c
/
mono
miroir de https://github.com/mono/mono.git


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245
							//----------------------------------------------------------------------------
// Copyright (c) Microsoft Corporation.  All rights reserved.
//----------------------------------------------------------------------------

namespace System.ServiceModel.Description
{
    using System;
    using System.Collections.ObjectModel;
    using System.ComponentModel;
    using System.IdentityModel.Policy;
    using System.Runtime.CompilerServices;
    using System.ServiceModel;
    using System.ServiceModel.Channels;
    using System.ServiceModel.Dispatcher;
    using System.Web.Security;

    public sealed class ServiceAuthorizationBehavior : IServiceBehavior
    {
        internal const bool DefaultImpersonateCallerForAllOperations = false;
        internal const bool DefaultImpersonateOnSerializingReply = false;
        internal const PrincipalPermissionMode DefaultPrincipalPermissionMode = PrincipalPermissionMode.UseWindowsGroups;

        bool impersonateCallerForAllOperations;
        bool impersonateOnSerializingReply;
        ReadOnlyCollection<IAuthorizationPolicy> externalAuthorizationPolicies;
        ServiceAuthorizationManager serviceAuthorizationManager;
        PrincipalPermissionMode principalPermissionMode;
        object roleProvider;
        bool isExternalPoliciesSet;
        bool isAuthorizationManagerSet;
        bool isReadOnly;
     
        public ServiceAuthorizationBehavior()
        {
            this.impersonateCallerForAllOperations = DefaultImpersonateCallerForAllOperations;
            this.impersonateOnSerializingReply = DefaultImpersonateOnSerializingReply;
            this.principalPermissionMode = DefaultPrincipalPermissionMode;
        }

        ServiceAuthorizationBehavior(ServiceAuthorizationBehavior other)
        {
            this.impersonateCallerForAllOperations = other.impersonateCallerForAllOperations;
            this.impersonateOnSerializingReply = other.impersonateOnSerializingReply;
            this.principalPermissionMode = other.principalPermissionMode;
            this.roleProvider = other.roleProvider;
            this.isExternalPoliciesSet = other.isExternalPoliciesSet;
            this.isAuthorizationManagerSet = other.isAuthorizationManagerSet;
         
            if (other.isExternalPoliciesSet || other.isAuthorizationManagerSet)
            {
                CopyAuthorizationPoliciesAndManager(other);
            }
            this.isReadOnly = other.isReadOnly;
        }

        public ReadOnlyCollection<IAuthorizationPolicy> ExternalAuthorizationPolicies
        {
            get
            {
                return this.externalAuthorizationPolicies;
            }
            set
            {
                ThrowIfImmutable();
                this.isExternalPoliciesSet = true;
                this.externalAuthorizationPolicies = value;
            }
        }

        public bool ShouldSerializeExternalAuthorizationPolicies()
        {
            return this.isExternalPoliciesSet;
        }

        public ServiceAuthorizationManager ServiceAuthorizationManager
        {
            get
            {
                return this.serviceAuthorizationManager;
            }
            set
            {
                ThrowIfImmutable();
                this.isAuthorizationManagerSet = true;
                this.serviceAuthorizationManager = value;
            }
        }

        public bool ShouldSerializeServiceAuthorizationManager()
        {
            return this.isAuthorizationManagerSet;
        }

        [DefaultValue(DefaultPrincipalPermissionMode)]
        public PrincipalPermissionMode PrincipalPermissionMode
        {
            get
            {
                return this.principalPermissionMode;
            }
            set
            {
                if (!PrincipalPermissionModeHelper.IsDefined(value))
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value"));
                }
                ThrowIfImmutable();
                this.principalPermissionMode = value;
            }
        }

        [DefaultValue(null)]
        public RoleProvider RoleProvider
        {
            get
            {
                return (RoleProvider)this.roleProvider;
            }
            set
            {
                ThrowIfImmutable();
                this.roleProvider = value;
            }
        }

