public void InitializeFrom(EndpointIdentity identity) { if (identity == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("identity"); } Claim identityClaim = identity.IdentityClaim; if (ClaimTypes.Dns.Equals(identityClaim.ClaimType)) { this.Dns.Value = (string) identityClaim.Resource; } else if (ClaimTypes.Spn.Equals(identityClaim.ClaimType)) { this.ServicePrincipalName.Value = (string) identityClaim.Resource; } else if (ClaimTypes.Upn.Equals(identityClaim.ClaimType)) { this.UserPrincipalName.Value = (string) identityClaim.Resource; } else if (ClaimTypes.Rsa.Equals(identityClaim.ClaimType)) { this.Rsa.Value = ((RSA) identityClaim.Resource).ToXmlString(false); } else if (identity is X509CertificateEndpointIdentity) { X509Certificate2Collection certificates = ((X509CertificateEndpointIdentity) identity).Certificates; this.Certificate.EncodedValue = Convert.ToBase64String(certificates.Export((certificates.Count == 1) ? X509ContentType.SerializedCert : X509ContentType.SerializedStore)); } }
public override bool TryGetIdentity ( EndpointAddress reference, out EndpointIdentity identity) { // FIXME: implement throw new NotImplementedException (); }
public EndpointAddressBuilder (EndpointAddress address) { identity = address.Identity; uri = address.Uri; foreach (AddressHeader h in address.Headers) headers.Add (h); }
/// <summary> /// Setup endpoints /// </summary> static ServiceHostUtil() { _serviceHostName = ServicesIniFile.Read("ServiceHost", "localhost"); _serviceBasePort = int.Parse(ServicesIniFile.Read("ServiceBasePort", "7700")); string serviceIdentityType = ServicesIniFile.Read("ServiceIdentityType", "dns"); string serviceIdentity = ServicesIniFile.Read("ServiceIdentity", "localhost"); if (serviceIdentityType == "dns") { _serviceEndpointIdentity = new System.ServiceModel.DnsEndpointIdentity(serviceIdentity); } else if (serviceIdentityType == "upn") { _serviceEndpointIdentity = new System.ServiceModel.UpnEndpointIdentity(serviceIdentity); } else if (serviceIdentityType == "spn") { _serviceEndpointIdentity = new System.ServiceModel.SpnEndpointIdentity(serviceIdentity); } else { throw new InvalidOperationException("Only identity types \"dns\", \"upn\", and \"spn\" (with a corresponding valid ServiceIdentity) are supported."); } }
public override bool CheckAccess ( EndpointIdentity identity, AuthorizationContext authContext) { // FIXME: implement throw new NotImplementedException (); }
public override bool CheckAccess(EndpointIdentity identity, System.IdentityModel.Policy.AuthorizationContext authContext) { bool returnvalue = false; foreach (ClaimSet claimset in authContext.ClaimSets) { foreach (Claim claim in claimset) { // if (claim.ClaimType == "http://schemas.microsoft.com/ws/2005/05/identity/claims/x500distinguishedname") // { // X500DistinguishedName name = (X500DistinguishedName)claim.Resource; //if (name.Name.Contains(((OrgEndpointIdentity)identity).OrganizationClaim)) // { // Console.WriteLine("Claim Type: {0}", claim.ClaimType); // Console.WriteLine("Right: {0}", claim.Right); // Console.WriteLine("Resource: {0}", claim.Resource); // Console.WriteLine(); returnvalue = true; break; //} //} } } return returnvalue; }
public EndpointAddress(System.Uri uri, EndpointIdentity identity, params AddressHeader[] addressHeaders) { if (uri == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("uri"); } this.Init(uri, identity, addressHeaders); }
public EndpointAddress(System.Uri uri, EndpointIdentity identity, AddressHeaderCollection headers) { if (uri == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("uri"); } this.Init(uri, identity, headers, null, -1, -1, -1); }
public EndpointIdentityExtension(EndpointIdentity identity) { if (identity == null) { throw FxTrace.Exception.ArgumentNull("identity"); } this.ClaimType = identity.IdentityClaim.ClaimType; this.ClaimRight = identity.IdentityClaim.Right; this.ClaimResource = identity.IdentityClaim.Resource; }
internal EndpointInfo(ServiceEndpoint endpoint, string serviceName) { this.endpoint = endpoint; this.address = endpoint.Address.Uri; this.headers = endpoint.Address.Headers; this.identity = endpoint.Address.Identity; this.behaviors = endpoint.Behaviors; this.serviceName = serviceName; this.binding = (endpoint.Binding == null) ? new CustomBinding() : new CustomBinding(endpoint.Binding); this.contract = endpoint.Contract; }
public override bool TryGetIdentity(EndpointAddress reference, out EndpointIdentity identity) { if (reference == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reference"); } identity = reference.Identity; if (identity == null) { identity = new PeerEndpointIdentity(); } return true; }
