You've already forked linux-packaging-mono
							
							
		
			
	
	
		
			740 lines
		
	
	
		
			36 KiB
		
	
	
	
		
			C#
		
	
	
	
	
	
		
		
			
		
	
	
			740 lines
		
	
	
		
			36 KiB
		
	
	
	
		
			C#
		
	
	
	
	
	
|   | //---------------------------------------------------------------------------- | ||
|  | // Copyright (c) Microsoft Corporation.  All rights reserved. | ||
|  | //---------------------------------------------------------------------------- | ||
|  | 
 | ||
|  | namespace System.ServiceModel.WasHosting | ||
|  | { | ||
|  |     using System.Collections.Generic; | ||
|  |     using System.Configuration; | ||
|  |     using System.Diagnostics; | ||
|  |     using System.Diagnostics.CodeAnalysis; | ||
|  |     using System.Reflection; | ||
|  |     using System.Runtime; | ||
|  |     using System.Runtime.CompilerServices; | ||
|  |     using System.Runtime.InteropServices; | ||
|  |     using System.Security.Authentication; | ||
|  |     using System.Security.Authentication.ExtendedProtection; | ||
|  |     using System.Security.Permissions; | ||
|  |     using System.Security.Principal; | ||
|  |     using System.ServiceModel.Activation; | ||
|  |     using System.ServiceModel.Activation.Diagnostics; | ||
|  |     using System.ServiceModel.Channels; | ||
|  |     using System.Web; | ||
|  |     using System.Web.Hosting; | ||
|  |     using Microsoft.Web.Administration; | ||
|  | 
 | ||
|  |     static class MetabaseSettingsIis7Constants | ||
|  |     { | ||
|  |         internal const string SitesSectionName = "system.applicationHost/sites"; | ||
|  |         internal const string ClientCertMapAuthenticationName = "system.webServer/security/authentication/clientCertificateMappingAuthentication"; | ||
|  |         internal const string IisClientCertMapAuthenticationName = "system.webServer/security/authentication/iisClientCertificateMappingAuthentication"; | ||
|  |         internal const string AnonymousAuthenticationSectionName = "system.webServer/security/authentication/anonymousAuthentication"; | ||
|  |         internal const string BasicAuthenticationSectionName = "system.webServer/security/authentication/basicAuthentication"; | ||
|  |         internal const string DigestAuthenticationSectionName = "system.webServer/security/authentication/digestAuthentication"; | ||
|  |         internal const string WindowsAuthenticationSectionName = "system.webServer/security/authentication/windowsAuthentication"; | ||
|  |         internal const string SecurityAccessSectionName = "system.webServer/security/access"; | ||
|  | 
 | ||
|  |         internal const string EnabledAttributeName = "enabled"; | ||
|  |         internal const string RealmAttributeName = "realm"; | ||
|  |         internal const string ValueAttributeName = "value"; | ||
|  |         internal const string SslFlagsAttributeName = "sslFlags"; | ||
|  |         internal const string ProviderElementName = "providers"; | ||
|  |         internal const string BindingsElementName = "bindings"; | ||
|  |         internal const string ProtocolAttributeName = "protocol"; | ||
|  |         internal const string BindingInfoAttributeName = "bindingInformation"; | ||
|  |         internal const string PathAttributeName = "path"; | ||
|  |         internal const string EnabledProtocolsAttributeName = "enabledProtocols"; | ||
|  |         internal const string NameAttributeName = "name"; | ||
|  |         internal const string ExtendedProtectionElementName = "extendedProtection"; | ||
|  |         internal const string TokenCheckingAttributeName = "tokenChecking"; | ||
|  |         internal const string FlagsAttributeName = "flags"; | ||
|  | 
 | ||
|  | 
 | ||
|  |         internal const string CommaSeparator = ","; | ||
|  | 
 | ||
|  |         internal const string WebConfigGetSectionMethodName = "GetSection"; | ||
|  |     } | ||
|  | 
 | ||
|  |     // MetabaseSettingsIis7 use ServerManager class to get Metabase settings. ServerManager  | ||
|  |     // does not work in Longhorn Sever/SP1 builds. | ||
|  |     class MetabaseSettingsIis7 : MetabaseSettingsIis | ||
|  |     { | ||
|  |         internal MetabaseSettingsIis7() | ||
|  |             : base() | ||
|  |         { | ||
|  |             if (!Iis7Helper.IsIis7) | ||
|  |             { | ||
|  |                 DiagnosticUtility.DebugAssert("MetabaseSettingsIis7 constructor must not be called when running outside of IIS7"); | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperInternal(true); | ||
|  |             } | ||
|  | 
 | ||
|  |             PopulateSiteProperties(); | ||
|  |         } | ||
|  | 
 | ||
|  |         [SuppressMessage(FxCop.Category.Performance, FxCop.Rule.AvoidUncalledPrivateCode, | ||
|  |             Justification = "called by MetabaseSettingsIis7 constructor")] | ||
|  |         void PopulateSiteProperties() | ||
|  |         { | ||
|  |             Site site = ServerManagerWrapper.GetSite(HostingEnvironment.SiteName); | ||
|  |             DiagnosticUtility.DebugAssert(site != null, "Unable to find site."); | ||
|  | 
 | ||
|  |             // | ||
|  |             // Build up the binding table. | ||
|  |             // | ||
|  |             IDictionary<string, List<string>> bindingList = ServerManagerWrapper.GetProtocolBindingTable(site); | ||
|  | 
 | ||
|  |             // Convert to string arrays | ||
