1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
|
//------------------------------------------------------------
// Copyright (c) Microsoft Corporation. All rights reserved.
//------------------------------------------------------------
namespace System.ServiceModel
{
using System;
using System.Text;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.Configuration;
using System.Globalization;
using System.Net;
using System.Net.Security;
using System.Runtime.Serialization;
using System.Security.Principal;
using System.ServiceModel.Channels;
using System.ServiceModel.Configuration;
using System.ServiceModel.Security;
using System.Xml;
using System.ComponentModel;
public class WSFederationHttpBinding : WSHttpBindingBase
{
static readonly MessageSecurityVersion WSMessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
Uri privacyNoticeAt;
int privacyNoticeVersion;
WSFederationHttpSecurity security = new WSFederationHttpSecurity();
public WSFederationHttpBinding(string configName)
: this()
{
ApplyConfiguration(configName);
}
public WSFederationHttpBinding()
: base()
{
}
public WSFederationHttpBinding(WSFederationHttpSecurityMode securityMode)
: this(securityMode, false)
{
}
public WSFederationHttpBinding(WSFederationHttpSecurityMode securityMode, bool reliableSessionEnabled)
: base(reliableSessionEnabled)
{
security.Mode = securityMode;
}
internal WSFederationHttpBinding(WSFederationHttpSecurity security, PrivacyNoticeBindingElement privacy, bool reliableSessionEnabled)
: base(reliableSessionEnabled)
{
this.security = security;
if (null != privacy)
{
this.privacyNoticeAt = privacy.Url;
this.privacyNoticeVersion = privacy.Version;
}
}
[DefaultValue(null)]
public Uri PrivacyNoticeAt
{
get { return this.privacyNoticeAt; }
set { this.privacyNoticeAt = value; }
}
[DefaultValue(0)]
public int PrivacyNoticeVersion
{
get { return this.privacyNoticeVersion; }
set { this.privacyNoticeVersion = value; }
}
public WSFederationHttpSecurity Security
{
get { return this.security; }
set
{
if (value == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value");
this.security = value;
}
}
void ApplyConfiguration(string configurationName)
{
WSFederationHttpBindingCollectionElement section = WSFederationHttpBindingCollectionElement.GetBindingCollectionElement();
WSFederationHttpBindingElement element = section.Bindings[configurationName];
if (element == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ConfigurationErrorsException(
SR.GetString(SR.ConfigInvalidBindingConfigurationName,
configurationName,
ConfigurationStrings.WSFederationHttpBindingCollectionElementName)));
}
else
{
element.ApplyConfiguration(this);
}
}
PrivacyNoticeBindingElement CreatePrivacyPolicy()
{
PrivacyNoticeBindingElement privacy = null;
if (this.PrivacyNoticeAt != null)
{
privacy = new PrivacyNoticeBindingElement();
privacy.Url = this.PrivacyNoticeAt;
privacy.Version = this.privacyNoticeVersion;
}
return privacy;
}
// if you make changes here, see also WS2007FederationHttpBinding.TryCreate()
internal static bool TryCreate(SecurityBindingElement sbe, TransportBindingElement transport, PrivacyNoticeBindingElement privacy, ReliableSessionBindingElement rsbe, TransactionFlowBindingElement tfbe, out Binding binding)
{
bool isReliableSession = (rsbe != null);
binding = null;
// reverse GetTransport
HttpTransportSecurity transportSecurity = new HttpTransportSecurity();
WSFederationHttpSecurityMode mode;
if (!GetSecurityModeFromTransport(transport, transportSecurity, out mode))
{
return false;
}
HttpsTransportBindingElement httpsBinding = transport as HttpsTransportBindingElement;
if (httpsBinding != null && httpsBinding.MessageSecurityVersion != null)
{
if (httpsBinding.MessageSecurityVersion.SecurityPolicyVersion != WSMessageSecurityVersion.SecurityPolicyVersion)
{
return false;
}
}
WSFederationHttpSecurity security;
if (TryCreateSecurity(sbe, mode, transportSecurity, isReliableSession, out security))
{
binding = new WSFederationHttpBinding(security, privacy, isReliableSession);
}
if (rsbe != null && rsbe.ReliableMessagingVersion != ReliableMessagingVersion.WSReliableMessagingFebruary2005)
{
return false;
}
if (tfbe != null && tfbe.TransactionProtocol != TransactionProtocol.WSAtomicTransactionOctober2004)
{
return false;
}
return binding != null;
}
protected override TransportBindingElement GetTransport()
{
if (security.Mode == WSFederationHttpSecurityMode.None || security.Mode == WSFederationHttpSecurityMode.Message)
{
return this.HttpTransport;
}
else
{
return this.HttpsTransport;
}
}
internal static bool GetSecurityModeFromTransport(TransportBindingElement transport, HttpTransportSecurity transportSecurity, out WSFederationHttpSecurityMode mode)
{
mode = WSFederationHttpSecurityMode.None | WSFederationHttpSecurityMode.Message | WSFederationHttpSecurityMode.TransportWithMessageCredential;
if (transport is HttpsTransportBindingElement)
{
mode = WSFederationHttpSecurityMode.TransportWithMessageCredential;
}
else if (transport is HttpTransportBindingElement)
{
mode = WSFederationHttpSecurityMode.None | WSFederationHttpSecurityMode.Message;
}
else
{
return false;
}
return true;
}
protected override SecurityBindingElement CreateMessageSecurity()
{
return security.CreateMessageSecurity(this.ReliableSession.Enabled, WSMessageSecurityVersion);
}
// if you make changes here, see also WS2007FederationHttpBinding.TryCreateSecurity()
static bool TryCreateSecurity(SecurityBindingElement sbe, WSFederationHttpSecurityMode mode, HttpTransportSecurity transportSecurity, bool isReliableSession, out WSFederationHttpSecurity security)
{
if (!WSFederationHttpSecurity.TryCreate(sbe, mode, transportSecurity, isReliableSession, WSMessageSecurityVersion, out security))
return false;
// the last check: make sure that security binding element match the incoming security
return SecurityElement.AreBindingsMatching(security.CreateMessageSecurity(isReliableSession, WSMessageSecurityVersion), sbe);
}
public override BindingElementCollection CreateBindingElements()
{ // return collection of BindingElements
BindingElementCollection bindingElements = base.CreateBindingElements();
// order of BindingElements is important
PrivacyNoticeBindingElement privacy = this.CreatePrivacyPolicy();
if (privacy != null)
{
// This must go first.
bindingElements.Insert(0, privacy);
}
return bindingElements;
}
[EditorBrowsable(EditorBrowsableState.Never)]
public bool ShouldSerializeSecurity()
{
return this.Security.InternalShouldSerialize();
}
}
}
|
