public static void AssertLocalClientSecuritySettings(
bool cacheCookies,
int renewalThresholdPercentage,
bool detectReplays,
LocalClientSecuritySettings lc, string label)
{
Assert.IsNotNull(lc, label + " IsNotNull");
Assert.AreEqual(cacheCookies, lc.CacheCookies, label + ".CacheCookies");
Assert.AreEqual(renewalThresholdPercentage, lc.CookieRenewalThresholdPercentage, label + ".CookieRenewalThresholdPercentage");
Assert.AreEqual(detectReplays, lc.DetectReplays, label + ".DetectReplays");
}
internal void InitializeFrom(LocalClientSecuritySettings settings)
{
if (settings == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("settings");
}
SetPropertyValueIfNotDefaultValue(ConfigurationStrings.CacheCookies, settings.CacheCookies);
this.DetectReplays = settings.DetectReplays; // can't use default value optimization here because ApplyConfiguration looks at ValueOrigin
SetPropertyValueIfNotDefaultValue(ConfigurationStrings.MaxClockSkew, settings.MaxClockSkew);
SetPropertyValueIfNotDefaultValue(ConfigurationStrings.MaxCookieCachingTime, settings.MaxCookieCachingTime);
SetPropertyValueIfNotDefaultValue(ConfigurationStrings.ReconnectTransportOnFailure, settings.ReconnectTransportOnFailure);
SetPropertyValueIfNotDefaultValue(ConfigurationStrings.ReplayCacheSize, settings.ReplayCacheSize);
SetPropertyValueIfNotDefaultValue(ConfigurationStrings.ReplayWindow, settings.ReplayWindow);
SetPropertyValueIfNotDefaultValue(ConfigurationStrings.SessionKeyRenewalInterval, settings.SessionKeyRenewalInterval);
SetPropertyValueIfNotDefaultValue(ConfigurationStrings.SessionKeyRolloverInterval, settings.SessionKeyRolloverInterval);
SetPropertyValueIfNotDefaultValue(ConfigurationStrings.TimestampValidityDuration, settings.TimestampValidityDuration);
SetPropertyValueIfNotDefaultValue(ConfigurationStrings.CookieRenewalThresholdPercentage, settings.CookieRenewalThresholdPercentage);
}
internal void InitializeFrom(LocalClientSecuritySettings settings)
{
if (settings == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("settings");
}
this.CacheCookies = settings.CacheCookies;
this.DetectReplays = settings.DetectReplays;
this.MaxClockSkew = settings.MaxClockSkew;
this.MaxCookieCachingTime = settings.MaxCookieCachingTime;
this.ReconnectTransportOnFailure = settings.ReconnectTransportOnFailure;
this.ReplayCacheSize = settings.ReplayCacheSize;
this.ReplayWindow = settings.ReplayWindow;
this.SessionKeyRenewalInterval = settings.SessionKeyRenewalInterval;
this.SessionKeyRolloverInterval = settings.SessionKeyRolloverInterval;
this.TimestampValidityDuration = settings.TimestampValidityDuration;
this.CookieRenewalThresholdPercentage = settings.CookieRenewalThresholdPercentage;
}
public void DefaultValues()
{
LocalClientSecuritySettings lc = new LocalClientSecuritySettings();
Assert.IsNotNull(lc, "#1");
Assert.AreEqual(true, lc.CacheCookies, "#2");
Assert.AreEqual(60, lc.CookieRenewalThresholdPercentage, "#3");
Assert.AreEqual(true, lc.DetectReplays, "#4");
Assert.AreEqual(TimeSpan.FromMinutes(5), lc.MaxClockSkew, "#5");
Assert.AreEqual(TimeSpan.MaxValue, lc.MaxCookieCachingTime, "#6");
Assert.AreEqual(true, lc.ReconnectTransportOnFailure, "#7");
Assert.AreEqual(900000, lc.ReplayCacheSize, "#8");
Assert.AreEqual(TimeSpan.FromMinutes(5), lc.ReplayWindow, "#9");
Assert.AreEqual(TimeSpan.FromHours(10), lc.SessionKeyRenewalInterval, "#10");