|  |             foreach (KeyValuePair<string, List<string>> entry in bindingList) | ||
|  |             { | ||
|  |                 this.Bindings.Add(entry.Key, entry.Value.ToArray()); | ||
|  |                 entry.Value.Clear(); | ||
|  |             } | ||
|  | 
 | ||
|  |             // Clear the temporary buffer | ||
|  |             bindingList.Clear(); | ||
|  | 
 | ||
|  |             // | ||
|  |             // Build up the protocol list. | ||
|  |             // | ||
|  |             string[] protocols = ServerManagerWrapper.GetEnabledProtocols(site).Split(MetabaseSettingsIis7Constants.CommaSeparator.ToCharArray(), StringSplitOptions.RemoveEmptyEntries); | ||
|  |             foreach (string protocolValue in protocols) | ||
|  |             { | ||
|  |                 string protocol = protocolValue.Trim(); | ||
|  |                 protocol = protocol.ToLowerInvariant(); | ||
|  | 
 | ||
|  |                 if (string.IsNullOrEmpty(protocol) || this.Protocols.Contains(protocol)) | ||
|  |                 { | ||
|  |                     // Ignore duplicates and empty protocols | ||
|  |                     continue; | ||
|  |                 } | ||
|  |                 else if (string.Compare(protocol, Uri.UriSchemeHttp, StringComparison.OrdinalIgnoreCase) == 0 || | ||
|  |                          string.Compare(protocol, Uri.UriSchemeHttps, StringComparison.OrdinalIgnoreCase) == 0) | ||
|  |                 { | ||
|  |                     // Special casing HTTPS. If HTTP is enabled, it means that | ||
|  |                     // both HTTP and HTTPS are enabled. | ||
|  |                     if (this.Bindings.ContainsKey(Uri.UriSchemeHttp)) | ||
|  |                     { | ||
|  |                         this.Protocols.Add(Uri.UriSchemeHttp); | ||
|  |                     } | ||
|  | 
 | ||
|  |                     if (this.Bindings.ContainsKey(Uri.UriSchemeHttps)) | ||
|  |                     { | ||
|  |                         this.Protocols.Add(Uri.UriSchemeHttps); | ||
|  |                     } | ||
|  |                 } | ||
|  |                 else if (this.Bindings.ContainsKey(protocol)) | ||
|  |                 { | ||
|  |                     // We only take the protocols that have bindings. | ||
|  |                     this.Protocols.Add(protocol); | ||
|  |                 } | ||
|  |             } | ||
|  |         } | ||
|  | 
 | ||
|  |         protected override HostedServiceTransportSettings CreateTransportSettings(string relativeVirtualPath) | ||
|  |         { | ||
|  |             Debug.Print("MetabaseSettingsIis7.CreateTransportSettings() calling ServerManager.GetWebConfiguration() virtualPath: " + relativeVirtualPath); | ||
|  | 
 | ||
|  |             string absolutePath = VirtualPathUtility.ToAbsolute(relativeVirtualPath, HostingEnvironmentWrapper.ApplicationVirtualPath); | ||
|  | 
 | ||
|  |             Configuration config = | ||
|  |                     ServerManagerWrapper.GetWebConfiguration( | ||
|  |                     HostingEnvironment.SiteName, | ||
|  |                     absolutePath); | ||
|  | 
 | ||
|  |             HostedServiceTransportSettings transportSettings = new HostedServiceTransportSettings(); | ||
|  | 
 | ||
|  |             ProcessAnonymousAuthentication(config, ref transportSettings); | ||
|  |             ProcessBasicAuthentication(config, ref transportSettings); | ||
|  |             ProcessWindowsAuthentication(config, ref transportSettings); | ||
|  |             ProcessDigestAuthentication(config, ref transportSettings); | ||
|  |             ProcessSecurityAccess(config, ref transportSettings); | ||
|  | 
 | ||
|  |             return transportSettings; | ||
|  |         } | ||
|  | 
 | ||
|  |         void ProcessAnonymousAuthentication(Configuration config, ref HostedServiceTransportSettings transportSettings) | ||
|  |         { | ||
|  |             ConfigurationSection section = ServerManagerWrapper.GetSection(config, MetabaseSettingsIis7Constants.AnonymousAuthenticationSectionName); | ||
|  | 
 | ||
|  |             if ((section != null) && | ||
|  |                 ((bool)ServerManagerWrapper.GetAttributeValue(section, MetabaseSettingsIis7Constants.EnabledAttributeName)) | ||
|  |                 ) | ||
|  |             { | ||
|  |                 transportSettings.AuthFlags = transportSettings.AuthFlags | AuthFlags.AuthAnonymous; | ||
|  |             } | ||
|  |         } | ||
|  | 
 | ||
|  |         void ProcessBasicAuthentication(Configuration config, ref HostedServiceTransportSettings transportSettings) | ||
|  |         { | ||
|  |             ConfigurationSection section = ServerManagerWrapper.GetSection(config, MetabaseSettingsIis7Constants.BasicAuthenticationSectionName); | ||
|  | 
 | ||
|  |             if ((section != null) && | ||
|  |                 ((bool)ServerManagerWrapper.GetAttributeValue(section, MetabaseSettingsIis7Constants.EnabledAttributeName)) | ||
|  |                 ) | ||
|  |             { | ||
|  |                 transportSettings.AuthFlags = transportSettings.AuthFlags | AuthFlags.AuthBasic; | ||
|  |                 transportSettings.Realm = (string)ServerManagerWrapper.GetAttributeValue(section, MetabaseSettingsIis7Constants.RealmAttributeName); | ||
|  |             } | ||
|  |         } | ||