public override bool CheckAccess(EndpointIdentity identity, AuthorizationContext authzContext) { List<Claim> dnsClaims = new List<Claim>(); foreach( ClaimSet claimSet in authzContext.ClaimSets ) { foreach( Claim claim in claimSet ) { if ( ClaimTypes.Dns == claim.ClaimType ) { dnsClaims.Add(claim); } } } if ( 1 != dnsClaims.Count ) { throw new InvalidOperationException(String.Format("Found {0} DNS claims in authorization context.", dnsClaims.Count)); } return String.Equals((string) this.expectedIdentity.IdentityClaim.Resource, (string) dnsClaims[0].Resource, StringComparison.OrdinalIgnoreCase); }
internal EndpointInfo(ServiceEndpoint endpoint, string serviceName) { Fx.Assert(null != endpoint, "endpoint cannot be null"); this.endpoint = endpoint; this.address = endpoint.Address.Uri; this.headers = endpoint.Address.Headers; this.identity = endpoint.Address.Identity; this.behaviors = endpoint.Behaviors; this.serviceName = serviceName; this.binding = null == endpoint.Binding ? new CustomBinding() : new CustomBinding(endpoint.Binding); this.contract = endpoint.Contract; }
public EndpointAddressBuilder(EndpointAddress address) { if (address == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("address"); } this.epr = address; this.uri = address.Uri; this.identity = address.Identity; this.headers = new Collection<AddressHeader>(); for (int i = 0; i < address.Headers.Count; i++) { this.headers.Add(address.Headers[i]); } }
public EndpointAddress ( Uri uri, EndpointIdentity identity, AddressHeaderCollection headers, XmlDictionaryReader metadataReader, XmlDictionaryReader extensionReader) { if (uri == null) throw new ArgumentNullException ("uri"); if (!uri.IsAbsoluteUri) throw new ArgumentException ("The argument uri must be absolute"); this.address = uri; this.identity = identity; this.headers = headers; metadata_reader = metadataReader; extension_reader = extensionReader; }
private Exception CreateIdentityCheckException(EndpointIdentity identity, AuthorizationContext authorizationContext, string errorString, EndpointAddress serviceReference) { if (((identity.IdentityClaim == null) || !(identity.IdentityClaim.ClaimType == ClaimTypes.Dns)) || (!(identity.IdentityClaim.Right == Rights.PossessProperty) || !(identity.IdentityClaim.Resource is string))) { return new MessageSecurityException(System.ServiceModel.SR.GetString(errorString, new object[] { identity, serviceReference })); } string resource = (string) identity.IdentityClaim.Resource; string str2 = null; for (int i = 0; i < authorizationContext.ClaimSets.Count; i++) { ClaimSet set = authorizationContext.ClaimSets[i]; foreach (Claim claim in set.FindClaims(ClaimTypes.Dns, Rights.PossessProperty)) { if (claim.Resource is string) { str2 = (string) claim.Resource; break; } } if (str2 != null) { break; } } if ("IdentityCheckFailedForIncomingMessage".Equals(errorString)) { if (str2 == null) { return new MessageSecurityException(System.ServiceModel.SR.GetString("DnsIdentityCheckFailedForIncomingMessageLackOfDnsClaim", new object[] { resource })); } return new MessageSecurityException(System.ServiceModel.SR.GetString("DnsIdentityCheckFailedForIncomingMessage", new object[] { resource, str2 })); } if ("IdentityCheckFailedForOutgoingMessage".Equals(errorString)) { if (str2 == null) { return new MessageSecurityException(System.ServiceModel.SR.GetString("DnsIdentityCheckFailedForOutgoingMessageLackOfDnsClaim", new object[] { resource })); } return new MessageSecurityException(System.ServiceModel.SR.GetString("DnsIdentityCheckFailedForOutgoingMessage", new object[] { resource, str2 })); } return new MessageSecurityException(System.ServiceModel.SR.GetString(errorString, new object[] { identity, serviceReference })); }
// Code to be added. public override bool CheckAccess(EndpointIdentity identity, AuthorizationContext authContext) { StreamWriter file = new StreamWriter("c:\\temp\\TestClient.CustomIdentityVerifier - CheckAccess.txt", true); file.WriteLine("_________________________________________"); file.WriteLine("DateTime: " + DateTime.Now.ToString()); bool returnvalue = false; foreach (ClaimSet claimset in authContext.ClaimSets) { foreach (Claim claim in claimset) { file.WriteLine("claim.ClaimType: " + claim.ClaimType); file.WriteLine("\tclaim.Right: " + claim.Right); file.WriteLine("\t\tclaim.Resource: " + claim.Resource.ToString()); if (claim.ClaimType == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishedname") { X500DistinguishedName name = (X500DistinguishedName)claim.Resource; file.WriteLine("X500DistinguishedName: " + name.Name); //if (name.Name.Contains(((OrgEndpointIdentity)identity).OrganizationClaim)) //if ("CN=zpatlittrs239.ittl.gtri.org" == name.Name) if ("[email protected], CN=HA50WSP, O=Hawaii Five0, L=Honolulu, S=Hawaii, C=US" == name.Name) { file.WriteLine("\tClaim Type: {0}", claim.ClaimType); file.WriteLine("\tRight: {0}", claim.Right); file.WriteLine("\tResource: {0}", claim.Resource); file.WriteLine(); returnvalue = true; } } } } file.Close(); return returnvalue; }
