Пример #1
0
        private BasicOpClient CreateClient()
        {
            if (string.IsNullOrEmpty(this.EndPointConfigurationName))
            {
                EndpointAddress endPointAddress;
                if (string.IsNullOrEmpty(SpnName))
                {
                    endPointAddress = new EndpointAddress(new Uri(Address));
                }
                else
                {
                    var identity = new SpnEndpointIdentity(SpnName);
                    endPointAddress = new EndpointAddress(new Uri(Address), identity);
                }

                WSHttpBinding binding;
                if (endPointAddress.Uri.Scheme == "https")
                {
                    binding = new WSHttpBinding(SecurityMode.Transport);
                    binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
                }
                else
                {
                    binding = new WSHttpBinding();
                }

                return(new BasicOpClient(binding, endPointAddress));
            }
            else
            {
                return(new BasicOpClient(EndPointConfigurationName));
            }
        }
 public override bool CheckAccess(EndpointIdentity identity, AuthorizationContext authContext)
 {
     if (identity == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("identity");
     }
     if (authContext == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("authContext");
     }
     for (int i = 0; i < authContext.ClaimSets.Count; i++)
     {
         ClaimSet claimSet = authContext.ClaimSets[i];
         if (claimSet.ContainsClaim(identity.IdentityClaim))
         {
             SecurityTraceRecordHelper.TraceIdentityVerificationSuccess(identity, identity.IdentityClaim, base.GetType());
             return(true);
         }
         string expectedSpn = null;
         if (ClaimTypes.Dns.Equals(identity.IdentityClaim.ClaimType))
         {
             expectedSpn = string.Format(CultureInfo.InvariantCulture, "host/{0}", new object[] { (string)identity.IdentityClaim.Resource });
             Claim claim = this.CheckDnsEquivalence(claimSet, expectedSpn);
             if (claim != null)
             {
                 SecurityTraceRecordHelper.TraceIdentityVerificationSuccess(identity, claim, base.GetType());
                 return(true);
             }
         }
         SecurityIdentifier identitySid = null;
         if (ClaimTypes.Sid.Equals(identity.IdentityClaim.ClaimType))
         {
             identitySid = this.GetSecurityIdentifier(identity.IdentityClaim);
         }
         else if (ClaimTypes.Upn.Equals(identity.IdentityClaim.ClaimType))
         {
             identitySid = ((UpnEndpointIdentity)identity).GetUpnSid();
         }
         else if (ClaimTypes.Spn.Equals(identity.IdentityClaim.ClaimType))
         {
             identitySid = ((SpnEndpointIdentity)identity).GetSpnSid();
         }
         else if (ClaimTypes.Dns.Equals(identity.IdentityClaim.ClaimType))
         {
             identitySid = new SpnEndpointIdentity(expectedSpn).GetSpnSid();
         }
         if (identitySid != null)
         {
             Claim claim2 = this.CheckSidEquivalence(identitySid, claimSet);
             if (claim2 != null)
             {
                 SecurityTraceRecordHelper.TraceIdentityVerificationSuccess(identity, claim2, base.GetType());
                 return(true);
             }
         }
     }
     SecurityTraceRecordHelper.TraceIdentityVerificationFailure(identity, authContext, base.GetType());
     return(false);
 }
 public SpnEndpointIdentityExtension(SpnEndpointIdentity identity)
 {
     if (identity == null)
     {
         throw FxTrace.Exception.ArgumentNull("identity");
     }
     this.SpnName = (string)identity.IdentityClaim.Resource;
 }
Пример #4
0
    public static void Ctor_NullSpn()
    {
        string spnName = null;

        Assert.Throws <ArgumentNullException>("spnName", () =>
        {
            SpnEndpointIdentity spnEndpointEntity = new SpnEndpointIdentity(spnName);
        });
    }
 public SpnEndpointIdentityExtension(SpnEndpointIdentity identity)
 {
     if (identity == null)
     {
         throw FxTrace.Exception.ArgumentNull("identity");
     }
     Fx.Assert(identity.IdentityClaim.Resource is string, "SpnEndpointIdentity claim resource is not string");
     this.SpnName = (string)identity.IdentityClaim.Resource;
 }
 public SpnEndpointIdentityExtension(SpnEndpointIdentity identity)
 {
     if (identity == null)
     {
         throw FxTrace.Exception.ArgumentNull("identity");
     }
     Fx.Assert(identity.IdentityClaim.Resource is string, "SpnEndpointIdentity claim resource is not string");
     this.SpnName = (string)identity.IdentityClaim.Resource;
 }
Пример #7
0
        // </snippet2>

        // <snippet3>
        static EndpointIdentity CreateSpnIdentity()
        {
            WindowsIdentity    self = WindowsIdentity.GetCurrent();
            SecurityIdentifier sid  = self.User;

            SpnEndpointIdentity identity = null;

            identity = new SpnEndpointIdentity(String.Format(CultureInfo.InvariantCulture, "host/{0}", GetMachineName()));

            return(identity);
        }
Пример #8
0
        static void Main(string[] args)
        {
            int[] counts = new int[] { 500, 600, 700, 800, 850, 851 };
            foreach (var count in counts)
            {
                Console.WriteLine(string.Format("Attempting with count = {0}", count));
                SqlDataAdapter adpt = new SqlDataAdapter(
                    string.Format("select top {0} cprNo from T_PM_CPR", count),
                    "");

                DataTable table = new DataTable();
                int       found = adpt.Fill(table);
                Console.WriteLine(string.Format("Found = {0}", found));
                DataRow[] rows = new DataRow[found];
                table.Rows.CopyTo(rows, 0);
                string[] cprNumbers = (from DataRow dr in rows
                                       select dr["cprNo"].ToString()).ToArray();