Assert.AreEqual(TimeSpan.FromMinutes(5), lc.SessionKeyRolloverInterval, "#11");
Assert.AreEqual(TimeSpan.FromMinutes(5), lc.TimestampValidityDuration, "#12");
// FIXME: IdentityVerifier
Assert.IsNotNull(lc.IdentityVerifier, "#13");
}
SecurityTokenProvider CreateSpnegoTokenProvider(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement)
{
EndpointAddress targetAddress = initiatorRequirement.TargetAddress;
if (targetAddress == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenRequirementDoesNotSpecifyTargetAddress, initiatorRequirement));
}
SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement;
if (securityBindingElement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenProviderRequiresSecurityBindingElement, initiatorRequirement));
}
SspiIssuanceChannelParameter sspiChannelParameter = GetSspiIssuanceChannelParameter(initiatorRequirement);
bool negotiateTokenOnOpen = (sspiChannelParameter == null ? true : sspiChannelParameter.GetTokenOnOpen);
LocalClientSecuritySettings localClientSettings = securityBindingElement.LocalClientSettings;
BindingContext issuerBindingContext = initiatorRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty);
SpnegoTokenProvider spnegoTokenProvider = new SpnegoTokenProvider(sspiChannelParameter != null ? sspiChannelParameter.CredentialsHandle : null, securityBindingElement);
SspiSecurityToken clientSspiToken = GetSpnegoClientCredential(initiatorRequirement);
spnegoTokenProvider.ClientCredential = clientSspiToken.NetworkCredential;
spnegoTokenProvider.IssuerAddress = initiatorRequirement.IssuerAddress;
spnegoTokenProvider.AllowedImpersonationLevel = parent.Windows.AllowedImpersonationLevel;
spnegoTokenProvider.AllowNtlm = clientSspiToken.AllowNtlm;
spnegoTokenProvider.IdentityVerifier = localClientSettings.IdentityVerifier;
spnegoTokenProvider.SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite;
// if this is not a supporting token, authenticate the server
spnegoTokenProvider.AuthenticateServer = !initiatorRequirement.Properties.ContainsKey(ServiceModelSecurityTokenRequirement.SupportingTokenAttachmentModeProperty);
spnegoTokenProvider.NegotiateTokenOnOpen = negotiateTokenOnOpen;
spnegoTokenProvider.CacheServiceTokens = negotiateTokenOnOpen || localClientSettings.CacheCookies;
spnegoTokenProvider.IssuerBindingContext = issuerBindingContext;
spnegoTokenProvider.MaxServiceTokenCachingTime = localClientSettings.MaxCookieCachingTime;
spnegoTokenProvider.ServiceTokenValidityThresholdPercentage = localClientSettings.CookieRenewalThresholdPercentage;
spnegoTokenProvider.StandardsManager = SecurityUtils.CreateSecurityStandardsManager(initiatorRequirement, this);
spnegoTokenProvider.TargetAddress = targetAddress;
spnegoTokenProvider.Via = initiatorRequirement.GetPropertyOrDefault <Uri>(InitiatorServiceModelSecurityTokenRequirement.ViaProperty, null);
spnegoTokenProvider.ApplicationProtectionRequirements = (issuerBindingContext != null) ? issuerBindingContext.BindingParameters.Find <ChannelProtectionRequirements>() : null;
spnegoTokenProvider.InteractiveNegoExLogonEnabled = this.ClientCredentials.SupportInteractive;
return(spnegoTokenProvider);
}
private void LocalClient()
{
//<snippet15>
// Create an instance of the binding to use.
WSHttpBinding b = new WSHttpBinding();
// Get the binding element collection.
BindingElementCollection bec = b.CreateBindingElements();
// Find the SymmetricSecurityBindingElement in the collection.
