public static void AssertLocalClientSecuritySettings( bool cacheCookies, int renewalThresholdPercentage, bool detectReplays, LocalClientSecuritySettings lc, string label) { Assert.IsNotNull(lc, label + " IsNotNull"); Assert.AreEqual(cacheCookies, lc.CacheCookies, label + ".CacheCookies"); Assert.AreEqual(renewalThresholdPercentage, lc.CookieRenewalThresholdPercentage, label + ".CookieRenewalThresholdPercentage"); Assert.AreEqual(detectReplays, lc.DetectReplays, label + ".DetectReplays"); }
internal void InitializeFrom(LocalClientSecuritySettings settings) { if (settings == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("settings"); } SetPropertyValueIfNotDefaultValue(ConfigurationStrings.CacheCookies, settings.CacheCookies); this.DetectReplays = settings.DetectReplays; // can't use default value optimization here because ApplyConfiguration looks at ValueOrigin SetPropertyValueIfNotDefaultValue(ConfigurationStrings.MaxClockSkew, settings.MaxClockSkew); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.MaxCookieCachingTime, settings.MaxCookieCachingTime); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.ReconnectTransportOnFailure, settings.ReconnectTransportOnFailure); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.ReplayCacheSize, settings.ReplayCacheSize); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.ReplayWindow, settings.ReplayWindow); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.SessionKeyRenewalInterval, settings.SessionKeyRenewalInterval); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.SessionKeyRolloverInterval, settings.SessionKeyRolloverInterval); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.TimestampValidityDuration, settings.TimestampValidityDuration); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.CookieRenewalThresholdPercentage, settings.CookieRenewalThresholdPercentage); }
internal void InitializeFrom(LocalClientSecuritySettings settings) { if (settings == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("settings"); } this.CacheCookies = settings.CacheCookies; this.DetectReplays = settings.DetectReplays; this.MaxClockSkew = settings.MaxClockSkew; this.MaxCookieCachingTime = settings.MaxCookieCachingTime; this.ReconnectTransportOnFailure = settings.ReconnectTransportOnFailure; this.ReplayCacheSize = settings.ReplayCacheSize; this.ReplayWindow = settings.ReplayWindow; this.SessionKeyRenewalInterval = settings.SessionKeyRenewalInterval; this.SessionKeyRolloverInterval = settings.SessionKeyRolloverInterval; this.TimestampValidityDuration = settings.TimestampValidityDuration; this.CookieRenewalThresholdPercentage = settings.CookieRenewalThresholdPercentage; }
public void DefaultValues() { LocalClientSecuritySettings lc = new LocalClientSecuritySettings(); Assert.IsNotNull(lc, "#1"); Assert.AreEqual(true, lc.CacheCookies, "#2"); Assert.AreEqual(60, lc.CookieRenewalThresholdPercentage, "#3"); Assert.AreEqual(true, lc.DetectReplays, "#4"); Assert.AreEqual(TimeSpan.FromMinutes(5), lc.MaxClockSkew, "#5"); Assert.AreEqual(TimeSpan.MaxValue, lc.MaxCookieCachingTime, "#6"); Assert.AreEqual(true, lc.ReconnectTransportOnFailure, "#7"); Assert.AreEqual(900000, lc.ReplayCacheSize, "#8"); Assert.AreEqual(TimeSpan.FromMinutes(5), lc.ReplayWindow, "#9"); Assert.AreEqual(TimeSpan.FromHours(10), lc.SessionKeyRenewalInterval, "#10"); Assert.AreEqual(TimeSpan.FromMinutes(5), lc.SessionKeyRolloverInterval, "#11"); Assert.AreEqual(TimeSpan.FromMinutes(5), lc.TimestampValidityDuration, "#12"); // FIXME: IdentityVerifier Assert.IsNotNull(lc.IdentityVerifier, "#13"); }