                WSHttpBinding binding = new WSHttpBinding();
                string        SpnName = "syddjurs.dk";
                string        Address = "http://personmaster-service/PersonmasterServiceLibrary.BasicOp.svc";

                var             identity        = new SpnEndpointIdentity(SpnName);
                EndpointAddress endPointAddress = new EndpointAddress(new Uri(Address + "/PersonMasterService12"), identity);
                BasicOpClient   client          = new BasicOpClient(binding, endPointAddress);

                string aux = "";
                try
                {
                    client.GetObjectIDsFromCprArray("", cprNumbers, ref aux);
                    Console.WriteLine("Succeeded !!");
                }
                catch (Exception ex)
                {
                    Console.WriteLine(ex.Message);
                }
                finally
                {
                    Console.WriteLine(string.Format("Aux={0}", aux));
                }
            }
        }
        public override void ProcessPerson(string joinedPnrBatch)
        {
            EndpointAddress endPointAddress;

            if (string.IsNullOrEmpty(this.PersonMasterSpnName))
            {
                endPointAddress = new EndpointAddress(new Uri(this.PersonMasterUrl));
            }
            else
            {
                var identity = new SpnEndpointIdentity(this.PersonMasterSpnName);
                endPointAddress = new EndpointAddress(new Uri(this.PersonMasterUrl), identity);
            }

            WSHttpBinding binding;

            if (endPointAddress.Uri.Scheme == "https")
            {
                binding = new WSHttpBinding(SecurityMode.Transport);
                binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
            }
            else
            {
                binding = new WSHttpBinding();
            }


            PersonMaster.BasicOpClient client = new PersonMaster.BasicOpClient(binding, endPointAddress);
            string[] pnrs   = joinedPnrBatch.Split(',');
            string   aux    = "";
            var      result = client.GetObjectIDsFromCprArray("BacthClient", pnrs, ref aux);

            Succeeded += result.Where(res => res.HasValue).Count();
            Failed    += result.Where(res => !res.HasValue).Count();
            Console.WriteLine(string.Format("Batch finished: Size={0}, Succeeded So far={1}; Failed So far={2}", pnrs.Length, Succeeded, Failed));
        }
Пример #10
0
 public static void Ctor_SpnName(string spn)
 {
     SpnEndpointIdentity spnEndpointEntity = new SpnEndpointIdentity(spn);
 }
Пример #11
0
            public override bool CheckAccess(EndpointIdentity identity, AuthorizationContext authContext)
            {
                //EventTraceActivity eventTraceActivity = null;

                if (identity == null)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(identity));
                }

                if (authContext == null)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(authContext));
                }


                //if (FxTrace.Trace.IsEnd2EndActivityTracingEnabled)
                //{
                //    eventTraceActivity = EventTraceActivityHelper.TryExtractActivity((OperationContext.Current != null) ? OperationContext.Current.IncomingMessage : null);
                //}

                for (int i = 0; i < authContext.ClaimSets.Count; ++i)
                {
                    ClaimSet claimSet = authContext.ClaimSets[i];
                    if (claimSet.ContainsClaim(identity.IdentityClaim))
                    {
                        //SecurityTraceRecordHelper.TraceIdentityVerificationSuccess(eventTraceActivity, identity, identity.IdentityClaim, this.GetType());
                        return(true);
                    }

                    // try Claim equivalence
                    string expectedSpn = null;
                    if (ClaimTypes.Dns.Equals(identity.IdentityClaim.ClaimType))
                    {
                        expectedSpn = string.Format(CultureInfo.InvariantCulture, "host/{0}", (string)identity.IdentityClaim.Resource);
                        Claim claim = CheckDnsEquivalence(claimSet, expectedSpn);
                        if (claim != null)
                        {
                            //SecurityTraceRecordHelper.TraceIdentityVerificationSuccess(eventTraceActivity, identity, claim, this.GetType());
                            return(true);
                        }
                    }
                    // Allow a Sid claim to support UPN, and SPN identities
                    SecurityIdentifier identitySid = null;
                    if (ClaimTypes.Sid.Equals(identity.IdentityClaim.ClaimType))
                    {
                        identitySid = GetSecurityIdentifier(identity.IdentityClaim);
                    }
                    else if (ClaimTypes.Upn.Equals(identity.IdentityClaim.ClaimType))
                    {
                        identitySid = ((UpnEndpointIdentity)identity).GetUpnSid();
                    }
                    else if (ClaimTypes.Spn.Equals(identity.IdentityClaim.ClaimType))
                    {
                        identitySid = ((SpnEndpointIdentity)identity).GetSpnSid();
                    }
                    else if (ClaimTypes.Dns.Equals(identity.IdentityClaim.ClaimType))
                    {
                        identitySid = new SpnEndpointIdentity(expectedSpn).GetSpnSid();
                    }
                    if (identitySid != null)
                    {
                        Claim claim = CheckSidEquivalence(identitySid, claimSet);
                        if (claim != null)
                        {
                            //SecurityTraceRecordHelper.TraceIdentityVerificationSuccess(eventTraceActivity, identity, claim, this.GetType());
                            return(true);
                        }
                    }
                }
                SecurityTraceRecordHelper.TraceIdentityVerificationFailure(identity, authContext, GetType());
                //if (TD.SecurityIdentityVerificationFailureIsEnabled())
                //{
                //    TD.SecurityIdentityVerificationFailure(eventTraceActivity);
                //}

                return(false);
            }