// Important: Cast to the SymmetricSecurityBindingElement when using the Find
// method.
SymmetricSecurityBindingElement sbe = (SymmetricSecurityBindingElement)
bec.Find <SecurityBindingElement>();
// Get the LocalSecuritySettings from the binding element.
LocalClientSecuritySettings lc = sbe.LocalClientSettings;
// Print out values.
Console.WriteLine("Maximum cookie caching time: {0} days", lc.MaxCookieCachingTime.Days);
Console.WriteLine("Replay Cache Size: {0}", lc.ReplayCacheSize);
Console.WriteLine("ReplayWindow: {0} minutes", lc.ReplayWindow.Minutes);
Console.WriteLine("MaxClockSkew: {0} minutes", lc.MaxClockSkew.Minutes);
Console.ReadLine();
// Change the MaxClockSkew to 3 minutes.
lc.MaxClockSkew = new TimeSpan(0, 0, 3, 0);
// Print the new value.
Console.WriteLine("New MaxClockSkew: {0} minutes", lc.MaxClockSkew.Minutes);
Console.ReadLine();
// Create an EndpointAddress for the service.
EndpointAddress ea = new EndpointAddress("http://localhost/calculator");
// Create a client. The binding has the changed MaxClockSkew.
// CalculatorClient cc = new CalculatorClient(b, ea);
// Use the new client. (Not shown.)
// cc.Close();
//</snippet15>
}
internal void ApplyConfiguration(LocalClientSecuritySettings settings)
{
if (settings == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("settings");
}
settings.CacheCookies = this.CacheCookies;
if (base.ElementInformation.Properties["detectReplays"].ValueOrigin != PropertyValueOrigin.Default)
{
settings.DetectReplays = this.DetectReplays;
}
settings.MaxClockSkew = this.MaxClockSkew;
settings.MaxCookieCachingTime = this.MaxCookieCachingTime;
settings.ReconnectTransportOnFailure = this.ReconnectTransportOnFailure;
settings.ReplayCacheSize = this.ReplayCacheSize;
settings.ReplayWindow = this.ReplayWindow;
settings.SessionKeyRenewalInterval = this.SessionKeyRenewalInterval;
settings.SessionKeyRolloverInterval = this.SessionKeyRolloverInterval;
settings.TimestampValidityDuration = this.TimestampValidityDuration;
settings.CookieRenewalThresholdPercentage = this.CookieRenewalThresholdPercentage;
}
private SecurityTokenProvider CreateSpnegoTokenProvider(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement)
{
EndpointAddress targetAddress = initiatorRequirement.TargetAddress;
if (targetAddress == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenRequirementDoesNotSpecifyTargetAddress", new object[] { initiatorRequirement }));
}
SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement;
if (securityBindingElement == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenProviderRequiresSecurityBindingElement", new object[] { initiatorRequirement }));
}
SspiIssuanceChannelParameter sspiIssuanceChannelParameter = this.GetSspiIssuanceChannelParameter(initiatorRequirement);
bool flag = (sspiIssuanceChannelParameter == null) || sspiIssuanceChannelParameter.GetTokenOnOpen;
LocalClientSecuritySettings localClientSettings = securityBindingElement.LocalClientSettings;
BindingContext property = initiatorRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty);
SpnegoTokenProvider provider = new SpnegoTokenProvider((sspiIssuanceChannelParameter != null) ? sspiIssuanceChannelParameter.CredentialsHandle : null, securityBindingElement);
SspiSecurityToken spnegoClientCredential = this.GetSpnegoClientCredential(initiatorRequirement);
provider.ClientCredential = spnegoClientCredential.NetworkCredential;
provider.IssuerAddress = initiatorRequirement.IssuerAddress;
