public static SslStreamSecurityUpgradeProvider CreateServerProvider(SslStreamSecurityBindingElement bindingElement, BindingContext context)
{
SecurityCredentialsManager manager = context.BindingParameters.Find <SecurityCredentialsManager>();
if (manager == null)
{
manager = ServiceCredentials.CreateDefaultCredentials();
}
Uri listenUri = TransportSecurityHelpers.GetListenUri(context.ListenUriBaseAddress, context.ListenUriRelativeAddress);
SecurityTokenManager tokenManager = manager.CreateSecurityTokenManager();
RecipientServiceModelSecurityTokenRequirement tokenRequirement = new RecipientServiceModelSecurityTokenRequirement {
TokenType = SecurityTokenTypes.X509Certificate,
RequireCryptographicToken = true,
KeyUsage = SecurityKeyUsage.Exchange,
TransportScheme = context.Binding.Scheme,
ListenUri = listenUri
};
SecurityTokenProvider serverTokenProvider = tokenManager.CreateSecurityTokenProvider(tokenRequirement);
if (serverTokenProvider == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("ClientCredentialsUnableToCreateLocalTokenProvider", new object[] { tokenRequirement })));
}
return(new SslStreamSecurityUpgradeProvider(context.Binding, serverTokenProvider, bindingElement.RequireClientCertificate, TransportSecurityHelpers.GetCertificateTokenAuthenticator(tokenManager, context.Binding.Scheme, listenUri), context.Binding.Scheme, bindingElement.IdentityVerifier));
}
public WindowsStreamSecurityUpgradeProvider(WindowsStreamSecurityBindingElement bindingElement,
BindingContext context, bool isClient)
: base(context.Binding)
{
_extractGroupsForWindowsAccounts = TransportDefaults.ExtractGroupsForWindowsAccounts;
_protectionLevel = bindingElement.ProtectionLevel;
_scheme = context.Binding.Scheme;
_isClient = isClient;
_listenUri = TransportSecurityHelpers.GetListenUri(context.ListenUriBaseAddress, context.ListenUriRelativeAddress);
SecurityCredentialsManager credentialProvider = context.BindingParameters.Find <SecurityCredentialsManager>();
if (credentialProvider == null)
{
if (isClient)
{
credentialProvider = ClientCredentials.CreateDefaultCredentials();
}
else
{
throw ExceptionHelper.PlatformNotSupported("WindowsStreamSecurityUpgradeProvider for server is not supported.");
}
}
_securityTokenManager = credentialProvider.CreateSecurityTokenManager();
}
public WindowsStreamSecurityUpgradeProvider(WindowsStreamSecurityBindingElement bindingElement,
BindingContext context, bool isClient)
: base(context.Binding)
{
this.extractGroupsForWindowsAccounts = TransportDefaults.ExtractGroupsForWindowsAccounts;
this.protectionLevel = bindingElement.ProtectionLevel;
this.scheme = context.Binding.Scheme;
this.isClient = isClient;
this.listenUri = TransportSecurityHelpers.GetListenUri(context.ListenUriBaseAddress, context.ListenUriRelativeAddress);
SecurityCredentialsManager credentialProvider = context.BindingParameters.Find <SecurityCredentialsManager>();
if (credentialProvider == null)
{
if (isClient)
{
credentialProvider = ClientCredentials.CreateDefaultCredentials();
}
else
{
credentialProvider = ServiceCredentials.CreateDefaultCredentials();
}
}
this.securityTokenManager = credentialProvider.CreateSecurityTokenManager();
}
public HttpsChannelListener(HttpsTransportBindingElement httpsBindingElement, BindingContext context)
: base(httpsBindingElement, context)
{
this.requireClientCertificate = httpsBindingElement.RequireClientCertificate;
this.shouldValidateClientCertificate = ShouldValidateClientCertificate(this.requireClientCertificate, context);
// Pick up the MapCertificateToWindowsAccount setting from the configured token authenticator.
