本文整理汇总了C#中System.Security.Authentication.ExtendedProtection.ExtendedProtectionPolicy类的典型用法代码示例。如果您正苦于以下问题:C# ExtendedProtectionPolicy类的具体用法?C# ExtendedProtectionPolicy怎么用?C# ExtendedProtectionPolicy使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
ExtendedProtectionPolicy类属于System.Security.Authentication.ExtendedProtection命名空间,在下文中一共展示了ExtendedProtectionPolicy类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C#代码示例。
示例1: ValidateCreateContext
internal void ValidateCreateContext(
string package,
NetworkCredential credential,
string servicePrincipalName,
ExtendedProtectionPolicy policy,
ProtectionLevel protectionLevel,
TokenImpersonationLevel impersonationLevel)
{
if (policy != null)
{
// One of these must be set if EP is turned on
if (policy.CustomChannelBinding == null && policy.CustomServiceNames == null)
{
throw new ArgumentException(SR.net_auth_must_specify_extended_protection_scheme, nameof(policy));
}
_extendedProtectionPolicy = policy;
}
else
{
_extendedProtectionPolicy = new ExtendedProtectionPolicy(PolicyEnforcement.Never);
}
ValidateCreateContext(package, true, credential, servicePrincipalName, _extendedProtectionPolicy.CustomChannelBinding, protectionLevel, impersonationLevel);
}示例2: AreEqual
//does not validate the ExtendedProtectionPolicy.CustomServiceNames collections on the policies
public static bool AreEqual(ExtendedProtectionPolicy policy1, ExtendedProtectionPolicy policy2)
{
Fx.Assert(policy1 != null, "policy1 param cannot be null");
Fx.Assert(policy2 != null, "policy2 param cannot be null");
if (policy1.PolicyEnforcement == PolicyEnforcement.Never && policy2.PolicyEnforcement == PolicyEnforcement.Never)
{
return true;
}
if (policy1.PolicyEnforcement != policy2.PolicyEnforcement)
{
return false;
}
if (policy1.ProtectionScenario != policy2.ProtectionScenario)
{
return false;
}
if (policy1.CustomChannelBinding != policy2.CustomChannelBinding)
{
return false;
}
return true;
}示例3: HttpTransportSecurity_DisableTransportAuthentication
public void HttpTransportSecurity_DisableTransportAuthentication()
{
ExtendedProtectionPolicy policy = new ExtendedProtectionPolicy(PolicyEnforcement.Never);
HttpTransportSecurity security = new HttpTransportSecurity()
{
ClientCredentialType = HttpClientCredentialType.Basic,
ProxyCredentialType = HttpProxyCredentialType.Basic,
Realm = "MyRealm",
ExtendedProtectionPolicy = policy
};
HttpTransportBindingElement binding = new HttpTransportBindingElement();
// first configure it
security.ConfigureTransportAuthentication(binding);
Assert.AreEqual(AuthenticationSchemes.Basic, binding.AuthenticationScheme, "AuthenticationScheme failed to init");
Assert.AreEqual(AuthenticationSchemes.Basic, binding.ProxyAuthenticationScheme, "ProxyAuthenticationScheme failed to init");
Assert.AreEqual("MyRealm", binding.Realm, "Realm failed to init");
Assert.AreEqual(policy, binding.ExtendedProtectionPolicy, "ExtendedProtectionPolicy failed to init");
// then disable it
security.DisableTransportAuthentication(binding);
Assert.AreEqual(AuthenticationSchemes.Anonymous, binding.AuthenticationScheme, "AuthenticationScheme failed to init");
Assert.AreEqual(AuthenticationSchemes.Anonymous, binding.ProxyAuthenticationScheme, "ProxyAuthenticationScheme failed to init");
Assert.AreEqual(string.Empty, binding.Realm, "Realm failed to init");
Assert.AreEqual(policy, binding.ExtendedProtectionPolicy, "ExtendedProtectionPolicy failed to init");
}示例4: ValidateCreateContext
internal void ValidateCreateContext(string package,
NetworkCredential credential,
string servicePrincipalName,
ExtendedProtectionPolicy policy,
ProtectionLevel protectionLevel,
TokenImpersonationLevel impersonationLevel)
{
