public static UrlAcl Create(string prefix, string newSddl) { HttpApi.CallHttpApi(() => { var config = new URLACL_SET(); config.KeyDesc.pUrlPrefix = prefix; config.ParamDesc.pStringSecurityDescriptor = newSddl; HttpApi.ThrowWin32ExceptionIfError(HttpApi.HttpSetServiceConfiguration(IntPtr.Zero, HttpApi.HTTP_SERVICE_CONFIG_ID.HttpServiceConfigUrlAclInfo, config, Marshal.SizeOf(config), IntPtr.Zero)); }); return(new UrlAcl(prefix, newSddl)); }
public bool Bind(CertificateBinding binding) { bool bindingUpdated = false; HttpApi.CallHttpApi( delegate { GCHandle sockAddrHandle = SockaddrInterop.CreateSockaddrStructure(binding.IpPort); IntPtr pIpPort = sockAddrHandle.AddrOfPinnedObject(); var httpServiceConfigSslKey = new HttpApi.HTTP_SERVICE_CONFIG_SSL_KEY(pIpPort); byte[] hash = GetHash(binding.Thumbprint); GCHandle handleHash = GCHandle.Alloc(hash, GCHandleType.Pinned); var options = binding.Options; var configSslParam = new HttpApi.HTTP_SERVICE_CONFIG_SSL_PARAM { AppId = binding.AppId, DefaultCertCheckMode = (options.DoNotVerifyCertificateRevocation ? HttpApi.CertCheckModes.DoNotVerifyCertificateRevocation : 0) | (options.VerifyRevocationWithCachedCertificateOnly ? HttpApi.CertCheckModes.VerifyRevocationWithCachedCertificateOnly : 0) | (options.EnableRevocationFreshnessTime ? HttpApi.CertCheckModes.EnableRevocationFreshnessTime : 0) | (options.NoUsageCheck ? HttpApi.CertCheckModes.NoUsageCheck : 0), DefaultFlags = (options.NegotiateCertificate ? HttpApi.HTTP_SERVICE_CONFIG_SSL_FLAG.NEGOTIATE_CLIENT_CERT : 0) | (options.UseDsMappers ? HttpApi.HTTP_SERVICE_CONFIG_SSL_FLAG.USE_DS_MAPPER : 0) | (options.DoNotPassRequestsToRawFilters ? HttpApi.HTTP_SERVICE_CONFIG_SSL_FLAG.NO_RAW_FILTER : 0), DefaultRevocationFreshnessTime = (int)options.RevocationFreshnessTime.TotalSeconds, DefaultRevocationUrlRetrievalTimeout = (int)options.RevocationUrlRetrievalTimeout.TotalMilliseconds, pSslCertStoreName = binding.StoreName, pSslHash = handleHash.AddrOfPinnedObject(), SslHashLength = hash.Length, pDefaultSslCtlIdentifier = options.SslCtlIdentifier, pDefaultSslCtlStoreName = options.SslCtlStoreName }; var configSslSet = new HttpApi.HTTP_SERVICE_CONFIG_SSL_SET { ParamDesc = configSslParam, KeyDesc = httpServiceConfigSslKey }; IntPtr pInputConfigInfo = Marshal.AllocCoTaskMem( Marshal.SizeOf(typeof(HttpApi.HTTP_SERVICE_CONFIG_SSL_SET))); Marshal.StructureToPtr(configSslSet, pInputConfigInfo, false); try { uint retVal = HttpApi.HttpSetServiceConfiguration(IntPtr.Zero, HttpApi.HTTP_SERVICE_CONFIG_ID.HttpServiceConfigSSLCertInfo, pInputConfigInfo, Marshal.SizeOf(configSslSet), IntPtr.Zero); if (HttpApi.ERROR_ALREADY_EXISTS != retVal) { HttpApi.ThrowWin32ExceptionIfError(retVal); } else { retVal = HttpApi.HttpDeleteServiceConfiguration(IntPtr.Zero, HttpApi.HTTP_SERVICE_CONFIG_ID.HttpServiceConfigSSLCertInfo, pInputConfigInfo, Marshal.SizeOf(configSslSet), IntPtr.Zero); HttpApi.ThrowWin32ExceptionIfError(retVal); retVal = HttpApi.HttpSetServiceConfiguration(IntPtr.Zero, HttpApi.HTTP_SERVICE_CONFIG_ID.HttpServiceConfigSSLCertInfo, pInputConfigInfo, Marshal.SizeOf(configSslSet), IntPtr.Zero); HttpApi.ThrowWin32ExceptionIfError(retVal); bindingUpdated = true; } } finally { Marshal.FreeCoTaskMem(pInputConfigInfo); if (handleHash.IsAllocated) { handleHash.Free(); } if (sockAddrHandle.IsAllocated) { sockAddrHandle.Free(); } } }); return(bindingUpdated); }