IssuedSecurityTokenProvider CreateIssuedTokenProvider(SecurityTokenRequirement requirement) { IssuedSecurityTokenProvider p = new IssuedSecurityTokenProvider(); // FIXME: fill properties EndpointAddress address; if (requirement.TryGetProperty <EndpointAddress> (ReqType.IssuerAddressProperty, out address)) { p.IssuerAddress = address; } if (requirement.TryGetProperty <EndpointAddress> (ReqType.TargetAddressProperty, out address)) { p.TargetAddress = address; } Binding binding; if (requirement.TryGetProperty <Binding> (ReqType.IssuerBindingProperty, out binding)) { p.IssuerBinding = binding; } MessageSecurityVersion ver; if (requirement.TryGetProperty <MessageSecurityVersion> (ReqType.MessageSecurityVersionProperty, out ver)) { p.SecurityTokenSerializer = CreateSecurityTokenSerializer(ver.SecurityVersion); } SecurityAlgorithmSuite suite; if (requirement.TryGetProperty <SecurityAlgorithmSuite> (ReqType.SecurityAlgorithmSuiteProperty, out suite)) { p.SecurityAlgorithmSuite = suite; } return(p); }
public static void Method_TryGetProperty_Return_TrueOrFalse() { SecurityTokenRequirement tokenrequirement = new SecurityTokenRequirement(); tokenrequirement.TokenType = SecurityTokenRequirement.TokenTypeProperty; Assert.True(tokenrequirement.TryGetProperty(tokenrequirement.TokenType, out string valueIsTrue)); Assert.False(tokenrequirement.TryGetProperty("invalidproperty", out string valueIsFalse)); }
IssuedSecurityTokenProvider CreateIssuedProviderBase(SecurityTokenRequirement r) { IssuedSecurityTokenProvider p = new IssuedSecurityTokenProvider(); p.TargetAddress = r.GetProperty <EndpointAddress> (ReqType.TargetAddressProperty); // FIXME: use it somewhere, probably to build // IssuerBinding. However, there is also IssuerBinding // property. SecureConversationSecurityBindingElement // as well. SecurityBindingElement sbe = r.GetProperty <SecurityBindingElement> (ReqType.SecurityBindingElementProperty); // I doubt the binding is acquired this way ... Binding binding; if (!r.TryGetProperty <Binding> (ReqType.IssuerBindingProperty, out binding)) { binding = new CustomBinding(sbe, new TextMessageEncodingBindingElement(), new HttpTransportBindingElement()); } p.IssuerBinding = binding; // not sure if it is used only for this purpose though ... BindingContext ctx = r.GetProperty <BindingContext> (ReqType.IssuerBindingContextProperty); foreach (IEndpointBehavior b in ctx.BindingParameters.FindAll <IEndpointBehavior> ()) { p.IssuerChannelBehaviors.Add(b); } SecurityTokenVersion ver = r.GetProperty <SecurityTokenVersion> (ReqType.MessageSecurityVersionProperty); p.SecurityTokenSerializer = CreateSecurityTokenSerializer(ver); // seems like they are optional here ... (but possibly // used later) EndpointAddress address; if (!r.TryGetProperty <EndpointAddress> (ReqType.IssuerAddressProperty, out address)) { address = p.TargetAddress; } p.IssuerAddress = address; // It is somehow not checked as mandatory ... SecurityAlgorithmSuite suite = null; r.TryGetProperty <SecurityAlgorithmSuite> (ReqType.SecurityAlgorithmSuiteProperty, out suite); p.SecurityAlgorithmSuite = suite; return(p); }
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator( SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver) { outOfBandTokenResolver = null; if (tokenRequirement.TokenType == SecurityTokenTypes.UserName) { return(CreateUserNameAuthenticator(tokenRequirement)); } if (tokenRequirement.TokenType == SecurityTokenTypes.X509Certificate) { return(CreateX509Authenticator(tokenRequirement)); } if (tokenRequirement.TokenType == SecurityTokenTypes.Rsa) { return(new RsaSecurityTokenAuthenticator()); } if (tokenRequirement.TokenType == ServiceModelSecurityTokenTypes.SecureConversation) { SecurityBindingElement binding; if (!tokenRequirement.TryGetProperty <SecurityBindingElement> (ReqType.SecurityBindingElementProperty, out binding)) { throw new ArgumentException("SecurityBindingElement is required in the security token requirement"); } SecureConversationSecurityTokenParameters issuedParams; if (!tokenRequirement.TryGetProperty <SecureConversationSecurityTokenParameters> (ReqType.IssuedSecurityTokenParametersProperty, out issuedParams)) { throw new ArgumentException("IssuedSecurityTokenParameters are required in the security token requirement"); } BindingContext issuerBC; if (!tokenRequirement.TryGetProperty <BindingContext> (ReqType.IssuerBindingContextProperty, out issuerBC)) { throw new ArgumentException("IssuerBindingContext is required in the security token requirement"); } SecurityTokenVersion secVer; if (!tokenRequirement.TryGetProperty <SecurityTokenVersion> (ReqType.MessageSecurityVersionProperty, out secVer)) { throw new ArgumentException("MessageSecurityVersion property (of type SecurityTokenVersion) is required in the security token requirement"); } // FIXME: get parameters from somewhere SecurityContextSecurityTokenResolver resolver = new SecurityContextSecurityTokenResolver(0x1000, true); outOfBandTokenResolver = resolver; SecurityContextSecurityTokenAuthenticator sc = new SecurityContextSecurityTokenAuthenticator(); return(new SecureConversationSecurityTokenAuthenticator(tokenRequirement, sc, resolver)); } throw new NotImplementedException("Not implemented token type: " + tokenRequirement.TokenType); }