provider.AllowedImpersonationLevel = this.parent.Windows.AllowedImpersonationLevel;
provider.AllowNtlm = spnegoClientCredential.AllowNtlm;
provider.IdentityVerifier = localClientSettings.IdentityVerifier;
provider.SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite;
provider.AuthenticateServer = !initiatorRequirement.Properties.ContainsKey(ServiceModelSecurityTokenRequirement.SupportingTokenAttachmentModeProperty);
provider.NegotiateTokenOnOpen = flag;
provider.CacheServiceTokens = flag || localClientSettings.CacheCookies;
provider.IssuerBindingContext = property;
provider.MaxServiceTokenCachingTime = localClientSettings.MaxCookieCachingTime;
provider.ServiceTokenValidityThresholdPercentage = localClientSettings.CookieRenewalThresholdPercentage;
provider.StandardsManager = System.ServiceModel.Security.SecurityUtils.CreateSecurityStandardsManager(initiatorRequirement, this);
provider.TargetAddress = targetAddress;
provider.Via = initiatorRequirement.GetPropertyOrDefault <Uri>(ServiceModelSecurityTokenRequirement.ViaProperty, null);
provider.ApplicationProtectionRequirements = (property != null) ? property.BindingParameters.Find <ChannelProtectionRequirements>() : null;
provider.InteractiveNegoExLogonEnabled = this.ClientCredentials.SupportInteractive;
return(provider);
}
SecurityTokenProvider CreateTlsnegoTokenProvider(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement, bool requireClientCertificate)
{
EndpointAddress targetAddress = initiatorRequirement.TargetAddress;
if (targetAddress == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenRequirementDoesNotSpecifyTargetAddress, initiatorRequirement));
}
SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement;
if (securityBindingElement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenProviderRequiresSecurityBindingElement, initiatorRequirement));
}
SspiIssuanceChannelParameter sspiChannelParameter = GetSspiIssuanceChannelParameter(initiatorRequirement);
bool negotiateTokenOnOpen = sspiChannelParameter != null && sspiChannelParameter.GetTokenOnOpen;
LocalClientSecuritySettings localClientSettings = securityBindingElement.LocalClientSettings;
BindingContext issuerBindingContext = initiatorRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty);
TlsnegoTokenProvider tlsnegoTokenProvider = new TlsnegoTokenProvider();
tlsnegoTokenProvider.IssuerAddress = initiatorRequirement.IssuerAddress;
tlsnegoTokenProvider.NegotiateTokenOnOpen = negotiateTokenOnOpen;
tlsnegoTokenProvider.CacheServiceTokens = negotiateTokenOnOpen || localClientSettings.CacheCookies;
if (requireClientCertificate)
{
tlsnegoTokenProvider.ClientTokenProvider = this.CreateTlsnegoClientX509TokenProvider(initiatorRequirement);
}
tlsnegoTokenProvider.IssuerBindingContext = issuerBindingContext;
tlsnegoTokenProvider.ApplicationProtectionRequirements = (issuerBindingContext != null) ? issuerBindingContext.BindingParameters.Find <ChannelProtectionRequirements>() : null;
tlsnegoTokenProvider.MaxServiceTokenCachingTime = localClientSettings.MaxCookieCachingTime;
tlsnegoTokenProvider.SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite;
tlsnegoTokenProvider.ServerTokenAuthenticator = this.CreateTlsnegoServerX509TokenAuthenticator(initiatorRequirement);
tlsnegoTokenProvider.ServiceTokenValidityThresholdPercentage = localClientSettings.CookieRenewalThresholdPercentage;
tlsnegoTokenProvider.StandardsManager = SecurityUtils.CreateSecurityStandardsManager(initiatorRequirement, this);
