public override void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver) { if (reader == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader")); if (samlSerializer == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer")); #pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null. SamlDictionary dictionary = samlSerializer.DictionaryManager.SamlDictionary; if (!reader.IsStartElement(dictionary.DoNotCacheCondition, dictionary.Namespace)) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLBadSchema, dictionary.DoNotCacheCondition.Value))); // saml:DoNotCacheCondition is a empty element. So just issue a read for // the empty element. if (reader.IsEmptyElement) { reader.MoveToContent(); reader.Read(); return; } reader.MoveToContent(); reader.Read(); reader.ReadEndElement(); }
protected override System.IdentityModel.Tokens.SecurityToken ReadTokenCore( XmlReader reader, SecurityTokenResolver tokenResolver ) { if ( reader == null ) throw new ArgumentNullException( "reader" ); if ( reader.IsStartElement( Constants.UsernameTokenName, Constants.UsernameTokenNamespace ) ) { //string id = reader.GetAttribute( Constants.IdAttributeName, Constants.WsUtilityNamespace ); reader.ReadStartElement(); // read the user name string userName = reader.ReadElementString( Constants.UsernameElementName, Constants.UsernameTokenNamespace ); // read the password hash string password = reader.ReadElementString( Constants.PasswordElementName, Constants.UsernameTokenNamespace ); // read nonce string nonce = reader.ReadElementString( Constants.NonceElementName, Constants.UsernameTokenNamespace ); // read created string created = reader.ReadElementString( Constants.CreatedElementName, Constants.WsUtilityNamespace ); reader.ReadEndElement(); var info = new Info( userName, password ); return new SecurityToken( info, nonce, created ); } return DefaultInstance.ReadToken( reader, tokenResolver ); }
public override void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader")); } if (samlSerializer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer")); } SamlDictionary samlDictionary = samlSerializer.DictionaryManager.SamlDictionary; if (!reader.IsStartElement(samlDictionary.DoNotCacheCondition, samlDictionary.Namespace)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLBadSchema", new object[] { samlDictionary.DoNotCacheCondition.Value }))); } if (reader.IsEmptyElement) { reader.MoveToContent(); reader.Read(); } else { reader.MoveToContent(); reader.Read(); reader.ReadEndElement(); } }
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator ( SecurityTokenRequirement requirement, out SecurityTokenResolver outOfBandTokenResolver) { outOfBandTokenResolver = null; if (requirement.TokenType == SecurityTokenTypes.UserName) return CreateUserNameAuthenticator (requirement); if (requirement.TokenType == SecurityTokenTypes.X509Certificate) return CreateX509Authenticator (requirement); if (requirement.TokenType == SecurityTokenTypes.Rsa) return new RsaSecurityTokenAuthenticator (); if (requirement.TokenType == ServiceModelSecurityTokenTypes.SecureConversation) { // FIXME: get parameters from somewhere SecurityContextSecurityTokenResolver resolver = new SecurityContextSecurityTokenResolver (0x1000, true); outOfBandTokenResolver = resolver; SecurityContextSecurityTokenAuthenticator sc = new SecurityContextSecurityTokenAuthenticator (); return new SecureConversationSecurityTokenAuthenticator (requirement, sc, resolver); } if (requirement.TokenType == ServiceModelSecurityTokenTypes.AnonymousSslnego) return CreateSslTokenAuthenticator (requirement); if (requirement.TokenType == ServiceModelSecurityTokenTypes.MutualSslnego) return CreateSslTokenAuthenticator (requirement); if (requirement.TokenType == ServiceModelSecurityTokenTypes.Spnego) return CreateSpnegoTokenAuthenticator (requirement); else throw new NotImplementedException ("Not implemented token type: " + requirement.TokenType); }