/// <summary> /// Make use of this extensibility point for returning a custom SecurityTokenProvider when SAML tokens are specified in the tokenRequirement /// </summary> /// <param name="tokenRequirement">A SecurityTokenRequirement </param> /// <returns>The appropriate SecurityTokenProvider</returns> public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement) { if (tokenRequirement == null) { throw LogHelper.LogArgumentNullException(nameof(tokenRequirement)); } // If the token requirement includes an issued security token parameter of type // WsTrustTokenParameters, then tokens should be provided by a WsTrustChannelSecurityTokenProvider. if (tokenRequirement.TryGetProperty(IssuedSecurityTokenParametersProperty, out SecurityTokenParameters issuedSecurityTokenParameters) && issuedSecurityTokenParameters is WsTrustTokenParameters) { // pass issuedtokenRequirements return(new WsTrustChannelSecurityTokenProvider(tokenRequirement) { ClientCredentials = _wsTrustChannelClientCredentials.ClientCredentials }); } // If the original ChannelFactory had a ClientCredentials instance, defer to that else if (_wsTrustChannelClientCredentials.SecurityTokenManager != null) { return(_wsTrustChannelClientCredentials.SecurityTokenManager.CreateSecurityTokenProvider(tokenRequirement)); } // This means ClientCredentials was replaced with WsTrustChannelClientCredentials in the ChannelFactory so defer // to base class to create other token providers. else { return(base.CreateSecurityTokenProvider(tokenRequirement)); } }
public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement) { if (String.IsNullOrWhiteSpace(tokenRequirement.TokenType) || tokenRequirement.TokenType == SecurityTokenTypes.Saml || tokenRequirement.TokenType == "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1") { SecurityBindingElement sbe = null; if (!tokenRequirement.TryGetProperty<SecurityBindingElement>("http://schemas.microsoft.com/ws/2006/05/servicemodel/securitytokenrequirement/SecurityBindingElement", out sbe)) { throw new InvalidOperationException("Could not retreive the Security Binding Element!"); } // If the token requirement is for a SymmetricKey based token.. if (tokenRequirement.KeyType != SecurityKeyType.AsymmetricKey) throw new NotSupportedException("Only Asymmetric keys are supported"); //TODO:Add more IssuedSecurityTokenParameters sessionTokenParams = null; if (sbe is AsymmetricSecurityBindingElement) { sessionTokenParams = (IssuedSecurityTokenParameters) ((AsymmetricSecurityBindingElement)sbe).InitiatorTokenParameters; } if (sbe is TransportSecurityBindingElement) { sessionTokenParams = (IssuedSecurityTokenParameters)((TransportSecurityBindingElement)sbe).EndpointSupportingTokenParameters.Endorsing[0]; } return new SsoSecurityTokenProvider((SsoClientCredentials)ClientCredentials, sessionTokenParams); } else { // otherwise use base implementation return base.CreateSecurityTokenProvider(tokenRequirement); } }
X509Certificate2 GetServiceCertificate(SecurityTokenRequirement requirement) { // try X509CertificateEndpointIdentity, // ServiceCertificate.ScopedCertificate and // ServiceCertificate.DefaultCertificate. X509Certificate2 cert = null; EndpointAddress address = null; requirement.TryGetProperty(ReqType.TargetAddressProperty, out address); if (address != null) { X509CertificateEndpointIdentity ident = address.Identity as X509CertificateEndpointIdentity; if (ident != null && ident.Certificates.Count > 0) { cert = ident.Certificates [0]; } if (cert == null) { credentials.ServiceCertificate.ScopedCertificates.TryGetValue(address.Uri, out cert); } } if (cert == null) { cert = credentials.ServiceCertificate.DefaultCertificate; } return(cert); }
public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement) { if (tokenRequirement.TokenType == SecurityTokenTypes.Saml || tokenRequirement.TokenType == "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1") { SamlAssertion samlAssertion = this.samlClientCredentials.Assertion; SecurityToken securityToken = this.samlClientCredentials.ProofToken; if (samlAssertion == null || securityToken == null) { SecurityBindingElement securityBindingElement = null; SecurityAlgorithmSuite algoSuite = null; if (tokenRequirement.TryGetProperty <SecurityBindingElement>("http://schemas.microsoft.com/ws/2006/05/servicemodel/securitytokenrequirement/SecurityBindingElement", out securityBindingElement)) { algoSuite = securityBindingElement.DefaultAlgorithmSuite; } if (tokenRequirement.KeyType == SecurityKeyType.SymmetricKey) { securityToken = SamlUtilities.CreateSymmetricProofToken(tokenRequirement.KeySize); samlAssertion = SamlUtilities.CreateSymmetricKeyBasedAssertion(this.samlClientCredentials.Claims, new X509SecurityToken(this.samlClientCredentials.ClientCertificate.Certificate), new X509SecurityToken(this.samlClientCredentials.ServiceCertificate.DefaultCertificate), (BinarySecretSecurityToken)securityToken, algoSuite); } else { securityToken = SamlUtilities.CreateAsymmetricProofToken(); samlAssertion = SamlUtilities.CreateAsymmetricKeyBasedAssertion(this.samlClientCredentials.Claims, securityToken, algoSuite); } } return(new SamlSecurityTokenProvider(samlAssertion, securityToken)); } return(base.CreateSecurityTokenProvider(tokenRequirement)); }
public static void Method_TryGetProperty_Invalid_Value_Throws() { SecurityTokenRequirement tokenrequirement = new SecurityTokenRequirement(); tokenrequirement.TokenType = SecurityTokenRequirement.TokenTypeProperty; Assert.Throws <ArgumentException>(() => tokenrequirement.TryGetProperty(tokenrequirement.TokenType, out int Tvalue)); }
public void TryGetPropertyTypeMismatch () { SecurityTokenRequirement r = new SecurityTokenRequirement (); r.Properties ["urn:foo"] = 1; string s; r.TryGetProperty<string> ("urn:foo", out s); }
public static bool TryCreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement, ClientCredentialsSecurityTokenManager clientCredentialsTokenManager, out SecurityTokenProvider provider) { if (tokenRequirement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenRequirement"); } if (clientCredentialsTokenManager == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("clientCredentialsTokenManager"); } provider = null; if ((clientCredentialsTokenManager.ClientCredentials.SupportInteractive && ((null == clientCredentialsTokenManager.ClientCredentials.IssuedToken.LocalIssuerAddress) || (clientCredentialsTokenManager.ClientCredentials.IssuedToken.LocalIssuerBinding == null))) && clientCredentialsTokenManager.IsIssuedSecurityTokenRequirement(tokenRequirement)) { ChannelParameterCollection parameters; Uri uri; int num; InfoCardChannelParameter infocardChannelParameter = null; if (tokenRequirement.TryGetProperty <ChannelParameterCollection>(ServiceModelSecurityTokenRequirement.ChannelParametersCollectionProperty, out