public MsmqIntegrationOutputChannel(MsmqIntegrationChannelFactory factory, EndpointAddress to, Uri via, bool manualAddressing) : base(factory, to, via, manualAddressing, factory.MessageVersion)
{
this.factory = factory;
if (factory.IsMsmqX509SecurityConfigured)
{
this.certificateTokenProvider = factory.CreateX509TokenProvider(to, via);
}
}
public static NetworkCredential GetSspiCredential(SecurityTokenProviderContainer tokenProvider, TimeSpan timeout, out TokenImpersonationLevel impersonationLevel, out AuthenticationLevel authenticationLevel)
{
bool flag;
bool flag2;
NetworkCredential credential = GetSspiCredential(tokenProvider.TokenProvider as SspiSecurityTokenProvider, timeout, out flag, out impersonationLevel, out flag2);
authenticationLevel = flag2 ? AuthenticationLevel.MutualAuthRequested : AuthenticationLevel.MutualAuthRequired;
return(credential);
}
public static async Task <NetworkCredential> GetSspiCredentialAsync(SecurityTokenProviderContainer tokenProvider, OutWrapper <TokenImpersonationLevel> impersonationLevelWrapper, OutWrapper <AuthenticationLevel> authenticationLevelWrapper, CancellationToken cancellationToken)
{
OutWrapper <bool> allowNtlmWrapper = new OutWrapper <bool>();
NetworkCredential result = await GetSspiCredentialAsync(tokenProvider.TokenProvider as SspiSecurityTokenProvider,
impersonationLevelWrapper, allowNtlmWrapper, cancellationToken);
authenticationLevelWrapper.Value = allowNtlmWrapper.Value ?
AuthenticationLevel.MutualAuthRequested : AuthenticationLevel.MutualAuthRequired;
return(result);
}
// used for HTTP (from HttpChannelUtilities.GetCredential)
public static NetworkCredential GetSspiCredential(SecurityTokenProviderContainer tokenProvider, TimeSpan timeout,
out TokenImpersonationLevel impersonationLevel, out AuthenticationLevel authenticationLevel)
{
bool dummyExtractWindowsGroupClaims;
bool allowNtlm;
NetworkCredential result = GetSspiCredential(tokenProvider.TokenProvider as SspiSecurityTokenProvider, timeout,
out dummyExtractWindowsGroupClaims, out impersonationLevel, out allowNtlm);
authenticationLevel = allowNtlm ?
AuthenticationLevel.MutualAuthRequested : AuthenticationLevel.MutualAuthRequired;
return(result);
}
public MsmqOutputSessionChannel(MsmqChannelFactory <IOutputSessionChannel> factory, EndpointAddress to, Uri via, bool manualAddressing) : base(factory, to, via, manualAddressing, factory.MessageVersion)
{
this.factory = factory;
this.encoder = this.factory.MessageEncoderFactory.CreateSessionEncoder();
this.buffers = new List <ArraySegment <byte> >();
this.buffers.Add(this.EncodeSessionPreamble());
if (factory.IsMsmqX509SecurityConfigured)
{
this.certificateTokenProvider = factory.CreateX509TokenProvider(to, via);
}
this.session = new OutputSession();
}
// used for HTTP (from HttpChannelUtilities.GetCredential)
public static async Task <NetworkCredential> GetSspiCredentialAsync(SecurityTokenProviderContainer tokenProvider,
OutWrapper <TokenImpersonationLevel> impersonationLevelWrapper, OutWrapper <AuthenticationLevel> authenticationLevelWrapper,
TimeSpan timeout)
{
OutWrapper <bool> dummyExtractWindowsGroupClaimsWrapper = new OutWrapper <bool>();
OutWrapper <bool> allowNtlmWrapper = new OutWrapper <bool>();
NetworkCredential result = await GetSspiCredentialAsync(tokenProvider.TokenProvider as SspiSecurityTokenProvider,
dummyExtractWindowsGroupClaimsWrapper, impersonationLevelWrapper, allowNtlmWrapper, timeout);
authenticationLevelWrapper.Value = allowNtlmWrapper.Value ?