public virtual void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver) { if (reader == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader")); if (samlSerializer == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer")); #pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null. SamlDictionary dictionary = samlSerializer.DictionaryManager.SamlDictionary; if (reader.IsStartElement(dictionary.Action, dictionary.Namespace)) { // The Namespace attribute is optional. this.ns = reader.GetAttribute(dictionary.ActionNamespaceAttribute, null); reader.MoveToContent(); this.action = reader.ReadString(); if (string.IsNullOrEmpty(this.action)) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLActionNameRequiredOnRead))); reader.MoveToContent(); reader.ReadEndElement(); } }
protected override SecurityToken ReadTokenCore(XmlReader reader, SecurityTokenResolver tokenResolver) { if (reader == null) throw new ArgumentNullException("reader"); if (reader.IsStartElement(Constants.CreditCardTokenName, Constants.CreditCardTokenNamespace)) { string id = reader.GetAttribute(Constants.Id, Constants.WsUtilityNamespace); reader.ReadStartElement(); // read the credit card number string creditCardNumber = reader.ReadElementString(Constants.CreditCardNumberElementName, Constants.CreditCardTokenNamespace); // read the expiration date string expirationTimeString = reader.ReadElementString(Constants.CreditCardExpirationElementName, Constants.CreditCardTokenNamespace); DateTime expirationTime = XmlConvert.ToDateTime(expirationTimeString, XmlDateTimeSerializationMode.Utc); // read the issuer of the credit card string creditCardIssuer = reader.ReadElementString(Constants.CreditCardIssuerElementName, Constants.CreditCardTokenNamespace); reader.ReadEndElement(); CreditCardInfo cardInfo = new CreditCardInfo(creditCardNumber, creditCardIssuer, expirationTime); return new CreditCardToken(cardInfo, id); } else { return WSSecurityTokenSerializer.DefaultInstance.ReadToken(reader, tokenResolver); } }
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator (SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver) { // Return your implementation of the SecurityTokenProvider based on the // tokenRequirement argument. SecurityTokenAuthenticator result; if (tokenRequirement.TokenType == SecurityTokenTypes.UserName) { MessageDirection direction = tokenRequirement.GetProperty<MessageDirection> (ServiceModelSecurityTokenRequirement.MessageDirectionProperty); if (direction == MessageDirection.Input) { outOfBandTokenResolver = null; result = new MySecurityTokenAuthenticator(); } else { result = base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver); } } else { result = base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver); } return result; }
public virtual SamlStatement LoadStatement(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); } if (reader.IsStartElement(this.DictionaryManager.SamlDictionary.AuthenticationStatement, this.DictionaryManager.SamlDictionary.Namespace)) { SamlAuthenticationStatement statement = new SamlAuthenticationStatement(); statement.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver); return statement; } if (reader.IsStartElement(this.DictionaryManager.SamlDictionary.AttributeStatement, this.DictionaryManager.SamlDictionary.Namespace)) { SamlAttributeStatement statement2 = new SamlAttributeStatement(); statement2.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver); return statement2; } if (!reader.IsStartElement(this.DictionaryManager.SamlDictionary.AuthorizationDecisionStatement, this.DictionaryManager.SamlDictionary.Namespace)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(System.IdentityModel.SR.GetString("SAMLUnableToLoadUnknownElement", new object[] { reader.LocalName }))); } SamlAuthorizationDecisionStatement statement3 = new SamlAuthorizationDecisionStatement(); statement3.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver); return statement3; }