parameters)) { foreach (object obj2 in parameters) { if (obj2 is InfoCardChannelParameter) { infocardChannelParameter = (InfoCardChannelParameter)obj2; break; } } } if ((infocardChannelParameter == null) || !infocardChannelParameter.RequiresInfoCard) { return(false); } EndpointAddress property = tokenRequirement.GetProperty <EndpointAddress>(ServiceModelSecurityTokenRequirement.TargetAddressProperty); IssuedSecurityTokenParameters parameters2 = tokenRequirement.GetProperty <IssuedSecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty); if (!tokenRequirement.TryGetProperty <Uri>(ServiceModelSecurityTokenRequirement.PrivacyNoticeUriProperty, out uri)) { uri = null; } if (!tokenRequirement.TryGetProperty <int>(ServiceModelSecurityTokenRequirement.PrivacyNoticeVersionProperty, out num)) { num = 0; } provider = CreateTokenProviderForNextLeg(tokenRequirement, property, parameters2.IssuerAddress, infocardChannelParameter.RelyingPartyIssuer, clientCredentialsTokenManager, infocardChannelParameter); } return(provider != null); }
public void TryGetPropertyTypeBaseMatch () { SecurityTokenRequirement r = new SecurityTokenRequirement (); r.Properties ["urn:foo"] = 1; object o; r.TryGetProperty<object> ("urn:foo", out o); }
public WSTrustChannelSecurityTokenProvider(SecurityTokenRequirement tokenRequirement) { SecurityTokenRequirement = tokenRequirement ?? throw new ArgumentNullException(nameof(tokenRequirement)); SecurityTokenRequirement.TryGetProperty(SecurityAlgorithmSuiteProperty, out _securityAlgorithmSuite); WSTrustTokenParameters = SecurityTokenRequirement.GetProperty <IssuedSecurityTokenParameters>(IssuedSecurityTokenParametersProperty) as WSTrustTokenParameters; InitializeKeyEntropyMode(); SetInboundSerializationContext(); RequestContext = string.IsNullOrEmpty(WSTrustTokenParameters.RequestContext) ? Guid.NewGuid().ToString() : WSTrustTokenParameters.RequestContext; }
public void TryGetPropertyTypeMismatch() { SecurityTokenRequirement r = new SecurityTokenRequirement(); r.Properties ["urn:foo"] = 1; string s; r.TryGetProperty <string> ("urn:foo", out s); }
public void TryGetPropertyTypeBaseMatch() { SecurityTokenRequirement r = new SecurityTokenRequirement(); r.Properties ["urn:foo"] = 1; object o; r.TryGetProperty <object> ("urn:foo", out o); }
public void TryGetPropertyTypeConvertible() { SecurityTokenRequirement r = new SecurityTokenRequirement(); r.Properties ["urn:foo"] = 1; double d; r.TryGetProperty <double> ("urn:foo", out d); }
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator ( SecurityTokenRequirement requirement, out SecurityTokenResolver outOfBandTokenResolver) { outOfBandTokenResolver = null; if (requirement.TokenType == SecurityTokenTypes.UserName) return CreateUserNameAuthenticator (requirement); if (requirement.TokenType == SecurityTokenTypes.X509Certificate) return CreateX509Authenticator (requirement); if (requirement.TokenType == SecurityTokenTypes.Rsa) return new RsaSecurityTokenAuthenticator (); if (requirement.TokenType == ServiceModelSecurityTokenTypes.SecureConversation) { SecurityBindingElement binding; if (!requirement.TryGetProperty<SecurityBindingElement> (ReqType.SecurityBindingElementProperty, out binding)) throw new ArgumentException ("SecurityBindingElement is required in the security token requirement"); SecureConversationSecurityTokenParameters issuedParams; if (!requirement.TryGetProperty<SecureConversationSecurityTokenParameters> (ReqType.IssuedSecurityTokenParametersProperty, out issuedParams)) throw new ArgumentException ("IssuedSecurityTokenParameters are required in the security token requirement"); BindingContext issuerBC; if (!requirement.TryGetProperty<BindingContext> (ReqType.IssuerBindingContextProperty, out issuerBC)) throw new ArgumentException ("IssuerBindingContext is required in the security token requirement"); SecurityTokenVersion secVer; if (!requirement.TryGetProperty<SecurityTokenVersion> (ReqType.MessageSecurityVersionProperty, out secVer)) throw new ArgumentException ("MessageSecurityVersion property (of type SecurityTokenVersion) is required in the security token requirement"); // FIXME: get parameters from somewhere SecurityContextSecurityTokenResolver resolver = new SecurityContextSecurityTokenResolver (0x1000, true); outOfBandTokenResolver = resolver; SecurityContextSecurityTokenAuthenticator sc = new SecurityContextSecurityTokenAuthenticator (); return new SecureConversationSecurityTokenAuthenticator (requirement, sc, resolver); } if (requirement.TokenType == ServiceModelSecurityTokenTypes.AnonymousSslnego) return CreateSslTokenAuthenticator (requirement); if (requirement.TokenType == ServiceModelSecurityTokenTypes.MutualSslnego) return CreateSslTokenAuthenticator (requirement); if (requirement.TokenType == ServiceModelSecurityTokenTypes.Spnego) return CreateSpnegoTokenAuthenticator (requirement); else throw new NotImplementedException ("Not implemented token type: " + requirement.TokenType); }
/// <summary> /// Creates the custom SecurityTokenProvider when SAML tokens are specified in the tokenRequirement /// </summary> /// <param name="tokenRequirement">A SecurityTokenRequirement </param> /// <returns>The appropriate SecurityTokenProvider</returns> public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement) { // If token requirement matches SAML token return the custom SAML token provider if (tokenRequirement.TokenType == SecurityTokenTypes.Saml || tokenRequirement.TokenType == "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1") { // Retrieve the SAML assertion and proof token from the client credentials SamlAssertion assertion = this.samlClientCredentials.Assertion; SecurityToken prooftoken = this.samlClientCredentials.ProofToken; // If either the assertion of proof token is null... if (assertion == null || prooftoken == null) { // ...get the SecurityBindingElement and then the specified algorithm suite SecurityBindingElement sbe = null; SecurityAlgorithmSuite sas = null; if (tokenRequirement.TryGetProperty<SecurityBindingElement>("http://schemas.microsoft.com/ws/2006/05/servicemodel/securitytokenrequirement/SecurityBindingElement", out sbe)) { sas = sbe.DefaultAlgorithmSuite; } // If the token requirement is for a SymmetricKey based token.. if (tokenRequirement.KeyType == SecurityKeyType.SymmetricKey) { // Create a symmetric proof token prooftoken = SamlUtilities.CreateSymmetricProofToken(tokenRequirement.KeySize); // and a corresponding assertion based on the claims specified in the client credentials assertion = SamlUtilities.CreateSymmetricKeyBasedAssertion(this.samlClientCredentials.Claims, new X509SecurityToken(samlClientCredentials.ClientCertificate.Certificate), new X509SecurityToken(samlClientCredentials.ServiceCertificate.DefaultCertificate), (BinarySecretSecurityToken)prooftoken, sas); } // otherwise... else { // Create an asymmetric proof token prooftoken = SamlUtilities.CreateAsymmetricProofToken(); // and a corresponding assertion based on the claims specified in the client credentials assertion = SamlUtilities.CreateAsymmetricKeyBasedAssertion(this.samlClientCredentials.Claims, prooftoken, sas); } } // Create a SamlSecurityTokenProvider based on the assertion and proof token return new SamlSecurityTokenProvider(assertion, prooftoken); } // otherwise use base implementation else { return base.CreateSecurityTokenProvider(tokenRequirement); } }
private static SecurityAlgorithmSuite GetSecurityAlgorithmSuite(SecurityTokenRequirement tokenRequirement) { SecurityAlgorithmSuite result = null; SecurityBindingElement securityBindingElement; if (tokenRequirement.TryGetProperty <SecurityBindingElement>("http://schemas.microsoft.com/ws/2006/05/servicemodel/securitytokenrequirement/SecurityBindingElement", out securityBindingElement)) { result = securityBindingElement.DefaultAlgorithmSuite; } return(result); }
protected internal bool IsIssuedSecurityTokenRequirement( SecurityTokenRequirement requirement) { SecurityTokenParameters ret; if (!requirement.TryGetProperty <SecurityTokenParameters> (ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty, out ret)) { return(false); } return(ret is IssuedSecurityTokenParameters); }
/// <summary> /// Creates the custom SecurityTokenProvider when SAML tokens are specified in the tokenRequirement /// </summary> /// <param name="tokenRequirement">A SecurityTokenRequirement </param> /// <returns>The appropriate SecurityTokenProvider</returns> public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement) { // If token requirement matches SAML token return the custom SAML token provider if (tokenRequirement.TokenType == SecurityTokenTypes.Saml || tokenRequirement.TokenType == "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1") { // Retrieve the SAML assertion and proof token from the client credentials SamlAssertion assertion = this.samlClientCredentials.Assertion; SecurityToken prooftoken = this.samlClientCredentials.ProofToken; // If either the assertion of proof token is null... if (assertion == null || prooftoken == null) { // ...get the SecurityBindingElement and then the specified algorithm suite SecurityBindingElement sbe = null; SecurityAlgorithmSuite sas = null; if (tokenRequirement.TryGetProperty <SecurityBindingElement>("http://schemas.microsoft.com/ws/2006/05/servicemodel/securitytokenrequirement/SecurityBindingElement", out sbe)) { sas = sbe.DefaultAlgorithmSuite; } // If the token requirement is for a SymmetricKey based token.. if (tokenRequirement.KeyType == SecurityKeyType.SymmetricKey) { // Create a symmetric proof token prooftoken = SamlUtilities.CreateSymmetricProofToken(tokenRequirement.KeySize); // and a corresponding assertion based on the claims specified in the client credentials assertion = SamlUtilities.CreateSymmetricKeyBasedAssertion(this.samlClientCredentials.Claims, new X509SecurityToken(samlClientCredentials.ClientCertificate.Certificate), new X509SecurityToken(samlClientCredentials.ServiceCertificate.DefaultCertificate), (BinarySecretSecurityToken)prooftoken, sas); } // otherwise... else { // Create an asymmetric proof token prooftoken = SamlUtilities.CreateAsymmetricProofToken(); // and a corresponding assertion based on the claims specified in the client credentials assertion = SamlUtilities.CreateAsymmetricKeyBasedAssertion(this.samlClientCredentials.Claims, prooftoken, sas); } } // Create a SamlSecurityTokenProvider based on the assertion and proof token return(new SamlSecurityTokenProvider(assertion, prooftoken)); } // otherwise use base implementation else { return(base.CreateSecurityTokenProvider(tokenRequirement)); } }
void InitializeAuthenticatorCommunicationObject(AuthenticatorCommunicationObject p, SecurityTokenRequirement r) { p.ListenUri = r.GetProperty <Uri> (ReqType.ListenUriProperty); // FIXME: use it somewhere, probably to build // IssuerBinding. However, there is also IssuerBinding // property. SecureConversationSecurityBindingElement // as well. SecurityBindingElement sbe = r.GetProperty <SecurityBindingElement> (ReqType.SecurityBindingElementProperty); p.SecurityBindingElement = sbe; /* * // I doubt the binding is acquired this way ... * Binding binding; * if (!r.TryGetProperty<Binding> (ReqType.IssuerBindingProperty, out binding)) * binding = new CustomBinding ( * new TextMessageEncodingBindingElement (), * new HttpTransportBindingElement ()); * p.IssuerBinding = binding; * * // not sure if it is used only for this purpose though ... * BindingContext ctx = r.GetProperty<BindingContext> (ReqType.IssuerBindingContextProperty); * foreach (IEndpointBehavior b in ctx.BindingParameters.FindAll<IEndpointBehavior> ()) * p.IssuerChannelBehaviors.Add (b); */ SecurityTokenVersion ver = r.GetProperty <SecurityTokenVersion> (ReqType.MessageSecurityVersionProperty); p.SecurityTokenSerializer = CreateSecurityTokenSerializer(ver); /* * // seems like they are optional here ... (but possibly * // used later) * EndpointAddress address; * if (!r.TryGetProperty<EndpointAddress> (ReqType.IssuerAddressProperty, out address)) * address = p.TargetAddress; * p.IssuerAddress = address; */ // It is somehow not checked as mandatory ... SecurityAlgorithmSuite suite = null; r.TryGetProperty <SecurityAlgorithmSuite> (ReqType.SecurityAlgorithmSuiteProperty, out suite); p.SecurityAlgorithmSuite = suite; }