AuthenticationLevel.MutualAuthRequested : AuthenticationLevel.MutualAuthRequired;
return(result);
}
void CleanupTokenProviders()
{
if (_webRequestTokenProvider != null)
{
_webRequestTokenProvider.Abort();
_webRequestTokenProvider = null;
}
if (_webRequestProxyTokenProvider != null)
{
_webRequestProxyTokenProvider.Abort();
_webRequestProxyTokenProvider = null;
}
}
void CleanupTokenProviders()
{
if (this.webRequestTokenProvider != null)
{
this.webRequestTokenProvider.Abort();
this.webRequestTokenProvider = null;
}
if (this.webRequestProxyTokenProvider != null)
{
this.webRequestProxyTokenProvider.Abort();
this.webRequestProxyTokenProvider = null;
}
}
public GetUserNameCredentialAsyncResult(SecurityTokenProviderContainer tokenProvider, TimeSpan timeout, AsyncCallback callback, object state) : base(callback, state)
{
if ((tokenProvider == null) || (tokenProvider.TokenProvider == null))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("NoUserNameTokenProvided")));
}
this.tokenProvider = tokenProvider.TokenProvider;
IAsyncResult result = this.tokenProvider.BeginGetToken(timeout, onGetToken, this);
if (result.CompletedSynchronously)
{
this.CompleteGetToken(result);
base.Complete(true);
}
}
static async Task <NetworkCredential> GetCredentialCoreAsync(AuthenticationSchemes authenticationScheme,
SecurityTokenProviderContainer credentialProvider, OutWrapper <TokenImpersonationLevel> impersonationLevelWrapper,
OutWrapper <AuthenticationLevel> authenticationLevelWrapper, CancellationToken cancellationToken)
{
impersonationLevelWrapper.Value = TokenImpersonationLevel.None;
authenticationLevelWrapper.Value = AuthenticationLevel.None;
NetworkCredential result = null;
switch (authenticationScheme)
{
case AuthenticationSchemes.Basic:
result = await TransportSecurityHelpers.GetUserNameCredentialAsync(credentialProvider, cancellationToken);
impersonationLevelWrapper.Value = TokenImpersonationLevel.Delegation;
break;
case AuthenticationSchemes.Digest:
result = await TransportSecurityHelpers.GetSspiCredentialAsync(credentialProvider,
impersonationLevelWrapper, authenticationLevelWrapper, cancellationToken);
ValidateDigestCredential(result, impersonationLevelWrapper.Value);
break;
case AuthenticationSchemes.Negotiate:
result = await TransportSecurityHelpers.GetSspiCredentialAsync(credentialProvider,
impersonationLevelWrapper, authenticationLevelWrapper, cancellationToken);
break;
case AuthenticationSchemes.Ntlm:
result = await TransportSecurityHelpers.GetSspiCredentialAsync(credentialProvider,
impersonationLevelWrapper, authenticationLevelWrapper, cancellationToken);
if (authenticationLevelWrapper.Value == AuthenticationLevel.MutualAuthRequired)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(
new InvalidOperationException(SR.CredentialDisallowsNtlm));
}
break;
default:
// The setter for this property should prevent this.
