MessageSecurityOverHttp.cs source code in C# .NET

Source code for the .NET framework in C#

                        

Code:

/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / ServiceModel / System / ServiceModel / MessageSecurityOverHttp.cs / 1 / MessageSecurityOverHttp.cs

                            //------------------------------------------------------------ 
// Copyright (c) Microsoft Corporation.  All rights reserved.
//-----------------------------------------------------------
namespace System.ServiceModel
{ 
    using System.Net.Security;
    using System.ServiceModel.Channels; 
    using System.ServiceModel.Security; 
    using System.ServiceModel.Security.Tokens;
    using System.Runtime.CompilerServices; 

    public class MessageSecurityOverHttp
    {
        internal const MessageCredentialType DefaultClientCredentialType = MessageCredentialType.Windows; 
        internal const bool DefaultNegotiateServiceCredential = true;
 
        MessageCredentialType clientCredentialType; 
        bool negotiateServiceCredential;
        SecurityAlgorithmSuite algorithmSuite; 
        bool wasAlgorithmSuiteSet;

        internal MessageSecurityOverHttp()
        { 
            clientCredentialType = DefaultClientCredentialType;
            negotiateServiceCredential = DefaultNegotiateServiceCredential; 
            algorithmSuite = SecurityAlgorithmSuite.Default; 
        }
 
        public MessageCredentialType ClientCredentialType
        {
            get { return this.clientCredentialType; }
            set 
            {
                if (!MessageCredentialTypeHelper.IsDefined(value)) 
                { 
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value"));
                } 
                this.clientCredentialType = value;
            }
        }
 
        public bool NegotiateServiceCredential
        { 
            get { return this.negotiateServiceCredential; } 
            set { this.negotiateServiceCredential = value; }
        } 

        public SecurityAlgorithmSuite AlgorithmSuite
        {
            get { return this.algorithmSuite; } 
            set
            { 
                if (value == null) 
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value"); 
                }
                this.algorithmSuite = value;
                wasAlgorithmSuiteSet = true;
            } 
        }
 
        internal bool WasAlgorithmSuiteSet 
        {
            get { return this.wasAlgorithmSuiteSet; } 
        }

        protected virtual bool IsSecureConversationEnabled()
        { 
            return true;
        } 
 
        [MethodImpl(MethodImplOptions.NoInlining)]
        internal SecurityBindingElement CreateSecurityBindingElement(bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version) 
        {
            if (isReliableSession && !this.IsSecureConversationEnabled())
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SecureConversationRequiredByReliableSession))); 
            }
 
            SecurityBindingElement result; 
            SecurityBindingElement oneShotSecurity;
 
            bool isKerberosSelected = false;
            bool emitBspAttributes = true;
            if (isSecureTransportMode)
            { 
                switch (this.clientCredentialType)
                { 
                    case MessageCredentialType.None: 
                        throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ClientCredentialTypeMustBeSpecifiedForMixedMode)));
                    case MessageCredentialType.UserName: 
                        oneShotSecurity = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
                        break;
                    case MessageCredentialType.Certificate:
                        oneShotSecurity = SecurityBindingElement.CreateCertificateOverTransportBindingElement(); 
                        break;
                    case MessageCredentialType.Windows: 
                        oneShotSecurity = SecurityBindingElement.CreateSspiNegotiationOverTransportBindingElement(true); 
                        break;
                    case MessageCredentialType.IssuedToken: 
                        oneShotSecurity = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(new WSSecurityTokenSerializer(emitBspAttributes)), this.algorithmSuite));
                        break;
                    default:
                        DiagnosticUtility.DebugAssert("unknown ClientCredentialType"); 
                        throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
                } 
                if (this.IsSecureConversationEnabled()) 
                {
                    result = SecurityBindingElement.CreateSecureConversationBindingElement(oneShotSecurity, true); 
                }
                else
                {
                    result = oneShotSecurity; 
                }
            } 
            else 
            {
                if (negotiateServiceCredential) 
                {
                    switch (this.clientCredentialType)
                    {
                        case MessageCredentialType.None: 
                            oneShotSecurity = SecurityBindingElement.CreateSslNegotiationBindingElement(false, true);
                            break; 
                        case MessageCredentialType.UserName: 
                            oneShotSecurity = SecurityBindingElement.CreateUserNameForSslBindingElement(true);
                            break; 
                        case MessageCredentialType.Certificate:
                            oneShotSecurity = SecurityBindingElement.CreateSslNegotiationBindingElement(true, true);
                            break;
                        case MessageCredentialType.Windows: 
                            oneShotSecurity = SecurityBindingElement.CreateSspiNegotiationBindingElement(true);
                            break; 
                        case MessageCredentialType.IssuedToken: 
                            oneShotSecurity = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(new WSSecurityTokenSerializer(emitBspAttributes)), this.algorithmSuite), true);
                            break; 
                        default:
                            DiagnosticUtility.DebugAssert("unknown ClientCredentialType");
                            throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
                    } 
                }
                else 
                { 
                    switch (this.clientCredentialType)
                    { 
                        case MessageCredentialType.None:
                            oneShotSecurity = SecurityBindingElement.CreateAnonymousForCertificateBindingElement();
                            break;
                        case MessageCredentialType.UserName: 
                            oneShotSecurity = SecurityBindingElement.CreateUserNameForCertificateBindingElement();
                            break; 
                        case MessageCredentialType.Certificate: 
                            oneShotSecurity = SecurityBindingElement.CreateMutualCertificateBindingElement();
                            break; 
                        case MessageCredentialType.Windows:
                            oneShotSecurity = SecurityBindingElement.CreateKerberosBindingElement();
                            isKerberosSelected = true;
                            break; 
                        case MessageCredentialType.IssuedToken:
                            oneShotSecurity = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(new WSSecurityTokenSerializer(emitBspAttributes)), this.algorithmSuite)); 
                            break; 
                        default:
                            DiagnosticUtility.DebugAssert("unknown ClientCredentialType"); 
                            throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
                    }
                }
                if (this.IsSecureConversationEnabled()) 
                {
                    result = SecurityBindingElement.CreateSecureConversationBindingElement(oneShotSecurity, true); 
                } 
                else
                { 
                    result = oneShotSecurity;
                }
            }
 
