FederatedMessageSecurityOverHttp.cs source code in C# .NET

Source code for the .NET framework in C#

                        

Code:

/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / ServiceModel / System / ServiceModel / FederatedMessageSecurityOverHttp.cs / 1 / FederatedMessageSecurityOverHttp.cs

                            //------------------------------------------------------------ 
// Copyright (c) Microsoft Corporation.  All rights reserved.
//-----------------------------------------------------------
namespace System.ServiceModel
{ 
    using System.Collections.ObjectModel;
    using System.ServiceModel.Channels; 
    using System.Xml; 
    using System.Net.Security;
    using System.IdentityModel.Tokens; 
    using System.ServiceModel.Security;
    using System.ServiceModel.Security.Tokens;
    using System.Runtime.CompilerServices;
 

    public sealed class FederatedMessageSecurityOverHttp 
    { 
        internal const bool DefaultNegotiateServiceCredential = true;
        internal const SecurityKeyType DefaultIssuedKeyType = SecurityKeyType.SymmetricKey; 

        bool negotiateServiceCredential;
        SecurityAlgorithmSuite algorithmSuite;
        EndpointAddress issuerAddress; 
        EndpointAddress issuerMetadataAddress;
        Binding issuerBinding; 
        Collection claimTypeRequirements; 
        string issuedTokenType;
        SecurityKeyType issuedKeyType; 
        Collection tokenRequestParameters;

        internal FederatedMessageSecurityOverHttp()
        { 
            negotiateServiceCredential = DefaultNegotiateServiceCredential;
            algorithmSuite = SecurityAlgorithmSuite.Default; 
            issuedKeyType = DefaultIssuedKeyType; 
            claimTypeRequirements = new Collection();
            tokenRequestParameters = new Collection(); 
        }

        public bool NegotiateServiceCredential
        { 
            get { return this.negotiateServiceCredential; }
            set { this.negotiateServiceCredential = value; } 
        } 

        public SecurityAlgorithmSuite AlgorithmSuite 
        {
            get { return this.algorithmSuite; }
            set
            { 
                if (value == null)
                { 
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value"); 
                }
                this.algorithmSuite = value; 
            }
        }

        public EndpointAddress IssuerAddress 
        {
            get { return this.issuerAddress; } 
            set { this.issuerAddress = value; } 
        }
 
        public EndpointAddress IssuerMetadataAddress
        {
            get { return this.issuerMetadataAddress; }
            set { this.issuerMetadataAddress = value; } 
        }
 
        public Binding IssuerBinding 
        {
            get 
            {
                return this.issuerBinding;
            }
            set 
            {
                this.issuerBinding = value; 
            } 
        }
 
        public string IssuedTokenType
        {
            get { return this.issuedTokenType; }
            set { this.issuedTokenType = value; } 
        }
 
        public SecurityKeyType IssuedKeyType 
        {
            get { return this.issuedKeyType; } 
            set
            {
                if (!SecurityKeyTypeHelper.IsDefined(value))
                { 
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value"));
                } 
                this.issuedKeyType = value; 
            }
        } 

        public Collection ClaimTypeRequirements
        {
            get { return this.claimTypeRequirements; } 
        }
 
        public Collection TokenRequestParameters 
        {
            get { return this.tokenRequestParameters; } 
        }

        [MethodImpl(MethodImplOptions.NoInlining)]
        internal SecurityBindingElement CreateSecurityBindingElement(bool isSecureTransportMode, 
                                                                     bool isReliableSession,
                                                                     MessageSecurityVersion version) 
        { 
            if((this.IssuedKeyType == SecurityKeyType.BearerKey) &&
               (version.TrustVersion == TrustVersion.WSTrustFeb2005)) 
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.BearerKeyIncompatibleWithWSFederationHttpBinding)));
            }
 
            SecurityBindingElement result;
            bool emitBspAttributes = true; 
            IssuedSecurityTokenParameters issuedParameters = new IssuedSecurityTokenParameters(this.IssuedTokenType, this.IssuerAddress, this.IssuerBinding); 
            issuedParameters.IssuerMetadataAddress = this.issuerMetadataAddress;
            issuedParameters.KeyType = this.IssuedKeyType; 
            if (this.IssuedKeyType == SecurityKeyType.SymmetricKey)
            {
                issuedParameters.KeySize = this.AlgorithmSuite.DefaultSymmetricKeyLength;
            } 
            else
            { 
                issuedParameters.KeySize = 0; 
            }
            foreach (ClaimTypeRequirement c in this.claimTypeRequirements) 
            {
                issuedParameters.ClaimTypeRequirements.Add(c);
            }
            foreach (XmlElement p in this.TokenRequestParameters) 
            {
                issuedParameters.AdditionalRequestParameters.Add(p); 
            } 
            WSSecurityTokenSerializer versionSpecificSerializer = new WSSecurityTokenSerializer(version.SecurityVersion,
                                                                                                version.TrustVersion, 
                                                                                                version.SecureConversationVersion,
                                                                                                emitBspAttributes,
                                                                                                null, null, null);
            SecurityStandardsManager versionSpecificStandardsManager = new SecurityStandardsManager(version, versionSpecificSerializer); 
            issuedParameters.AddAlgorithmParameters(this.AlgorithmSuite, versionSpecificStandardsManager, this.issuedKeyType);
 