throw Fx.AssertAndThrow("GetCredential: Invalid authentication scheme");
}
return(result);
}
public MsmqOutputChannel(MsmqChannelFactory <IOutputChannel> factory, EndpointAddress to, Uri via, bool manualAddressing) : base(factory, to, via, manualAddressing, factory.MessageVersion)
{
byte[] modeBytes = ClientSingletonSizedEncoder.ModeBytes;
EncodedVia via2 = new EncodedVia(this.Via.AbsoluteUri);
EncodedContentType contentType = EncodedContentType.Create(factory.MessageEncoderFactory.Encoder.ContentType);
this.preamble = DiagnosticUtility.Utility.AllocateByteArray(modeBytes.Length + ClientSingletonSizedEncoder.CalcStartSize(via2, contentType));
Buffer.BlockCopy(modeBytes, 0, this.preamble, 0, modeBytes.Length);
ClientSingletonSizedEncoder.EncodeStart(this.preamble, modeBytes.Length, via2, contentType);
this.outputMessages = new SynchronizedDisposablePool <MsmqOutputMessage <IOutputChannel> >(factory.MaxPoolSize);
if (factory.IsMsmqX509SecurityConfigured)
{
this.certificateTokenProvider = factory.CreateX509TokenProvider(to, via);
}
this.factory = factory;
}
internal void ApplyCertificateIfNeeded(SecurityTokenProviderContainer certificateTokenProvider, MsmqAuthenticationMode authenticationMode, TimeSpan timeout)
{
if (MsmqAuthenticationMode.Certificate == authenticationMode)
{
if (certificateTokenProvider == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("certificateTokenProvider");
}
X509Certificate2 certificate = certificateTokenProvider.GetCertificate(timeout);
if (certificate == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperCritical(new InvalidOperationException(System.ServiceModel.SR.GetString("MsmqCertificateNotFound")));
}
this.senderCert.SetBufferReference(certificate.GetRawCertData());
}
}
public static NetworkCredential GetUserNameCredential(SecurityTokenProviderContainer tokenProvider, TimeSpan timeout)
{
NetworkCredential credential = null;
if ((tokenProvider != null) && (tokenProvider.TokenProvider != null))
{
UserNameSecurityToken token = GetToken <UserNameSecurityToken>(tokenProvider.TokenProvider, timeout);
if (token != null)
{
System.ServiceModel.Security.SecurityUtils.PrepareNetworkCredential();
credential = new NetworkCredential(token.UserName, token.Password);
}
}
if (credential == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("NoUserNameTokenProvided")));
}
return(credential);
}
private SecurityTokenProviderContainer CreateAndOpenTokenProvider(TimeSpan timeout, AuthenticationSchemes authenticationScheme,
EndpointAddress target, Uri via, ChannelParameterCollection channelParameters)
{
SecurityTokenProvider tokenProvider = null;
switch (authenticationScheme)
{
case AuthenticationSchemes.Anonymous:
break;
case AuthenticationSchemes.Basic:
tokenProvider = TransportSecurityHelpers.GetUserNameTokenProvider(this.SecurityTokenManager, target, via, this.Scheme, authenticationScheme, channelParameters);
break;
case AuthenticationSchemes.Negotiate:
case AuthenticationSchemes.Ntlm:
// tokenProvider = TransportSecurityHelpers.GetSspiTokenProvider(this.SecurityTokenManager, target, via, this.Scheme, authenticationScheme, channelParameters);
// break;
throw ExceptionHelper.PlatformNotSupported("Negotiate/NTLM not supported yet");
case AuthenticationSchemes.Digest:
tokenProvider = TransportSecurityHelpers.GetDigestTokenProvider(this.SecurityTokenManager, target, via, this.Scheme, authenticationScheme, channelParameters);
break;
default:
// The setter for this property should prevent this.
throw Fx.AssertAndThrow("CreateAndOpenTokenProvider: Invalid authentication scheme");
}
SecurityTokenProviderContainer result;
if (tokenProvider != null)
{
result = new SecurityTokenProviderContainer(tokenProvider);
result.Open(timeout);
}
else
{
result = null;
}
return(result);
}
public static async Task <NetworkCredential> GetUserNameCredentialAsync(SecurityTokenProviderContainer tokenProvider, TimeSpan timeout)
{
NetworkCredential result = null;
if (tokenProvider != null && tokenProvider.TokenProvider != null)
{
UserNameSecurityToken token = await GetTokenAsync <UserNameSecurityToken>(tokenProvider.TokenProvider, timeout);
if (token != null)
{
result = new NetworkCredential(token.UserName, token.Password);
}
}
if (result == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.NoUserNameTokenProvided));
}
return(result);
}
