| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200 |
- //-----------------------------------------------------------------------------
- // Copyright (c) Microsoft Corporation. All rights reserved.
- //-----------------------------------------------------------------------------
- namespace System.ServiceModel
- {
- using System;
- using System.ServiceModel.Channels;
- using System.ServiceModel.Security;
- using System.IdentityModel.Claims;
- using System.IdentityModel.Policy;
- using System.IdentityModel.Tokens;
- using System.Collections;
- using System.Collections.Generic;
- using System.Collections.ObjectModel;
- using System.Security.Principal;
- public class ServiceSecurityContext
- {
- static ServiceSecurityContext anonymous;
- ReadOnlyCollection<IAuthorizationPolicy> authorizationPolicies;
- AuthorizationContext authorizationContext;
- IIdentity primaryIdentity;
- Claim identityClaim;
- WindowsIdentity windowsIdentity;
- // Perf: delay created authorizationContext using forward chain.
- public ServiceSecurityContext(ReadOnlyCollection<IAuthorizationPolicy> authorizationPolicies)
- {
- if (authorizationPolicies == null)
- {
- throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("authorizationPolicies");
- }
- this.authorizationContext = null;
- this.authorizationPolicies = authorizationPolicies;
- }
- public ServiceSecurityContext(AuthorizationContext authorizationContext)
- : this(authorizationContext, EmptyReadOnlyCollection<IAuthorizationPolicy>.Instance)
- {
- }
- public ServiceSecurityContext(AuthorizationContext authorizationContext, ReadOnlyCollection<IAuthorizationPolicy> authorizationPolicies)
- {
- if (authorizationContext == null)
- {
- throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("authorizationContext");
- }
- if (authorizationPolicies == null)
- {
- throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("authorizationPolicies");
- }
- this.authorizationContext = authorizationContext;
- this.authorizationPolicies = authorizationPolicies;
- }
- public static ServiceSecurityContext Anonymous
- {
- get
- {
- if (anonymous == null)
- {
- anonymous = new ServiceSecurityContext(EmptyReadOnlyCollection<IAuthorizationPolicy>.Instance);
- }
- return anonymous;
- }
- }
- public static ServiceSecurityContext Current
- {
- get
- {
- ServiceSecurityContext result = null;
- OperationContext operationContext = OperationContext.Current;
- if (operationContext != null)
- {
- MessageProperties properties = operationContext.IncomingMessageProperties;
- if (properties != null)
- {
- SecurityMessageProperty security = properties.Security;
- if (security != null)
- {
- result = security.ServiceSecurityContext;
- }
- }
- }
- return result;
- }
- }
- public bool IsAnonymous
- {
- get
- {
- return this == Anonymous || this.IdentityClaim == null;
- }
- }
- internal Claim IdentityClaim
- {
- get
- {
- if (this.identityClaim == null)
- {
- this.identityClaim = SecurityUtils.GetPrimaryIdentityClaim(this.AuthorizationContext);
- }
- return this.identityClaim;
- }
- }
- public IIdentity PrimaryIdentity
- {
- get
- {
- if (this.primaryIdentity == null)
- {
- IIdentity primaryIdentity = null;
- IList<IIdentity> identities = GetIdentities();
- // Multiple Identities is treated as anonymous
- if (identities != null && identities.Count == 1)
- {
- primaryIdentity = identities[0];
- }
- this.primaryIdentity = primaryIdentity ?? SecurityUtils.AnonymousIdentity;
- }
- return this.primaryIdentity;
- }
- }
- public WindowsIdentity WindowsIdentity
- {
- get
- {
- if (this.windowsIdentity == null)
- {
- WindowsIdentity windowsIdentity = null;
- IList<IIdentity> identities = GetIdentities();
- if (identities != null)
- {
- for (int i = 0; i < identities.Count; ++i)
- {
- WindowsIdentity identity = identities[i] as WindowsIdentity;
- if (identity != null)
- {
- // Multiple Identities is treated as anonymous
- if (windowsIdentity != null)
- {
- windowsIdentity = WindowsIdentity.GetAnonymous();
- break;
- }
- windowsIdentity = identity;
- }
- }
- }
- this.windowsIdentity = windowsIdentity ?? WindowsIdentity.GetAnonymous();
- }
- return this.windowsIdentity;
- }
- }
- public ReadOnlyCollection<IAuthorizationPolicy> AuthorizationPolicies
- {
- get
- {
- return this.authorizationPolicies;
- }
- set
- {
- this.authorizationPolicies = value;
- }
- }
- public AuthorizationContext AuthorizationContext
- {
- get
- {
- if (this.authorizationContext == null)
- {
- this.authorizationContext = AuthorizationContext.CreateDefaultAuthorizationContext(this.authorizationPolicies);
- }
- return this.authorizationContext;
- }
- }
- IList<IIdentity> GetIdentities()
- {
- object identities;
- AuthorizationContext authContext = this.AuthorizationContext;
- if (authContext != null && authContext.Properties.TryGetValue(SecurityUtils.Identities, out identities))
- {
- return identities as IList<IIdentity>;
- }
- return null;
- }
- }
- }
|
