/// <summary>
/// The purpose of this method is to set our WrappedTokenCache as the token cache for SCT's.
/// And to set our OnIssuedToken callback when in cookie mode.
/// We have to use reflection here as this is a private method.
/// </summary>
static void SetWrappedTokenCache(
WrappedTokenCache wrappedTokenCache,
SecurityTokenAuthenticator sta,
WrappedSessionSecurityTokenAuthenticator wssta,
SctClaimsHandler claimsHandler)
{
if (sta is SecuritySessionSecurityTokenAuthenticator)
{
(sta as SecuritySessionSecurityTokenAuthenticator).IssuedTokenCache = wrappedTokenCache;
}
else if (sta is AcceleratedTokenAuthenticator)
{
(sta as AcceleratedTokenAuthenticator).IssuedTokenCache = wrappedTokenCache;
}
else if (sta is SpnegoTokenAuthenticator)
{
(sta as SpnegoTokenAuthenticator).IssuedTokenCache = wrappedTokenCache;
}
else if (sta is TlsnegoTokenAuthenticator)
{
(sta as TlsnegoTokenAuthenticator).IssuedTokenCache = wrappedTokenCache;
}
// we need to special case this as the OnTokenIssued callback is not hooked up in the cookie mode case.
IIssuanceSecurityTokenAuthenticator issuanceTokenAuthenticator = sta as IIssuanceSecurityTokenAuthenticator;
if (issuanceTokenAuthenticator != null)
{
issuanceTokenAuthenticator.IssuedSecurityTokenHandler = claimsHandler.OnTokenIssued;
issuanceTokenAuthenticator.RenewedSecurityTokenHandler = claimsHandler.OnTokenRenewed;
}
}
/// <summary>
/// Helper method to setup the WrappedSecureConversttion
/// </summary>
SecurityTokenAuthenticator SetupSecureConversationWrapper(RecipientServiceModelSecurityTokenRequirement tokenRequirement, SessionSecurityTokenHandler tokenHandler, out SecurityTokenResolver outOfBandTokenResolver)
{
// This code requires Orcas SP1 to compile.
// WCF expects this securityTokenAuthenticator to support:
// 1. IIssuanceSecurityTokenAuthenticator
// 2. ICommunicationObject is needed for this to work right.
// WCF opens a listener in this STA that handles the nego and uses an internal class for negotiating the
// the bootstrap tokens. We want to handle ValidateToken to return our authorization policies and surface the bootstrap tokens.
// when sp1 is installed, use this one.
//SecurityTokenAuthenticator sta = base.CreateSecureConversationTokenAuthenticator( tokenRequirement as RecipientServiceModelSecurityTokenRequirement, _saveBootstrapTokensInSession, out outOfBandTokenResolver );
// use this code if SP1 is not installed
SecurityTokenAuthenticator sta = base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver);
SessionSecurityTokenHandler sessionTokenHandler = tokenHandler;
//
// If there is no SCT handler here, create one.
//
if (tokenHandler == null)
{
sessionTokenHandler = new SessionSecurityTokenHandler(_cookieTransforms, SessionSecurityTokenHandler.DefaultTokenLifetime);
sessionTokenHandler.ContainingCollection = _securityTokenHandlerCollection;
sessionTokenHandler.Configuration = _securityTokenHandlerCollection.Configuration;
}
if (ServiceCredentials != null)
{
sessionTokenHandler.Configuration.MaxClockSkew = ServiceCredentials.IdentityConfiguration.MaxClockSkew;
}
SctClaimsHandler claimsHandler = new SctClaimsHandler(
_securityTokenHandlerCollection,
GetNormalizedEndpointId(tokenRequirement));
WrappedSessionSecurityTokenAuthenticator wssta = new WrappedSessionSecurityTokenAuthenticator(sessionTokenHandler, sta,
claimsHandler, _exceptionMapper);
WrappedTokenCache wrappedTokenCache = new WrappedTokenCache(_tokenCache, claimsHandler);
SetWrappedTokenCache(wrappedTokenCache, sta, wssta, claimsHandler);
outOfBandTokenResolver = wrappedTokenCache;
return(wssta);
}
/// <summary>
/// The purpose of this method is to set our WrappedTokenCache as the token cache for SCT's.
