public void InitiateHandShake() { IPeerNeighbor neighbor = host; Message reply = null; Fx.Assert(host != null, "Cannot initiate security handshake without a host!"); //send the RST message. using (OperationContextScope scope = new OperationContextScope(new OperationContext((ServiceHostBase)null))) { PeerHashToken token = this.securityManager.GetSelfToken(); Message request = Message.CreateMessage(MessageVersion.Soap12WSAddressing10, TrustFeb2005Strings.RequestSecurityToken, new PeerRequestSecurityToken(token)); bool fatal = false; try { reply = neighbor.RequestSecurityToken(request); if (!(reply != null)) { throw Fx.AssertAndThrow("SecurityHandshake return empty message!"); } ProcessRstr(neighbor, reply, PeerSecurityManager.FindClaim(ServiceSecurityContext.Current)); } catch (Exception e) { if (Fx.IsFatal(e)) { fatal = true; throw; } DiagnosticUtility.TraceHandledException(e, TraceEventType.Information); this.state = PeerAuthState.Failed; if (DiagnosticUtility.ShouldTraceError) { ServiceSecurityContext context = ServiceSecurityContext.Current; ClaimSet claimSet = null; if (context != null && context.AuthorizationContext != null && context.AuthorizationContext.ClaimSets != null && context.AuthorizationContext.ClaimSets.Count > 0) { claimSet = context.AuthorizationContext.ClaimSets[0]; } PeerAuthenticationFailureTraceRecord record = new PeerAuthenticationFailureTraceRecord( meshId, neighbor.ListenAddress.EndpointAddress.ToString(), claimSet, e); TraceUtility.TraceEvent(TraceEventType.Error, TraceCode.PeerNodeAuthenticationFailure, SR.GetString(SR.TraceCodePeerNodeAuthenticationFailure), record, this, null); } neighbor.Abort(PeerCloseReason.AuthenticationFailure, PeerCloseInitiator.LocalNode); } finally { if (!fatal) { request.Close(); } } } }
public PeerChannelAuthenticatorExtension(PeerSecurityManager securityManager, EventHandler onSucceeded, EventArgs args, string meshId) { this.securityManager = securityManager; this.state = PeerAuthState.Created; this.originalArgs = args; this.onSucceeded = onSucceeded; this.meshId = meshId; }
void OnFailed(IPeerNeighbor neighbor) { lock (ThisLock) { this.state = PeerAuthState.Failed; this.timer.Cancel(); this.host = null; } if (DiagnosticUtility.ShouldTraceError) { PeerAuthenticationFailureTraceRecord record = null; String remoteUri = ""; PeerNodeAddress remoteAddress = neighbor.ListenAddress; if (remoteAddress != null) { remoteUri = remoteAddress.EndpointAddress.ToString(); } OperationContext opContext = OperationContext.Current; if (opContext != null) { remoteUri = opContext.IncomingMessageProperties.Via.ToString(); ServiceSecurityContext secContext = opContext.ServiceSecurityContext; if (secContext != null) { record = new PeerAuthenticationFailureTraceRecord( meshId, remoteUri, secContext.AuthorizationContext.ClaimSets[0], null); if (DiagnosticUtility.ShouldTraceError) { TraceUtility.TraceEvent( TraceEventType.Error, TraceCode.PeerNodeAuthenticationFailure, SR.GetString(SR.TraceCodePeerNodeAuthenticationFailure), record, this, null); } } } else { record = new PeerAuthenticationFailureTraceRecord(meshId, remoteUri); if (DiagnosticUtility.ShouldTraceError) { TraceUtility.TraceEvent(TraceEventType.Error, TraceCode.PeerNodeAuthenticationTimeout, SR.GetString(SR.TraceCodePeerNodeAuthenticationTimeout), record, this, null); } } } neighbor.Abort(PeerCloseReason.AuthenticationFailure, PeerCloseInitiator.LocalNode); }
public void InitiateHandShake() { IPeerNeighbor host = this.host; Message message = null; using (new OperationContextScope(new OperationContext(null))) { PeerHashToken selfToken = this.securityManager.GetSelfToken(); Message request = Message.CreateMessage(MessageVersion.Soap12WSAddressing10, "RequestSecurityToken", (BodyWriter) new PeerRequestSecurityToken(selfToken)); bool flag = false; try { message = host.RequestSecurityToken(request); if (message == null) { throw Fx.AssertAndThrow("SecurityHandshake return empty message!"); } this.ProcessRstr(host, message, PeerSecurityManager.FindClaim(ServiceSecurityContext.Current)); } catch (Exception exception) { if (Fx.IsFatal(exception)) { flag = true; throw; } DiagnosticUtility.ExceptionUtility.TraceHandledException(exception, TraceEventType.Information); this.state = PeerAuthState.Failed; if (DiagnosticUtility.ShouldTraceError) { ServiceSecurityContext current = ServiceSecurityContext.Current; ClaimSet claimSet = null; if (((current != null) && (current.AuthorizationContext != null)) && ((current.AuthorizationContext.ClaimSets != null) && (current.AuthorizationContext.ClaimSets.Count > 0))) { claimSet = current.AuthorizationContext.ClaimSets[0]; } PeerAuthenticationFailureTraceRecord extendedData = new PeerAuthenticationFailureTraceRecord(this.meshId, host.ListenAddress.EndpointAddress.ToString(), claimSet, exception); TraceUtility.TraceEvent(TraceEventType.Error, 0x4004d, System.ServiceModel.SR.GetString("TraceCodePeerNodeAuthenticationFailure"), extendedData, this, null); } host.Abort(PeerCloseReason.AuthenticationFailure, PeerCloseInitiator.LocalNode); } finally { if (!flag) { request.Close(); } } } }