throw new PlatformNotSupportedException();
}示例5: HttpListenerContext
internal HttpListenerContext(HttpListener httpListener, RequestContextBase memoryBlob)
{
if (Logging.On) Logging.PrintInfo(Logging.HttpListener, this, ".ctor", "httpListener#" + ValidationHelper.HashString(httpListener) + " requestBlob=" + ValidationHelper.HashString((IntPtr) memoryBlob.RequestBlob));
m_Listener = httpListener;
m_Request = new HttpListenerRequest(this, memoryBlob);
m_AuthenticationSchemes = httpListener.AuthenticationSchemes;
m_ExtendedProtectionPolicy = httpListener.ExtendedProtectionPolicy;
GlobalLog.Print("HttpListenerContext#" + ValidationHelper.HashString(this) + "::.ctor() HttpListener#" + ValidationHelper.HashString(m_Listener) + " HttpListenerRequest#" + ValidationHelper.HashString(m_Request));
}示例6: ExtendedProtectionPolicyHelper
public ExtendedProtectionPolicyHelper(System.Security.Authentication.ExtendedProtection.ChannelBinding channelBinding, ExtendedProtectionPolicy extendedProtectionPolicy)
{
this._channelBinding = channelBinding;
this._serviceNameCollection = null;
this._checkServiceBinding = true;
if (extendedProtectionPolicy != null)
{
this._policyEnforcement = extendedProtectionPolicy.PolicyEnforcement;
this._protectionScenario = extendedProtectionPolicy.ProtectionScenario;
this._serviceNameCollection = extendedProtectionPolicy.CustomServiceNames;
}
if (this._policyEnforcement == System.Security.Authentication.ExtendedProtection.PolicyEnforcement.Never)
{
this._checkServiceBinding = false;
}
}开发者ID:pritesh-mandowara-sp,项目名称:DecompliedDotNetLibraries,代码行数:16,代码来源:ExtendedProtectionPolicyHelper.cs
示例7: InitializeFrom
public static void InitializeFrom(ExtendedProtectionPolicy source, ExtendedProtectionPolicyElement destination)
{
if (!IsDefaultPolicy(source))
{
destination.PolicyEnforcement = source.PolicyEnforcement;
destination.ProtectionScenario = source.ProtectionScenario;
destination.CustomServiceNames.Clear();
if (source.CustomServiceNames != null)
{
foreach (string name in source.CustomServiceNames)
{
ServiceNameElement entry = new ServiceNameElement();
entry.Name = name;
destination.CustomServiceNames.Add(entry);
}
}
}
}示例8: AreEqual
public static bool AreEqual(ExtendedProtectionPolicy policy1, ExtendedProtectionPolicy policy2)
{
if ((policy1.PolicyEnforcement != PolicyEnforcement.Never) || (policy2.PolicyEnforcement != PolicyEnforcement.Never))
{
if (policy1.PolicyEnforcement != policy2.PolicyEnforcement)
{
return false;
}
if (policy1.ProtectionScenario != policy2.ProtectionScenario)
{
return false;
}
if (policy1.CustomChannelBinding != policy2.CustomChannelBinding)
{
return false;
}
}
return true;
}示例9: HttpListener
public HttpListener()
{
if (Logging.On)
{
Logging.Enter(Logging.HttpListener, this, "HttpListener", "");
}
if (!UnsafeNclNativeMethods.HttpApi.Supported)
{
throw new PlatformNotSupportedException();
}
this.m_State = 0;
this.m_InternalLock = new object();
this.m_DefaultServiceNames = new ServiceNameStore();
if (Version == UnsafeNclNativeMethods.HttpApi.HTTP_API_VERSION.Version20)
{
this.m_TimeoutManager = new HttpListenerTimeoutManager(this);
}
this.m_ExtendedProtectionPolicy = new System.Security.Authentication.ExtendedProtection.ExtendedProtectionPolicy(PolicyEnforcement.Never);
if (Logging.On)
{
Logging.Exit(Logging.HttpListener, this, "HttpListener", "");
}
}示例10: AuthenticateAsServerAsync
public virtual Task AuthenticateAsServerAsync(
NetworkCredential credential, ExtendedProtectionPolicy policy,
ProtectionLevel requiredProtectionLevel,
TokenImpersonationLevel requiredImpersonationLevel)
{
return Task.Factory.FromAsync((callback, state) => BeginAuthenticateAsServer(credential, policy, requiredProtectionLevel, requiredImpersonationLevel, callback, state), EndAuthenticateAsClient, null);