SecurityTokenProvider CreateSpnegoTokenProvider(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement) { EndpointAddress targetAddress = initiatorRequirement.TargetAddress; if (targetAddress == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenRequirementDoesNotSpecifyTargetAddress, initiatorRequirement)); } SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement; if (securityBindingElement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenProviderRequiresSecurityBindingElement, initiatorRequirement)); } SspiIssuanceChannelParameter sspiChannelParameter = GetSspiIssuanceChannelParameter(initiatorRequirement); bool negotiateTokenOnOpen = (sspiChannelParameter == null ? true : sspiChannelParameter.GetTokenOnOpen); LocalClientSecuritySettings localClientSettings = securityBindingElement.LocalClientSettings; BindingContext issuerBindingContext = initiatorRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty); SpnegoTokenProvider spnegoTokenProvider = new SpnegoTokenProvider(sspiChannelParameter != null ? sspiChannelParameter.CredentialsHandle : null, securityBindingElement); SspiSecurityToken clientSspiToken = GetSpnegoClientCredential(initiatorRequirement); spnegoTokenProvider.ClientCredential = clientSspiToken.NetworkCredential; spnegoTokenProvider.IssuerAddress = initiatorRequirement.IssuerAddress; spnegoTokenProvider.AllowedImpersonationLevel = parent.Windows.AllowedImpersonationLevel; spnegoTokenProvider.AllowNtlm = clientSspiToken.AllowNtlm; spnegoTokenProvider.IdentityVerifier = localClientSettings.IdentityVerifier; spnegoTokenProvider.SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite; // if this is not a supporting token, authenticate the server spnegoTokenProvider.AuthenticateServer = !initiatorRequirement.Properties.ContainsKey(ServiceModelSecurityTokenRequirement.SupportingTokenAttachmentModeProperty); spnegoTokenProvider.NegotiateTokenOnOpen = negotiateTokenOnOpen; spnegoTokenProvider.CacheServiceTokens = negotiateTokenOnOpen || localClientSettings.CacheCookies; spnegoTokenProvider.IssuerBindingContext = issuerBindingContext; spnegoTokenProvider.MaxServiceTokenCachingTime = localClientSettings.MaxCookieCachingTime; spnegoTokenProvider.ServiceTokenValidityThresholdPercentage = localClientSettings.CookieRenewalThresholdPercentage; spnegoTokenProvider.StandardsManager = SecurityUtils.CreateSecurityStandardsManager(initiatorRequirement, this); spnegoTokenProvider.TargetAddress = targetAddress; spnegoTokenProvider.Via = initiatorRequirement.GetPropertyOrDefault <Uri>(InitiatorServiceModelSecurityTokenRequirement.ViaProperty, null); spnegoTokenProvider.ApplicationProtectionRequirements = (issuerBindingContext != null) ? issuerBindingContext.BindingParameters.Find <ChannelProtectionRequirements>() : null; spnegoTokenProvider.InteractiveNegoExLogonEnabled = this.ClientCredentials.SupportInteractive; return(spnegoTokenProvider); }
private void LocalClient() { //<snippet15> // Create an instance of the binding to use. WSHttpBinding b = new WSHttpBinding(); // Get the binding element collection. BindingElementCollection bec = b.CreateBindingElements(); // Find the SymmetricSecurityBindingElement in the collection. // Important: Cast to the SymmetricSecurityBindingElement when using the Find // method. SymmetricSecurityBindingElement sbe = (SymmetricSecurityBindingElement) bec.Find <SecurityBindingElement>(); // Get the LocalSecuritySettings from the binding element. LocalClientSecuritySettings lc = sbe.LocalClientSettings; // Print out values. Console.WriteLine("Maximum cookie caching time: {0} days", lc.MaxCookieCachingTime.Days); Console.WriteLine("Replay Cache Size: {0}", lc.ReplayCacheSize); Console.WriteLine("ReplayWindow: {0} minutes", lc.ReplayWindow.Minutes); Console.WriteLine("MaxClockSkew: {0} minutes", lc.MaxClockSkew.Minutes); Console.ReadLine(); // Change the MaxClockSkew to 3 minutes. lc.MaxClockSkew = new TimeSpan(0, 0, 3, 0); // Print the new value. Console.WriteLine("New MaxClockSkew: {0} minutes", lc.MaxClockSkew.Minutes); Console.ReadLine(); // Create an EndpointAddress for the service. EndpointAddress ea = new EndpointAddress("http://localhost/calculator"); // Create a client. The binding has the changed MaxClockSkew. // CalculatorClient cc = new CalculatorClient(b, ea); // Use the new client. (Not shown.) // cc.Close(); //</snippet15> }
