public WindowsStreamSecurityUpgradeProvider(WindowsStreamSecurityBindingElement bindingElement,
BindingContext context, bool isClient)
: base(context.Binding)
{
ExtractGroupsForWindowsAccounts = TransportDefaults.ExtractGroupsForWindowsAccounts;
ProtectionLevel = bindingElement.ProtectionLevel;
Scheme = context.Binding.Scheme;
_isClient = isClient;
_listenUri = TransportSecurityHelpers.GetListenUri(context.ListenUriBaseAddress, context.ListenUriRelativeAddress);
SecurityCredentialsManager credentialProvider = context.BindingParameters.Find <SecurityCredentialsManager>();
if (credentialProvider == null)
{
//if (isClient)
//{
// credentialProvider = ClientCredentials.CreateDefaultCredentials();
//}
//else
//{
credentialProvider = new ServiceCredentials(); //ServiceCredentials.CreateDefaultCredentials();
//}
}
if (credentialProvider is ServiceCredentials)
{
ServiceCredentials serviceCred = (ServiceCredentials)credentialProvider;
LdapSettings = serviceCred.WindowsAuthentication.LdapSetting;
}
_securityTokenManager = credentialProvider.CreateSecurityTokenManager();
}
public static SslStreamSecurityUpgradeProvider CreateServerProvider(
SslStreamSecurityBindingElement bindingElement, BindingContext context)
{
SecurityCredentialsManager credentialProvider =
context.BindingParameters.Find <SecurityCredentialsManager>();
if (credentialProvider == null)
{
credentialProvider = ServiceCredentials.CreateDefaultCredentials();
}
Uri listenUri = TransportSecurityHelpers.GetListenUri(context.ListenUriBaseAddress, context.ListenUriRelativeAddress);
SecurityTokenManager tokenManager = credentialProvider.CreateSecurityTokenManager();
RecipientServiceModelSecurityTokenRequirement serverCertRequirement = new RecipientServiceModelSecurityTokenRequirement();
serverCertRequirement.TokenType = SecurityTokenTypes.X509Certificate;
serverCertRequirement.RequireCryptographicToken = true;
serverCertRequirement.KeyUsage = SecurityKeyUsage.Exchange;
serverCertRequirement.TransportScheme = context.Binding.Scheme;
serverCertRequirement.ListenUri = listenUri;
SecurityTokenProvider tokenProvider = tokenManager.CreateSecurityTokenProvider(serverCertRequirement);
if (tokenProvider == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.Format(SR.ClientCredentialsUnableToCreateLocalTokenProvider, serverCertRequirement)));
}
SecurityTokenAuthenticator certificateAuthenticator =
TransportSecurityHelpers.GetCertificateTokenAuthenticator(tokenManager, context.Binding.Scheme, listenUri);
return(new SslStreamSecurityUpgradeProvider(context.Binding, tokenProvider, bindingElement.RequireClientCertificate,
certificateAuthenticator, context.Binding.Scheme, bindingElement.IdentityVerifier, bindingElement.SslProtocols));
}