            SecurityBindingElement issuedTokenSecurity; 
            if (isSecureTransportMode)
            { 
                issuedTokenSecurity = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(issuedParameters);
            }
            else
            { 
                if (negotiateServiceCredential)
                { 
                    // We should have passed 'true' as RequireCancelation to be consistent with other standard bindings. 
                    // However, to limit the change for Orcas, we scope down to just newer version of WSSecurityPolicy.
                    issuedTokenSecurity = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(issuedParameters, version.SecurityPolicyVersion != SecurityPolicyVersion.WSSecurityPolicy11); 
                }
                else
                {
                    issuedTokenSecurity = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(issuedParameters); 
                }
            } 
 
            issuedTokenSecurity.MessageSecurityVersion = version;
            issuedTokenSecurity.DefaultAlgorithmSuite = this.AlgorithmSuite; 

            result = SecurityBindingElement.CreateSecureConversationBindingElement(issuedTokenSecurity, true);
            result.MessageSecurityVersion = version;
            result.DefaultAlgorithmSuite = this.AlgorithmSuite; 
            result.IncludeTimestamp = true;
 
            if (!isReliableSession) 
            {
                result.LocalServiceSettings.ReconnectTransportOnFailure = false; 
                result.LocalClientSettings.ReconnectTransportOnFailure = false;
            }
            else
            { 
                result.LocalServiceSettings.ReconnectTransportOnFailure = true;
                result.LocalClientSettings.ReconnectTransportOnFailure = true; 
            } 

            return result; 
        }

        internal static bool TryCreate(SecurityBindingElement sbe, bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version, out FederatedMessageSecurityOverHttp messageSecurity)
        { 
            DiagnosticUtility.DebugAssert(null != sbe, string.Empty);
 
            messageSecurity = null; 

            // do not check local settings: sbe.LocalServiceSettings and sbe.LocalClientSettings 

            if (!sbe.IncludeTimestamp)
                return false;
 
            if (sbe.SecurityHeaderLayout != SecurityProtocolFactory.defaultSecurityHeaderLayout)
                return false; 
 
            bool emitBspAttributes = true;
 
            // Do not check MessageSecurityVersion: it maybe changed by the wrapper element and gets checked later in the SecuritySection.AreBindingsMatching()

            SecurityBindingElement bootstrapSecurity;
 
            if (!SecurityBindingElement.IsSecureConversationBinding(sbe, true, out bootstrapSecurity))
                return false; 
 
            if (isSecureTransportMode && !(bootstrapSecurity is TransportSecurityBindingElement))
                return false; 

            bool negotiateServiceCredential = DefaultNegotiateServiceCredential;
            IssuedSecurityTokenParameters issuedTokenParameters;
 
            if (isSecureTransportMode)
            { 
                if (!SecurityBindingElement.IsIssuedTokenOverTransportBinding(bootstrapSecurity, out issuedTokenParameters)) 
                    return false;
            } 
            else
            {
                // We should have passed 'true' as RequireCancelation to be consistent with other standard bindings.
                // However, to limit the change for Orcas, we scope down to just newer version of WSSecurityPolicy. 
                if (SecurityBindingElement.IsIssuedTokenForSslBinding(bootstrapSecurity, version.SecurityPolicyVersion != SecurityPolicyVersion.WSSecurityPolicy11, out issuedTokenParameters))
                    negotiateServiceCredential = true; 
                else if (SecurityBindingElement.IsIssuedTokenForCertificateBinding(bootstrapSecurity, out issuedTokenParameters)) 
                    negotiateServiceCredential = false;
                else 
                    return false;
            }

            if ((issuedTokenParameters.KeyType == SecurityKeyType.BearerKey) && 
               (version.TrustVersion == TrustVersion.WSTrustFeb2005))
            { 
                return false; 
            }
 
            Collection nonAlgorithmRequestParameters;
            WSSecurityTokenSerializer versionSpecificSerializer = new WSSecurityTokenSerializer(version.SecurityVersion,
                                                                                                version.TrustVersion,
                                                                                                version.SecureConversationVersion, 
                                                                                                emitBspAttributes,
                                                                                                null, null, null); 
            SecurityStandardsManager versionSpecificStandardsManager = new SecurityStandardsManager(version, versionSpecificSerializer); 

            if (!issuedTokenParameters.DoAlgorithmsMatch(sbe.DefaultAlgorithmSuite, 
                                                         versionSpecificStandardsManager,
                                                         out nonAlgorithmRequestParameters))
            {
                return false; 
            }
            messageSecurity = new FederatedMessageSecurityOverHttp(); 
 
            messageSecurity.AlgorithmSuite = sbe.DefaultAlgorithmSuite;
            messageSecurity.NegotiateServiceCredential = negotiateServiceCredential; 

            messageSecurity.IssuedTokenType = issuedTokenParameters.TokenType;
            messageSecurity.IssuerAddress = issuedTokenParameters.IssuerAddress;
            messageSecurity.IssuerBinding = issuedTokenParameters.IssuerBinding; 
            messageSecurity.IssuerMetadataAddress = issuedTokenParameters.IssuerMetadataAddress;
            messageSecurity.IssuedKeyType = issuedTokenParameters.KeyType; 
            foreach (ClaimTypeRequirement c in issuedTokenParameters.ClaimTypeRequirements) 
            {
                messageSecurity.ClaimTypeRequirements.Add(c); 
            }
            foreach (XmlElement p in nonAlgorithmRequestParameters)
            {
                messageSecurity.TokenRequestParameters.Add(p); 
            }
            if (issuedTokenParameters.AlternativeIssuerEndpoints != null && issuedTokenParameters.AlternativeIssuerEndpoints.Count > 0) 
            { 
                return false;
            } 
            return true;
        }
    }
} 

// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// Copyright (c) Microsoft Corporation. All rights reserved.
                        

Link Menu

Network programming in C#, Network Programming in VB.NET, Network Programming in .NET
This book is available now!
Buy at Amazon US or
Buy at Amazon UK