public override HttpStatusCode ValidateAuthentication(HttpChannelListener.IHttpAuthenticationContext authenticationContext)
{
HttpStatusCode forbidden = base.ValidateAuthentication(authenticationContext);
if ((forbidden == HttpStatusCode.OK) && this.RequireClientCertificate)
{
bool flag;
X509Certificate2 clientCertificate = authenticationContext.GetClientCertificate(out flag);
if (clientCertificate == null)
{
if (DiagnosticUtility.ShouldTraceError)
{
TraceUtility.TraceEvent(TraceEventType.Error, 0x40010, System.ServiceModel.SR.GetString("TraceCodeHttpsClientCertificateNotPresent"), authenticationContext.CreateTraceRecord(), this, null);
}
forbidden = HttpStatusCode.Forbidden;
}
else if (!flag && !this.useCustomClientCertificateVerification)
{
if (DiagnosticUtility.ShouldTraceError)
{
TraceUtility.TraceEvent(TraceEventType.Error, 0x4000f, System.ServiceModel.SR.GetString("TraceCodeHttpsClientCertificateInvalid"), authenticationContext.CreateTraceRecord(), this, null);
}
forbidden = HttpStatusCode.Forbidden;
}
if ((forbidden != HttpStatusCode.OK) && (AuditLevel.Failure == (base.AuditBehavior.MessageAuthenticationAuditLevel & AuditLevel.Failure)))
{
string message = System.ServiceModel.SR.GetString("HttpAuthenticationFailed", new object[] { base.AuthenticationScheme, forbidden });
Exception exception = DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(message));
base.WriteAuditEvent(AuditLevel.Failure, (clientCertificate != null) ? System.ServiceModel.Security.SecurityUtils.GetCertificateId(clientCertificate) : string.Empty, exception);
}
}
return(forbidden);
}
public override SecurityMessageProperty ProcessAuthentication(HttpChannelListener.IHttpAuthenticationContext authenticationContext)
{
if (this.requireClientCertificate)
{
SecurityMessageProperty property;
X509Certificate2 clientCertificate = null;
try
{
bool flag;
clientCertificate = authenticationContext.GetClientCertificate(out flag);
bool useCustomClientCertificateVerification = this.useCustomClientCertificateVerification;
WindowsIdentity wid = null;
if (this.useHostedClientCertificateMapping)
{
wid = authenticationContext.LogonUserIdentity;
if ((wid == null) || !wid.IsAuthenticated)
{
wid = WindowsIdentity.GetAnonymous();
}
else
{
wid = System.ServiceModel.Security.SecurityUtils.CloneWindowsIdentityIfNecessary(wid, "SSL/PCT");
}
}
property = this.CreateSecurityProperty(clientCertificate, wid);
}
catch (Exception exception)
{
if (Fx.IsFatal(exception))
{
throw;
}
if (AuditLevel.Failure == (base.AuditBehavior.MessageAuthenticationAuditLevel & AuditLevel.Failure))
{
base.WriteAuditEvent(AuditLevel.Failure, (clientCertificate != null) ? System.ServiceModel.Security.SecurityUtils.GetCertificateId(clientCertificate) : string.Empty, exception);
}
throw;
}
if (AuditLevel.Success == (base.AuditBehavior.MessageAuthenticationAuditLevel & AuditLevel.Success))
{
base.WriteAuditEvent(AuditLevel.Success, (clientCertificate != null) ? System.ServiceModel.Security.SecurityUtils.GetCertificateId(clientCertificate) : string.Empty, null);
}
return(property);
}
if (base.AuthenticationScheme == AuthenticationSchemes.Anonymous)
{
return(new SecurityMessageProperty());
}
return(base.ProcessAuthentication(authenticationContext));
}