tlsnegoTokenProvider.TargetAddress = initiatorRequirement.TargetAddress;
tlsnegoTokenProvider.Via = initiatorRequirement.GetPropertyOrDefault <Uri>(InitiatorServiceModelSecurityTokenRequirement.ViaProperty, null);
return(tlsnegoTokenProvider);
}
private SecurityTokenProvider CreateTlsnegoTokenProvider(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement, bool requireClientCertificate)
{
if (initiatorRequirement.TargetAddress == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenRequirementDoesNotSpecifyTargetAddress", new object[] { initiatorRequirement }));
}
SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement;
if (securityBindingElement == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenProviderRequiresSecurityBindingElement", new object[] { initiatorRequirement }));
}
SspiIssuanceChannelParameter sspiIssuanceChannelParameter = this.GetSspiIssuanceChannelParameter(initiatorRequirement);
bool flag = (sspiIssuanceChannelParameter != null) && sspiIssuanceChannelParameter.GetTokenOnOpen;
LocalClientSecuritySettings localClientSettings = securityBindingElement.LocalClientSettings;
BindingContext property = initiatorRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty);
TlsnegoTokenProvider provider = new TlsnegoTokenProvider {
IssuerAddress = initiatorRequirement.IssuerAddress,
NegotiateTokenOnOpen = flag,
CacheServiceTokens = flag || localClientSettings.CacheCookies
};
if (requireClientCertificate)
{
provider.ClientTokenProvider = this.CreateTlsnegoClientX509TokenProvider(initiatorRequirement);
}
provider.IssuerBindingContext = property;
provider.ApplicationProtectionRequirements = (property != null) ? property.BindingParameters.Find <ChannelProtectionRequirements>() : null;
provider.MaxServiceTokenCachingTime = localClientSettings.MaxCookieCachingTime;
provider.SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite;
provider.ServerTokenAuthenticator = this.CreateTlsnegoServerX509TokenAuthenticator(initiatorRequirement);
provider.ServiceTokenValidityThresholdPercentage = localClientSettings.CookieRenewalThresholdPercentage;
provider.StandardsManager = System.ServiceModel.Security.SecurityUtils.CreateSecurityStandardsManager(initiatorRequirement, this);
provider.TargetAddress = initiatorRequirement.TargetAddress;
provider.Via = initiatorRequirement.GetPropertyOrDefault <Uri>(ServiceModelSecurityTokenRequirement.ViaProperty, null);
return(provider);
}
public static void AssertSecurityBindingElement(
SecurityAlgorithmSuite algorithm,
bool includeTimestamp,
SecurityKeyEntropyMode keyEntropyMode,
MessageSecurityVersion messageSecurityVersion,
SecurityHeaderLayout securityHeaderLayout,
// EndpointSupportingTokenParameters
int endorsing, int signed, int signedEncrypted, int signedEndorsing,
// LocalClientSettings
bool cacheCookies,
int renewalThresholdPercentage,
bool detectReplays,
SecurityBindingElement be, string label)
{
Assert.AreEqual(algorithm, be.DefaultAlgorithmSuite, label + ".DefaultAlgorithmSuite");
Assert.AreEqual(includeTimestamp, be.IncludeTimestamp, label + ".KeyEntropyMode");
Assert.AreEqual(keyEntropyMode,
be.KeyEntropyMode, label + "#3");
Assert.AreEqual(messageSecurityVersion,
be.MessageSecurityVersion, label + ".MessageSecurityVersion");
Assert.AreEqual(securityHeaderLayout,
be.SecurityHeaderLayout, label + ".SecurityHeaderLayout");
// FIXME: they should be extracted step by step...