internal void ApplyConfiguration(LocalClientSecuritySettings settings) { if (settings == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("settings"); } settings.CacheCookies = this.CacheCookies; if (base.ElementInformation.Properties["detectReplays"].ValueOrigin != PropertyValueOrigin.Default) { settings.DetectReplays = this.DetectReplays; } settings.MaxClockSkew = this.MaxClockSkew; settings.MaxCookieCachingTime = this.MaxCookieCachingTime; settings.ReconnectTransportOnFailure = this.ReconnectTransportOnFailure; settings.ReplayCacheSize = this.ReplayCacheSize; settings.ReplayWindow = this.ReplayWindow; settings.SessionKeyRenewalInterval = this.SessionKeyRenewalInterval; settings.SessionKeyRolloverInterval = this.SessionKeyRolloverInterval; settings.TimestampValidityDuration = this.TimestampValidityDuration; settings.CookieRenewalThresholdPercentage = this.CookieRenewalThresholdPercentage; }
private SecurityTokenProvider CreateSpnegoTokenProvider(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement) { EndpointAddress targetAddress = initiatorRequirement.TargetAddress; if (targetAddress == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenRequirementDoesNotSpecifyTargetAddress", new object[] { initiatorRequirement })); } SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement; if (securityBindingElement == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenProviderRequiresSecurityBindingElement", new object[] { initiatorRequirement })); } SspiIssuanceChannelParameter sspiIssuanceChannelParameter = this.GetSspiIssuanceChannelParameter(initiatorRequirement); bool flag = (sspiIssuanceChannelParameter == null) || sspiIssuanceChannelParameter.GetTokenOnOpen; LocalClientSecuritySettings localClientSettings = securityBindingElement.LocalClientSettings; BindingContext property = initiatorRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty); SpnegoTokenProvider provider = new SpnegoTokenProvider((sspiIssuanceChannelParameter != null) ? sspiIssuanceChannelParameter.CredentialsHandle : null, securityBindingElement); SspiSecurityToken spnegoClientCredential = this.GetSpnegoClientCredential(initiatorRequirement); provider.ClientCredential = spnegoClientCredential.NetworkCredential; provider.IssuerAddress = initiatorRequirement.IssuerAddress; provider.AllowedImpersonationLevel = this.parent.Windows.AllowedImpersonationLevel; provider.AllowNtlm = spnegoClientCredential.AllowNtlm; provider.IdentityVerifier = localClientSettings.IdentityVerifier; provider.SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite; provider.AuthenticateServer = !initiatorRequirement.Properties.ContainsKey(ServiceModelSecurityTokenRequirement.SupportingTokenAttachmentModeProperty); provider.NegotiateTokenOnOpen = flag; provider.CacheServiceTokens = flag || localClientSettings.CacheCookies; provider.IssuerBindingContext = property; provider.MaxServiceTokenCachingTime = localClientSettings.MaxCookieCachingTime; provider.ServiceTokenValidityThresholdPercentage = localClientSettings.CookieRenewalThresholdPercentage; provider.StandardsManager = System.ServiceModel.Security.SecurityUtils.CreateSecurityStandardsManager(initiatorRequirement, this); provider.TargetAddress = targetAddress; provider.Via = initiatorRequirement.GetPropertyOrDefault <Uri>(ServiceModelSecurityTokenRequirement.ViaProperty, null); provider.ApplicationProtectionRequirements = (property != null) ? property.BindingParameters.Find <ChannelProtectionRequirements>() : null; provider.InteractiveNegoExLogonEnabled = this.ClientCredentials.SupportInteractive; return(provider); }