/// <summary> /// Creates a security token authenticator based on the <see cref="T:System.IdentityModel.Selectors.SecurityTokenRequirement"/>. /// </summary> /// <param name="tokenRequirement">The <see cref="T:System.IdentityModel.Selectors.SecurityTokenRequirement"/>.</param> /// <param name="outOfBandTokenResolver">When this method returns, contains a <see cref="T:System.IdentityModel.Selectors.SecurityTokenResolver"/>. This parameter is passed uninitialized.</param> /// <returns> /// The <see cref="T:System.IdentityModel.Selectors.SecurityTokenAuthenticator"/>. /// </returns> /// <exception cref="T:System.ArgumentNullException"> /// <paramref name="tokenRequirement"/> is null.</exception> /// <exception cref="T:System.NotSupportedException">A security token authenticator cannot be created for the<paramref name=" tokenRequirement"/> that was passed in.</exception> public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator( SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver) { if (tokenRequirement.TokenType == SecurityTokenTypes.UserName) { outOfBandTokenResolver = null; // Get the current validator UserNamePasswordValidator validator = ServiceCredentials.UserNameAuthentication.CustomUserNamePasswordValidator; // Ensure that a validator exists if (validator == null) { Trace.TraceWarning("Custom UserName Password Validator must be configued in web.config"); validator = new DefaultPersonnelValidator(); } return new PersonnelUserNameTokenAuthenticator(validator); } // Return your implementation of the SecurityTokenAuthenticator, if required. // This implementation delegates to the base class. return base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver); }
public SecurityToken ReadToken(XmlReader reader, SecurityTokenResolver tokenResolver) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); } return ReadTokenCore(reader, tokenResolver); }
public virtual void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver) { string str2; string str3; if (reader == null) { throw System.IdentityModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader")); } if (samlSerializer == null) { throw System.IdentityModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer")); } SamlDictionary samlDictionary = samlSerializer.DictionaryManager.SamlDictionary; string attribute = reader.GetAttribute(samlDictionary.AuthorityKind, null); if (string.IsNullOrEmpty(attribute)) { throw System.IdentityModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorityBindingMissingAuthorityKindOnRead"))); } string[] strArray = attribute.Split(new char[] { ':' }); if (strArray.Length > 2) { throw System.IdentityModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorityBindingInvalidAuthorityKind"))); } if (strArray.Length == 2) { str3 = strArray[0]; str2 = strArray[1]; } else { str3 = string.Empty; str2 = strArray[0]; } string ns = reader.LookupNamespace(str3); this.authorityKind = new XmlQualifiedName(str2, ns); this.binding = reader.GetAttribute(samlDictionary.Binding, null); if (string.IsNullOrEmpty(this.binding)) { throw System.IdentityModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorityBindingMissingBindingOnRead"))); } this.location = reader.GetAttribute(samlDictionary.Location, null); if (string.IsNullOrEmpty(this.location)) { throw System.IdentityModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorityBindingMissingLocationOnRead"))); } if (reader.IsEmptyElement) { reader.MoveToContent(); reader.Read(); } else { reader.MoveToContent(); reader.Read(); reader.ReadEndElement(); } }
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver) { if (tokenRequirement.TokenType == CreditCardTokenConstants.CreditCardTokenType) { outOfBandTokenResolver = null; return new CreditCardTokenAuthenticator(creditCardServiceCredentials.ValidCreditCards); } return base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver); }
/// <summary> /// Creates an instance of IssuerTokenResolver using a given <see cref="SecurityTokenResolver"/>. /// </summary> /// <param name="wrappedTokenResolver">The <see cref="SecurityTokenResolver"/> to use.</param> public IssuerTokenResolver( SecurityTokenResolver wrappedTokenResolver ) { if ( wrappedTokenResolver == null ) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "wrappedTokenResolver" ); } _wrappedTokenResolver = wrappedTokenResolver; }
/// <summary> /// Constructor to use when working with SecurityKeyIdentifiers /// </summary> /// <param name="securityKeyIdentifier">SecurityKeyIdentifier that represents a SecuriytKey</param> /// <param name="securityTokenResolver">SecurityTokenResolver that can be resolved to a SecurityKey</param> /// <exception cref="ArgumentNullException">Thrown if the 'securityKeyIdentifier' is null</exception> public SecurityKeyElement(SecurityKeyIdentifier securityKeyIdentifier, SecurityTokenResolver securityTokenResolver) { if (securityKeyIdentifier == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("securityKeyIdentifier"); } Initialize(securityKeyIdentifier, securityTokenResolver); }