// EndpointSupportingTokenParameters
SupportingTokenParameters tp = be.EndpointSupportingTokenParameters;
AssertSupportingTokenParameters(
endorsing, signed, signedEncrypted, signedEndorsing,
tp, label + ".Endpoint");
// OptionalEndpointSupportingTokenParameters
tp = be.OptionalEndpointSupportingTokenParameters;
Assert.IsNotNull(tp, label + "#3-0");
Assert.AreEqual(0, tp.Endorsing.Count, label + "#3-1");
Assert.AreEqual(0, tp.Signed.Count, label + "#3-2");
Assert.AreEqual(0, tp.SignedEncrypted.Count, label + "#3-3");
Assert.AreEqual(0, tp.SignedEndorsing.Count, label + "#3-4");
// OperationSupportingTokenParameters
IDictionary <string, SupportingTokenParameters> oper = be.OperationSupportingTokenParameters;
Assert.IsNotNull(oper, label + "#4-1");
Assert.AreEqual(0, oper.Count, label + "#4-2");
// OptionalOperationSupportingTokenParameters
oper = be.OptionalOperationSupportingTokenParameters;
Assert.IsNotNull(oper, label + "#5-1");
Assert.AreEqual(0, oper.Count, label + "#5-2");
// LocalClientSettings
LocalClientSecuritySettings lc =
be.LocalClientSettings;
AssertLocalClientSecuritySettings(
cacheCookies,
renewalThresholdPercentage,
detectReplays,
lc, "");
// FIXME: IdentityVerifier
Assert.AreEqual(TimeSpan.FromMinutes(5), lc.MaxClockSkew, label + "#7-5");
Assert.AreEqual(TimeSpan.MaxValue, lc.MaxCookieCachingTime, label + "#7-6");
Assert.AreEqual(true, lc.ReconnectTransportOnFailure, label + "#7-7");
Assert.AreEqual(900000, lc.ReplayCacheSize, label + "#7-8");
Assert.AreEqual(TimeSpan.FromMinutes(5), lc.ReplayWindow, label + "#7-9");
Assert.AreEqual(TimeSpan.FromHours(10), lc.SessionKeyRenewalInterval, label + "#7-10");
Assert.AreEqual(TimeSpan.FromMinutes(5), lc.SessionKeyRolloverInterval, label + "#7-11");
Assert.AreEqual(TimeSpan.FromMinutes(5), lc.TimestampValidityDuration, label + "#7-12");
// FIXME: LocalServiceSettings
}
private SecurityTokenProvider CreateSecureConversationSecurityTokenProvider(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement)
{
EndpointAddress targetAddress = initiatorRequirement.TargetAddress;
if (targetAddress == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.Format(SR.TokenRequirementDoesNotSpecifyTargetAddress, initiatorRequirement));
}
SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement;
if (securityBindingElement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.Format(SR.TokenProviderRequiresSecurityBindingElement, initiatorRequirement));
}
LocalClientSecuritySettings localClientSettings = securityBindingElement.LocalClientSettings;
BindingContext issuerBindingContext = initiatorRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty);
ChannelParameterCollection channelParameters = initiatorRequirement.GetPropertyOrDefault <ChannelParameterCollection>(ServiceModelSecurityTokenRequirement.ChannelParametersCollectionProperty, null);
bool isSessionMode = initiatorRequirement.SupportSecurityContextCancellation;
if (isSessionMode)
{
SecuritySessionSecurityTokenProvider sessionTokenProvider = new SecuritySessionSecurityTokenProvider();
sessionTokenProvider.BootstrapSecurityBindingElement = SecurityUtils.GetIssuerSecurityBindingElement(initiatorRequirement);
sessionTokenProvider.IssuedSecurityTokenParameters = initiatorRequirement.GetProperty <SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty);
sessionTokenProvider.IssuerBindingContext = issuerBindingContext;
sessionTokenProvider.KeyEntropyMode = securityBindingElement.KeyEntropyMode;
sessionTokenProvider.SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite;
sessionTokenProvider.StandardsManager = SecurityUtils.CreateSecurityStandardsManager(initiatorRequirement, this);