SecurityTokenProvider CreateTlsnegoTokenProvider(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement, bool requireClientCertificate) { EndpointAddress targetAddress = initiatorRequirement.TargetAddress; if (targetAddress == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenRequirementDoesNotSpecifyTargetAddress, initiatorRequirement)); } SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement; if (securityBindingElement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenProviderRequiresSecurityBindingElement, initiatorRequirement)); } SspiIssuanceChannelParameter sspiChannelParameter = GetSspiIssuanceChannelParameter(initiatorRequirement); bool negotiateTokenOnOpen = sspiChannelParameter != null && sspiChannelParameter.GetTokenOnOpen; LocalClientSecuritySettings localClientSettings = securityBindingElement.LocalClientSettings; BindingContext issuerBindingContext = initiatorRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty); TlsnegoTokenProvider tlsnegoTokenProvider = new TlsnegoTokenProvider(); tlsnegoTokenProvider.IssuerAddress = initiatorRequirement.IssuerAddress; tlsnegoTokenProvider.NegotiateTokenOnOpen = negotiateTokenOnOpen; tlsnegoTokenProvider.CacheServiceTokens = negotiateTokenOnOpen || localClientSettings.CacheCookies; if (requireClientCertificate) { tlsnegoTokenProvider.ClientTokenProvider = this.CreateTlsnegoClientX509TokenProvider(initiatorRequirement); } tlsnegoTokenProvider.IssuerBindingContext = issuerBindingContext; tlsnegoTokenProvider.ApplicationProtectionRequirements = (issuerBindingContext != null) ? issuerBindingContext.BindingParameters.Find <ChannelProtectionRequirements>() : null; tlsnegoTokenProvider.MaxServiceTokenCachingTime = localClientSettings.MaxCookieCachingTime; tlsnegoTokenProvider.SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite; tlsnegoTokenProvider.ServerTokenAuthenticator = this.CreateTlsnegoServerX509TokenAuthenticator(initiatorRequirement); tlsnegoTokenProvider.ServiceTokenValidityThresholdPercentage = localClientSettings.CookieRenewalThresholdPercentage; tlsnegoTokenProvider.StandardsManager = SecurityUtils.CreateSecurityStandardsManager(initiatorRequirement, this); tlsnegoTokenProvider.TargetAddress = initiatorRequirement.TargetAddress; tlsnegoTokenProvider.Via = initiatorRequirement.GetPropertyOrDefault <Uri>(InitiatorServiceModelSecurityTokenRequirement.ViaProperty, null); return(tlsnegoTokenProvider); }
private SecurityTokenProvider CreateTlsnegoTokenProvider(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement, bool requireClientCertificate) { if (initiatorRequirement.TargetAddress == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenRequirementDoesNotSpecifyTargetAddress", new object[] { initiatorRequirement })); } SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement; if (securityBindingElement == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenProviderRequiresSecurityBindingElement", new object[] { initiatorRequirement })); } SspiIssuanceChannelParameter sspiIssuanceChannelParameter = this.GetSspiIssuanceChannelParameter(initiatorRequirement); bool flag = (sspiIssuanceChannelParameter != null) && sspiIssuanceChannelParameter.GetTokenOnOpen; LocalClientSecuritySettings localClientSettings = securityBindingElement.LocalClientSettings; BindingContext property = initiatorRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty); TlsnegoTokenProvider provider = new TlsnegoTokenProvider { IssuerAddress = initiatorRequirement.IssuerAddress, NegotiateTokenOnOpen = flag, CacheServiceTokens = flag || localClientSettings.CacheCookies }; if (requireClientCertificate) { provider.ClientTokenProvider = this.CreateTlsnegoClientX509TokenProvider(initiatorRequirement); } provider.IssuerBindingContext = property; provider.ApplicationProtectionRequirements = (property != null) ? property.BindingParameters.Find <ChannelProtectionRequirements>() : null; provider.MaxServiceTokenCachingTime = localClientSettings.MaxCookieCachingTime; provider.SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite; provider.ServerTokenAuthenticator = this.CreateTlsnegoServerX509TokenAuthenticator(initiatorRequirement); provider.ServiceTokenValidityThresholdPercentage = localClientSettings.CookieRenewalThresholdPercentage; provider.StandardsManager = System.ServiceModel.Security.SecurityUtils.CreateSecurityStandardsManager(initiatorRequirement, this); provider.TargetAddress = initiatorRequirement.TargetAddress; provider.Via = initiatorRequirement.GetPropertyOrDefault <Uri>(ServiceModelSecurityTokenRequirement.ViaProperty, null); return(provider); }