internal EndpointAddress(System.Uri uri, EndpointIdentity identity, AddressHeaderCollection headers, XmlDictionaryReader metadataReader, XmlDictionaryReader extensionReader, XmlDictionaryReader pspReader) { EndpointIdentity identity2; int num; if (uri == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("uri"); } XmlBuffer buffer = null; this.PossiblyPopulateBuffer(metadataReader, ref buffer, out this.metadataSection); buffer = ReadExtensions(extensionReader, null, buffer, out identity2, out num); if ((identity != null) && (identity2 != null)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentException(System.ServiceModel.SR.GetString("MultipleIdentities"), "extensionReader")); } this.PossiblyPopulateBuffer(pspReader, ref buffer, out this.pspSection); if (buffer != null) { buffer.Close(); } this.Init(uri, identity ?? identity2, headers, buffer, this.metadataSection, num, this.pspSection); }
static ClousotWCFServiceCommon() { Identity = new DnsEndpointIdentity("research.microsoft.com"); // Used by the client to be sure that we are who we say we are #if DEBUG SecurityMode = SecurityMode.None; // Mehdi: "Very complex things", we ignore them #else SecurityMode = SecurityMode.None; // TODO #endif #if WS_HTTP_BINDING #if DEBUG // This address does not need administrator privilege // Namespace created during the installation of Visual Studio BaseAddress = "http://localhost:8732/Design_Time_Addresses/ClousotService/"; #else // Need administrator privilege BaseAddress = "http://localhost:8732/Microsoft.Research/ClousotService/"; #endif #elif NET_TCP_BINDING BaseAddress = "net.tcp://localhost:9922/ClousotService/"; #endif BaseUri = new Uri(BaseAddress); }
/// <summary> /// Processes the Auth Context to get the IdentityClaims /// </summary> /// <returns></returns> protected void FindIdentityClaims() { // Pick up the claim type to use for generating the UniqueID claim string identificationClaimType = System.Configuration.ConfigurationManager.AppSettings["IdentityClaimType"]; // Or, default to PPID if (string.IsNullOrEmpty(identificationClaimType)) identificationClaimType = System.IdentityModel.Claims.ClaimTypes.PPID; ClaimSet result = null; m_endpointIdentity = null; foreach (ClaimSet claimSet in m_authorizationContext.ClaimSets) { // // This loops through the claims looking for the configured claim type // that will be used as part of the generation of the unique id. // foreach (Claim claim in claimSet.FindClaims(identificationClaimType, Rights.PossessProperty)) { // found a matching claim. This is good. m_issuer = CreateIdentityFromClaimSet(claimSet.Issuer); byte[] issuerkey; // we need to get a byte array that represents the issuer's key // to use as part of the hash to generate a unique id. // currently supported: (byte[]) or an RSACryptoServiceProvider, // This could be expanded to support other types. The key just // needs to be extracted as a byte array. issuerkey = m_issuer.IdentityClaim.Resource as byte[]; if (null == issuerkey) { RSACryptoServiceProvider csp = m_issuer.IdentityClaim.Resource as RSACryptoServiceProvider; if (null != csp) issuerkey = csp.ExportCspBlob(false); // Can't use this claim to get the key. if (null == issuerkey) throw new Exception("Unsupported IdentityClaim resource type"); } // It doesn't matter what encoding type we use, as long as it is consistent. // this conversion is just to get a consistent set of bytes from the claim. byte[] uniqueClaim = Encoding.UTF8.GetBytes(GetResourceValue(claim)); // copy the thumbprint data and the uniqueClaim together. byte[] thumbprintData = new byte[uniqueClaim.Length + issuerkey.Length]; issuerkey.CopyTo(thumbprintData, 0); uniqueClaim.CopyTo(thumbprintData, issuerkey.Length); // generate a hash. using (SHA256 sha = new SHA256Managed()) { Claim thumbprintClaim = new Claim(ClaimTypes.Thumbprint, Convert.ToBase64String(sha.ComputeHash(thumbprintData)), Rights.Identity); m_endpointIdentity = EndpointIdentity.CreateIdentity(thumbprintClaim); } m_identityClaims = claimSet; return; } if (null == m_endpointIdentity) { // // check for identity claim, if found, hold on to it, we may need to use it :) // result = claimSet; m_endpointIdentity = CreateIdentityFromClaimSet(claimSet); } } if (null != m_endpointIdentity) { m_identityClaims = result; return; } // // we have looped all claim sets with out finding an identity claim. // we will return the ppidIdentity and claimset if they were found. // throw new Exception("The XML Token data provided no Identity claim."); }
internal static bool IsMatch(EndpointIdentity identity) { return (identity.IdentityClaim.ClaimType == "http://schemas.microsoft.com/net/2006/05/peer/peer"); }