protected override SecurityToken ReadTokenCore(XmlReader reader, SecurityTokenResolver tokenResolver) { var securityToken = serializer.ReadToken(reader, tokenResolver); if (securityToken is Saml2SecurityToken) { var saml2Token = (Saml2SecurityToken)securityToken; return new OIOSaml2SecurityToken(saml2Token.Assertion, saml2Token.SecurityKeys, saml2Token.IssuerToken); } return securityToken; }
public override System.IdentityModel.Selectors.SecurityTokenAuthenticator CreateSecurityTokenAuthenticator( SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver ) { if ( tokenRequirement.TokenType == Constants.UsernameTokenType ) { outOfBandTokenResolver = null; return new SecurityTokenAuthenticator( _serviceCredentials.Validator ); } return base.CreateSecurityTokenAuthenticator( tokenRequirement, out outOfBandTokenResolver ); }
public virtual SamlAssertion LoadAssertion(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver) { if (reader == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); SamlAssertion assertion = new SamlAssertion(); assertion.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver); return assertion; }
public virtual SamlConditions LoadConditions(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); } SamlConditions conditions = new SamlConditions(); conditions.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver); return conditions; }
public virtual SamlAdvice LoadAdvice(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); } SamlAdvice advice = new SamlAdvice(); advice.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver); return advice; }
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver) { if (tokenRequirement.TokenType == SecurityTokenTypes.UserName) { outOfBandTokenResolver = null; return new MyTokenAuthenticator(); } else { return base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver); } }
public override void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver) { if (reader == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader")); if (samlSerializer == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer")); #pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null. SamlDictionary dictionary = samlSerializer.DictionaryManager.SamlDictionary; reader.MoveToContent(); reader.Read(); if (reader.IsStartElement(dictionary.Subject, dictionary.Namespace)) { SamlSubject subject = new SamlSubject(); subject.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver); base.SamlSubject = subject; } else { // SAML Subject is a required Attribute Statement clause. throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAttributeStatementMissingSubjectOnRead))); } while (reader.IsStartElement()) { if (reader.IsStartElement(dictionary.Attribute, dictionary.Namespace)) { // SAML Attribute is a extensibility point. So ask the SAML serializer // to load this part. SamlAttribute attribute = samlSerializer.LoadAttribute(reader, keyInfoSerializer, outOfBandTokenResolver); if (attribute == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLUnableToLoadAttribute))); this.attributes.Add(attribute); } else { break; } } if (this.attributes.Count == 0) { // Each Attribute statement should have at least one attribute. throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAttributeStatementMissingAttributeOnRead))); } reader.MoveToContent(); reader.ReadEndElement(); }
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver) { InitiatorServiceModelSecurityTokenRequirement requirement = tokenRequirement as InitiatorServiceModelSecurityTokenRequirement; if (isDummyServiceToken && requirement != null && requirement.TokenType == SecurityTokenTypes.X509Certificate && requirement.Properties.ContainsKey(SecurityTokenRequirement.KeyUsageProperty) && (requirement.KeyUsage == SecurityKeyUsage.Exchange)) { outOfBandTokenResolver = null; return new DummySecurityTokenAuthenticator(requirement.TargetAddress.Uri); } return base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver); }