            // set the algorithm suite and issued token params if required
            if (wasAlgorithmSuiteSet || (!isKerberosSelected)) 
            { 
                result.DefaultAlgorithmSuite = oneShotSecurity.DefaultAlgorithmSuite = this.AlgorithmSuite;
            } 
            else if (isKerberosSelected)
            {
                result.DefaultAlgorithmSuite = oneShotSecurity.DefaultAlgorithmSuite = SecurityAlgorithmSuite.KerberosDefault;
            } 

            result.IncludeTimestamp = true; 
            oneShotSecurity.MessageSecurityVersion = version; 
            result.MessageSecurityVersion = version;
            if (!isReliableSession) 
            {
                result.LocalServiceSettings.ReconnectTransportOnFailure = false;
                result.LocalClientSettings.ReconnectTransportOnFailure = false;
            } 
            else
            { 
                result.LocalServiceSettings.ReconnectTransportOnFailure = true; 
                result.LocalClientSettings.ReconnectTransportOnFailure = true;
            } 

            if (this.IsSecureConversationEnabled())
            {
                // issue the transition SCT for a short duration only 
                oneShotSecurity.LocalServiceSettings.IssuedCookieLifetime = SpnegoTokenAuthenticator.defaultServerIssuedTransitionTokenLifetime;
            } 
 
            return result;
        } 

        internal static bool TryCreate(SecurityBindingElement sbe, bool isSecureTransportMode, bool isReliableSession, out TSecurity messageSecurity)
            where TSecurity : MessageSecurityOverHttp
        { 
            DiagnosticUtility.DebugAssert(null != sbe, string.Empty);
 
            messageSecurity = null; 

            // do not check local settings: sbe.LocalServiceSettings and sbe.LocalClientSettings 

            if (!sbe.IncludeTimestamp)
            {
                return false; 
            }
 
            // Do not check MessageSecurityVersion: it maybe changed by the wrapper element and gets checked later in the SecuritySection.AreBindingsMatching() 

            if (sbe.SecurityHeaderLayout != SecurityProtocolFactory.defaultSecurityHeaderLayout) 
            {
                return false;
            }
 
            bool negotiateServiceCredential = DefaultNegotiateServiceCredential;
            MessageCredentialType clientCredentialType; 
            SecurityAlgorithmSuite algorithmSuite = SecurityAlgorithmSuite.Default; 
            bool isSecureConversation;
 
            SecurityBindingElement bootstrapSecurity;
            if (!SecurityBindingElement.IsSecureConversationBinding(sbe, true, out bootstrapSecurity))
            {
                isSecureConversation = false; 

                bootstrapSecurity = sbe; 
            } 
            else
            { 
                isSecureConversation = true;
            }

            if (!isSecureConversation && typeof(TSecurity).Equals(typeof(MessageSecurityOverHttp))) 
            {
                return false; 
            } 

            if (!isSecureConversation && isReliableSession) 
            {
                return false;
            }
 
            if (isSecureTransportMode && !(bootstrapSecurity is TransportSecurityBindingElement))
            { 
                return false; 
            }
 