private static bool ReadContentsFrom10(XmlDictionaryReader reader, out Uri uri, out AddressHeaderCollection headers, out EndpointIdentity identity, out XmlBuffer buffer, out int metadataSection, out int extensionSection) { buffer = null; extensionSection = -1; metadataSection = -1; // Cache address string if (!reader.IsStartElement(XD.AddressingDictionary.Address, XD.Addressing10Dictionary.Namespace)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(CreateXmlException(reader, SR.Format(SR.UnexpectedElementExpectingElement, reader.LocalName, reader.NamespaceURI, XD.AddressingDictionary.Address.Value, XD.Addressing10Dictionary.Namespace.Value))); } string address = reader.ReadElementContentAsString(); // Headers if (reader.IsStartElement(XD.AddressingDictionary.ReferenceParameters, XD.Addressing10Dictionary.Namespace)) { headers = AddressHeaderCollection.ReadServiceParameters(reader); } else { headers = null; } // Metadata if (reader.IsStartElement(XD.Addressing10Dictionary.Metadata, XD.Addressing10Dictionary.Namespace)) { reader.ReadFullStartElement(); // the wsa10:Metadata element is never stored in the buffer buffer = new XmlBuffer(short.MaxValue); metadataSection = 0; XmlDictionaryWriter writer = buffer.OpenSection(reader.Quotas); writer.WriteStartElement(DummyName, DummyNamespace); while (reader.NodeType != XmlNodeType.EndElement && !reader.EOF) { writer.WriteNode(reader, true); } writer.Flush(); buffer.CloseSection(); reader.ReadEndElement(); } // Extensions buffer = ReadExtensions(reader, AddressingVersion.WSAddressing10, buffer, out identity, out extensionSection); if (buffer != null) { buffer.Close(); } // Process Address if (address == Addressing10Strings.Anonymous) { uri = AddressingVersion.WSAddressing10.AnonymousUri; if (headers == null && identity == null) { return(true); } } else if (address == Addressing10Strings.NoneAddress) { uri = AddressingVersion.WSAddressing10.NoneUri; return(false); } else { if (!Uri.TryCreate(address, UriKind.Absolute, out uri)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.Format(SR.InvalidUriValue, address, XD.AddressingDictionary.Address.Value, XD.Addressing10Dictionary.Namespace.Value))); } } return(false); }
public EndpointAddress (Uri uri, EndpointIdentity identity, AddressHeaderCollection headers) : this (uri, identity, headers, null, null) {}
public override bool TryGetIdentity(EndpointAddress reference, out EndpointIdentity identity) { return IdentityVerifier.CreateDefault().TryGetIdentity(reference, out identity); }
internal bool TryGetIdentity(EndpointAddress reference, Uri via, out EndpointIdentity identity) { AdjustAddress(ref reference, via); return this.TryGetIdentity(reference, out identity); }
public abstract bool CheckAccess(EndpointIdentity identity, AuthorizationContext authContext);
public override bool TryGetIdentity(EndpointAddress reference, out EndpointIdentity identity) { if (reference == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reference"); identity = reference.Identity; if (identity == null) { identity = this.TryCreateDnsIdentity(reference); } if (identity == null) { SecurityTraceRecordHelper.TraceIdentityDeterminationFailure(reference, typeof(DefaultIdentityVerifier)); return false; } else { SecurityTraceRecordHelper.TraceIdentityDeterminationSuccess(reference, identity, typeof(DefaultIdentityVerifier)); return true; } }
private static bool ReadContentsFrom200408(XmlDictionaryReader reader, out Uri uri, out AddressHeaderCollection headers, out EndpointIdentity identity, out XmlBuffer buffer, out int metadataSection, out int extensionSection, out int pspSection) { buffer = null; headers = null; extensionSection = -1; metadataSection = -1; pspSection = -1; // Cache address string reader.MoveToContent(); if (!reader.IsStartElement(XD.AddressingDictionary.Address, AddressingVersion.WSAddressingAugust2004.DictionaryNamespace)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(CreateXmlException(reader, SR.Format(SR.UnexpectedElementExpectingElement, reader.LocalName, reader.NamespaceURI, XD.AddressingDictionary.Address.Value, XD.Addressing200408Dictionary.Namespace.Value))); } string address = reader.ReadElementContentAsString(); // ReferenceProperites reader.MoveToContent(); if (reader.IsStartElement(XD.AddressingDictionary.ReferenceProperties, AddressingVersion.WSAddressingAugust2004.DictionaryNamespace)) { headers = AddressHeaderCollection.ReadServiceParameters(reader, true); } // ReferenceParameters reader.MoveToContent(); if (reader.IsStartElement(XD.AddressingDictionary.ReferenceParameters, AddressingVersion.WSAddressingAugust2004.DictionaryNamespace)) { if (headers != null) { List <AddressHeader> headerList = new List <AddressHeader>(); foreach (AddressHeader ah in headers) { headerList.Add(ah); } AddressHeaderCollection tmp = AddressHeaderCollection.ReadServiceParameters(reader); foreach (AddressHeader ah in tmp) { headerList.Add(ah); } headers = new AddressHeaderCollection(headerList); } else { headers = AddressHeaderCollection.ReadServiceParameters(reader); } } XmlDictionaryWriter bufferWriter = null; // PortType reader.MoveToContent(); if (reader.IsStartElement(XD.AddressingDictionary.PortType, AddressingVersion.WSAddressingAugust2004.DictionaryNamespace)) { if (bufferWriter == null) { if (buffer == null) { buffer = new XmlBuffer(short.MaxValue); } bufferWriter = buffer.OpenSection(reader.Quotas); bufferWriter.WriteStartElement(DummyName, DummyNamespace); } bufferWriter.WriteNode(reader, true); } // ServiceName reader.MoveToContent(); if (reader.IsStartElement(XD.AddressingDictionary.ServiceName, AddressingVersion.WSAddressingAugust2004.DictionaryNamespace)) { if (bufferWriter == null) { if (buffer == null) { buffer = new XmlBuffer(short.MaxValue); } bufferWriter = buffer.OpenSection(reader.Quotas); bufferWriter.WriteStartElement(DummyName, DummyNamespace); } bufferWriter.WriteNode(reader, true); } // Policy reader.MoveToContent(); while (reader.IsNamespaceUri(PolicyStrings.Namespace)) { if (bufferWriter == null) { if (buffer == null) { buffer = new XmlBuffer(short.MaxValue); } bufferWriter = buffer.OpenSection(reader.Quotas); bufferWriter.WriteStartElement(DummyName, DummyNamespace); } bufferWriter.WriteNode(reader, true); reader.MoveToContent(); } // Finish PSP if (bufferWriter != null) { bufferWriter.WriteEndElement(); buffer.CloseSection(); pspSection = buffer.SectionCount - 1; bufferWriter = null; } else { pspSection = -1; } // Metadata if (reader.IsStartElement(System.ServiceModel.Description.MetadataStrings.MetadataExchangeStrings.Metadata, System.ServiceModel.Description.MetadataStrings.MetadataExchangeStrings.Namespace)) { if (bufferWriter == null) { if (buffer == null) { buffer = new XmlBuffer(short.MaxValue); } bufferWriter = buffer.OpenSection(reader.Quotas); bufferWriter.WriteStartElement(DummyName, DummyNamespace); } bufferWriter.WriteNode(reader, true); } // Finish metadata if (bufferWriter != null) { bufferWriter.WriteEndElement(); buffer.CloseSection(); metadataSection = buffer.SectionCount - 1; bufferWriter = null; } else { metadataSection = -1; } // Extensions reader.MoveToContent(); buffer = ReadExtensions(reader, AddressingVersion.WSAddressingAugust2004, buffer, out identity, out extensionSection); // Finished reading if (buffer != null) { buffer.Close(); } // Process Address if (address == Addressing200408Strings.Anonymous) { uri = AddressingVersion.WSAddressingAugust2004.AnonymousUri; if (headers == null && identity == null) { return(true); } } else { if (!Uri.TryCreate(address, UriKind.Absolute, out uri)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.Format(SR.InvalidUriValue, address, XD.AddressingDictionary.Address.Value, AddressingVersion.WSAddressingAugust2004.Namespace))); } } return(false); }
private EndpointAddress(AddressingVersion version, Uri uri, EndpointIdentity identity, AddressHeaderCollection headers, XmlBuffer buffer, int metadataSection, int extensionSection, int pspSection) { Init(version, uri, identity, headers, buffer, metadataSection, extensionSection, pspSection); }
public override object ProvideValue(IServiceProvider serviceProvider) { Claim claim = new Claim(this.ClaimType, this.ClaimResource, this.ClaimRight); return(EndpointIdentity.CreateIdentity(claim)); }
private static bool ReadContentsFrom200408(XmlDictionaryReader reader, out System.Uri uri, out AddressHeaderCollection headers, out EndpointIdentity identity, out XmlBuffer buffer, out int metadataSection, out int extensionSection, out int pspSection) { buffer = null; headers = null; extensionSection = -1; metadataSection = -1; pspSection = -1; reader.MoveToContent(); if (!reader.IsStartElement(XD.AddressingDictionary.Address, AddressingVersion.WSAddressingAugust2004.DictionaryNamespace)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(CreateXmlException(reader, System.ServiceModel.SR.GetString("UnexpectedElementExpectingElement", new object[] { reader.LocalName, reader.NamespaceURI, XD.AddressingDictionary.Address.Value, XD.Addressing200408Dictionary.Namespace.Value }))); } string uriString = reader.ReadElementContentAsString(); reader.MoveToContent(); if (reader.IsStartElement(XD.AddressingDictionary.ReferenceProperties, AddressingVersion.WSAddressingAugust2004.DictionaryNamespace)) { headers = AddressHeaderCollection.ReadServiceParameters(reader, true); } reader.MoveToContent(); if (reader.IsStartElement(XD.AddressingDictionary.ReferenceParameters, AddressingVersion.WSAddressingAugust2004.DictionaryNamespace)) { if (headers != null) { List <AddressHeader> addressHeaders = new List <AddressHeader>(); foreach (AddressHeader header in headers) { addressHeaders.Add(header); } foreach (AddressHeader header2 in AddressHeaderCollection.ReadServiceParameters(reader)) { addressHeaders.Add(header2); } headers = new AddressHeaderCollection(addressHeaders); } else { headers = AddressHeaderCollection.ReadServiceParameters(reader); } } XmlDictionaryWriter writer = null; reader.MoveToContent(); if (reader.IsStartElement(XD.AddressingDictionary.PortType, AddressingVersion.WSAddressingAugust2004.DictionaryNamespace)) { if (writer == null) { if (buffer == null) { buffer = new XmlBuffer(0x7fff); } writer = buffer.OpenSection(reader.Quotas); writer.WriteStartElement("Dummy", "http://Dummy"); } writer.WriteNode(reader, true); } reader.MoveToContent(); if (reader.IsStartElement(XD.AddressingDictionary.ServiceName, AddressingVersion.WSAddressingAugust2004.DictionaryNamespace)) { if (writer == null) { if (buffer == null) { buffer = new XmlBuffer(0x7fff); } writer = buffer.OpenSection(reader.Quotas); writer.WriteStartElement("Dummy", "http://Dummy"); } writer.WriteNode(reader, true); } reader.MoveToContent(); while (reader.IsNamespaceUri(XD.PolicyDictionary.Namespace)) { if (writer == null) { if (buffer == null) { buffer = new XmlBuffer(0x7fff); } writer = buffer.OpenSection(reader.Quotas); writer.WriteStartElement("Dummy", "http://Dummy"); } writer.WriteNode(reader, true); reader.MoveToContent(); } if (writer != null) { writer.WriteEndElement(); buffer.CloseSection(); pspSection = buffer.SectionCount - 1; writer = null; } else { pspSection = -1; } if (reader.IsStartElement("Metadata", "http://schemas.xmlsoap.org/ws/2004/09/mex")) { if (writer == null) { if (buffer == null) { buffer = new XmlBuffer(0x7fff); } writer = buffer.OpenSection(reader.Quotas); writer.WriteStartElement("Dummy", "http://Dummy"); } writer.WriteNode(reader, true); } if (writer != null) { writer.WriteEndElement(); buffer.CloseSection(); metadataSection = buffer.SectionCount - 1; writer = null; } else { metadataSection = -1; } reader.MoveToContent(); buffer = ReadExtensions(reader, AddressingVersion.WSAddressingAugust2004, buffer, out identity, out extensionSection); if (buffer != null) { buffer.Close(); } if (uriString == "http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous") { uri = AddressingVersion.WSAddressingAugust2004.AnonymousUri; if ((headers == null) && (identity == null)) { return(true); } } else if (!System.Uri.TryCreate(uriString, UriKind.Absolute, out uri)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(System.ServiceModel.SR.GetString("InvalidUriValue", new object[] { uriString, XD.AddressingDictionary.Address.Value, AddressingVersion.WSAddressingAugust2004.Namespace }))); } return(false); }
private static bool ReadContentsFrom10(XmlDictionaryReader reader, out System.Uri uri, out AddressHeaderCollection headers, out EndpointIdentity identity, out XmlBuffer buffer, out int metadataSection, out int extensionSection) { buffer = null; extensionSection = -1; metadataSection = -1; if (!reader.IsStartElement(XD.AddressingDictionary.Address, XD.Addressing10Dictionary.Namespace)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(CreateXmlException(reader, System.ServiceModel.SR.GetString("UnexpectedElementExpectingElement", new object[] { reader.LocalName, reader.NamespaceURI, XD.AddressingDictionary.Address.Value, XD.Addressing10Dictionary.Namespace.Value }))); } string uriString = reader.ReadElementContentAsString(); if (reader.IsStartElement(XD.AddressingDictionary.ReferenceParameters, XD.Addressing10Dictionary.Namespace)) { headers = AddressHeaderCollection.ReadServiceParameters(reader); } else { headers = null; } if (reader.IsStartElement(XD.Addressing10Dictionary.Metadata, XD.Addressing10Dictionary.Namespace)) { reader.ReadFullStartElement(); buffer = new XmlBuffer(0x7fff); metadataSection = 0; XmlDictionaryWriter writer = buffer.OpenSection(reader.Quotas); writer.WriteStartElement("Dummy", "http://Dummy"); while ((reader.NodeType != XmlNodeType.EndElement) && !reader.EOF) { writer.WriteNode(reader, true); } writer.Flush(); buffer.CloseSection(); reader.ReadEndElement(); } buffer = ReadExtensions(reader, AddressingVersion.WSAddressing10, buffer, out identity, out extensionSection); if (buffer != null) { buffer.Close(); } if (uriString == "http://www.w3.org/2005/08/addressing/anonymous") { uri = AddressingVersion.WSAddressing10.AnonymousUri; if ((headers == null) && (identity == null)) { return(true); } } else { if (uriString == "http://www.w3.org/2005/08/addressing/none") { uri = AddressingVersion.WSAddressing10.NoneUri; return(false); } if (!System.Uri.TryCreate(uriString, UriKind.Absolute, out uri)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(System.ServiceModel.SR.GetString("InvalidUriValue", new object[] { uriString, XD.AddressingDictionary.Address.Value, XD.Addressing10Dictionary.Namespace.Value }))); } } return(false); }
private void Init(System.Uri uri, EndpointIdentity identity, AddressHeaderCollection headers, XmlBuffer buffer, int metadataSection, int extensionSection, int pspSection) { this.Init(null, uri, identity, headers, buffer, metadataSection, extensionSection, pspSection); }