|  | 
 | ||
|  |         void ProcessWindowsAuthentication(Configuration config, ref HostedServiceTransportSettings transportSettings) | ||
|  |         { | ||
|  |             ConfigurationSection section = ServerManagerWrapper.GetSection(config, MetabaseSettingsIis7Constants.WindowsAuthenticationSectionName); | ||
|  | 
 | ||
|  |             if ((section != null) && | ||
|  |                 ((bool)ServerManagerWrapper.GetAttributeValue(section, MetabaseSettingsIis7Constants.EnabledAttributeName)) | ||
|  |                 ) | ||
|  |             { | ||
|  |                 transportSettings.AuthFlags = transportSettings.AuthFlags | AuthFlags.AuthNTLM; | ||
|  | 
 | ||
|  |                 List<string> providerList = ServerManagerWrapper.GetProviders(section, MetabaseSettingsIis7Constants.ProviderElementName, | ||
|  |                     MetabaseSettingsIis7Constants.ValueAttributeName); | ||
|  | 
 | ||
|  |                 if (providerList.Count != 0) | ||
|  |                 { | ||
|  |                     transportSettings.AuthProviders = providerList.ToArray(); | ||
|  |                 } | ||
|  |             } | ||
|  |             try | ||
|  |             { | ||
|  | 
 | ||
|  |                 ConfigurationElement element = section.GetChildElement(MetabaseSettingsIis7Constants.ExtendedProtectionElementName); | ||
|  |                 if (element != null) | ||
|  |                 { | ||
|  |                     ExtendedProtectionTokenChecking tokenChecking; | ||
|  |                     ExtendedProtectionFlags flags; | ||
|  |                     List<string> spnList; | ||
|  |                     ServerManagerWrapper.ReadIisExtendedProtectionPolicy(element, out tokenChecking, out flags, out spnList); | ||
|  |                     transportSettings.IisExtendedProtectionPolicy = BuildExtendedProtectionPolicy(tokenChecking, flags, spnList); | ||
|  |                 } | ||
|  |             } | ||
|  |             catch (COMException e) | ||
|  |             { | ||
|  |                 // hit this exception only when IIS does not support CBT | ||
|  |                 // safe for us to igore this COMException so that services not using CBT still can be activated | ||
|  |                 // if a service does use CBT in binding, channel listener will catch it when comparing IIS setting against WCF (on CBT) and throw exception  | ||
|  |                 if (DiagnosticUtility.ShouldTraceWarning) | ||
|  |                 { | ||
|  |                     TraceUtility.TraceEvent(TraceEventType.Warning, TraceCode.WebHostNoCBTSupport, | ||
|  |                               SR.TraceCodeWebHostNoCBTSupport, this, e); | ||
|  |                 } | ||
|  |             } | ||
|  |         } | ||
|  | 
 | ||
|  |         void ProcessDigestAuthentication(Configuration config, ref HostedServiceTransportSettings transportSettings) | ||
|  |         { | ||
|  |             ConfigurationSection section = ServerManagerWrapper.GetSection(config, MetabaseSettingsIis7Constants.DigestAuthenticationSectionName); | ||
|  | 
 | ||
|  |             if ((section != null) && | ||
|  |                 ((bool)ServerManagerWrapper.GetAttributeValue(section, MetabaseSettingsIis7Constants.EnabledAttributeName)) | ||
|  |                 ) | ||
|  |             { | ||
|  |                 transportSettings.AuthFlags = transportSettings.AuthFlags | AuthFlags.AuthMD5; | ||
|  |             } | ||
|  |         } | ||
|  | 
 | ||
|  |         void ProcessSecurityAccess(Configuration config, ref HostedServiceTransportSettings transportSettings) | ||
|  |         { | ||
|  |             ConfigurationSection section = ServerManagerWrapper.GetSection(config, MetabaseSettingsIis7Constants.SecurityAccessSectionName); | ||
|  | 
 | ||
|  |             // Check SSL Flags. | ||
|  |             if (section != null) | ||
|  |             { | ||
|  |                 int sslFlags = (int)ServerManagerWrapper.GetAttributeValue(section, MetabaseSettingsIis7Constants.SslFlagsAttributeName); | ||
|  |                 transportSettings.AccessSslFlags = (HttpAccessSslFlags)sslFlags; | ||
|  | 
 | ||
|  |                 // Clear SslMapCert field, which should not contain any useful data now. | ||
|  |                 transportSettings.AccessSslFlags &= ~(HttpAccessSslFlags.SslMapCert); | ||
|  |             } | ||
|  | 
 | ||
|  |             // Check whether IIS client certificate mapping is enabled. | ||
|  |             section = ServerManagerWrapper.GetSection(config, MetabaseSettingsIis7Constants.IisClientCertMapAuthenticationName); | ||
|  |             if ((section != null) && | ||
|  |                ((bool)ServerManagerWrapper.GetAttributeValue(section, MetabaseSettingsIis7Constants.EnabledAttributeName)) | ||
|  |                 ) | ||
|  |             { | ||
|  |                 transportSettings.AccessSslFlags |= HttpAccessSslFlags.SslMapCert; | ||
|  |             } | ||
|  |             else | ||
|  |             { | ||
|  |                 // Check whether Active Directory client certification mapping is enabled. | ||
|  |                 section = ServerManagerWrapper.GetSection(config, MetabaseSettingsIis7Constants.ClientCertMapAuthenticationName); | ||
|  |                 if ((section != null) && | ||