public static NetworkCredential GetUserNameCredential(SecurityTokenProviderContainer tokenProvider, TimeSpan timeout)
{
NetworkCredential result = null;
if (tokenProvider != null && tokenProvider.TokenProvider != null)
{
UserNameSecurityToken token = GetToken <UserNameSecurityToken>(tokenProvider.TokenProvider, timeout);
if (token != null)
{
SecurityUtils.PrepareNetworkCredential();
result = new NetworkCredential(token.UserName, token.Password);
}
}
if (result == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(
SR.NoUserNameTokenProvided)));
}
return(result);
}
public static Task <NetworkCredential> GetCredentialAsync(AuthenticationSchemes authenticationScheme, SecurityTokenProviderContainer credentialProvider,
OutWrapper <TokenImpersonationLevel> impersonationLevelWrapper, OutWrapper <AuthenticationLevel> authenticationLevelWrapper,
CancellationToken cancellationToken)
{
impersonationLevelWrapper.Value = TokenImpersonationLevel.None;
authenticationLevelWrapper.Value = AuthenticationLevel.None;
if (authenticationScheme == AuthenticationSchemes.Anonymous)
{
return(Task.FromResult((NetworkCredential)null));
}
return(GetCredentialCoreAsync(authenticationScheme, credentialProvider, impersonationLevelWrapper,
authenticationLevelWrapper, cancellationToken));
}
private void CreateAndOpenTokenProvidersCore(EndpointAddress to, Uri via, ChannelParameterCollection channelParameters, TimeSpan timeout, out SecurityTokenProviderContainer tokenProvider)
{
TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);
tokenProvider = CreateAndOpenTokenProvider(timeoutHelper.RemainingTime(), this.AuthenticationScheme, to, via, channelParameters);
}
internal void CreateAndOpenTokenProviders(EndpointAddress to, Uri via, ChannelParameterCollection channelParameters, TimeSpan timeout, out SecurityTokenProviderContainer tokenProvider)
{
if (!IsSecurityTokenManagerRequired())
{
tokenProvider = null;
}
else
{
CreateAndOpenTokenProvidersCore(to, via, channelParameters, timeout, out tokenProvider);
}
}
public static NetworkCredential GetCredential(AuthenticationSchemes authenticationScheme, SecurityTokenProviderContainer credentialProvider, TimeSpan timeout, out TokenImpersonationLevel impersonationLevel, out AuthenticationLevel authenticationLevel)
{
impersonationLevel = TokenImpersonationLevel.None;
authenticationLevel = AuthenticationLevel.None;
NetworkCredential credential = null;
if (authenticationScheme != AuthenticationSchemes.Anonymous)
{
credential = GetCredentialCore(authenticationScheme, credentialProvider, timeout, out impersonationLevel, out authenticationLevel);
}
return(credential);
}
public static IAsyncResult BeginGetUserNameCredential(SecurityTokenProviderContainer tokenProvider, TimeSpan timeout,
AsyncCallback callback, object state)
{
return(new GetUserNameCredentialAsyncResult(tokenProvider, timeout, callback, state));
}
private static NetworkCredential GetCredentialCore(AuthenticationSchemes authenticationScheme, SecurityTokenProviderContainer credentialProvider, TimeSpan timeout, out TokenImpersonationLevel impersonationLevel, out AuthenticationLevel authenticationLevel)
{
impersonationLevel = TokenImpersonationLevel.None;
authenticationLevel = AuthenticationLevel.None;
NetworkCredential userNameCredential = null;
switch (authenticationScheme)
{
case AuthenticationSchemes.Digest:
userNameCredential = TransportSecurityHelpers.GetSspiCredential(credentialProvider, timeout, out impersonationLevel, out authenticationLevel);
ValidateDigestCredential(ref userNameCredential, impersonationLevel);
return(userNameCredential);
case AuthenticationSchemes.Negotiate:
return(TransportSecurityHelpers.GetSspiCredential(credentialProvider, timeout, out impersonationLevel, out authenticationLevel));
case AuthenticationSchemes.Ntlm:
userNameCredential = TransportSecurityHelpers.GetSspiCredential(credentialProvider, timeout, out impersonationLevel, out authenticationLevel);
if (authenticationLevel == AuthenticationLevel.MutualAuthRequired)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("CredentialDisallowsNtlm")));
}
return(userNameCredential);
case AuthenticationSchemes.Basic:
userNameCredential = TransportSecurityHelpers.GetUserNameCredential(credentialProvider, timeout);
impersonationLevel = TokenImpersonationLevel.Delegation;
return(userNameCredential);
}
throw Fx.AssertAndThrow("GetCredential: Invalid authentication scheme");
}