/// <summary> /// Instantiates a <see cref="WSTrustChannelSecurityTokenProvider"/> that describe the parameters for a WSTrust request. /// </summary> /// <param name="tokenRequirement">the <see cref="SecurityTokenRequirement"/> that must contain a <see cref="WSTrustTokenParameters"/> as the <see cref="IssuedSecurityTokenParameters"/> property.</param> /// <exception cref="ArgumentNullException">thrown if <paramref name="tokenRequirement"/> is null.</exception> /// <exception cref="ArgumentException">thrown if <see cref="SecurityTokenRequirement.GetProperty{TValue}(string)"/> (IssuedSecurityTokenParameters) is not a <see cref="WSTrustTokenParameters"/>.</exception> public WSTrustChannelSecurityTokenProvider(SecurityTokenRequirement tokenRequirement) { SecurityTokenRequirement = tokenRequirement ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new ArgumentNullException(nameof(tokenRequirement)), EventLevel.Error); SecurityTokenRequirement.TryGetProperty(SecurityAlgorithmSuiteProperty, out _securityAlgorithmSuite); IssuedSecurityTokenParameters issuedSecurityTokenParameters = SecurityTokenRequirement.GetProperty <IssuedSecurityTokenParameters>(IssuedSecurityTokenParametersProperty); WSTrustTokenParameters = issuedSecurityTokenParameters as WSTrustTokenParameters; if (WSTrustTokenParameters == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new ArgumentException(LogHelper.FormatInvariant(SR.GetResourceString(SR.IssuedSecurityTokenParametersIncorrectType), issuedSecurityTokenParameters), nameof(tokenRequirement)), EventLevel.Error); } _communicationObject = new WrapperSecurityCommunicationObject(this); }
private SspiIssuanceChannelParameter GetSspiIssuanceChannelParameter(SecurityTokenRequirement initiatorRequirement) { ChannelParameterCollection parameters; if (initiatorRequirement.TryGetProperty <ChannelParameterCollection>(ServiceModelSecurityTokenRequirement.ChannelParametersCollectionProperty, out parameters) && (parameters != null)) { for (int i = 0; i < parameters.Count; i++) { if (parameters[i] is SspiIssuanceChannelParameter) { return((SspiIssuanceChannelParameter)parameters[i]); } } } return(null); }
/// <summary> /// Instantiates a <see cref="WSTrustChannelSecurityTokenProvider"/> that describe the parameters for a WSTrust request. /// </summary> /// <param name="tokenRequirement">the <see cref="SecurityTokenRequirement"/> that must contain a <see cref="WSTrustTokenParameters"/> as the <see cref="IssuedSecurityTokenParameters"/> property.</param> /// <exception cref="ArgumentNullException">thrown if <paramref name="tokenRequirement"/> is null.</exception> /// <exception cref="ArgumentException">thrown if <see cref="SecurityTokenRequirement.GetProperty{TValue}(string)"/> (IssuedSecurityTokenParameters) is not a <see cref="WSTrustTokenParameters"/>.</exception> public WSTrustChannelSecurityTokenProvider(SecurityTokenRequirement tokenRequirement) { SecurityTokenRequirement = tokenRequirement ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new ArgumentNullException(nameof(tokenRequirement)), System.Diagnostics.Tracing.EventLevel.Error); SecurityTokenRequirement.TryGetProperty(SecurityAlgorithmSuiteProperty, out _securityAlgorithmSuite); IssuedSecurityTokenParameters issuedSecurityTokenParameters = SecurityTokenRequirement.GetProperty <IssuedSecurityTokenParameters>(IssuedSecurityTokenParametersProperty); WSTrustTokenParameters = issuedSecurityTokenParameters as WSTrustTokenParameters; if (WSTrustTokenParameters == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new ArgumentException(LogHelper.FormatInvariant("tokenRequirement.GetProperty<IssuedSecurityTokenParameters> must be of type: WSTrustTokenParameters. Was: '{0}.", issuedSecurityTokenParameters), nameof(tokenRequirement)), System.Diagnostics.Tracing.EventLevel.Error); } InitializeKeyEntropyMode(); SetInboundSerializationContext(); RequestContext = string.IsNullOrEmpty(WSTrustTokenParameters.RequestContext) ? Guid.NewGuid().ToString() : WSTrustTokenParameters.RequestContext; }
public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement) { if (String.IsNullOrWhiteSpace(tokenRequirement.TokenType) || tokenRequirement.TokenType == SecurityTokenTypes.Saml || tokenRequirement.TokenType == "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1") { SecurityBindingElement sbe = null; if (!tokenRequirement.TryGetProperty <SecurityBindingElement>("http://schemas.microsoft.com/ws/2006/05/servicemodel/securitytokenrequirement/SecurityBindingElement", out sbe)) { throw new InvalidOperationException("Could not retreive the Security Binding Element!"); } // If the token requirement is for a SymmetricKey based token.. if (tokenRequirement.KeyType != SecurityKeyType.AsymmetricKey) { throw new NotSupportedException("Only Asymmetric keys are supported"); } //TODO:Add more IssuedSecurityTokenParameters sessionTokenParams = null; if (sbe is AsymmetricSecurityBindingElement) { sessionTokenParams = (IssuedSecurityTokenParameters)((AsymmetricSecurityBindingElement)sbe).InitiatorTokenParameters; } if (sbe is TransportSecurityBindingElement) { sessionTokenParams = (IssuedSecurityTokenParameters)((TransportSecurityBindingElement)sbe).EndpointSupportingTokenParameters.Endorsing[0]; } return(new SsoSecurityTokenProvider((SsoClientCredentials)ClientCredentials, sessionTokenParams)); } else { // otherwise use base implementation return(base.CreateSecurityTokenProvider(tokenRequirement)); } }