}示例11: BeginAuthenticateAsServer
private IAsyncResult BeginAuthenticateAsServer(
NetworkCredential credential,
ExtendedProtectionPolicy policy,
ProtectionLevel requiredProtectionLevel,
TokenImpersonationLevel requiredImpersonationLevel,
AsyncCallback asyncCallback,
object asyncState)
{
#if DEBUG
using (GlobalLog.SetThreadKind(ThreadKinds.User | ThreadKinds.Async))
{
#endif
_negoState.ValidateCreateContext(_package, credential, string.Empty, policy, requiredProtectionLevel, requiredImpersonationLevel);
LazyAsyncResult result = new LazyAsyncResult(_negoState, asyncState, asyncCallback);
_negoState.ProcessAuthentication(result);
return result;
#if DEBUG
}
#endif
}示例12: GetOutgoingBlob
public byte[] GetOutgoingBlob(byte[] incomingBlob, ChannelBinding channelbinding, ExtendedProtectionPolicy protectionPolicy)
{
ThrowIfDisposed();
int statusCode = 0;
// use the confidentiality option to ensure we can encrypt messages
SspiContextFlags requestedFlags = SspiContextFlags.Confidentiality
| SspiContextFlags.ReplayDetect
| SspiContextFlags.SequenceDetect;
if (this.doMutualAuth)
{
requestedFlags |= SspiContextFlags.MutualAuth;
}
if (this.impersonationLevel == TokenImpersonationLevel.Delegation)
{
requestedFlags |= SspiContextFlags.Delegate;
}
else if (this.isServer == false && this.impersonationLevel == TokenImpersonationLevel.Identification)
{
requestedFlags |= SspiContextFlags.InitIdentify;
}
else if (this.isServer == false && this.impersonationLevel == TokenImpersonationLevel.Anonymous)
{
requestedFlags |= SspiContextFlags.InitAnonymous;
}
ExtendedProtectionPolicyHelper policyHelper = new ExtendedProtectionPolicyHelper(channelbinding, protectionPolicy);
if (isServer)
{
if (policyHelper.PolicyEnforcement == PolicyEnforcement.Always && policyHelper.ChannelBinding == null && policyHelper.ProtectionScenario != ProtectionScenario.TrustedProxy)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SecurityChannelBindingMissing)));
}
if (policyHelper.PolicyEnforcement == PolicyEnforcement.WhenSupported)
{
requestedFlags |= SspiContextFlags.ChannelBindingAllowMissingBindings;
}
if (policyHelper.ProtectionScenario == ProtectionScenario.TrustedProxy)
{
requestedFlags |= SspiContextFlags.ChannelBindingProxyBindings;
}
}
List<SecurityBuffer> list = new List<SecurityBuffer>(2);
if (incomingBlob != null)
{
list.Add(new SecurityBuffer(incomingBlob, BufferType.Token));
}
// when deciding if the channel binding should be added to the security buffer
// it is necessary to differentiate between client and server.
// Server rules were added to policyHelper as they are shared with Kerb and I want them consistent
// Client adds if not null.
if (this.isServer)
{
if (policyHelper.ShouldAddChannelBindingToASC())
{
list.Add(new SecurityBuffer(policyHelper.ChannelBinding));
}
}
else
{
if (policyHelper.ChannelBinding != null)
{
list.Add(new SecurityBuffer(policyHelper.ChannelBinding));
}
}
SecurityBuffer[] inSecurityBuffer = null;
if (list.Count > 0)
{
inSecurityBuffer = list.ToArray();
}
SecurityBuffer outSecurityBuffer = new SecurityBuffer(this.tokenSize, BufferType.Token);
if (!this.isServer)
{
//client session
statusCode = SspiWrapper.InitializeSecurityContext(this.credentialsHandle,
ref this.securityContext,
this.servicePrincipalName,
requestedFlags,
Endianness.Network,
inSecurityBuffer,
outSecurityBuffer,
ref this.contextFlags);
}
else
{
// server session
//This check is to save an unnecessary ASC call.
bool isServerSecurityContextNull = this.securityContext == null;
SspiContextFlags serverContextFlags = this.contextFlags;
//.........这里部分代码省略.........