|  |                    ((bool)ServerManagerWrapper.GetAttributeValue(section, MetabaseSettingsIis7Constants.EnabledAttributeName)) | ||
|  |                     ) | ||
|  |                 { | ||
|  |                     transportSettings.AccessSslFlags |= HttpAccessSslFlags.SslMapCert; | ||
|  |                 } | ||
|  |             } | ||
|  |         } | ||
|  | 
 | ||
|  |         protected override IEnumerable<string> GetSiteApplicationPaths() | ||
|  |         { | ||
|  |             return ServerManagerWrapper.GetApplicationPaths(); | ||
|  |         } | ||
|  | 
 | ||
|  |         // wraps calls to ServerManager with Asserts as necessary to support partial trust scenarios | ||
|  |         [PermissionSet(SecurityAction.Assert, Unrestricted = true)] | ||
|  |         static class ServerManagerWrapper | ||
|  |         { | ||
|  |             [SuppressMessage(FxCop.Category.Performance, FxCop.Rule.AvoidUncalledPrivateCode, | ||
|  |                 Justification = "Called by MetabaseSettingsIis7.PopulateSiteProperties")] | ||
|  |             static internal Site GetSite(string name) | ||
|  |             { | ||
|  |                 return new ServerManager().Sites[name]; | ||
|  |             } | ||
|  | 
 | ||
|  |             static internal Configuration GetWebConfiguration(string siteName, string absolutePath) | ||
|  |             { | ||
|  |                 return new ServerManager().GetWebConfiguration(siteName, absolutePath); | ||
|  |             } | ||
|  | 
 | ||
|  |             static internal ConfigurationSection GetSection(Configuration config, string sectionName) | ||
|  |             { | ||
|  |                 return config.GetSection(sectionName); | ||
|  |             } | ||
|  | 
 | ||
|  |             static internal List<string> GetProviders(ConfigurationSection section, string providerElementName, string valueAttributeName) | ||
|  |             { | ||
|  |                 List<string> providerList = new List<string>(); | ||
|  |                 foreach (ConfigurationElement element in section.GetCollection(providerElementName)) | ||
|  |                 { | ||
|  |                     providerList.Add((string)ServerManagerWrapper.GetAttributeValue(element, valueAttributeName)); | ||
|  |                 } | ||
|  |                 return providerList; | ||
|  |             } | ||
|  | 
 | ||
|  |             static internal object GetAttributeValue(ConfigurationSection section, string attributeName) | ||
|  |             { | ||
|  |                 return section.GetAttribute(attributeName).Value; | ||
|  |             } | ||
|  | 
 | ||
|  |             static internal object GetAttributeValue(ConfigurationElement element, string attributeName) | ||
|  |             { | ||
|  |                 return element.GetAttribute(attributeName).Value; | ||
|  |             } | ||
|  | 
 | ||
|  |             [SuppressMessage(FxCop.Category.Performance, FxCop.Rule.AvoidUncalledPrivateCode, | ||
|  |                 Justification = "Called by MetabaseSettingsIis7.PopulateSiteProperties")] | ||
|  |             static internal IDictionary<string, List<string>> GetProtocolBindingTable(Site site) | ||
|  |             { | ||
|  |                 IDictionary<string, List<string>> bindingList = new Dictionary<string, List<string>>(); | ||
|  |                 foreach (Microsoft.Web.Administration.Binding binding in site.Bindings) | ||
|  |                 { | ||
|  |                     string protocol = binding.Protocol.ToLowerInvariant(); | ||
|  |                     string bindingInformation = binding.BindingInformation; | ||
|  |                     Debug.Print("MetabaseSettingsIis7.ctor() adding Protocol: " + protocol + " BindingInformation: " + bindingInformation); | ||
|  | 
 | ||
|  |                     if (!bindingList.ContainsKey(protocol)) | ||
|  |                     { | ||
|  |                         bindingList.Add(protocol, new List<string>()); | ||
|  |                     } | ||
|  |                     bindingList[protocol].Add(bindingInformation); | ||
|  |                 } | ||
|  |                 return bindingList; | ||
|  |             } | ||
|  |             [SuppressMessage(FxCop.Category.Performance, FxCop.Rule.AvoidUncalledPrivateCode, | ||
|  |                 Justification = "Called by MetabaseSettingsIis7.PopulateSiteProperties")] | ||
|  |             static internal string GetEnabledProtocols(Site site) | ||
|  |             { | ||
|  |                 Application application = site.Applications[HostingEnvironmentWrapper.ApplicationVirtualPath]; | ||
|  |                 DiagnosticUtility.DebugAssert(application != null, "Unable to find application."); | ||
|  | 
 | ||
|  |                 return application.EnabledProtocols; | ||
|  |             } | ||
|  | 
 | ||
|  |             static internal void ReadIisExtendedProtectionPolicy(ConfigurationElement element, out ExtendedProtectionTokenChecking tokenChecking, | ||
|  |                 out ExtendedProtectionFlags flags, out List<string> spnList) | ||
|  |             { | ||
|  |                 tokenChecking = (ExtendedProtectionTokenChecking)element.GetAttributeValue(MetabaseSettingsIis7Constants.TokenCheckingAttributeName); | ||
|  |                 flags = (ExtendedProtectionFlags)element.GetAttributeValue(MetabaseSettingsIis7Constants.FlagsAttributeName); | ||