public static void AssertSecurityBindingElement( SecurityAlgorithmSuite algorithm, bool includeTimestamp, SecurityKeyEntropyMode keyEntropyMode, MessageSecurityVersion messageSecurityVersion, SecurityHeaderLayout securityHeaderLayout, // EndpointSupportingTokenParameters int endorsing, int signed, int signedEncrypted, int signedEndorsing, // LocalClientSettings bool cacheCookies, int renewalThresholdPercentage, bool detectReplays, SecurityBindingElement be, string label) { Assert.AreEqual(algorithm, be.DefaultAlgorithmSuite, label + ".DefaultAlgorithmSuite"); Assert.AreEqual(includeTimestamp, be.IncludeTimestamp, label + ".KeyEntropyMode"); Assert.AreEqual(keyEntropyMode, be.KeyEntropyMode, label + "#3"); Assert.AreEqual(messageSecurityVersion, be.MessageSecurityVersion, label + ".MessageSecurityVersion"); Assert.AreEqual(securityHeaderLayout, be.SecurityHeaderLayout, label + ".SecurityHeaderLayout"); // FIXME: they should be extracted step by step... // EndpointSupportingTokenParameters SupportingTokenParameters tp = be.EndpointSupportingTokenParameters; AssertSupportingTokenParameters( endorsing, signed, signedEncrypted, signedEndorsing, tp, label + ".Endpoint"); // OptionalEndpointSupportingTokenParameters tp = be.OptionalEndpointSupportingTokenParameters; Assert.IsNotNull(tp, label + "#3-0"); Assert.AreEqual(0, tp.Endorsing.Count, label + "#3-1"); Assert.AreEqual(0, tp.Signed.Count, label + "#3-2"); Assert.AreEqual(0, tp.SignedEncrypted.Count, label + "#3-3"); Assert.AreEqual(0, tp.SignedEndorsing.Count, label + "#3-4"); // OperationSupportingTokenParameters IDictionary <string, SupportingTokenParameters> oper = be.OperationSupportingTokenParameters; Assert.IsNotNull(oper, label + "#4-1"); Assert.AreEqual(0, oper.Count, label + "#4-2"); // OptionalOperationSupportingTokenParameters oper = be.OptionalOperationSupportingTokenParameters; Assert.IsNotNull(oper, label + "#5-1"); Assert.AreEqual(0, oper.Count, label + "#5-2"); // LocalClientSettings LocalClientSecuritySettings lc = be.LocalClientSettings; AssertLocalClientSecuritySettings( cacheCookies, renewalThresholdPercentage, detectReplays, lc, ""); // FIXME: IdentityVerifier Assert.AreEqual(TimeSpan.FromMinutes(5), lc.MaxClockSkew, label + "#7-5"); Assert.AreEqual(TimeSpan.MaxValue, lc.MaxCookieCachingTime, label + "#7-6"); Assert.AreEqual(true, lc.ReconnectTransportOnFailure, label + "#7-7"); Assert.AreEqual(900000, lc.ReplayCacheSize, label + "#7-8"); Assert.AreEqual(TimeSpan.FromMinutes(5), lc.ReplayWindow, label + "#7-9"); Assert.AreEqual(TimeSpan.FromHours(10), lc.SessionKeyRenewalInterval, label + "#7-10"); Assert.AreEqual(TimeSpan.FromMinutes(5), lc.SessionKeyRolloverInterval, label + "#7-11"); Assert.AreEqual(TimeSpan.FromMinutes(5), lc.TimestampValidityDuration, label + "#7-12"); // FIXME: LocalServiceSettings }
private SecurityTokenProvider CreateSecureConversationSecurityTokenProvider(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement) { EndpointAddress targetAddress = initiatorRequirement.TargetAddress; if (targetAddress == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.Format(SR.TokenRequirementDoesNotSpecifyTargetAddress, initiatorRequirement)); } SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement; if (securityBindingElement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.Format(SR.TokenProviderRequiresSecurityBindingElement, initiatorRequirement)); } LocalClientSecuritySettings localClientSettings = securityBindingElement.LocalClientSettings; BindingContext issuerBindingContext = initiatorRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty); ChannelParameterCollection channelParameters = initiatorRequirement.GetPropertyOrDefault <ChannelParameterCollection>(ServiceModelSecurityTokenRequirement.ChannelParametersCollectionProperty, null); bool isSessionMode = initiatorRequirement.SupportSecurityContextCancellation; if (isSessionMode) { SecuritySessionSecurityTokenProvider sessionTokenProvider = new SecuritySessionSecurityTokenProvider(); sessionTokenProvider.BootstrapSecurityBindingElement = SecurityUtils.GetIssuerSecurityBindingElement(initiatorRequirement); sessionTokenProvider.IssuedSecurityTokenParameters = initiatorRequirement.GetProperty <SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty); sessionTokenProvider.IssuerBindingContext = issuerBindingContext; sessionTokenProvider.KeyEntropyMode = securityBindingElement.KeyEntropyMode; sessionTokenProvider.SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite; sessionTokenProvider.StandardsManager = SecurityUtils.CreateSecurityStandardsManager(initiatorRequirement, this); sessionTokenProvider.TargetAddress = targetAddress; sessionTokenProvider.Via = initiatorRequirement.GetPropertyOrDefault <Uri>(InitiatorServiceModelSecurityTokenRequirement.ViaProperty, null); Uri privacyNoticeUri; if (initiatorRequirement.TryGetProperty(ServiceModelSecurityTokenRequirement.PrivacyNoticeUriProperty, out privacyNoticeUri)) { sessionTokenProvider.PrivacyNoticeUri = privacyNoticeUri; } int privacyNoticeVersion; if (initiatorRequirement.TryGetProperty(ServiceModelSecurityTokenRequirement.PrivacyNoticeVersionProperty, out privacyNoticeVersion)) { sessionTokenProvider.PrivacyNoticeVersion = privacyNoticeVersion; } EndpointAddress localAddress; if (initiatorRequirement.TryGetProperty(ServiceModelSecurityTokenRequirement.DuplexClientLocalAddressProperty, out localAddress)) { sessionTokenProvider.LocalAddress = localAddress; } sessionTokenProvider.ChannelParameters = channelParameters; sessionTokenProvider.WebHeaders = initiatorRequirement.WebHeaders; return(sessionTokenProvider); } else { AcceleratedTokenProvider acceleratedTokenProvider = new AcceleratedTokenProvider(); acceleratedTokenProvider.IssuerAddress = initiatorRequirement.IssuerAddress; acceleratedTokenProvider.BootstrapSecurityBindingElement = SecurityUtils.GetIssuerSecurityBindingElement(initiatorRequirement); acceleratedTokenProvider.CacheServiceTokens = localClientSettings.CacheCookies; acceleratedTokenProvider.IssuerBindingContext = issuerBindingContext; acceleratedTokenProvider.KeyEntropyMode = securityBindingElement.KeyEntropyMode; acceleratedTokenProvider.MaxServiceTokenCachingTime = localClientSettings.MaxCookieCachingTime; acceleratedTokenProvider.SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite; acceleratedTokenProvider.ServiceTokenValidityThresholdPercentage = localClientSettings.CookieRenewalThresholdPercentage; acceleratedTokenProvider.StandardsManager = SecurityUtils.CreateSecurityStandardsManager(initiatorRequirement, this); acceleratedTokenProvider.TargetAddress = targetAddress; acceleratedTokenProvider.Via = initiatorRequirement.GetPropertyOrDefault <Uri>(InitiatorServiceModelSecurityTokenRequirement.ViaProperty, null); return(acceleratedTokenProvider); } }
private SecurityTokenProvider CreateSecureConversationSecurityTokenProvider(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement) { Uri uri2; int num2; EndpointAddress targetAddress = initiatorRequirement.TargetAddress; if (targetAddress == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenRequirementDoesNotSpecifyTargetAddress", new object[] { initiatorRequirement })); } SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement; if (securityBindingElement == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenProviderRequiresSecurityBindingElement", new object[] { initiatorRequirement })); } LocalClientSecuritySettings localClientSettings = securityBindingElement.LocalClientSettings; BindingContext property = initiatorRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty); ChannelParameterCollection propertyOrDefault = initiatorRequirement.GetPropertyOrDefault <ChannelParameterCollection>(ServiceModelSecurityTokenRequirement.ChannelParametersCollectionProperty, null); if (initiatorRequirement.SupportSecurityContextCancellation) { Uri uri; int