public void SetSessionTokenAuthenticator(UniqueId sessionId, SecurityTokenAuthenticator sessionTokenAuthenticator, SecurityTokenResolver sessionTokenResolver) { this.CommunicationObject.ThrowIfDisposedOrImmutable(); this.sessionId = sessionId; this.sessionTokenResolver = sessionTokenResolver; Collection<SecurityTokenResolver> tmp = new Collection<SecurityTokenResolver>(); tmp.Add(this.sessionTokenResolver); this.sessionTokenResolverList = new ReadOnlyCollection<SecurityTokenResolver>(tmp); this.sessionTokenAuthenticator = sessionTokenAuthenticator; SupportingTokenAuthenticatorSpecification spec = new SupportingTokenAuthenticatorSpecification(this.sessionTokenAuthenticator, this.sessionTokenResolver, SecurityTokenAttachmentMode.Endorsing, this.Factory.SecurityTokenParameters); this.sessionTokenAuthenticatorSpecificationList = new Collection<SupportingTokenAuthenticatorSpecification>(); this.sessionTokenAuthenticatorSpecificationList.Add(spec); }
private SamlSecurityTokenAuthenticator CreateSamlTokenAuthenticator(RecipientServiceModelSecurityTokenRequirement recipientRequirement, out SecurityTokenResolver outOfBandTokenResolver) { SamlSecurityTokenAuthenticator authenticator; if (recipientRequirement == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("recipientRequirement"); } Collection<SecurityToken> collection = new Collection<SecurityToken>(); if (this.parent.ServiceCertificate.Certificate != null) { collection.Add(new X509SecurityToken(this.parent.ServiceCertificate.Certificate)); } List<SecurityTokenAuthenticator> supportingAuthenticators = new List<SecurityTokenAuthenticator>(); if ((this.parent.IssuedTokenAuthentication.KnownCertificates != null) && (this.parent.IssuedTokenAuthentication.KnownCertificates.Count > 0)) { for (int i = 0; i < this.parent.IssuedTokenAuthentication.KnownCertificates.Count; i++) { collection.Add(new X509SecurityToken(this.parent.IssuedTokenAuthentication.KnownCertificates[i])); } } X509CertificateValidator certificateValidator = this.parent.IssuedTokenAuthentication.GetCertificateValidator(); supportingAuthenticators.Add(new X509SecurityTokenAuthenticator(certificateValidator)); if (this.parent.IssuedTokenAuthentication.AllowUntrustedRsaIssuers) { supportingAuthenticators.Add(new RsaSecurityTokenAuthenticator()); } outOfBandTokenResolver = (collection.Count > 0) ? SecurityTokenResolver.CreateDefaultSecurityTokenResolver(new ReadOnlyCollection<SecurityToken>(collection), false) : null; if ((recipientRequirement.SecurityBindingElement == null) || (recipientRequirement.SecurityBindingElement.LocalServiceSettings == null)) { authenticator = new SamlSecurityTokenAuthenticator(supportingAuthenticators); } else { authenticator = new SamlSecurityTokenAuthenticator(supportingAuthenticators, recipientRequirement.SecurityBindingElement.LocalServiceSettings.MaxClockSkew); } authenticator.AudienceUriMode = this.parent.IssuedTokenAuthentication.AudienceUriMode; IList<string> allowedAudienceUris = authenticator.AllowedAudienceUris; if (this.parent.IssuedTokenAuthentication.AllowedAudienceUris != null) { for (int j = 0; j < this.parent.IssuedTokenAuthentication.AllowedAudienceUris.Count; j++) { allowedAudienceUris.Add(this.parent.IssuedTokenAuthentication.AllowedAudienceUris[j]); } } if (recipientRequirement.ListenUri != null) { allowedAudienceUris.Add(recipientRequirement.ListenUri.AbsoluteUri); } return authenticator; }
protected override SecurityToken ReadTokenCore(XmlReader reader, SecurityTokenResolver tokenResolver) { XmlDictionaryReader dictionaryReader = XmlDictionaryReader.CreateDictionaryReader(reader); if (this.secureConversation.IsAtDerivedKeyToken(dictionaryReader)) { string id; string derivationAlgorithm; string label; int length; byte[] nonce; int offset; int generation; SecurityKeyIdentifierClause tokenToDeriveIdentifier; SecurityToken tokenToDerive; this.secureConversation.ReadDerivedKeyTokenParameters(dictionaryReader, tokenResolver, out id, out derivationAlgorithm, out label, out length, out nonce, out offset, out generation, out tokenToDeriveIdentifier, out tokenToDerive); DerivedKeySecurityToken cachedToken = GetCachedToken(id, generation, offset, length, label, nonce, tokenToDerive, tokenToDeriveIdentifier, derivationAlgorithm); if (cachedToken != null) { return