/// And to set our OnIssuedToken callback when in cookie mode.
/// We have to use reflection here as this is a private method.
/// </summary>
static void SetWrappedTokenCache(
WrappedTokenCache wrappedTokenCache,
SecurityTokenAuthenticator sta,
WrappedSessionSecurityTokenAuthenticator wssta,
SctClaimsHandler claimsHandler )
{
if ( sta is SecuritySessionSecurityTokenAuthenticator )
{
( sta as SecuritySessionSecurityTokenAuthenticator ).IssuedTokenCache = wrappedTokenCache;
}
else if ( sta is AcceleratedTokenAuthenticator )
{
( sta as AcceleratedTokenAuthenticator ).IssuedTokenCache = wrappedTokenCache;
}
else if ( sta is SpnegoTokenAuthenticator )
{
( sta as SpnegoTokenAuthenticator ).IssuedTokenCache = wrappedTokenCache;
}
else if ( sta is TlsnegoTokenAuthenticator )
{
( sta as TlsnegoTokenAuthenticator ).IssuedTokenCache = wrappedTokenCache;
}
// we need to special case this as the OnTokenIssued callback is not hooked up in the cookie mode case.
IIssuanceSecurityTokenAuthenticator issuanceTokenAuthenticator = sta as IIssuanceSecurityTokenAuthenticator;
if ( issuanceTokenAuthenticator != null )
{
issuanceTokenAuthenticator.IssuedSecurityTokenHandler = claimsHandler.OnTokenIssued;
issuanceTokenAuthenticator.RenewedSecurityTokenHandler = claimsHandler.OnTokenRenewed;
}
}
/// <summary>
/// Helper method to setup the WrappedSecureConversttion
/// </summary>
SecurityTokenAuthenticator SetupSecureConversationWrapper( RecipientServiceModelSecurityTokenRequirement tokenRequirement, SessionSecurityTokenHandler tokenHandler, out SecurityTokenResolver outOfBandTokenResolver )
{
// This code requires Orcas SP1 to compile.
// WCF expects this securityTokenAuthenticator to support:
// 1. IIssuanceSecurityTokenAuthenticator
// 2. ICommunicationObject is needed for this to work right.
// WCF opens a listener in this STA that handles the nego and uses an internal class for negotiating the
// the bootstrap tokens. We want to handle ValidateToken to return our authorization policies and surface the bootstrap tokens.
// when sp1 is installed, use this one.
//SecurityTokenAuthenticator sta = base.CreateSecureConversationTokenAuthenticator( tokenRequirement as RecipientServiceModelSecurityTokenRequirement, _saveBootstrapTokensInSession, out outOfBandTokenResolver );
// use this code if SP1 is not installed
SecurityTokenAuthenticator sta = base.CreateSecurityTokenAuthenticator( tokenRequirement, out outOfBandTokenResolver );
SessionSecurityTokenHandler sessionTokenHandler = tokenHandler;
//
// If there is no SCT handler here, create one.
//
if ( tokenHandler == null )
{
sessionTokenHandler = new SessionSecurityTokenHandler( _cookieTransforms, SessionSecurityTokenHandler.DefaultTokenLifetime );
sessionTokenHandler.ContainingCollection = _securityTokenHandlerCollection;
sessionTokenHandler.Configuration = _securityTokenHandlerCollection.Configuration;
}
if ( ServiceCredentials != null )
{
sessionTokenHandler.Configuration.MaxClockSkew = ServiceCredentials.IdentityConfiguration.MaxClockSkew;
}
SctClaimsHandler claimsHandler = new SctClaimsHandler(
_securityTokenHandlerCollection,
GetNormalizedEndpointId( tokenRequirement ) );
WrappedSessionSecurityTokenAuthenticator wssta = new WrappedSessionSecurityTokenAuthenticator( sessionTokenHandler, sta,
claimsHandler, _exceptionMapper );
WrappedTokenCache wrappedTokenCache = new WrappedTokenCache( _tokenCache, claimsHandler);
SetWrappedTokenCache( wrappedTokenCache, sta, wssta, claimsHandler );
outOfBandTokenResolver = wrappedTokenCache;
return wssta;
}