            IssuedSecurityTokenParameters infocardParameters;
            if (isSecureTransportMode)
            {
                if (SecurityBindingElement.IsUserNameOverTransportBinding(bootstrapSecurity)) 
                {
                    clientCredentialType = MessageCredentialType.UserName; 
                } 
                else if (SecurityBindingElement.IsCertificateOverTransportBinding(bootstrapSecurity))
                { 
                    clientCredentialType = MessageCredentialType.Certificate;
                }
                else if (SecurityBindingElement.IsSspiNegotiationOverTransportBinding(bootstrapSecurity, true))
                { 
                    clientCredentialType = MessageCredentialType.Windows;
                } 
                else if (SecurityBindingElement.IsIssuedTokenOverTransportBinding(bootstrapSecurity, out infocardParameters)) 
                {
                    if (!IssuedSecurityTokenParameters.IsInfoCardParameters(infocardParameters)) 
                    {
                        return false;
                    }
                    clientCredentialType = MessageCredentialType.IssuedToken; 
                }
                else 
                { 
                    // the standard binding does not support None client credential type in mixed mode
                    return false; 
                }
            }
            else
            { 
                if (SecurityBindingElement.IsSslNegotiationBinding(bootstrapSecurity, false, true))
                { 
                    negotiateServiceCredential = true; 
                    clientCredentialType = MessageCredentialType.None;
                } 
                else if (SecurityBindingElement.IsUserNameForSslBinding(bootstrapSecurity, true))
                {
                    negotiateServiceCredential = true;
                    clientCredentialType = MessageCredentialType.UserName; 
                }
                else if (SecurityBindingElement.IsSslNegotiationBinding(bootstrapSecurity, true, true)) 
                { 
                    negotiateServiceCredential = true;
                    clientCredentialType = MessageCredentialType.Certificate; 
                }
                else if (SecurityBindingElement.IsSspiNegotiationBinding(bootstrapSecurity, true))
                {
                    negotiateServiceCredential = true; 
                    clientCredentialType = MessageCredentialType.Windows;
                } 
                else if (SecurityBindingElement.IsIssuedTokenForSslBinding(bootstrapSecurity, true, out infocardParameters)) 
                {
                    if (!IssuedSecurityTokenParameters.IsInfoCardParameters(infocardParameters)) 
                    {
                        return false;
                    }
                    negotiateServiceCredential = true; 
                    clientCredentialType = MessageCredentialType.IssuedToken;
                } 
                else if (SecurityBindingElement.IsUserNameForCertificateBinding(bootstrapSecurity)) 
                {
                    negotiateServiceCredential = false; 
                    clientCredentialType = MessageCredentialType.UserName;
                }
                else if (SecurityBindingElement.IsMutualCertificateBinding(bootstrapSecurity))
                { 
                    negotiateServiceCredential = false;
                    clientCredentialType = MessageCredentialType.Certificate; 
                } 
                else if (SecurityBindingElement.IsKerberosBinding(bootstrapSecurity))
                { 
                    negotiateServiceCredential = false;
                    clientCredentialType = MessageCredentialType.Windows;
                }
                else if (SecurityBindingElement.IsIssuedTokenForCertificateBinding(bootstrapSecurity, out infocardParameters)) 
                {
                    if (!IssuedSecurityTokenParameters.IsInfoCardParameters(infocardParameters)) 
                    { 
                        return false;
                    } 
                    negotiateServiceCredential = false;
                    clientCredentialType = MessageCredentialType.IssuedToken;
                }
                else if (SecurityBindingElement.IsAnonymousForCertificateBinding(bootstrapSecurity)) 
                {
                    negotiateServiceCredential = false; 
                    clientCredentialType = MessageCredentialType.None; 
                }
                else 
                {
                    return false;
                }
            } 

            // Do not check any Local* settings 
 
            // Do not check DefaultAlgorithmSuite: is it often changed after the Security element is created, it will verified by SecuritySectionBase.AreBindingsMatching().
 
            if (typeof(NonDualMessageSecurityOverHttp).Equals(typeof(TSecurity)))
            {
                messageSecurity = (TSecurity)(object)new NonDualMessageSecurityOverHttp();
                ((NonDualMessageSecurityOverHttp)(object)messageSecurity).EstablishSecurityContext = isSecureConversation; 
            }
            else 
            { 
                messageSecurity = (TSecurity)(object)new MessageSecurityOverHttp();
            } 

            messageSecurity.ClientCredentialType = clientCredentialType;
            messageSecurity.NegotiateServiceCredential = negotiateServiceCredential;
            messageSecurity.AlgorithmSuite = sbe.DefaultAlgorithmSuite; 
            return true;
        } 
    } 
}

// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// Copyright (c) Microsoft Corporation. All rights reserved.
                        

Link Menu

Network programming in C#, Network Programming in VB.NET, Network Programming in .NET
This book is available now!
Buy at Amazon US or
Buy at Amazon UK