sessionTokenProvider.TargetAddress = targetAddress;
sessionTokenProvider.Via = initiatorRequirement.GetPropertyOrDefault <Uri>(InitiatorServiceModelSecurityTokenRequirement.ViaProperty, null);
Uri privacyNoticeUri;
if (initiatorRequirement.TryGetProperty(ServiceModelSecurityTokenRequirement.PrivacyNoticeUriProperty, out privacyNoticeUri))
{
sessionTokenProvider.PrivacyNoticeUri = privacyNoticeUri;
}
int privacyNoticeVersion;
if (initiatorRequirement.TryGetProperty(ServiceModelSecurityTokenRequirement.PrivacyNoticeVersionProperty, out privacyNoticeVersion))
{
sessionTokenProvider.PrivacyNoticeVersion = privacyNoticeVersion;
}
EndpointAddress localAddress;
if (initiatorRequirement.TryGetProperty(ServiceModelSecurityTokenRequirement.DuplexClientLocalAddressProperty, out localAddress))
{
sessionTokenProvider.LocalAddress = localAddress;
}
sessionTokenProvider.ChannelParameters = channelParameters;
sessionTokenProvider.WebHeaders = initiatorRequirement.WebHeaders;
return(sessionTokenProvider);
}
else
{
AcceleratedTokenProvider acceleratedTokenProvider = new AcceleratedTokenProvider();
acceleratedTokenProvider.IssuerAddress = initiatorRequirement.IssuerAddress;
acceleratedTokenProvider.BootstrapSecurityBindingElement = SecurityUtils.GetIssuerSecurityBindingElement(initiatorRequirement);
acceleratedTokenProvider.CacheServiceTokens = localClientSettings.CacheCookies;
acceleratedTokenProvider.IssuerBindingContext = issuerBindingContext;
acceleratedTokenProvider.KeyEntropyMode = securityBindingElement.KeyEntropyMode;
acceleratedTokenProvider.MaxServiceTokenCachingTime = localClientSettings.MaxCookieCachingTime;
acceleratedTokenProvider.SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite;
acceleratedTokenProvider.ServiceTokenValidityThresholdPercentage = localClientSettings.CookieRenewalThresholdPercentage;
acceleratedTokenProvider.StandardsManager = SecurityUtils.CreateSecurityStandardsManager(initiatorRequirement, this);
acceleratedTokenProvider.TargetAddress = targetAddress;
acceleratedTokenProvider.Via = initiatorRequirement.GetPropertyOrDefault <Uri>(InitiatorServiceModelSecurityTokenRequirement.ViaProperty, null);
return(acceleratedTokenProvider);
}
}
private SecurityTokenProvider CreateSecureConversationSecurityTokenProvider(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement)
{
Uri uri2;
int num2;
EndpointAddress targetAddress = initiatorRequirement.TargetAddress;
if (targetAddress == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenRequirementDoesNotSpecifyTargetAddress", new object[] { initiatorRequirement }));
}
SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement;
if (securityBindingElement == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenProviderRequiresSecurityBindingElement", new object[] { initiatorRequirement }));
}
LocalClientSecuritySettings localClientSettings = securityBindingElement.LocalClientSettings;
BindingContext property = initiatorRequirement.GetProperty <BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty);
ChannelParameterCollection propertyOrDefault = initiatorRequirement.GetPropertyOrDefault <ChannelParameterCollection>(ServiceModelSecurityTokenRequirement.ChannelParametersCollectionProperty, null);
if (initiatorRequirement.SupportSecurityContextCancellation)
{
Uri uri;
int num;
EndpointAddress address2;
SecuritySessionSecurityTokenProvider provider = new SecuritySessionSecurityTokenProvider(this.GetCredentialsHandle(initiatorRequirement))
{
BootstrapSecurityBindingElement = System.ServiceModel.Security.SecurityUtils.GetIssuerSecurityBindingElement(initiatorRequirement),