X509SecurityTokenProvider CreateX509SecurityTokenProvider(SecurityTokenRequirement requirement) { bool isInitiator; requirement.TryGetProperty <bool> (ReqType.IsInitiatorProperty, out isInitiator); // when it is initiator, then it is for MutualCertificateDuplex. X509Certificate2 cert; if (isInitiator) { cert = credentials.ClientCertificate.Certificate; if (cert == null) { throw new InvalidOperationException("Client certificate is not provided in ServiceCredentials."); } if (cert.PrivateKey == null) { throw new ArgumentException("Client certificate for MutualCertificateDuplex does not have a private key which is required for key exchange."); } } else { cert = credentials.ServiceCertificate.Certificate; if (cert == null) { throw new InvalidOperationException("Service certificate is not provided in ServiceCredentials."); } if (cert.PrivateKey == null) { throw new ArgumentException("Service certificate does not have a private key which is required for key exchange."); } } X509SecurityTokenProvider p = new X509SecurityTokenProvider(cert); return(p); }
/// <summary> /// Looks for the first FederatedClientCredentialsParameters object in the ChannelParameterCollection /// property on the tokenRequirement. /// </summary> internal FederatedClientCredentialsParameters FindFederatedChannelParameters(SecurityTokenRequirement tokenRequirement) { FederatedClientCredentialsParameters issuedTokenClientCredentialsParameters = null; ChannelParameterCollection channelParameterCollection = null; if (tokenRequirement.TryGetProperty <ChannelParameterCollection>( ServiceModelSecurityTokenRequirement.ChannelParametersCollectionProperty, out channelParameterCollection)) { if (channelParameterCollection != null) { foreach (object obj in channelParameterCollection) { issuedTokenClientCredentialsParameters = obj as FederatedClientCredentialsParameters; if (issuedTokenClientCredentialsParameters != null) { break; } } } } return(issuedTokenClientCredentialsParameters); }
public void TryGetPropertyTypeConvertible () { SecurityTokenRequirement r = new SecurityTokenRequirement (); r.Properties ["urn:foo"] = 1; double d; r.TryGetProperty<double> ("urn:foo", out d); }
public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement) { if (IsIssuedSecurityTokenRequirement(tokenRequirement)) { return(CreateIssuedTokenProvider(tokenRequirement)); } bool isInitiator; // huh, they are not constants but properties. if (tokenRequirement.TokenType == SecurityTokenTypes.X509Certificate) { return(CreateX509SecurityTokenProvider(tokenRequirement)); } else if (tokenRequirement.TokenType == ServiceModelSecurityTokenTypes.SecureConversation) { return(CreateSecureConversationProvider(tokenRequirement)); } else if (tokenRequirement.TokenType == ServiceModelSecurityTokenTypes.AnonymousSslnego) { if (tokenRequirement.TryGetProperty <bool> (ReqType.IsInitiatorProperty, out isInitiator) && isInitiator) { return(CreateSslnegoProvider(tokenRequirement)); } } else if (tokenRequirement.TokenType == ServiceModelSecurityTokenTypes.MutualSslnego) { if (tokenRequirement.TryGetProperty <bool> (ReqType.IsInitiatorProperty, out isInitiator) && isInitiator) { return(CreateSslnegoProvider(tokenRequirement)); } } else if (tokenRequirement.TokenType == ServiceModelSecurityTokenTypes.SecurityContext) { // FIXME: implement } else if (tokenRequirement.TokenType == ServiceModelSecurityTokenTypes.Spnego) { return(CreateSpnegoProvider(tokenRequirement)); } else if (tokenRequirement.TokenType == ServiceModelSecurityTokenTypes.SspiCredential) { // FIXME: implement } else if (tokenRequirement.TokenType == SecurityTokenTypes.Rsa) { // FIXME: implement } else if (tokenRequirement.TokenType == SecurityTokenTypes.Saml) { // FIXME: implement } else if (tokenRequirement.TokenType == SecurityTokenTypes.UserName) { return(CreateUserNameProvider(tokenRequirement)); } else if (tokenRequirement.TokenType == SecurityTokenTypes.Kerberos) { return(CreateKerberosProvider(tokenRequirement)); } throw new NotSupportedException(String.Format("Token type '{0}' is not supported", tokenRequirement.TokenType)); }
public override SecurityTokenProvider CreateSecurityTokenProvider (SecurityTokenRequirement requirement) { if (IsIssuedSecurityTokenRequirement (requirement)) return CreateIssuedTokenProvider (requirement); bool isInitiator; // huh, they are not constants but properties. if (requirement.TokenType == SecurityTokenTypes.X509Certificate) return CreateX509SecurityTokenProvider (requirement); else if (requirement.TokenType == ServiceModelSecurityTokenTypes.SecureConversation) return CreateSecureConversationProvider (requirement); else if (requirement.TokenType == ServiceModelSecurityTokenTypes.AnonymousSslnego) { if (requirement.TryGetProperty<bool> (ReqType.IsInitiatorProperty, out isInitiator) && isInitiator) return CreateSslnegoProvider (requirement); } else if (requirement.TokenType == ServiceModelSecurityTokenTypes.MutualSslnego) { if (requirement.TryGetProperty<bool> (ReqType.IsInitiatorProperty, out isInitiator) && isInitiator) return CreateSslnegoProvider (requirement); } else if (requirement.TokenType == ServiceModelSecurityTokenTypes.SecurityContext) { // FIXME: implement } else if (requirement.TokenType == ServiceModelSecurityTokenTypes.Spnego) { return CreateSpnegoProvider (requirement); } else if (requirement.TokenType == ServiceModelSecurityTokenTypes.SspiCredential) { // FIXME: implement } else if (requirement.TokenType == SecurityTokenTypes.Rsa) { // FIXME: implement } else if (requirement.TokenType == SecurityTokenTypes.Saml) { // FIXME: implement } else if (requirement.TokenType == SecurityTokenTypes.UserName) return CreateUserNameProvider (requirement); else if (requirement.TokenType == SecurityTokenTypes.Kerberos) { return CreateKerberosProvider (requirement); } throw new NotSupportedException (String.Format ("Token type '{0}' is not supported", requirement.TokenType)); }