cachedToken; } lock (this.thisLock) { cachedToken = GetCachedToken(id, generation, offset, length, label, nonce, tokenToDerive, tokenToDeriveIdentifier, derivationAlgorithm); if (cachedToken != null) { return cachedToken; } SecurityToken result = this.secureConversation.CreateDerivedKeyToken( id, derivationAlgorithm, label, length, nonce, offset, generation, tokenToDeriveIdentifier, tokenToDerive ); DerivedKeySecurityToken newToken = result as DerivedKeySecurityToken; if (newToken != null) { int pos = this.indexToCache; if (this.indexToCache == int.MaxValue) this.indexToCache = 0; else this.indexToCache = (++this.indexToCache) % this.cachedTokens.Length; this.cachedTokens[pos] = new DerivedKeySecurityTokenCache(newToken); } return result; } } else { return this.innerTokenSerializer.ReadToken(reader, tokenResolver); } }
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver) { if (tokenRequirement.TokenType == SecurityTokenTypes.UserName) { outOfBandTokenResolver = null; // Get the current validator UserNamePasswordValidator validator = ServiceCredentials.UserNameAuthentication.CustomUserNamePasswordValidator; return new CustomSecurityTokenAuthenticator(validator); } return base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver); }
public virtual SamlSecurityToken ReadToken(XmlReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver) { if (reader == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); XmlDictionaryReader dictionaryReader = XmlDictionaryReader.CreateDictionaryReader(reader); WrappedReader wrappedReader = new WrappedReader(dictionaryReader); SamlAssertion assertion = LoadAssertion(wrappedReader, keyInfoSerializer, outOfBandTokenResolver); if (assertion == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLUnableToLoadAssertion))); //if (assertion.Signature == null) // throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SamlTokenMissingSignature))); return new SamlSecurityToken(assertion); }
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver) { if (tokenRequirement.TokenType == Constants.TokenType) { List<SecurityToken> tokens = SamlConfiguration.SamlTokenIssuerConfiguration.GetAllServiceTokens(); List<SecurityTokenAuthenticator> securityAuthenticators = new List<SecurityTokenAuthenticator>(); securityAuthenticators.Add(new X509SecurityTokenAuthenticator(X509CertificateValidator.None)); outOfBandTokenResolver = SecurityTokenResolver.CreateDefaultSecurityTokenResolver(tokens.AsReadOnly(), true); return new SamlSecurityTokenAuthenticator(securityAuthenticators); } else { return base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver); } }
internal SupportingTokenAuthenticatorSpecification(SecurityTokenAuthenticator tokenAuthenticator, SecurityTokenResolver securityTokenResolver, System.ServiceModel.Security.SecurityTokenAttachmentMode attachmentMode, SecurityTokenParameters tokenParameters, bool isTokenOptional) { if (tokenAuthenticator == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenAuthenticator"); } SecurityTokenAttachmentModeHelper.Validate(attachmentMode); if (tokenParameters == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenParameters"); } this.tokenAuthenticator = tokenAuthenticator; this.tokenResolver = securityTokenResolver; this.tokenAttachmentMode = attachmentMode; this.tokenParameters = tokenParameters; this.isTokenOptional = isTokenOptional; }
protected abstract SecurityToken ReadTokenCore(XmlReader reader, SecurityTokenResolver tokenResolver);
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(System.IdentityModel.Selectors.SecurityTokenRequirement tokenRequirement, out System.IdentityModel.Selectors.SecurityTokenResolver outOfBandTokenResolver) { if (tokenRequirement.TokenType == SecurityTokenTypes.UserName) { outOfBandTokenResolver = null; // Get the current validator UserNamePasswordValidator validator = ServiceCredentials.UserNameAuthentication.CustomUserNamePasswordValidator; return(new CustomSecurityTokenAuthenticator(validator)); } return(base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver)); }
public override void ReadXml (XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoTokenSerializer, SecurityTokenResolver outOfBandTokenResolver) { throw new NotImplementedException (); }