Exception CreateIdentityCheckException(EndpointIdentity identity, AuthorizationContext authorizationContext, string errorString, EndpointAddress serviceReference) { Exception result; if (identity.IdentityClaim != null && identity.IdentityClaim.ClaimType == ClaimTypes.Dns && identity.IdentityClaim.Right == Rights.PossessProperty && identity.IdentityClaim.Resource is string) { string expectedDnsName = (string)identity.IdentityClaim.Resource; string actualDnsName = null; for (int i = 0; i < authorizationContext.ClaimSets.Count; ++i) { ClaimSet claimSet = authorizationContext.ClaimSets[i]; foreach (Claim claim in claimSet.FindClaims(ClaimTypes.Dns, Rights.PossessProperty)) { if (claim.Resource is string) { actualDnsName = (string)claim.Resource; break; } } if (actualDnsName != null) { break; } } if (SR.IdentityCheckFailedForIncomingMessage.Equals(errorString)) { if (actualDnsName == null) { result = new MessageSecurityException(SR.GetString(SR.DnsIdentityCheckFailedForIncomingMessageLackOfDnsClaim, expectedDnsName)); } else { result = new MessageSecurityException(SR.GetString(SR.DnsIdentityCheckFailedForIncomingMessage, expectedDnsName, actualDnsName)); } } else if (SR.IdentityCheckFailedForOutgoingMessage.Equals(errorString)) { if (actualDnsName == null) { result = new MessageSecurityException(SR.GetString(SR.DnsIdentityCheckFailedForOutgoingMessageLackOfDnsClaim, expectedDnsName)); } else { result = new MessageSecurityException(SR.GetString(SR.DnsIdentityCheckFailedForOutgoingMessage, expectedDnsName, actualDnsName)); } } else { result = new MessageSecurityException(SR.GetString(errorString, identity, serviceReference)); } } else { result = new MessageSecurityException(SR.GetString(errorString, identity, serviceReference)); } return result; }
public EndpointAddress(Uri uri, EndpointIdentity identity, AddressHeaderCollection headers) : this(uri, identity, headers, null, null) { }
public override bool CheckAccess(EndpointIdentity identity, AuthorizationContext authContext) { EventTraceActivity eventTraceActivity = null; if (identity == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("identity"); if (authContext == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("authContext"); if (FxTrace.Trace.IsEnd2EndActivityTracingEnabled) { eventTraceActivity = EventTraceActivityHelper.TryExtractActivity((OperationContext.Current != null) ? OperationContext.Current.IncomingMessage : null); } for (int i = 0; i < authContext.ClaimSets.Count; ++i) { ClaimSet claimSet = authContext.ClaimSets[i]; if (claimSet.ContainsClaim(identity.IdentityClaim)) { SecurityTraceRecordHelper.TraceIdentityVerificationSuccess(eventTraceActivity, identity, identity.IdentityClaim, this.GetType()); return true; } // try Claim equivalence string expectedSpn = null; if (ClaimTypes.Dns.Equals(identity.IdentityClaim.ClaimType)) { expectedSpn = string.Format(CultureInfo.InvariantCulture, "host/{0}", (string)identity.IdentityClaim.Resource); Claim claim = CheckDnsEquivalence(claimSet, expectedSpn); if (claim != null) { SecurityTraceRecordHelper.TraceIdentityVerificationSuccess(eventTraceActivity, identity, claim, this.GetType()); return true; } } // Allow a Sid claim to support UPN, and SPN identities SecurityIdentifier identitySid = null; if (ClaimTypes.Sid.Equals(identity.IdentityClaim.ClaimType)) { identitySid = GetSecurityIdentifier(identity.IdentityClaim); } else if (ClaimTypes.Upn.Equals(identity.IdentityClaim.ClaimType)) { identitySid = ((UpnEndpointIdentity)identity).GetUpnSid(); } else if (ClaimTypes.Spn.Equals(identity.IdentityClaim.ClaimType)) { identitySid = ((SpnEndpointIdentity)identity).GetSpnSid(); } else if (ClaimTypes.Dns.Equals(identity.IdentityClaim.ClaimType)) { identitySid = new SpnEndpointIdentity(expectedSpn).GetSpnSid(); } if (identitySid != null) { Claim claim = CheckSidEquivalence(identitySid, claimSet); if (claim != null) { SecurityTraceRecordHelper.TraceIdentityVerificationSuccess(eventTraceActivity, identity, claim, this.GetType()); return true; } } } SecurityTraceRecordHelper.TraceIdentityVerificationFailure(identity, authContext, this.GetType()); if (TD.SecurityIdentityVerificationFailureIsEnabled()) { TD.SecurityIdentityVerificationFailure(eventTraceActivity); } return false; }
public EndpointAddress(Uri uri, EndpointIdentity identity, params AddressHeader [] headers) : this(uri, identity, new AddressHeaderCollection(headers), null, null) { }
public abstract bool TryGetIdentity(EndpointAddress reference, out EndpointIdentity identity);
public EndpointAddress(Uri uri, EndpointIdentity identity, System.ServiceModel.Channels.AddressHeader[] addressHeaders) { Contract.Requires(uri != null); Contract.Requires(uri.IsAbsoluteUri); }