X509SecurityTokenProvider CreateX509SecurityTokenProvider (SecurityTokenRequirement requirement) { bool isInitiator; requirement.TryGetProperty<bool> (ReqType.IsInitiatorProperty, out isInitiator); // when it is initiator, then it is for MutualCertificateDuplex. X509Certificate2 cert; if (isInitiator) { cert = credentials.ClientCertificate.Certificate; if (cert == null) throw new InvalidOperationException ("Client certificate is not provided in ServiceCredentials."); if (cert.PrivateKey == null) throw new ArgumentException ("Client certificate for MutualCertificateDuplex does not have a private key which is required for key exchange."); } else { cert = credentials.ServiceCertificate.Certificate; if (cert == null) throw new InvalidOperationException ("Service certificate is not provided in ServiceCredentials."); if (cert.PrivateKey == null) throw new ArgumentException ("Service certificate does not have a private key which is required for key exchange."); } X509SecurityTokenProvider p = new X509SecurityTokenProvider (cert); return p; }
IssuedSecurityTokenProvider CreateIssuedProviderBase (SecurityTokenRequirement r) { IssuedSecurityTokenProvider p = new IssuedSecurityTokenProvider (); p.TargetAddress = r.GetProperty<EndpointAddress> (ReqType.TargetAddressProperty); // FIXME: use it somewhere, probably to build // IssuerBinding. However, there is also IssuerBinding // property. SecureConversationSecurityBindingElement // as well. SecurityBindingElement sbe = r.GetProperty<SecurityBindingElement> (ReqType.SecurityBindingElementProperty); // I doubt the binding is acquired this way ... Binding binding; if (!r.TryGetProperty<Binding> (ReqType.IssuerBindingProperty, out binding)) binding = new CustomBinding (sbe, new TextMessageEncodingBindingElement (), new HttpTransportBindingElement ()); p.IssuerBinding = binding; // not sure if it is used only for this purpose though ... BindingContext ctx = r.GetProperty<BindingContext> (ReqType.IssuerBindingContextProperty); foreach (IEndpointBehavior b in ctx.BindingParameters.FindAll<IEndpointBehavior> ()) p.IssuerChannelBehaviors.Add (b); SecurityTokenVersion ver = r.GetProperty<SecurityTokenVersion> (ReqType.MessageSecurityVersionProperty); p.SecurityTokenSerializer = CreateSecurityTokenSerializer (ver); // seems like they are optional here ... (but possibly // used later) EndpointAddress address; if (!r.TryGetProperty<EndpointAddress> (ReqType.IssuerAddressProperty, out address)) address = p.TargetAddress; p.IssuerAddress = address; // It is somehow not checked as mandatory ... SecurityAlgorithmSuite suite = null; r.TryGetProperty<SecurityAlgorithmSuite> (ReqType.SecurityAlgorithmSuiteProperty, out suite); p.SecurityAlgorithmSuite = suite; return p; }
X509SecurityTokenProvider CreateX509SecurityTokenProvider (SecurityTokenRequirement requirement) { // - When the request is as an initiator, then // - if the purpose is key exchange, then // the initiator wants the service certificate // to encrypt the message with its public key. // - otherwise, the initiator wants the client // certificate to sign the message with the // private key. // - otherwise // - if the purpose is key exchange, then // the recipient wants the client certificate // to encrypt the message with its public key. // - otherwise, the recipient wants the service // certificate to sign the message with the // private key. bool isInitiator; if (!requirement.TryGetProperty<bool> (ReqType.IsInitiatorProperty, out isInitiator)) isInitiator = false; X509Certificate2 cert; bool isClient; if (isInitiator) isClient = requirement.KeyUsage == SecurityKeyUsage.Signature; else { if (!requirement.Properties.ContainsKey (SecurityTokenRequirement.KeyUsageProperty)) throw new NotSupportedException (String.Format ("Cannot create a security token provider from this requirement '{0}'", requirement)); isClient = requirement.KeyUsage == SecurityKeyUsage.Exchange; } if (isClient) cert = credentials.ClientCertificate.Certificate; else cert = GetServiceCertificate (requirement); if (cert == null) { if (isClient) throw new InvalidOperationException ("Client certificate is not provided in ClientCredentials."); else throw new InvalidOperationException ("Service certificate is not provided."); } X509SecurityTokenProvider p = new X509SecurityTokenProvider (cert); return p; }
X509Certificate2 GetServiceCertificate (SecurityTokenRequirement requirement) { // try X509CertificateEndpointIdentity, // ServiceCertificate.ScopedCertificate and // ServiceCertificate.DefaultCertificate. X509Certificate2 cert = null; EndpointAddress address = null; requirement.TryGetProperty (ReqType.TargetAddressProperty, out address); if (address != null) { X509CertificateEndpointIdentity ident = address.Identity as X509CertificateEndpointIdentity; if (ident != null && ident.Certificates.Count > 0) cert = ident.Certificates [0]; if (cert == null) credentials.ServiceCertificate.ScopedCertificates.TryGetValue (address.Uri, out cert); } if (cert == null) cert = credentials.ServiceCertificate.DefaultCertificate; return cert; }
IssuedSecurityTokenProvider CreateIssuedTokenProvider (SecurityTokenRequirement requirement) { IssuedSecurityTokenProvider p = new IssuedSecurityTokenProvider (); // FIXME: fill properties EndpointAddress address; if (requirement.TryGetProperty<EndpointAddress> (ReqType.IssuerAddressProperty, out address)) p.IssuerAddress = address; if (requirement.TryGetProperty<EndpointAddress> (ReqType.TargetAddressProperty, out address)) p.TargetAddress = address; Binding binding; if (requirement.TryGetProperty<Binding> (ReqType.IssuerBindingProperty, out binding)) p.IssuerBinding = binding; MessageSecurityVersion ver; if (requirement.TryGetProperty<MessageSecurityVersion> (ReqType.MessageSecurityVersionProperty, out ver)) p.SecurityTokenSerializer = CreateSecurityTokenSerializer (ver.SecurityTokenVersion); SecurityAlgorithmSuite suite; if (requirement.TryGetProperty<SecurityAlgorithmSuite> (ReqType.SecurityAlgorithmSuiteProperty, out suite)) p.SecurityAlgorithmSuite = suite; return p; }
