobalLog.SetThreadKind(ThreadKinds.User | ThreadKinds.Async))
{
#endif
_negoState.ValidateCreateContext(_package, false, credential, targetName, binding, requiredProtectionLevel, allowedImpersonationLevel);
LazyAsyncResult result = new LazyAsyncResult(_negoState, asyncState, asyncCallback);
_negoState.ProcessAuthentication(result);
return result;
#if DEBUG
}
#endif
}
internal static ChannelProtectionRequirements CreateFromContract(ContractDescription contract, ProtectionLevel defaultRequestProtectionLevel, ProtectionLevel defaultResponseProtectionLevel, bool isForClient)
{
if (contract == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("contract"));
}
ChannelProtectionRequirements requirements = new ChannelProtectionRequirements();
ProtectionLevel contractScopeDefaultRequestProtectionLevel;
ProtectionLevel contractScopeDefaultResponseProtectionLevel;
if (contract.HasProtectionLevel)
{
contractScopeDefaultRequestProtectionLevel = contract.ProtectionLevel;
contractScopeDefaultResponseProtectionLevel = contract.ProtectionLevel;
}
else
{
contractScopeDefaultRequestProtectionLevel = defaultRequestProtectionLevel;
contractScopeDefaultResponseProtectionLevel = defaultResponseProtectionLevel;
}
foreach (OperationDescription operation in contract.Operations)
{
ProtectionLevel operationScopeDefaultRequestProtectionLevel;
ProtectionLevel operationScopeDefaultResponseProtectionLevel;
operationScopeDefaultRequestProtectionLevel = contractScopeDefaultRequestProtectionLevel;
operationScopeDefaultResponseProtectionLevel = contractScopeDefaultResponseProtectionLevel;
foreach (MessageDescription message in operation.Messages)
{
ProtectionLevel messageScopeDefaultProtectionLevel;
if (message.HasProtectionLevel)
{
messageScopeDefaultProtectionLevel = message.ProtectionLevel;
}
else if (message.Direction == MessageDirection.Input)
{
messageScopeDefaultProtectionLevel = operationScopeDefaultRequestProtectionLevel;
}
else
{
messageScopeDefaultProtectionLevel = operationScopeDefaultResponseProtectionLevel;
}
MessagePartSpecification signedParts = new MessagePartSpecification();
MessagePartSpecification encryptedParts = new MessagePartSpecification();
// determine header protection requirements for message
foreach (MessageHeaderDescription header in message.Headers)
{
AddHeaderProtectionRequirements(header, signedParts, encryptedParts, messageScopeDefaultProtectionLevel);
}
// determine body protection requirements for message
ProtectionLevel bodyProtectionLevel;
if (message.Body.Parts.Count > 0)
{
// initialize the body protection level to none. all the body parts will be
// unioned to get the effective body protection level
bodyProtectionLevel = ProtectionLevel.None;
}
else if (message.Body.ReturnValue != null)
{
if (!(message.Body.ReturnValue.GetType().Equals(typeof(MessagePartDescription))))
{
Fx.Assert("Only body return values are supported currently");
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.OnlyBodyReturnValuesSupported));
}
MessagePartDescription desc = message.Body.ReturnValue;
bodyProtectionLevel = desc.HasProtectionLevel ? desc.ProtectionLevel : messageScopeDefaultProtectionLevel;
}
else
{
bodyProtectionLevel = messageScopeDefaultProtectionLevel;
}
// determine body protection requirements for message
if (message.Body.Parts.Count > 0)
{
foreach (MessagePartDescription body in message.Body.Parts)
{
ProtectionLevel partProtectionLevel = body.HasProtectionLevel ? body.ProtectionLevel : messageScopeDefaultProtectionLevel;
bodyProtectionLevel = ProtectionLevelHelper.Max(bodyProtectionLevel, partProtectionLevel);
if (bodyProtectionLevel == ProtectionLevel.EncryptAndSign)
{
break;
}
}
}
if (bodyProtectionLevel != ProtectionLevel.None)
{
signedParts.IsBodyIncluded = true;
if (bodyProtectionLevel == ProtectionLevel.EncryptAndSign)
{
encryptedParts.IsBodyIncluded = true;
}
}
// add requirements for message
if (message.Direction == MessageDirection.Input)
{
requirements.IncomingSignatureParts.AddParts(signedParts, message.Action);
requirements.IncomingEncryptionParts.AddParts(encryptedParts, message.Action);
}
else
{
requirements.OutgoingSignatureParts.AddParts(signedParts, message.Action);
requirements.OutgoingEncryptionParts.AddParts(encryptedParts, message.Action);
}
}
if (operation.Faults != null)
{
if (operation.IsServerInitiated())
{
AddFaultProtectionRequirements(operation.Faults, requirements, operationScopeDefaultRequestProtectionLevel, true);
}
else
{
AddFaultProtectionRequirements(operation.Faults, requirements, operationScopeDefaultResponseProtectionLevel, false);
}
}
}
return(requirements);
}