SecurityCredentialsManager credentialProvider =
context.BindingParameters.Find <SecurityCredentialsManager>();
if (credentialProvider == null)
{
credentialProvider = ServiceCredentials.CreateDefaultCredentials();
}
SecurityTokenManager tokenManager = credentialProvider.CreateSecurityTokenManager();
this.certificateAuthenticator =
TransportSecurityHelpers.GetCertificateTokenAuthenticator(tokenManager, context.Binding.Scheme,
TransportSecurityHelpers.GetListenUri(context.ListenUriBaseAddress, context.ListenUriRelativeAddress));
ServiceCredentials serviceCredentials = credentialProvider as ServiceCredentials;
if (serviceCredentials != null &&
serviceCredentials.ClientCertificate.Authentication.CertificateValidationMode == X509CertificateValidationMode.Custom)
{
useCustomClientCertificateVerification = true;
}
else
{
useCustomClientCertificateVerification = false;
X509SecurityTokenAuthenticator authenticator = this.certificateAuthenticator as X509SecurityTokenAuthenticator;
if (authenticator != null)
{
this.certificateAuthenticator = new X509SecurityTokenAuthenticator(X509CertificateValidator.None,
authenticator.MapCertificateToWindowsAccount, this.ExtractGroupsForWindowsAccounts, false);
}
}
if (this.RequireClientCertificate &&
this.AuthenticationScheme.IsNotSet(AuthenticationSchemes.Anonymous))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new InvalidOperationException(SR.GetString(
SR.HttpAuthSchemeAndClientCert, this.AuthenticationScheme)), TraceEventType.Error);
}
this.channelBindingProvider = new ChannelBindingProviderHelper();
}
public WindowsStreamSecurityUpgradeProvider(WindowsStreamSecurityBindingElement bindingElement,
BindingContext context, bool isClient)
: base(context.Binding)
{
Contract.Assert(isClient, ".NET Core and .NET Native does not support server side");
_extractGroupsForWindowsAccounts = TransportDefaults.ExtractGroupsForWindowsAccounts;
_protectionLevel = bindingElement.ProtectionLevel;
_scheme = context.Binding.Scheme;
_isClient = isClient;
_listenUri = TransportSecurityHelpers.GetListenUri(context.ListenUriBaseAddress, context.ListenUriRelativeAddress);
SecurityCredentialsManager credentialProvider = context.BindingParameters.Find <SecurityCredentialsManager>();
if (credentialProvider == null)
{
credentialProvider = ClientCredentials.CreateDefaultCredentials();
}
_securityTokenManager = credentialProvider.CreateSecurityTokenManager();
}
public HttpsChannelListener(HttpsTransportBindingElement httpsBindingElement, BindingContext context) : base(httpsBindingElement, context)
{
this.requireClientCertificate = httpsBindingElement.RequireClientCertificate;
SecurityCredentialsManager manager = context.BindingParameters.Find <SecurityCredentialsManager>();
if (manager == null)
{
manager = ServiceCredentials.CreateDefaultCredentials();
}
SecurityTokenManager tokenManager = manager.CreateSecurityTokenManager();
this.certificateAuthenticator = TransportSecurityHelpers.GetCertificateTokenAuthenticator(tokenManager, context.Binding.Scheme, TransportSecurityHelpers.GetListenUri(context.ListenUriBaseAddress, context.ListenUriRelativeAddress));
ServiceCredentials credentials = manager as ServiceCredentials;
if ((credentials != null) && (credentials.ClientCertificate.Authentication.CertificateValidationMode == X509CertificateValidationMode.Custom))
{
this.useCustomClientCertificateVerification = true;
}
else
{
this.useCustomClientCertificateVerification = false;
X509SecurityTokenAuthenticator certificateAuthenticator = this.certificateAuthenticator as X509SecurityTokenAuthenticator;
if (certificateAuthenticator != null)
{
this.certificateAuthenticator = new X509SecurityTokenAuthenticator(X509CertificateValidator.None, certificateAuthenticator.MapCertificateToWindowsAccount, base.ExtractGroupsForWindowsAccounts, false);
}
}
if (this.RequireClientCertificate && (base.AuthenticationScheme != AuthenticationSchemes.Anonymous))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new InvalidOperationException(System.ServiceModel.SR.GetString("HttpAuthSchemeAndClientCert", new object[] { base.AuthenticationScheme })), TraceEventType.Error);
}
this.channelBindingProvider = new ChannelBindingProviderHelper();
}
