protected override BodyWriter ProcessRequestSecurityTokenResponse(SspiNegotiationTokenAuthenticatorState negotiationState, Message request, RequestSecurityTokenResponse requestSecurityTokenResponse) { if (request == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("request"); } if (requestSecurityTokenResponse == null) { throw TraceUtility.ThrowHelperArgumentNull("requestSecurityTokenResponse", request); } if (requestSecurityTokenResponse.Context != negotiationState.Context) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.BadSecurityNegotiationContext)), request); } AddToDigest(negotiationState, requestSecurityTokenResponse, true); BinaryNegotiation incomingNego = requestSecurityTokenResponse.GetBinaryNegotiation(); ValidateIncomingBinaryNegotiation(incomingNego); return(ProcessNegotiation(negotiationState, request, incomingNego)); }
protected override BodyWriter ProcessRequestSecurityTokenResponse(SspiNegotiationTokenAuthenticatorState negotiationState, Message request, RequestSecurityTokenResponse requestSecurityTokenResponse) { if (request == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("request"); } if (requestSecurityTokenResponse == null) { throw TraceUtility.ThrowHelperArgumentNull("requestSecurityTokenResponse", request); } if (requestSecurityTokenResponse.Context != negotiationState.Context) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("BadSecurityNegotiationContext")), request); } AddToDigest(negotiationState, requestSecurityTokenResponse, true); BinaryNegotiation binaryNegotiation = requestSecurityTokenResponse.GetBinaryNegotiation(); this.ValidateIncomingBinaryNegotiation(binaryNegotiation); return(this.ProcessNegotiation(negotiationState, request, binaryNegotiation)); }
protected override BodyWriter GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState) { byte[] negotiationData; try { IssuanceTokenProviderBase <SspiNegotiationTokenProviderState> .ThrowIfFault(incomingMessage, base.TargetAddress); } catch (FaultException exception) { if (!exception.Code.IsSenderFault) { throw; } if (!(exception.Code.SubCode.Name == "FailedAuthentication") && !(exception.Code.SubCode.Name == "FailedAuthentication")) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("FailedSspiNegotiation"), exception), incomingMessage); } throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("AuthenticationOfClientFailed"), exception), incomingMessage); } RequestSecurityTokenResponse rstr = null; RequestSecurityTokenResponse authenticatorRstr = null; XmlDictionaryReader readerAtBodyContents = incomingMessage.GetReaderAtBodyContents(); using (readerAtBodyContents) { if (base.StandardsManager.TrustDriver.IsAtRequestSecurityTokenResponseCollection(readerAtBodyContents)) { using (IEnumerator <RequestSecurityTokenResponse> enumerator = base.StandardsManager.TrustDriver.CreateRequestSecurityTokenResponseCollection(readerAtBodyContents).RstrCollection.GetEnumerator()) { enumerator.MoveNext(); rstr = enumerator.Current; if (enumerator.MoveNext()) { authenticatorRstr = enumerator.Current; } } if (authenticatorRstr == null) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("AuthenticatorNotPresentInRSTRCollection")), incomingMessage); } if (authenticatorRstr.Context != rstr.Context) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("RSTRAuthenticatorHasBadContext")), incomingMessage); } this.AddToDigest(sspiState, rstr, true, true); } else if (base.StandardsManager.TrustDriver.IsAtRequestSecurityTokenResponse(readerAtBodyContents)) { rstr = RequestSecurityTokenResponse.CreateFrom(base.StandardsManager, readerAtBodyContents); this.AddToDigest(sspiState, rstr, true, false); } else { base.StandardsManager.TrustDriver.OnRSTRorRSTRCMissingException(); } incomingMessage.ReadFromBodyContentsToEnd(readerAtBodyContents); } if (rstr.Context != sspiState.Context) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("BadSecurityNegotiationContext")), incomingMessage); } BinaryNegotiation binaryNegotiation = rstr.GetBinaryNegotiation(); if (binaryNegotiation != null) { this.ValidateIncomingBinaryNegotiation(binaryNegotiation); negotiationData = binaryNegotiation.GetNegotiationData(); } else { negotiationData = null; } if ((negotiationData == null) && !sspiState.SspiNegotiation.IsCompleted) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("NoBinaryNegoToReceive")), incomingMessage); } if ((negotiationData == null) && sspiState.SspiNegotiation.IsCompleted) { this.OnNegotiationComplete(sspiState, rstr, authenticatorRstr); return(null); } byte[] outgoingBlob = sspiState.SspiNegotiation.GetOutgoingBlob(negotiationData, System.ServiceModel.Security.SecurityUtils.GetChannelBindingFromMessage(incomingMessage), null); if ((outgoingBlob == null) && !sspiState.SspiNegotiation.IsCompleted) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(System.ServiceModel.SR.GetString("NoBinaryNegoToSend")), incomingMessage); } if ((outgoingBlob == null) && sspiState.SspiNegotiation.IsCompleted) { this.OnNegotiationComplete(sspiState, rstr, authenticatorRstr); return(null); } return(this.PrepareRstr(sspiState, outgoingBlob)); }
protected override BodyWriter GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState) { try { ThrowIfFault(incomingMessage, this.TargetAddress); } catch (FaultException fault) { if (fault.Code.IsSenderFault) { if (fault.Code.SubCode.Name == TrustApr2004Strings.FailedAuthenticationFaultCode || fault.Code.SubCode.Name == TrustFeb2005Strings.FailedAuthenticationFaultCode) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.AuthenticationOfClientFailed), fault), incomingMessage); } throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.FailedSspiNegotiation), fault), incomingMessage); } else { throw; } } RequestSecurityTokenResponse negotiationRstr = null; RequestSecurityTokenResponse authenticatorRstr = null; XmlDictionaryReader bodyReader = incomingMessage.GetReaderAtBodyContents(); using (bodyReader) { if (this.StandardsManager.TrustDriver.IsAtRequestSecurityTokenResponseCollection(bodyReader)) { RequestSecurityTokenResponseCollection rstrCollection = this.StandardsManager.TrustDriver.CreateRequestSecurityTokenResponseCollection(bodyReader); using (IEnumerator <RequestSecurityTokenResponse> enumerator = rstrCollection.RstrCollection.GetEnumerator()) { enumerator.MoveNext(); negotiationRstr = enumerator.Current; if (enumerator.MoveNext()) { authenticatorRstr = enumerator.Current; } } if (authenticatorRstr == null) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.AuthenticatorNotPresentInRSTRCollection)), incomingMessage); } else if (authenticatorRstr.Context != negotiationRstr.Context) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.RSTRAuthenticatorHasBadContext)), incomingMessage); } AddToDigest(sspiState, negotiationRstr, true, true); } else if (this.StandardsManager.TrustDriver.IsAtRequestSecurityTokenResponse(bodyReader)) { negotiationRstr = RequestSecurityTokenResponse.CreateFrom(this.StandardsManager, bodyReader); AddToDigest(sspiState, negotiationRstr, true, false); } else { this.StandardsManager.TrustDriver.OnRSTRorRSTRCMissingException(); } incomingMessage.ReadFromBodyContentsToEnd(bodyReader); } if (negotiationRstr.Context != sspiState.Context) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.BadSecurityNegotiationContext)), incomingMessage); } BinaryNegotiation incomingBinaryNego = negotiationRstr.GetBinaryNegotiation(); byte[] incomingBlob; if (incomingBinaryNego != null) { ValidateIncomingBinaryNegotiation(incomingBinaryNego); incomingBlob = incomingBinaryNego.GetNegotiationData(); } else { incomingBlob = null; } BodyWriter nextMessageBody; if (incomingBlob == null && sspiState.SspiNegotiation.IsCompleted == false) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.NoBinaryNegoToReceive)), incomingMessage); } else if (incomingBlob == null && sspiState.SspiNegotiation.IsCompleted == true) { // the incoming RSTR must have the negotiated token OnNegotiationComplete(sspiState, negotiationRstr, authenticatorRstr); nextMessageBody = null; } else { // we got an incoming blob. Process it and see if there is an outgoing blob byte[] outgoingBlob = sspiState.SspiNegotiation.GetOutgoingBlob(incomingBlob, SecurityUtils.GetChannelBindingFromMessage(incomingMessage), null); if (outgoingBlob == null && sspiState.SspiNegotiation.IsCompleted == false) { throw TraceUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString(SR.NoBinaryNegoToSend)), incomingMessage); } else if (outgoingBlob == null && sspiState.SspiNegotiation.IsCompleted == true) { // the incoming RSTR had the last blob. It must have the token too this.OnNegotiationComplete(sspiState, negotiationRstr, authenticatorRstr); nextMessageBody = null; } else { nextMessageBody = PrepareRstr(sspiState, outgoingBlob); } } return(nextMessageBody); }