Пример #1
0
        protected override ReadOnlyCollection <IAuthorizationPolicy> ValidateSspiNegotiation(ISspiNegotiation sspiNegotiation)
        {
            TlsSspiNegotiation tlsNegotiation = (TlsSspiNegotiation)sspiNegotiation;

            if (tlsNegotiation.IsValidContext == false)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new SecurityNegotiationException(SR.GetString(SR.InvalidSspiNegotiation)));
            }

            if (this.ClientTokenAuthenticator == null)
            {
                return(EmptyReadOnlyCollection <IAuthorizationPolicy> .Instance);
            }

            X509Certificate2 clientCertificate = tlsNegotiation.RemoteCertificate;

            if (clientCertificate == null)
            {
                // isAnonymous is false. So, fail the negotiation
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new SecurityTokenValidationException(SR.GetString(SR.ClientCertificateNotProvided)));
            }

            ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies;

            if (this.ClientTokenAuthenticator != null)
            {
                X509SecurityToken clientToken;
                WindowsIdentity   preMappedIdentity;
                if (!this.MapCertificateToWindowsAccount || !tlsNegotiation.TryGetContextIdentity(out preMappedIdentity))
                {
                    clientToken = new X509SecurityToken(clientCertificate);
                }
                else
                {
                    clientToken = new X509WindowsSecurityToken(clientCertificate, preMappedIdentity, preMappedIdentity.AuthenticationType, true);
                    preMappedIdentity.Dispose();
                }
                authorizationPolicies = this.ClientTokenAuthenticator.ValidateToken(clientToken);
                clientToken.Dispose();
            }
            else
            {
                authorizationPolicies = EmptyReadOnlyCollection <IAuthorizationPolicy> .Instance;
            }
            return(authorizationPolicies);
        }
        protected override ReadOnlyCollection <IAuthorizationPolicy> ValidateSspiNegotiation(ISspiNegotiation sspiNegotiation)
        {
            X509SecurityToken  token;
            WindowsIdentity    identity;
            TlsSspiNegotiation negotiation = (TlsSspiNegotiation)sspiNegotiation;

            if (!negotiation.IsValidContext)
            {
                throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new SecurityNegotiationException(System.ServiceModel.SR.GetString("InvalidSspiNegotiation")));
            }
            if (this.ClientTokenAuthenticator == null)
            {
                return(System.ServiceModel.Security.EmptyReadOnlyCollection <IAuthorizationPolicy> .Instance);
            }
            X509Certificate2 remoteCertificate = negotiation.RemoteCertificate;

            if (remoteCertificate == null)
            {
                throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new SecurityTokenValidationException(System.ServiceModel.SR.GetString("ClientCertificateNotProvided")));
            }
            if (this.ClientTokenAuthenticator == null)
            {
                return(System.ServiceModel.Security.EmptyReadOnlyCollection <IAuthorizationPolicy> .Instance);
            }
            if (!this.MapCertificateToWindowsAccount || !negotiation.TryGetContextIdentity(out identity))
            {
                token = new X509SecurityToken(remoteCertificate);
            }
            else
            {
                token = new X509WindowsSecurityToken(remoteCertificate, identity, identity.AuthenticationType, true);
                identity.Dispose();
            }
            ReadOnlyCollection <IAuthorizationPolicy> onlys = this.ClientTokenAuthenticator.ValidateToken(token);

            token.Dispose();
            return(onlys);
        }