public void OnAuthenticated() { IPeerNeighbor sender = null; lock (this.ThisLock) { this.timer.Cancel(); sender = this.host; this.state = PeerAuthState.Authenticated; } if (sender != null) { sender.TrySetState(PeerNeighborState.Authenticated); this.onSucceeded(sender, this.originalArgs); } }
public void OnAuthenticated() { IPeerNeighbor neighbor = null; lock (ThisLock) { this.timer.Cancel(); neighbor = this.host; this.state = PeerAuthState.Authenticated; } if (neighbor == null) { return; } neighbor.TrySetState(PeerNeighborState.Authenticated); onSucceeded(neighbor, originalArgs); }
public Message ProcessRst(Message message, Claim claim) { IPeerNeighbor neighbor = host; PeerRequestSecurityTokenResponse response = null; Message reply = null; lock (ThisLock) { if (this.state != PeerAuthState.Created || neighbor == null || neighbor.IsInitiator || neighbor.State != PeerNeighborState.Opened) { OnFailed(neighbor); return(null); } } try { PeerHashToken receivedToken = PeerRequestSecurityToken.CreateHashTokenFrom(message); PeerHashToken expectedToken = securityManager.GetExpectedTokenForClaim(claim); if (!expectedToken.Equals(receivedToken)) { OnFailed(neighbor); } else { this.state = PeerAuthState.Authenticated; PeerHashToken selfToken = securityManager.GetSelfToken(); response = new PeerRequestSecurityTokenResponse(selfToken); reply = Message.CreateMessage(MessageVersion.Soap12WSAddressing10, TrustFeb2005Strings.RequestSecurityTokenResponse, response); OnAuthenticated(); } } catch (Exception e) { if (Fx.IsFatal(e)) { throw; } DiagnosticUtility.TraceHandledException(e, TraceEventType.Information); OnFailed(neighbor); } return(reply); }
private void OnFailed(IPeerNeighbor neighbor) { lock (this.ThisLock) { this.state = PeerAuthState.Failed; this.timer.Cancel(); this.host = null; } if (DiagnosticUtility.ShouldTraceError) { PeerAuthenticationFailureTraceRecord extendedData = null; string remoteAddress = ""; PeerNodeAddress listenAddress = neighbor.ListenAddress; if (listenAddress != null) { remoteAddress = listenAddress.EndpointAddress.ToString(); } OperationContext current = OperationContext.Current; if (current != null) { remoteAddress = current.IncomingMessageProperties.Via.ToString(); ServiceSecurityContext serviceSecurityContext = current.ServiceSecurityContext; if (serviceSecurityContext != null) { extendedData = new PeerAuthenticationFailureTraceRecord(this.meshId, remoteAddress, serviceSecurityContext.AuthorizationContext.ClaimSets[0], null); if (DiagnosticUtility.ShouldTraceError) { TraceUtility.TraceEvent(TraceEventType.Error, 0x4004d, System.ServiceModel.SR.GetString("TraceCodePeerNodeAuthenticationFailure"), extendedData, this, null); } } } else { extendedData = new PeerAuthenticationFailureTraceRecord(this.meshId, remoteAddress); if (DiagnosticUtility.ShouldTraceError) { TraceUtility.TraceEvent(TraceEventType.Error, 0x4004e, System.ServiceModel.SR.GetString("TraceCodePeerNodeAuthenticationTimeout"), extendedData, this, null); } } } neighbor.Abort(PeerCloseReason.AuthenticationFailure, PeerCloseInitiator.LocalNode); }
public Message ProcessRst(Message message, Claim claim) { IPeerNeighbor host = this.host; PeerRequestSecurityTokenResponse response = null; Message message2 = null; lock (this.ThisLock) { if (((this.state != PeerAuthState.Created) || (host == null)) || (host.IsInitiator || (host.State != PeerNeighborState.Opened))) { this.OnFailed(host); return(null); } } try { PeerHashToken token = PeerRequestSecurityToken.CreateHashTokenFrom(message); if (!this.securityManager.GetExpectedTokenForClaim(claim).Equals(token)) { this.OnFailed(host); return(message2); } this.state = PeerAuthState.Authenticated; response = new PeerRequestSecurityTokenResponse(this.securityManager.GetSelfToken()); message2 = Message.CreateMessage(MessageVersion.Soap12WSAddressing10, "RequestSecurityTokenResponse", (BodyWriter)response); this.OnAuthenticated(); } catch (Exception exception) { if (Fx.IsFatal(exception)) { throw; } DiagnosticUtility.ExceptionUtility.TraceHandledException(exception, TraceEventType.Information); this.OnFailed(host); } return(message2); }