|  |                 spnList = new List<string>(); | ||
|  |                 foreach (ConfigurationElement configElement in element.GetCollection()) | ||
|  |                 { | ||
|  |                     spnList.Add((string)configElement[MetabaseSettingsIis7Constants.NameAttributeName]); | ||
|  |                 } | ||
|  |             } | ||
|  | 
 | ||
|  |             static internal IEnumerable<string> GetApplicationPaths() | ||
|  |             { | ||
|  |                 //Get the site ourselves instead of calling GetSite() because we should dispose of the ServerManager | ||
|  |                 using (ServerManager serverManager = new ServerManager()) | ||
|  |                 { | ||
|  |                     List<string> appPaths = new List<string>(); | ||
|  |                     Site site = serverManager.Sites[HostingEnvironment.SiteName]; | ||
|  |                     foreach (Application app in site.Applications) | ||
|  |                     { | ||
|  |                         appPaths.Add(app.Path); | ||
|  |                     } | ||
|  |                     return appPaths; | ||
|  |                 } | ||
|  |             } | ||
|  |         } | ||
|  |     } | ||
|  | 
 | ||
|  |     // MetabaseSettingsIis7V2 use WebConfigurationManager to get Metabase settings, we depend on  | ||
|  |     // some methods which only availble in Longhorn Server/SP1 build.  | ||
|  |     class MetabaseSettingsIis7V2 : MetabaseSettingsIis | ||
|  |     { | ||
|  |         static MethodInfo getSectionMethod; | ||
|  | 
 | ||
|  |         [SuppressMessage(FxCop.Category.Performance, FxCop.Rule.AvoidUncalledPrivateCode, | ||
|  |             Justification = "Called by MetabaseSettingsIis7Factory.CreateMetabaseSettings")] | ||
|  |         internal MetabaseSettingsIis7V2() | ||
|  |             : base() | ||
|  |         { | ||
|  |             if (!Iis7Helper.IsIis7) | ||
|  |             { | ||
|  |                 DiagnosticUtility.DebugAssert("MetabaseSettingsIis7V2 constructor must not be called when running outside of IIS7"); | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperInternal(true); | ||
|  |             } | ||
|  | 
 | ||
|  |             PopulateSiteProperties(); | ||
|  |         } | ||
|  | 
 | ||
|  |         static internal MethodInfo GetSectionMethod | ||
|  |         { | ||
|  |             get | ||
|  |             { | ||
|  |                 if (getSectionMethod == null) | ||
|  |                 { | ||
|  |                     Type type = typeof(WebConfigurationManager); | ||
|  | 
 | ||
|  |                     getSectionMethod = type.GetMethod( | ||
|  |                         MetabaseSettingsIis7Constants.WebConfigGetSectionMethodName, | ||
|  |                         new Type[3] { typeof(string), typeof(string), typeof(string) } | ||
|  |                         ); | ||
|  |                 } | ||
|  |                 return getSectionMethod; | ||
|  |             } | ||
|  |         } | ||
|  | 
 | ||
|  |         [SuppressMessage(FxCop.Category.Performance, FxCop.Rule.AvoidUncalledPrivateCode, | ||
|  |             Justification = "Called by MetabaseSettingsIis7V2 constructor")] | ||
|  |         void PopulateSiteProperties() | ||
|  |         { | ||
|  |             ConfigurationElement site = WebConfigurationManagerWrapper.GetSite(HostingEnvironment.SiteName); | ||
|  |             // | ||
|  |             // Build up the binding table. | ||
|  |             // | ||
|  |             IDictionary<string, List<string>> bindingList = WebConfigurationManagerWrapper.GetProtocolBindingTable(site); | ||
|  | 
 | ||
|  |             // Convert to string arrays | ||
|  |             foreach (KeyValuePair<string, List<string>> entry in bindingList) | ||
|  |             { | ||
|  |                 this.Bindings.Add(entry.Key, entry.Value.ToArray()); | ||
|  |                 entry.Value.Clear(); | ||
|  |             } | ||
|  | 
 | ||
|  |             // Clear the temporary buffer | ||
|  |             bindingList.Clear(); | ||
|  | 
 | ||
|  |             // | ||
|  |             // Build up the protocol list. | ||
|  |             // | ||
|  | 
 | ||
|  |             string[] protocols = WebConfigurationManagerWrapper.GetEnabledProtocols(site).Split(MetabaseSettingsIis7Constants.CommaSeparator.ToCharArray(), StringSplitOptions.RemoveEmptyEntries); | ||
|  |             foreach (string protocolValue in protocols) | ||
|  |             { | ||
|  |                 string protocol = protocolValue.Trim(); | ||
|  |                 protocol = protocol.ToLowerInvariant(); | ||
|  | 
 | ||
|  |                 if (string.IsNullOrEmpty(protocol) || this.Protocols.Contains(protocol)) | ||
|  |                 { | ||
|  |                     // Ignore duplicates and empty protocols | ||
|  |                     continue; | ||
|  |                 } | ||
|  |                 else if (string.Compare(protocol, Uri.UriSchemeHttp, StringComparison.OrdinalIgnoreCase) == 0 || | ||
|  |                          string.Compare(protocol, Uri.UriSchemeHttps, StringComparison.OrdinalIgnoreCase) == 0) | ||
|  |                 { | ||
|  |                     // Special casing HTTPS. If HTTP is enabled, it means that | ||
|  |                     // both HTTP and HTTPS are enabled. | ||
|  |                     if (this.Bindings.ContainsKey(Uri.UriSchemeHttp)) | ||