IssuedSecurityTokenParameters = initiatorRequirement.GetProperty <SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty),
IssuerBindingContext = property,
KeyEntropyMode = securityBindingElement.KeyEntropyMode,
SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite,
StandardsManager = System.ServiceModel.Security.SecurityUtils.CreateSecurityStandardsManager(initiatorRequirement, this),
TargetAddress = targetAddress,
Via = initiatorRequirement.GetPropertyOrDefault <Uri>(ServiceModelSecurityTokenRequirement.ViaProperty, null)
};
if (initiatorRequirement.TryGetProperty <Uri>(ServiceModelSecurityTokenRequirement.PrivacyNoticeUriProperty, out uri))
{
provider.PrivacyNoticeUri = uri;
}
if (initiatorRequirement.TryGetProperty <int>(ServiceModelSecurityTokenRequirement.PrivacyNoticeVersionProperty, out num))
{
provider.PrivacyNoticeVersion = num;
}
if (initiatorRequirement.TryGetProperty <EndpointAddress>(ServiceModelSecurityTokenRequirement.DuplexClientLocalAddressProperty, out address2))
{
provider.LocalAddress = address2;
}
provider.ChannelParameters = propertyOrDefault;
return(provider);
}
AcceleratedTokenProvider provider2 = new AcceleratedTokenProvider(this.GetCredentialsHandle(initiatorRequirement))
{
IssuerAddress = initiatorRequirement.IssuerAddress,
BootstrapSecurityBindingElement = System.ServiceModel.Security.SecurityUtils.GetIssuerSecurityBindingElement(initiatorRequirement),
CacheServiceTokens = localClientSettings.CacheCookies,
IssuerBindingContext = property,
KeyEntropyMode = securityBindingElement.KeyEntropyMode,
MaxServiceTokenCachingTime = localClientSettings.MaxCookieCachingTime,
SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite,
ServiceTokenValidityThresholdPercentage = localClientSettings.CookieRenewalThresholdPercentage,
StandardsManager = System.ServiceModel.Security.SecurityUtils.CreateSecurityStandardsManager(initiatorRequirement, this),
TargetAddress = targetAddress,
Via = initiatorRequirement.GetPropertyOrDefault <Uri>(ServiceModelSecurityTokenRequirement.ViaProperty, null)
};
if (initiatorRequirement.TryGetProperty <Uri>(ServiceModelSecurityTokenRequirement.PrivacyNoticeUriProperty, out uri2))
{
provider2.PrivacyNoticeUri = uri2;
}
provider2.ChannelParameters = propertyOrDefault;
if (initiatorRequirement.TryGetProperty <int>(ServiceModelSecurityTokenRequirement.PrivacyNoticeVersionProperty, out num2))
{
provider2.PrivacyNoticeVersion = num2;
}
return(provider2);
}
static void Main()
{
// <Snippet2>
// <Snippet0>
// <Snippet1>
LocalClientSecuritySettings settings =
new LocalClientSecuritySettings();
// </Snippet1>
bool cacheCookies = settings.CacheCookies;
// </Snippet0>
// </Snippet2>
// <Snippet3>
// Set to 20 minutes.
settings.CookieRenewalThresholdPercentage = 20;
// </Snippet3>
// <Snippet4>
// Enable replay detection.
settings.DetectReplays = true;
// </Snippet4>
// <Snippet5>
IdentityVerifier id = settings.IdentityVerifier;
// </Snippet5>
// <Snippet6>
TimeSpan timeSpan = settings.MaxClockSkew;
// </Snippet6>
// <Snippet7>
TimeSpan maxCookieCachingTime = settings.MaxCookieCachingTime;
// </Snippet7>
// <Snippet8>
bool reconnect = settings.ReconnectTransportOnFailure;
// </Snippet8>
// <Snippet9>
int replayCacheSize = settings.ReplayCacheSize;
// </Snippet9>
// <Snippet10>
TimeSpan replayWindow = settings.ReplayWindow;
// </Snippet10>
// <Snippet11>
TimeSpan sessionKeyRenewalInterval = settings.SessionKeyRenewalInterval;
// </Snippet11>
// <Snippet12>
TimeSpan rollover = settings.SessionKeyRolloverInterval;
// </Snippet12>
// <Snippet13>
TimeSpan timestamp = settings.TimestampValidityDuration;
// </Snippet13>
// <Snippet14>
LocalClientSecuritySettings clone =
settings.Clone();
// </Snippet14>
}
