| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115 |
- //------------------------------------------------------------
- // Copyright (c) Microsoft Corporation. All rights reserved.
- //------------------------------------------------------------
- using System;
- using System.IdentityModel.Selectors;
- using System.IdentityModel.Tokens;
- using System.Collections.ObjectModel;
- using System.IdentityModel.Policy;
- using System.ServiceModel;
- using System.Collections.Generic;
- using System.IdentityModel.Claims;
- using System.ServiceModel.Security.Tokens;
- using System.IdentityModel;
- namespace System.ServiceModel.Security
- {
- /// <summary>
- /// Creates a security token provider that produces a security token as an issued token
- /// for federated bindings.
- /// </summary>
- public class SimpleSecurityTokenProvider : SecurityTokenProvider
- {
- SecurityToken _securityToken;
- /// <summary>
- /// Creates a security token provider that produces a security token as an issued token
- /// for federated bindings.
- /// </summary>
- /// <param name="token">The security token to provide.</param>
- /// <param name="tokenRequirement">
- /// The requirements described by the binding that will use <paramref name="token"/> to secure
- /// messages.
- /// </param>
- /// <exception cref="ArgumentNullException"><paramref name="token"/> is set to null.</exception>
- public SimpleSecurityTokenProvider(SecurityToken token, SecurityTokenRequirement tokenRequirement)
- {
- if (token == null)
- {
- throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token");
- }
- GenericXmlSecurityToken xmlIssuedToken = token as GenericXmlSecurityToken;
- if (xmlIssuedToken != null)
- {
- _securityToken = WrapWithAuthPolicy(xmlIssuedToken, tokenRequirement);
- }
- else
- {
- _securityToken = token;
- }
- }
- /// <summary>
- /// Creates a security token according to a gieven timeout.
- /// </summary>
- /// <param name="timeout">The <see cref="TimeSpan"/>.</param>
- /// <returns></returns>
- protected override SecurityToken GetTokenCore(TimeSpan timeout)
- {
- return _securityToken;
- }
- /// <summary>
- /// Gets a GenericXmlSecurityToken that wraps the provided issued token
- /// with the authorization policies necessary.
- /// </summary>
- static GenericXmlSecurityToken WrapWithAuthPolicy(GenericXmlSecurityToken issuedToken,
- SecurityTokenRequirement tokenRequirement)
- {
- EndpointIdentity endpointIdentity = null;
- var issuedTokenRequirement = tokenRequirement as InitiatorServiceModelSecurityTokenRequirement;
- if (issuedTokenRequirement != null)
- {
- EndpointAddress targetAddress = issuedTokenRequirement.TargetAddress;
- if (targetAddress.Uri.IsAbsoluteUri)
- {
- endpointIdentity = EndpointIdentity.CreateDnsIdentity(targetAddress.Uri.DnsSafeHost);
- }
- }
- ReadOnlyCollection<IAuthorizationPolicy> authorizationPolicies
- = GetServiceAuthorizationPolicies(endpointIdentity);
- return new GenericXmlSecurityToken(issuedToken.TokenXml,
- issuedToken.ProofToken,
- issuedToken.ValidFrom,
- issuedToken.ValidTo,
- issuedToken.InternalTokenReference,
- issuedToken.ExternalTokenReference,
- authorizationPolicies);
- }
- //
- // Modeled after WCF's CoreFederatedTokenProvider.GetServiceAuthorizationPolicies
- //
- static ReadOnlyCollection<IAuthorizationPolicy> GetServiceAuthorizationPolicies(EndpointIdentity endpointIdentity)
- {
- if (endpointIdentity != null)
- {
- List<Claim> claims = new List<Claim>(1);
- claims.Add(endpointIdentity.IdentityClaim);
- List<IAuthorizationPolicy> policies = new List<IAuthorizationPolicy>(1);
- policies.Add(new UnconditionalPolicy(SecurityUtils.CreateIdentity(endpointIdentity.IdentityClaim.Resource.ToString()),
- new DefaultClaimSet(ClaimSet.System, claims)));
- return policies.AsReadOnly();
- }
- else
- {
- return EmptyReadOnlyCollection<IAuthorizationPolicy>.Instance;
- }
- }
- }
- }
|