|  |                     { | ||
|  |                         this.Protocols.Add(Uri.UriSchemeHttp); | ||
|  |                     } | ||
|  | 
 | ||
|  |                     if (this.Bindings.ContainsKey(Uri.UriSchemeHttps)) | ||
|  |                     { | ||
|  |                         this.Protocols.Add(Uri.UriSchemeHttps); | ||
|  |                     } | ||
|  |                 } | ||
|  |                 else if (this.Bindings.ContainsKey(protocol)) | ||
|  |                 { | ||
|  |                     // We only take the protocols that have bindings. | ||
|  |                     this.Protocols.Add(protocol); | ||
|  |                 } | ||
|  |             } | ||
|  |         } | ||
|  | 
 | ||
|  |         protected override HostedServiceTransportSettings CreateTransportSettings(string relativeVirtualPath) | ||
|  |         { | ||
|  |             Debug.Print("MetabaseSettingsIis7.CreateTransportSettings() calling ServerManager.GetWebConfiguration() virtualPath: " + relativeVirtualPath); | ||
|  | 
 | ||
|  |             string absolutePath = VirtualPathUtility.ToAbsolute(relativeVirtualPath, HostingEnvironment.ApplicationVirtualPath); | ||
|  | 
 | ||
|  |             HostedServiceTransportSettings transportSettings = new HostedServiceTransportSettings(); | ||
|  |             string siteName = HostingEnvironment.SiteName; | ||
|  | 
 | ||
|  |             ProcessAnonymousAuthentication(siteName, absolutePath, ref transportSettings); | ||
|  |             ProcessBasicAuthentication(siteName, absolutePath, ref transportSettings); | ||
|  |             ProcessWindowsAuthentication(siteName, absolutePath, ref transportSettings); | ||
|  |             ProcessDigestAuthentication(siteName, absolutePath, ref transportSettings); | ||
|  |             ProcessSecurityAccess(siteName, absolutePath, ref transportSettings); | ||
|  | 
 | ||
|  |             return transportSettings; | ||
|  |         } | ||
|  | 
 | ||
|  |         void ProcessAnonymousAuthentication(string siteName, string virtualPath, ref HostedServiceTransportSettings transportSettings) | ||
|  |         { | ||
|  |             ConfigurationSection section = WebConfigurationManagerWrapper.WebConfigGetSection(siteName, virtualPath, MetabaseSettingsIis7Constants.AnonymousAuthenticationSectionName); | ||
|  | 
 | ||
|  |             if ((section != null) && | ||
|  |                 ((bool)WebConfigurationManagerWrapper.GetValue(section, MetabaseSettingsIis7Constants.EnabledAttributeName)) | ||
|  |                 ) | ||
|  |             { | ||
|  |                 transportSettings.AuthFlags = transportSettings.AuthFlags | AuthFlags.AuthAnonymous; | ||
|  |             } | ||
|  |         } | ||
|  | 
 | ||
|  |         void ProcessBasicAuthentication(string siteName, string virtualPath, ref HostedServiceTransportSettings transportSettings) | ||
|  |         { | ||
|  |             ConfigurationSection section = WebConfigurationManagerWrapper.WebConfigGetSection(siteName, virtualPath, MetabaseSettingsIis7Constants.BasicAuthenticationSectionName); | ||
|  | 
 | ||
|  |             if ((section != null) && | ||
|  |                 ((bool)WebConfigurationManagerWrapper.GetValue(section, MetabaseSettingsIis7Constants.EnabledAttributeName)) | ||
|  |                 ) | ||
|  |             { | ||
|  |                 transportSettings.AuthFlags = transportSettings.AuthFlags | AuthFlags.AuthBasic; | ||
|  |                 transportSettings.Realm = (string)section.GetAttribute(MetabaseSettingsIis7Constants.RealmAttributeName).Value; | ||
|  |             } | ||
|  |         } | ||
|  | 
 | ||
|  |         void ProcessWindowsAuthentication(string siteName, string virtualPath, ref HostedServiceTransportSettings transportSettings) | ||
|  |         { | ||
|  |             ConfigurationSection section = WebConfigurationManagerWrapper.WebConfigGetSection(siteName, virtualPath, MetabaseSettingsIis7Constants.WindowsAuthenticationSectionName); | ||
|  | 
 | ||
|  |             if ((section != null) && | ||
|  |                 ((bool)WebConfigurationManagerWrapper.GetValue(section, MetabaseSettingsIis7Constants.EnabledAttributeName)) | ||
|  |                 ) | ||
|  |             { | ||
|  |                 transportSettings.AuthFlags = transportSettings.AuthFlags | AuthFlags.AuthNTLM; | ||
|  | 
 | ||
|  |                 List<string> providerList = WebConfigurationManagerWrapper.GetProviderList(section); | ||
|  | 
 | ||
|  |                 if (providerList.Count != 0) | ||
|  |                 { | ||
|  |                     transportSettings.AuthProviders = providerList.ToArray(); | ||
|  |                 } | ||
|  | 
 | ||
|  |                 // Check the CBT configuration | ||
|  |                 try | ||
|  |                 { | ||
|  |                     ConfigurationElement element = section.GetChildElement(MetabaseSettingsIis7Constants.ExtendedProtectionElementName); | ||
|  |                     if (element != null) | ||
|  |                     { | ||
|  |                         ExtendedProtectionTokenChecking tokenChecking; | ||
|  |                         ExtendedProtectionFlags flags; | ||
|  |                         List<string> spnList; | ||
|  |                         WebConfigurationManagerWrapper.ReadIisExtendedProtectionPolicy(element, out tokenChecking, out flags, out spnList); | ||
