protected override BodyWriter GetNextOutgoingMessageBody(Message incomingMessage, AcceleratedTokenProviderState negotiationState)
{
ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies;
IssuanceTokenProviderBase <AcceleratedTokenProviderState> .ThrowIfFault(incomingMessage, base.TargetAddress);
if (incomingMessage.Headers.Action != this.RequestSecurityTokenResponseAction.Value)
{
throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("InvalidActionForNegotiationMessage", new object[] { incomingMessage.Headers.Action })), incomingMessage);
}
SecurityMessageProperty security = incomingMessage.Properties.Security;
if ((security != null) && (security.ServiceSecurityContext != null))
{
authorizationPolicies = security.ServiceSecurityContext.AuthorizationPolicies;
}
else
{
authorizationPolicies = System.ServiceModel.Security.EmptyReadOnlyCollection <IAuthorizationPolicy> .Instance;
}
RequestSecurityTokenResponse response = null;
XmlDictionaryReader readerAtBodyContents = incomingMessage.GetReaderAtBodyContents();
using (readerAtBodyContents)
{
if (base.StandardsManager.MessageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005)
{
response = RequestSecurityTokenResponse.CreateFrom(base.StandardsManager, readerAtBodyContents);
}
else
{
if (base.StandardsManager.MessageSecurityVersion.TrustVersion != TrustVersion.WSTrust13)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
foreach (RequestSecurityTokenResponse response2 in base.StandardsManager.TrustDriver.CreateRequestSecurityTokenResponseCollection(readerAtBodyContents).RstrCollection)
{
if (response != null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(System.ServiceModel.SR.GetString("MoreThanOneRSTRInRSTRC")));
}
response = response2;
}
}
incomingMessage.ReadFromBodyContentsToEnd(readerAtBodyContents);
}
if (response.Context != negotiationState.Context)
{
throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("BadSecurityNegotiationContext")), incomingMessage);
}
byte[] requestorEntropy = negotiationState.GetRequestorEntropy();
GenericXmlSecurityToken serviceToken = response.GetIssuedToken(null, null, this.keyEntropyMode, requestorEntropy, base.SecurityContextTokenUri, authorizationPolicies, base.SecurityAlgorithmSuite.DefaultSymmetricKeyLength, false);
negotiationState.SetServiceToken(serviceToken);
return(null);
}
protected override BodyWriter GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState)
{
byte[] negotiationData;
try
{
IssuanceTokenProviderBase <SspiNegotiationTokenProviderState> .ThrowIfFault(incomingMessage, base.TargetAddress);
}
catch (FaultException exception)
{
if (!exception.Code.IsSenderFault)
{
throw;
}
if (!(exception.Code.SubCode.Name == "FailedAuthentication") && !(exception.Code.SubCode.Name == "FailedAuthentication"))
{
throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("FailedSspiNegotiation"), exception), incomingMessage);
}
throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("AuthenticationOfClientFailed"), exception), incomingMessage);
}
RequestSecurityTokenResponse rstr = null;
RequestSecurityTokenResponse authenticatorRstr = null;
XmlDictionaryReader readerAtBodyContents = incomingMessage.GetReaderAtBodyContents();
using (readerAtBodyContents)
{
if (base.StandardsManager.TrustDriver.IsAtRequestSecurityTokenResponseCollection(readerAtBodyContents))
{
using (IEnumerator <RequestSecurityTokenResponse> enumerator = base.StandardsManager.TrustDriver.CreateRequestSecurityTokenResponseCollection(readerAtBodyContents).RstrCollection.GetEnumerator())
{
enumerator.MoveNext();
rstr = enumerator.Current;
if (enumerator.MoveNext())
{
authenticatorRstr = enumerator.Current;
}
}
if (authenticatorRstr == null)
{
throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("AuthenticatorNotPresentInRSTRCollection")), incomingMessage);
}
if (authenticatorRstr.Context != rstr.Context)
{
throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("RSTRAuthenticatorHasBadContext")), incomingMessage);
}
this.AddToDigest(sspiState, rstr, true, true);
}
else if (base.StandardsManager.TrustDriver.IsAtRequestSecurityTokenResponse(readerAtBodyContents))
{
rstr = RequestSecurityTokenResponse.CreateFrom(base.StandardsManager, readerAtBodyContents);
this.AddToDigest(sspiState, rstr, true, false);
}
else
{
base.StandardsManager.TrustDriver.OnRSTRorRSTRCMissingException();
}
incomingMessage.ReadFromBodyContentsToEnd(readerAtBodyContents);
}
if (rstr.Context != sspiState.Context)
{
throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("BadSecurityNegotiationContext")), incomingMessage);
}
BinaryNegotiation binaryNegotiation = rstr.GetBinaryNegotiation();
if (binaryNegotiation != null)
{
this.ValidateIncomingBinaryNegotiation(binaryNegotiation);
negotiationData = binaryNegotiation.GetNegotiationData();
}
else
{
negotiationData = null;
}
if ((negotiationData == null) && !sspiState.SspiNegotiation.IsCompleted)
{
throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("NoBinaryNegoToReceive")), incomingMessage);
}
if ((negotiationData == null) && sspiState.SspiNegotiation.IsCompleted)
{
this.OnNegotiationComplete(sspiState, rstr, authenticatorRstr);
return(null);
}
byte[] outgoingBlob = sspiState.SspiNegotiation.GetOutgoingBlob(negotiationData, System.ServiceModel.Security.SecurityUtils.GetChannelBindingFromMessage(incomingMessage), null);
if ((outgoingBlob == null) && !sspiState.SspiNegotiation.IsCompleted)
{
throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("NoBinaryNegoToSend")), incomingMessage);
}
if ((outgoingBlob == null) && sspiState.SspiNegotiation.IsCompleted)
{
this.OnNegotiationComplete(sspiState, rstr, authenticatorRstr);
return(null);
}
return(this.PrepareRstr(sspiState, outgoingBlob));
}