示例13: AuthenticateAsServer
public virtual void AuthenticateAsServer(NetworkCredential credential, ExtendedProtectionPolicy policy, ProtectionLevel requiredProtectionLevel, TokenImpersonationLevel requiredImpersonationLevel)
{
#if DEBUG
using (DebugThreadTracking.SetThreadKind(ThreadKinds.User | ThreadKinds.Sync))
{
#endif
_negoState.ValidateCreateContext(_package, credential, string.Empty, policy, requiredProtectionLevel, requiredImpersonationLevel);
_negoState.ProcessAuthentication(null);
#if DEBUG
}
#endif
}示例14: ValidateHttpSettings
public override void ValidateHttpSettings(string virtualPath, bool isMetadataListener, bool usingDefaultSpnList, ref AuthenticationSchemes bindingElementAuthenticationSchemes, ref ExtendedProtectionPolicy extendedProtectionPolicy, ref string realm)
{
// Verify the authentication settings
AuthenticationSchemes hostSupportedSchemes = HostedTransportConfigurationManager.MetabaseSettings.GetAuthenticationSchemes(virtualPath);
if ((bindingElementAuthenticationSchemes & hostSupportedSchemes) == 0)
{
if (bindingElementAuthenticationSchemes == AuthenticationSchemes.Negotiate ||
bindingElementAuthenticationSchemes == AuthenticationSchemes.Ntlm ||
bindingElementAuthenticationSchemes == AuthenticationSchemes.IntegratedWindowsAuthentication)
{
throw FxTrace.Exception.AsError(new NotSupportedException(SR.Hosting_AuthSchemesRequireWindowsAuth));
}
else
{
throw FxTrace.Exception.AsError(new NotSupportedException(SR.Hosting_AuthSchemesRequireOtherAuth(bindingElementAuthenticationSchemes.ToString())));
}
}
//only use AuthenticationSchemes, which are supported both in IIS and the WCF binding
bindingElementAuthenticationSchemes &= hostSupportedSchemes;
if (bindingElementAuthenticationSchemes != AuthenticationSchemes.Anonymous)
{
//Compare the ExtendedProtectionPolicy setttings to IIS
ExtendedProtectionPolicy iisPolicy = HostedTransportConfigurationManager.MetabaseSettings.GetExtendedProtectionPolicy(virtualPath);
if (iisPolicy == null) //OS doesn't support CBT
{
if (extendedProtectionPolicy.PolicyEnforcement == PolicyEnforcement.Always)
{
throw FxTrace.Exception.AsError(new NotSupportedException(SR.ExtendedProtectionNotSupported));
}
}
else
{
if (isMetadataListener && ChannelBindingUtility.IsDefaultPolicy(extendedProtectionPolicy))
{
//push the IIS policy onto the metadataListener if and only if the default policy is
//in force. policy for non metadata listeners will still have to match IIS policy.
extendedProtectionPolicy = iisPolicy;
}
else
{
if (!ChannelBindingUtility.AreEqual(iisPolicy, extendedProtectionPolicy))
{
string mismatchErrorMessage;
if (iisPolicy.PolicyEnforcement != extendedProtectionPolicy.PolicyEnforcement)
{
mismatchErrorMessage = SR.ExtendedProtectionPolicyEnforcementMismatch(iisPolicy.PolicyEnforcement, extendedProtectionPolicy.PolicyEnforcement);
}
else if (iisPolicy.ProtectionScenario != extendedProtectionPolicy.ProtectionScenario)
{
mismatchErrorMessage = SR.ExtendedProtectionPolicyScenarioMismatch(iisPolicy.ProtectionScenario, extendedProtectionPolicy.ProtectionScenario);
}
else
{
Fx.Assert(iisPolicy.CustomChannelBinding != extendedProtectionPolicy.CustomChannelBinding, "new case in ChannelBindingUtility.AreEqual to account for");
mismatchErrorMessage = SR.ExtendedProtectionPolicyCustomChannelBindingMismatch;
}
if (mismatchErrorMessage != null)
{
throw FxTrace.Exception.AsError(new NotSupportedException(SR.Hosting_ExtendedProtectionPoliciesMustMatch(mismatchErrorMessage)));
}
}
//when using the default SPN list we auto generate, we should make sure that the IIS policy is also the default...
ServiceNameCollection listenerSpnList = usingDefaultSpnList ? null : extendedProtectionPolicy.CustomServiceNames;
if (!ChannelBindingUtility.IsSubset(iisPolicy.CustomServiceNames, listenerSpnList))
{
throw FxTrace.Exception.AsError(new NotSupportedException(SR.Hosting_ExtendedProtectionPoliciesMustMatch(SR.Hosting_ExtendedProtectionSPNListNotSubset)));
}
}
}
}
// Do not set realm for Cassini.
if (!ServiceHostingEnvironment.IsSimpleApplicationHost)
{
// Set the realm
realm = HostedTransportConfigurationManager.MetabaseSettings.GetRealm(virtualPath);
}
}示例15: AuthenticateAsServerAsync
public virtual Task AuthenticateAsServerAsync(ExtendedProtectionPolicy policy)
{
throw new PlatformNotSupportedException();
}