|  |                         transportSettings.IisExtendedProtectionPolicy = BuildExtendedProtectionPolicy(tokenChecking, flags, spnList); | ||
|  |                     } | ||
|  |                 } | ||
|  |                 catch (COMException e) | ||
|  |                 { | ||
|  |                     // hit this exception only when IIS does not support CBT | ||
|  |                     // safe for us to igore this COMException so that services not using CBT still can be activated | ||
|  |                     // if a service does use CBT in binding, channel listener will catch it when comparing IIS setting against WCF (on CBT) and throw exception  | ||
|  |                     if (DiagnosticUtility.ShouldTraceWarning) | ||
|  |                     { | ||
|  |                         TraceUtility.TraceEvent(TraceEventType.Warning, TraceCode.WebHostNoCBTSupport, | ||
|  |                             SR.TraceCodeWebHostNoCBTSupport, this, e); | ||
|  |                     } | ||
|  |                 } | ||
|  |             } | ||
|  |         } | ||
|  | 
 | ||
|  |         void ProcessDigestAuthentication(string siteName, string virtualPath, ref HostedServiceTransportSettings transportSettings) | ||
|  |         { | ||
|  |             ConfigurationSection section = WebConfigurationManagerWrapper.WebConfigGetSection(siteName, virtualPath, MetabaseSettingsIis7Constants.DigestAuthenticationSectionName); | ||
|  | 
 | ||
|  |             if ((section != null) && | ||
|  |                 ((bool)WebConfigurationManagerWrapper.GetValue(section, MetabaseSettingsIis7Constants.EnabledAttributeName)) | ||
|  |                 ) | ||
|  |             { | ||
|  |                 transportSettings.AuthFlags = transportSettings.AuthFlags | AuthFlags.AuthMD5; | ||
|  |             } | ||
|  |         } | ||
|  | 
 | ||
|  |         void ProcessSecurityAccess(string siteName, string virtualPath, ref HostedServiceTransportSettings transportSettings) | ||
|  |         { | ||
|  |             ConfigurationSection section = WebConfigurationManagerWrapper.WebConfigGetSection(siteName, virtualPath, MetabaseSettingsIis7Constants.SecurityAccessSectionName); | ||
|  | 
 | ||
|  |             // Check SSL Flags. | ||
|  |             if (section != null) | ||
|  |             { | ||
|  |                 int sslFlags = (int)WebConfigurationManagerWrapper.GetValue(section, MetabaseSettingsIis7Constants.SslFlagsAttributeName); | ||
|  |                 transportSettings.AccessSslFlags = (HttpAccessSslFlags)sslFlags; | ||
|  | 
 | ||
|  |                 // Clear SslMapCert field, which should not contain any useful data now. | ||
|  |                 transportSettings.AccessSslFlags &= ~(HttpAccessSslFlags.SslMapCert); | ||
|  |             } | ||
|  | 
 | ||
|  |             // Check whether IIS client certificate mapping is enabled. | ||
|  |             section = WebConfigurationManagerWrapper.WebConfigGetSection(siteName, virtualPath, MetabaseSettingsIis7Constants.IisClientCertMapAuthenticationName); | ||
|  |             if ((section != null) && | ||
|  |                ((bool)WebConfigurationManagerWrapper.GetValue(section, MetabaseSettingsIis7Constants.EnabledAttributeName)) | ||
|  |                 ) | ||
|  |             { | ||
|  |                 transportSettings.AccessSslFlags |= HttpAccessSslFlags.SslMapCert; | ||
|  |             } | ||
|  |             else | ||
|  |             { | ||
|  |                 // Check whether Active Directory client certification mapping is enabled. | ||
|  |                 section = WebConfigurationManagerWrapper.WebConfigGetSection(siteName, virtualPath, MetabaseSettingsIis7Constants.ClientCertMapAuthenticationName); | ||
|  |                 if ((section != null) && | ||
|  |                    ((bool)WebConfigurationManagerWrapper.GetValue(section, MetabaseSettingsIis7Constants.EnabledAttributeName)) | ||
|  |                     ) | ||
|  |                 { | ||
|  |                     transportSettings.AccessSslFlags |= HttpAccessSslFlags.SslMapCert; | ||
|  |                 } | ||
|  |             } | ||
|  |         } | ||
|  | 
 | ||
|  |         protected override IEnumerable<string> GetSiteApplicationPaths() | ||
|  |         { | ||
|  |             ConfigurationElement site = WebConfigurationManagerWrapper.GetSite(HostingEnvironment.SiteName); | ||
|  |             return WebConfigurationManagerWrapper.GetApplicationPaths(site); | ||
|  |         } | ||
|  | 
 | ||
|  |         [PermissionSet(SecurityAction.Assert, Unrestricted = true)] | ||
|  |         static class WebConfigurationManagerWrapper | ||
|  |         { | ||
|  |             // Helper Method to get a site configuration | ||
|  |             [SuppressMessage(FxCop.Category.Performance, FxCop.Rule.AvoidUncalledPrivateCode, | ||
|  |                 Justification = "Called by MetabaseSettingsIis7V2.PopulateSiteProperties")] | ||
|  |             static internal ConfigurationElement GetSite(string siteName) | ||
|  |             { | ||
|  |                 ConfigurationSection sitesSection = WebConfigGetSection(null, null, MetabaseSettingsIis7Constants.SitesSectionName); | ||
|  |                 ConfigurationElementCollection sitesCollection = sitesSection.GetCollection(); | ||
|  | 
 | ||