num; EndpointAddress address2; SecuritySessionSecurityTokenProvider provider = new SecuritySessionSecurityTokenProvider(this.GetCredentialsHandle(initiatorRequirement)) { BootstrapSecurityBindingElement = System.ServiceModel.Security.SecurityUtils.GetIssuerSecurityBindingElement(initiatorRequirement), IssuedSecurityTokenParameters = initiatorRequirement.GetProperty <SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty), IssuerBindingContext = property, KeyEntropyMode = securityBindingElement.KeyEntropyMode, SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite, StandardsManager = System.ServiceModel.Security.SecurityUtils.CreateSecurityStandardsManager(initiatorRequirement, this), TargetAddress = targetAddress, Via = initiatorRequirement.GetPropertyOrDefault <Uri>(ServiceModelSecurityTokenRequirement.ViaProperty, null) }; if (initiatorRequirement.TryGetProperty <Uri>(ServiceModelSecurityTokenRequirement.PrivacyNoticeUriProperty, out uri)) { provider.PrivacyNoticeUri = uri; } if (initiatorRequirement.TryGetProperty <int>(ServiceModelSecurityTokenRequirement.PrivacyNoticeVersionProperty, out num)) { provider.PrivacyNoticeVersion = num; } if (initiatorRequirement.TryGetProperty <EndpointAddress>(ServiceModelSecurityTokenRequirement.DuplexClientLocalAddressProperty, out address2)) { provider.LocalAddress = address2; } provider.ChannelParameters = propertyOrDefault; return(provider); } AcceleratedTokenProvider provider2 = new AcceleratedTokenProvider(this.GetCredentialsHandle(initiatorRequirement)) { IssuerAddress = initiatorRequirement.IssuerAddress, BootstrapSecurityBindingElement = System.ServiceModel.Security.SecurityUtils.GetIssuerSecurityBindingElement(initiatorRequirement), CacheServiceTokens = localClientSettings.CacheCookies, IssuerBindingContext = property, KeyEntropyMode = securityBindingElement.KeyEntropyMode, MaxServiceTokenCachingTime = localClientSettings.MaxCookieCachingTime, SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite, ServiceTokenValidityThresholdPercentage = localClientSettings.CookieRenewalThresholdPercentage, StandardsManager = System.ServiceModel.Security.SecurityUtils.CreateSecurityStandardsManager(initiatorRequirement, this), TargetAddress = targetAddress, Via = initiatorRequirement.GetPropertyOrDefault <Uri>(ServiceModelSecurityTokenRequirement.ViaProperty, null) }; if (initiatorRequirement.TryGetProperty <Uri>(ServiceModelSecurityTokenRequirement.PrivacyNoticeUriProperty, out uri2)) { provider2.PrivacyNoticeUri = uri2; } provider2.ChannelParameters = propertyOrDefault; if (initiatorRequirement.TryGetProperty <int>(ServiceModelSecurityTokenRequirement.PrivacyNoticeVersionProperty, out num2)) { provider2.PrivacyNoticeVersion = num2; } return(provider2); }
static void Main() { // <Snippet2> // <Snippet0> // <Snippet1> LocalClientSecuritySettings settings = new LocalClientSecuritySettings(); // </Snippet1> bool cacheCookies = settings.CacheCookies; // </Snippet0> // </Snippet2> // <Snippet3> // Set to 20 minutes. settings.CookieRenewalThresholdPercentage = 20; // </Snippet3> // <Snippet4> // Enable replay detection. settings.DetectReplays = true; // </Snippet4> // <Snippet5> IdentityVerifier id = settings.IdentityVerifier; // </Snippet5> // <Snippet6> TimeSpan timeSpan = settings.MaxClockSkew; // </Snippet6> // <Snippet7> TimeSpan maxCookieCachingTime = settings.MaxCookieCachingTime; // </Snippet7> // <Snippet8> bool reconnect = settings.ReconnectTransportOnFailure; // </Snippet8> // <Snippet9> int replayCacheSize = settings.ReplayCacheSize; // </Snippet9> // <Snippet10> TimeSpan replayWindow = settings.ReplayWindow; // </Snippet10> // <Snippet11> TimeSpan sessionKeyRenewalInterval = settings.SessionKeyRenewalInterval; // </Snippet11> // <Snippet12> TimeSpan rollover = settings.SessionKeyRolloverInterval; // </Snippet12> // <Snippet13> TimeSpan timestamp = settings.TimestampValidityDuration; // </Snippet13> // <Snippet14> LocalClientSecuritySettings clone = settings.Clone(); // </Snippet14> }