Пример #1
0
 internal WindowsClaimSet(ClaimsIdentity claimsIdentity, string authenticationType, bool includeWindowsGroups, DateTime expirationTime, bool clone, IList <Claim> _fromClaims, LdapSettings ldapSettings)
     : this(authenticationType, includeWindowsGroups, expirationTime, clone, _fromClaims)
 {
     if (claimsIdentity == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(claimsIdentity));
     }
     _windowsIdentity = (clone && claimsIdentity is WindowsIdentity) ? SecurityUtils.CloneWindowsIdentityIfNecessary((WindowsIdentity)claimsIdentity, authenticationType) : claimsIdentity;
     _ldapSettings    = ldapSettings;
 }
Пример #2
0
        internal WindowsClaimSet(WindowsIdentity windowsIdentity, string authenticationType, bool includeWindowsGroups, DateTime expirationTime, bool clone, IList <Claim> _fromClaims)
            : this(authenticationType, includeWindowsGroups, expirationTime, clone, _fromClaims)
        {
            if (windowsIdentity == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(windowsIdentity));
            }

            _windowsIdentity = clone ? SecurityUtils.CloneWindowsIdentityIfNecessary(windowsIdentity, authenticationType) : windowsIdentity;
        }
        internal X509WindowsSecurityToken(X509Certificate2 certificate, WindowsIdentity windowsIdentity, string authenticationType, string id, bool clone)
            : base(certificate, id, clone)
        {
            if (windowsIdentity == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("windowsIdentity");
            }

            this.authenticationType = authenticationType;
            this.windowsIdentity    = clone ? SecurityUtils.CloneWindowsIdentityIfNecessary(windowsIdentity, authenticationType) : windowsIdentity;
        }
Пример #4
0
 protected void Initialize(string id, string authenticationType, DateTime effectiveTime, DateTime expirationTime, WindowsIdentity windowsIdentity, bool clone)
 {
     if (windowsIdentity == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(windowsIdentity));
     }
     _id = id ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(id));
     AuthenticationType = authenticationType;
     _effectiveTime     = effectiveTime;
     _expirationTime    = expirationTime;
     _windowsIdentity   = clone ? SecurityUtils.CloneWindowsIdentityIfNecessary(windowsIdentity, authenticationType) : windowsIdentity;
 }
Пример #5
0
        internal WindowsClaimSet(WindowsIdentity windowsIdentity, string authenticationType, bool includeWindowsGroups, DateTime expirationTime, bool clone)
        {
            if (windowsIdentity == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("windowsIdentity");
            }

            this.windowsIdentity      = clone ? SecurityUtils.CloneWindowsIdentityIfNecessary(windowsIdentity, authenticationType) : windowsIdentity;
            this.includeWindowsGroups = includeWindowsGroups;
            this.expirationTime       = expirationTime;
            this.authenticationType   = authenticationType;
        }
        protected void Initialize(string id, string authenticationType, DateTime effectiveTime, DateTime expirationTime, WindowsIdentity windowsIdentity, bool clone)
        {
            if (windowsIdentity == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("windowsIdentity");
            }

            if (id == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("id");
            }

            this.id = id;
            this.authenticationType = authenticationType;
            this.effectiveTime      = effectiveTime;
            this.expirationTime     = expirationTime;
            this.windowsIdentity    = clone ? SecurityUtils.CloneWindowsIdentityIfNecessary(windowsIdentity, authenticationType) : windowsIdentity;
        }
        public override SecurityMessageProperty ProcessAuthentication(IHttpAuthenticationContext authenticationContext)
        {
            if (this.shouldValidateClientCertificate)
            {
                SecurityMessageProperty retValue;
                X509Certificate2        certificate = null;

                try
                {
                    bool isCertificateValid;
                    certificate = authenticationContext.GetClientCertificate(out isCertificateValid);
                    Fx.Assert(!this.requireClientCertificate || certificate != null, "ClientCertificate must be present");

                    if (certificate != null)
                    {
                        if (!this.useCustomClientCertificateVerification)
                        {
                            Fx.Assert(isCertificateValid, "ClientCertificate must be valid");
                        }

                        WindowsIdentity identity = null;
                        string          authType = base.GetAuthType(authenticationContext);

                        if (this.useHostedClientCertificateMapping)
                        {
                            identity = authenticationContext.LogonUserIdentity;
                            if (identity == null || !identity.IsAuthenticated)
                            {
                                identity = WindowsIdentity.GetAnonymous();
                            }
                            else
                            {
                                // it is not recommended to call identity.AuthenticationType as this is a privileged instruction.
                                // when the identity is cloned, it will be created with an authtype indicating WindowsIdentity from a cert.
                                identity = SecurityUtils.CloneWindowsIdentityIfNecessary(identity, SecurityUtils.AuthTypeCertMap);
                                authType = SecurityUtils.AuthTypeCertMap;
                            }
                        }

                        retValue = CreateSecurityProperty(certificate, identity, authType);
                    }
                    else if (this.AuthenticationScheme == AuthenticationSchemes.Anonymous)
                    {
                        return(new SecurityMessageProperty());
                    }
                    else
                    {
                        return(base.ProcessAuthentication(authenticationContext));
                    }
                }
#pragma warning suppress 56500 // covered by FXCop
                catch (Exception exception)
                {
                    if (Fx.IsFatal(exception))
                    {
                        throw;
                    }

                    // Audit Authentication failure
                    if (AuditLevel.Failure == (this.AuditBehavior.MessageAuthenticationAuditLevel & AuditLevel.Failure))
                    {
                        WriteAuditEvent(AuditLevel.Failure, (certificate != null) ? SecurityUtils.GetCertificateId(certificate) : String.Empty, exception);
                    }

                    throw;
                }

                // Audit Authentication success
                if (AuditLevel.Success == (this.AuditBehavior.MessageAuthenticationAuditLevel & AuditLevel.Success))
                {
                    WriteAuditEvent(AuditLevel.Success, (certificate != null) ? SecurityUtils.GetCertificateId(certificate) : String.Empty, null);
                }

                return(retValue);
            }
            else if (this.AuthenticationScheme == AuthenticationSchemes.Anonymous)
            {
                return(new SecurityMessageProperty());
            }
            else
            {
                return(base.ProcessAuthentication(authenticationContext));
            }
        }