public override bool CheckAccess(EndpointIdentity identity, AuthorizationContext authContext) { bool returnvalue = false; foreach (ClaimSet claimset in authContext.ClaimSets) { foreach (Claim claim in claimset) { if (claim.ClaimType == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishedname") { X500DistinguishedName name = (X500DistinguishedName)claim.Resource; if (name.Name.Contains(((OrgEndpointIdentity)identity).OrganizationClaim)) { Console.WriteLine("Claim Type: {0}", claim.ClaimType); Console.WriteLine("Right: {0}", claim.Right); Console.WriteLine("Resource: {0}", claim.Resource); Console.WriteLine(); returnvalue = true; } } } } return returnvalue; }
public EndpointAddress(Uri uri, EndpointIdentity identity, System.ServiceModel.Channels.AddressHeaderCollection headers, System.Xml.XmlDictionaryReader metadataReader, System.Xml.XmlDictionaryReader extensionReader) { Contract.Requires(uri != null); Contract.Requires(uri.IsAbsoluteUri); }
public EndpointAddress (Uri uri, EndpointIdentity identity, params AddressHeader [] headers) : this (uri, identity, new AddressHeaderCollection (headers), null, null) {}
public override bool Equals(object other) { EndpointIdentity e = other as EndpointIdentity; return(e != null && comparer.Equals(claim, e.claim)); }
internal static EndpointIdentity ReadIdentity(XmlDictionaryReader reader) { if (reader == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader"); } EndpointIdentity readIdentity = null; reader.MoveToContent(); if (reader.IsEmptyElement) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.UnexpectedEmptyElementExpectingClaim, XD.AddressingDictionary.Identity.Value, XD.AddressingDictionary.IdentityExtensionNamespace.Value))); } reader.ReadStartElement(XD.AddressingDictionary.Identity, XD.AddressingDictionary.IdentityExtensionNamespace); if (reader.IsStartElement(XD.AddressingDictionary.Spn, XD.AddressingDictionary.IdentityExtensionNamespace)) { readIdentity = new SpnEndpointIdentity(reader.ReadElementString()); } else if (reader.IsStartElement(XD.AddressingDictionary.Upn, XD.AddressingDictionary.IdentityExtensionNamespace)) { readIdentity = new UpnEndpointIdentity(reader.ReadElementString()); } else if (reader.IsStartElement(XD.AddressingDictionary.Dns, XD.AddressingDictionary.IdentityExtensionNamespace)) { readIdentity = new DnsEndpointIdentity(reader.ReadElementString()); } else if (reader.IsStartElement(XD.XmlSignatureDictionary.KeyInfo, XD.XmlSignatureDictionary.Namespace)) { reader.ReadStartElement(); if (reader.IsStartElement(XD.XmlSignatureDictionary.X509Data, XD.XmlSignatureDictionary.Namespace)) { readIdentity = new X509CertificateEndpointIdentity(reader); } else if (reader.IsStartElement(XD.XmlSignatureDictionary.RsaKeyValue, XD.XmlSignatureDictionary.Namespace)) { readIdentity = new RsaEndpointIdentity(reader); } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.UnrecognizedIdentityType, reader.Name, reader.NamespaceURI))); } reader.ReadEndElement(); } else if (reader.NodeType == XmlNodeType.Element) { // // Something unknown // throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.UnrecognizedIdentityType, reader.Name, reader.NamespaceURI))); } else { // // EndpointIdentity element is empty or some other invalid xml // throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.InvalidIdentityElement))); } reader.ReadEndElement(); return(readIdentity); }
internal static XmlBuffer ReadExtensions(XmlDictionaryReader reader, AddressingVersion version, XmlBuffer buffer, out EndpointIdentity identity, out int section) { if (reader == null) { identity = null; section = -1; return(buffer); } // EndpointIdentity and extensions identity = null; XmlDictionaryWriter bufferWriter = null; reader.MoveToContent(); while (reader.IsStartElement()) { if (reader.IsStartElement(XD.AddressingDictionary.Identity, XD.AddressingDictionary.IdentityExtensionNamespace)) { if (identity != null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(CreateXmlException(reader, SR.Format(SR.UnexpectedDuplicateElement, XD.AddressingDictionary.Identity.Value, XD.AddressingDictionary.IdentityExtensionNamespace.Value))); } identity = EndpointIdentity.ReadIdentity(reader); } else if (version != null && reader.NamespaceURI == version.Namespace) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(CreateXmlException(reader, SR.Format(SR.AddressingExtensionInBadNS, reader.LocalName, reader.NamespaceURI))); } else { if (bufferWriter == null) { if (buffer == null) { buffer = new XmlBuffer(short.MaxValue); } bufferWriter = buffer.OpenSection(reader.Quotas); bufferWriter.WriteStartElement(DummyName, DummyNamespace); } bufferWriter.WriteNode(reader, true); } reader.MoveToContent(); } if (bufferWriter != null) { bufferWriter.WriteEndElement(); buffer.CloseSection(); section = buffer.SectionCount - 1; } else { section = -1; } return(buffer); }