private async Task <SecurityMessageProperty> CreateClientSecurityAsync(NegotiateStream negotiateStream,
bool extractGroupsForWindowsAccounts)
{
IIdentity remoteIdentity = negotiateStream.RemoteIdentity;
SecurityToken token;
ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies;
WindowsSecurityTokenAuthenticator authenticator = new WindowsSecurityTokenAuthenticator(extractGroupsForWindowsAccounts, _ldapSettings);
if (remoteIdentity is WindowsIdentity)
{
WindowsIdentity windowIdentity = (WindowsIdentity)remoteIdentity;
SecurityUtils.ValidateAnonymityConstraint(windowIdentity, false);
token = new WindowsSecurityToken(windowIdentity, SecurityUniqueId.Create().Value, windowIdentity.AuthenticationType);
}
else
{
ClaimsIdentity claimsIdentity = new ClaimsIdentity(remoteIdentity);
token = new GenericSecurityToken(remoteIdentity.Name, SecurityUniqueId.Create().Value);
}
authorizationPolicies = await authenticator.ValidateTokenAsync(token);
SecurityMessageProperty clientSecurity = new SecurityMessageProperty
{
TransportToken = new SecurityTokenSpecification(token, authorizationPolicies),
ServiceSecurityContext = new ServiceSecurityContext(authorizationPolicies)
};
return(clientSecurity);
}
SecurityMessageProperty CreateClientSecurity(NegotiateStream negotiateStream,
bool extractGroupsForWindowsAccounts)
{
IIdentity remoteIdentity = negotiateStream.RemoteIdentity;
SecurityToken token;
ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies;
if (remoteIdentity is WindowsIdentity)
{
WindowsIdentity windowIdentity = (WindowsIdentity)remoteIdentity;
Security.SecurityUtils.ValidateAnonymityConstraint(windowIdentity, false);
WindowsSecurityTokenAuthenticator authenticator = new WindowsSecurityTokenAuthenticator(extractGroupsForWindowsAccounts);
token = new WindowsSecurityToken(windowIdentity, SecurityUniqueId.Create().Value, windowIdentity.AuthenticationType);
authorizationPolicies = authenticator.ValidateToken(token);
}
else
{
token = new GenericSecurityToken(remoteIdentity.Name, SecurityUniqueId.Create().Value);
GenericSecurityTokenAuthenticator authenticator = new GenericSecurityTokenAuthenticator();
authorizationPolicies = authenticator.ValidateToken(token);
}
SecurityMessageProperty clientSecurity = new SecurityMessageProperty();
clientSecurity.TransportToken = new SecurityTokenSpecification(token, authorizationPolicies);
clientSecurity.ServiceSecurityContext = new ServiceSecurityContext(authorizationPolicies);
return(clientSecurity);
}
private SecurityMessageProperty CreateClientSecurity(NegotiateStream negotiateStream, bool extractGroupsForWindowsAccounts)
{
WindowsIdentity remoteIdentity = (WindowsIdentity)negotiateStream.RemoteIdentity;
System.ServiceModel.Security.SecurityUtils.ValidateAnonymityConstraint(remoteIdentity, false);
WindowsSecurityTokenAuthenticator authenticator = new WindowsSecurityTokenAuthenticator(extractGroupsForWindowsAccounts);
SecurityToken token = new WindowsSecurityToken(remoteIdentity, SecurityUniqueId.Create().Value, remoteIdentity.AuthenticationType);
ReadOnlyCollection <IAuthorizationPolicy> tokenPolicies = authenticator.ValidateToken(token);
this.clientSecurity = new SecurityMessageProperty();
this.clientSecurity.TransportToken = new SecurityTokenSpecification(token, tokenPolicies);
this.clientSecurity.ServiceSecurityContext = new ServiceSecurityContext(tokenPolicies);
return(this.clientSecurity);
}
SecurityMessageProperty CreateClientSecurity(NegotiateStream negotiateStream,
bool extractGroupsForWindowsAccounts)
{
WindowsIdentity remoteIdentity = (WindowsIdentity)negotiateStream.RemoteIdentity;
SecurityUtils.ValidateAnonymityConstraint(remoteIdentity, false);
WindowsSecurityTokenAuthenticator authenticator = new WindowsSecurityTokenAuthenticator(extractGroupsForWindowsAccounts);
// When NegotiateStream returns a WindowsIdentity the AuthenticationType is passed in the constructor to WindowsIdentity
// by it's internal NegoState class. If this changes, then the call to remoteIdentity.AuthenticationType could fail if the
// current process token doesn't have sufficient priviledges. It is a first class exception, and caught by the CLR
// null is returned.
SecurityToken token = new WindowsSecurityToken(remoteIdentity, SecurityUniqueId.Create().Value, remoteIdentity.AuthenticationType);
ReadOnlyCollection<IAuthorizationPolicy> authorizationPolicies = authenticator.ValidateToken(token);
this.clientSecurity = new SecurityMessageProperty();
this.clientSecurity.TransportToken = new SecurityTokenSpecification(token, authorizationPolicies);
this.clientSecurity.ServiceSecurityContext = new ServiceSecurityContext(authorizationPolicies);
return this.clientSecurity;
}