// Summary: // If interactive support is requested and an IssuedSecurityTokenParameters is specified this method // will return an instance of an InfoCardTokenProvider. // Otherwise this method defers to the base implementation. // // Parameters // parameters - The security token parameters associated with this ChannelFactory. // // Note // The target and issuer information will not be available in this call // public static bool TryCreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement, ClientCredentialsSecurityTokenManager clientCredentialsTokenManager, out SecurityTokenProvider provider) { if (tokenRequirement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenRequirement"); } if (clientCredentialsTokenManager == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("clientCredentialsTokenManager"); } provider = null; if (!clientCredentialsTokenManager.ClientCredentials.SupportInteractive || (null != clientCredentialsTokenManager.ClientCredentials.IssuedToken.LocalIssuerAddress && null != clientCredentialsTokenManager.ClientCredentials.IssuedToken.LocalIssuerBinding) || !clientCredentialsTokenManager.IsIssuedSecurityTokenRequirement(tokenRequirement) ) { //IDT.TraceDebug("ICARDTOKPROV: Non Issued SecurityToken requirement submitted to InfoCardClientCredentialsSecurityTokenManager:\n{0}", tokenRequirement); //IDT.TraceDebug("ICARDTOKPROV: Defering to the base class to create the token provider"); } else { ChannelParameterCollection channelParameter; InfoCardChannelParameter infocardChannelParameter = null; if (tokenRequirement.TryGetProperty <ChannelParameterCollection>(ServiceModelSecurityTokenRequirement.ChannelParametersCollectionProperty, out channelParameter)) { foreach (object obj in channelParameter) { if (obj is InfoCardChannelParameter) { infocardChannelParameter = (InfoCardChannelParameter)obj; break; } } } if (null == infocardChannelParameter || !infocardChannelParameter.RequiresInfoCard) { return(false); } EndpointAddress target = tokenRequirement.GetProperty <EndpointAddress>(ServiceModelSecurityTokenRequirement.TargetAddressProperty); IssuedSecurityTokenParameters issuedTokenParameters = tokenRequirement.GetProperty <IssuedSecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty); Uri privacyNoticeLink; if (!tokenRequirement.TryGetProperty <Uri>(ServiceModelSecurityTokenRequirement.PrivacyNoticeUriProperty, out privacyNoticeLink)) { privacyNoticeLink = null; } int privacyNoticeVersion; if (!tokenRequirement.TryGetProperty <int>(ServiceModelSecurityTokenRequirement.PrivacyNoticeVersionProperty, out privacyNoticeVersion)) { privacyNoticeVersion = 0; } // // This analysis of this chain indicates that interactive support will be required // The InternalClientCredentials class handles that. // provider = CreateTokenProviderForNextLeg(tokenRequirement, target, issuedTokenParameters.IssuerAddress, infocardChannelParameter.RelyingPartyIssuer, clientCredentialsTokenManager, infocardChannelParameter); } return(provider != null); }
X509SecurityTokenProvider CreateX509SecurityTokenProvider(SecurityTokenRequirement requirement) { // - When the request is as an initiator, then // - if the purpose is key exchange, then // the initiator wants the service certificate // to encrypt the message with its public key. // - otherwise, the initiator wants the client // certificate to sign the message with the // private key. // - otherwise // - if the purpose is key exchange, then // the recipient wants the client certificate // to encrypt the message with its public key. // - otherwise, the recipient wants the service // certificate to sign the message with the // private key. bool isInitiator; if (!requirement.TryGetProperty <bool> (ReqType.IsInitiatorProperty, out isInitiator)) { isInitiator = false; } X509Certificate2 cert; bool isClient; if (isInitiator) { isClient = requirement.KeyUsage == SecurityKeyUsage.Signature; } else { if (!requirement.Properties.ContainsKey(SecurityTokenRequirement.KeyUsageProperty)) { throw new NotSupportedException(String.Format("Cannot create a security token provider from this requirement '{0}'", requirement)); } isClient = requirement.KeyUsage == SecurityKeyUsage.Exchange; } if (isClient) { cert = credentials.ClientCertificate.Certificate; } else { cert = GetServiceCertificate(requirement); } if (cert == null) { if (isClient) { throw new InvalidOperationException("Client certificate is not provided in ClientCredentials."); } else { throw new InvalidOperationException("Service certificate is not provided."); } } X509SecurityTokenProvider p = new X509SecurityTokenProvider(cert); return(p); }
/// <summary> /// Looks for the first FederatedClientCredentialsParameters object in the ChannelParameterCollection /// property on the tokenRequirement. /// </summary> internal FederatedClientCredentialsParameters FindFederatedChannelParameters(SecurityTokenRequirement tokenRequirement) { FederatedClientCredentialsParameters issuedTokenClientCredentialsParameters = null; ChannelParameterCollection channelParameterCollection = null; if (tokenRequirement.TryGetProperty<ChannelParameterCollection>( ServiceModelSecurityTokenRequirement.ChannelParametersCollectionProperty, out channelParameterCollection)) { if (channelParameterCollection != null) { foreach (object obj in channelParameterCollection) { issuedTokenClientCredentialsParameters = obj as FederatedClientCredentialsParameters; if (issuedTokenClientCredentialsParameters != null) { break; } } } } return issuedTokenClientCredentialsParameters; }
SspiIssuanceChannelParameter GetSspiIssuanceChannelParameter(SecurityTokenRequirement initiatorRequirement) { ChannelParameterCollection channelParameters; if (initiatorRequirement.TryGetProperty<ChannelParameterCollection>(ServiceModelSecurityTokenRequirement.ChannelParametersCollectionProperty, out channelParameters)) { if (channelParameters != null) { for (int i = 0; i < channelParameters.Count; ++i) { if (channelParameters[i] is SspiIssuanceChannelParameter) { return (SspiIssuanceChannelParameter)channelParameters[i]; } } } } return null; }
protected internal bool IsIssuedSecurityTokenRequirement ( SecurityTokenRequirement requirement) { SecurityTokenParameters ret; if (!requirement.TryGetProperty<SecurityTokenParameters> (ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty, out ret)) return false; return ret is IssuedSecurityTokenParameters; }