public override HttpStatusCode ValidateAuthentication(HttpChannelListener.IHttpAuthenticationContext authenticationContext) { HttpStatusCode forbidden = base.ValidateAuthentication(authenticationContext); if ((forbidden == HttpStatusCode.OK) && this.RequireClientCertificate) { bool flag; X509Certificate2 clientCertificate = authenticationContext.GetClientCertificate(out flag); if (clientCertificate == null) { if (DiagnosticUtility.ShouldTraceError) { TraceUtility.TraceEvent(TraceEventType.Error, 0x40010, System.ServiceModel.SR.GetString("TraceCodeHttpsClientCertificateNotPresent"), authenticationContext.CreateTraceRecord(), this, null); } forbidden = HttpStatusCode.Forbidden; } else if (!flag && !this.useCustomClientCertificateVerification) { if (DiagnosticUtility.ShouldTraceError) { TraceUtility.TraceEvent(TraceEventType.Error, 0x4000f, System.ServiceModel.SR.GetString("TraceCodeHttpsClientCertificateInvalid"), authenticationContext.CreateTraceRecord(), this, null); } forbidden = HttpStatusCode.Forbidden; } if ((forbidden != HttpStatusCode.OK) && (AuditLevel.Failure == (base.AuditBehavior.MessageAuthenticationAuditLevel & AuditLevel.Failure))) { string message = System.ServiceModel.SR.GetString("HttpAuthenticationFailed", new object[] { base.AuthenticationScheme, forbidden }); Exception exception = DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(message)); base.WriteAuditEvent(AuditLevel.Failure, (clientCertificate != null) ? System.ServiceModel.Security.SecurityUtils.GetCertificateId(clientCertificate) : string.Empty, exception); } } return(forbidden); }
public override SecurityMessageProperty ProcessAuthentication(HttpChannelListener.IHttpAuthenticationContext authenticationContext) { if (this.requireClientCertificate) { SecurityMessageProperty property; X509Certificate2 clientCertificate = null; try { bool flag; clientCertificate = authenticationContext.GetClientCertificate(out flag); bool useCustomClientCertificateVerification = this.useCustomClientCertificateVerification; WindowsIdentity wid = null; if (this.useHostedClientCertificateMapping) { wid = authenticationContext.LogonUserIdentity; if ((wid == null) || !wid.IsAuthenticated) { wid = WindowsIdentity.GetAnonymous(); } else { wid = System.ServiceModel.Security.SecurityUtils.CloneWindowsIdentityIfNecessary(wid, "SSL/PCT"); } } property = this.CreateSecurityProperty(clientCertificate, wid); } catch (Exception exception) { if (Fx.IsFatal(exception)) { throw; } if (AuditLevel.Failure == (base.AuditBehavior.MessageAuthenticationAuditLevel & AuditLevel.Failure)) { base.WriteAuditEvent(AuditLevel.Failure, (clientCertificate != null) ? System.ServiceModel.Security.SecurityUtils.GetCertificateId(clientCertificate) : string.Empty, exception); } throw; } if (AuditLevel.Success == (base.AuditBehavior.MessageAuthenticationAuditLevel & AuditLevel.Success)) { base.WriteAuditEvent(AuditLevel.Success, (clientCertificate != null) ? System.ServiceModel.Security.SecurityUtils.GetCertificateId(clientCertificate) : string.Empty, null); } return(property); } if (base.AuthenticationScheme == AuthenticationSchemes.Anonymous) { return(new SecurityMessageProperty()); } return(base.ProcessAuthentication(authenticationContext)); }