        [DefaultValue(DefaultImpersonateCallerForAllOperations)]
        public bool ImpersonateCallerForAllOperations
        {
            get
            {
                return this.impersonateCallerForAllOperations;
            }
            set
            {
                ThrowIfImmutable();
                this.impersonateCallerForAllOperations = value;
            }
        }


        [DefaultValue(DefaultImpersonateOnSerializingReply)]
        public bool ImpersonateOnSerializingReply
        {
            get
            {
                return this.impersonateOnSerializingReply;
            }
            set
            {
                ThrowIfImmutable();
                this.impersonateOnSerializingReply = value;
            }
        }

        [MethodImpl(MethodImplOptions.NoInlining)]
        void ApplyAuthorizationPoliciesAndManager(DispatchRuntime behavior)
        {
            if (this.externalAuthorizationPolicies != null)
            {
                behavior.ExternalAuthorizationPolicies = this.externalAuthorizationPolicies;
            }
            if (this.serviceAuthorizationManager != null)
            {
                behavior.ServiceAuthorizationManager = this.serviceAuthorizationManager;
            }
        }

        [MethodImpl(MethodImplOptions.NoInlining)]
        void CopyAuthorizationPoliciesAndManager(ServiceAuthorizationBehavior other)
        {
            this.externalAuthorizationPolicies = other.externalAuthorizationPolicies;
            this.serviceAuthorizationManager = other.serviceAuthorizationManager;
        }

        [MethodImpl(MethodImplOptions.NoInlining)]
        void ApplyRoleProvider(DispatchRuntime dispatchRuntime)
        {
            dispatchRuntime.RoleProvider = (RoleProvider)this.roleProvider;
        }

        void IServiceBehavior.Validate(ServiceDescription description, ServiceHostBase serviceHostBase)
        {
        }

        void IServiceBehavior.AddBindingParameters(ServiceDescription description, ServiceHostBase serviceHostBase, Collection<ServiceEndpoint> endpoints, BindingParameterCollection parameters)
        {
        }

        void IServiceBehavior.ApplyDispatchBehavior(ServiceDescription description, ServiceHostBase serviceHostBase)
        {
            if (description == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("description"));
            }
            if (serviceHostBase == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("serviceHostBase"));
            }

            for (int i = 0; i < serviceHostBase.ChannelDispatchers.Count; i++)
            {
                ChannelDispatcher channelDispatcher = serviceHostBase.ChannelDispatchers[i] as ChannelDispatcher;
                if (channelDispatcher != null && !ServiceMetadataBehavior.IsHttpGetMetadataDispatcher(description, channelDispatcher))
                {
                    foreach (EndpointDispatcher endpointDispatcher in channelDispatcher.Endpoints)
                    {
                        DispatchRuntime behavior = endpointDispatcher.DispatchRuntime;
                        behavior.PrincipalPermissionMode = this.principalPermissionMode;
                        if (!endpointDispatcher.IsSystemEndpoint)
                        {
                            behavior.ImpersonateCallerForAllOperations = this.impersonateCallerForAllOperations;
                            behavior.ImpersonateOnSerializingReply = this.impersonateOnSerializingReply;
                        }
                        if (this.roleProvider != null)
                        {
                            ApplyRoleProvider(behavior);
                        }
                        if (this.isAuthorizationManagerSet || this.isExternalPoliciesSet)
                        {
                            ApplyAuthorizationPoliciesAndManager(behavior);
                        }
                    }
                }
            }
        }

        internal ServiceAuthorizationBehavior Clone()
        {
            return new ServiceAuthorizationBehavior(this);
        }

        internal void MakeReadOnly()
        {
            this.isReadOnly = true;
        }

        void ThrowIfImmutable()
        {
            if (this.isReadOnly)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ObjectIsReadOnly)));
            }
        }
    }
}