|  |                 return FindElement(sitesCollection, MetabaseSettingsIis7Constants.NameAttributeName, siteName); | ||
|  |             } | ||
|  | 
 | ||
|  |             // Helper method to find element based on an string attribute. | ||
|  |             [SuppressMessage(FxCop.Category.Performance, FxCop.Rule.AvoidUncalledPrivateCode, | ||
|  |                 Justification = "Called by GetSite")] | ||
|  |             static internal ConfigurationElement FindElement(ConfigurationElementCollection collection, string attributeName, string value) | ||
|  |             { | ||
|  |                 foreach (ConfigurationElement element in collection) | ||
|  |                 { | ||
|  |                     if (String.Equals((string)element[attributeName], value, StringComparison.OrdinalIgnoreCase)) | ||
|  |                     { | ||
|  |                         return element; | ||
|  |                     } | ||
|  |                 } | ||
|  | 
 | ||
|  |                 return null; | ||
|  |             } | ||
|  | 
 | ||
|  |             static internal ConfigurationSection WebConfigGetSection(string siteName, string virtualPath, string sectionName) | ||
|  |             { | ||
|  |                 return (ConfigurationSection)GetSectionMethod.Invoke(null, new object[] { siteName, virtualPath, sectionName }); | ||
|  |             } | ||
|  | 
 | ||
|  |             static internal object GetValue(ConfigurationSection section, string name) | ||
|  |             { | ||
|  |                 return section[name]; | ||
|  |             } | ||
|  | 
 | ||
|  |             [SuppressMessage(FxCop.Category.Performance, FxCop.Rule.AvoidUncalledPrivateCode, | ||
|  |                 Justification = "Called by MetabaseSettingsIis7V2.PopulateSiteProperties")] | ||
|  |             static internal IDictionary<string, List<string>> GetProtocolBindingTable(ConfigurationElement site) | ||
|  |             { | ||
|  |                 IDictionary<string, List<string>> bindingList = new Dictionary<string, List<string>>(); | ||
|  |                 foreach (ConfigurationElement binding in site.GetCollection(MetabaseSettingsIis7Constants.BindingsElementName)) | ||
|  |                 { | ||
|  |                     string protocol = ((string)binding[MetabaseSettingsIis7Constants.ProtocolAttributeName]).ToLowerInvariant(); | ||
|  |                     string bindingInformation = (string)binding[MetabaseSettingsIis7Constants.BindingInfoAttributeName]; | ||
|  |                     Debug.Print("MetabaseSettingsIis7V2.ctor() adding Protocol: " + protocol + " BindingInformation: " + bindingInformation); | ||
|  | 
 | ||
|  |                     if (!bindingList.ContainsKey(protocol)) | ||
|  |                     { | ||
|  |                         bindingList.Add(protocol, new List<string>()); | ||
|  |                     } | ||
|  |                     bindingList[protocol].Add(bindingInformation); | ||
|  |                 } | ||
|  |                 return bindingList; | ||
|  |             } | ||
|  | 
 | ||
|  |             [SuppressMessage(FxCop.Category.Performance, FxCop.Rule.AvoidUncalledPrivateCode, | ||
|  |                 Justification = "Called by MetabaseSettingsIis7V2.PopulateSiteProperties")] | ||
|  |             static internal string GetEnabledProtocols(ConfigurationElement site) | ||
|  |             { | ||
|  |                 ConfigurationElement application = FindElement( | ||
|  |                     site.GetCollection(), | ||
|  |                     MetabaseSettingsIis7Constants.PathAttributeName, | ||
|  |                     HostingEnvironment.ApplicationVirtualPath | ||
|  |                     ); | ||
|  |                 DiagnosticUtility.DebugAssert(application != null, "Unable to find application."); | ||
|  | 
 | ||
|  |                 return (string)application[MetabaseSettingsIis7Constants.EnabledProtocolsAttributeName]; | ||
|  |             } | ||
|  | 
 | ||
|  |             static internal List<string> GetProviderList(ConfigurationElement section) | ||
|  |             { | ||
|  |                 List<string> providerList = new List<string>(); | ||
|  |                 foreach (ConfigurationElement element in section.GetCollection(MetabaseSettingsIis7Constants.ProviderElementName)) | ||
|  |                 { | ||
|  |                     providerList.Add((string)element[MetabaseSettingsIis7Constants.ValueAttributeName]); | ||
|  |                 } | ||
|  |                 return providerList; | ||
|  |             } | ||
|  | 
 | ||
|  |             // translate IIS setting on extended protection to NCL object | ||
|  |             static internal void ReadIisExtendedProtectionPolicy(ConfigurationElement element, out ExtendedProtectionTokenChecking tokenChecking, | ||
|  |                 out ExtendedProtectionFlags flags, out List<string> spnList) | ||
|  |             { | ||
|  |                 tokenChecking = (ExtendedProtectionTokenChecking)element.GetAttributeValue(MetabaseSettingsIis7Constants.TokenCheckingAttributeName); | ||
|  |                 flags = (ExtendedProtectionFlags)element.GetAttributeValue(MetabaseSettingsIis7Constants.FlagsAttributeName); | ||
|  |                 spnList = new List<string>(); | ||
|  |                 foreach (ConfigurationElement configElement in element.GetCollection()) | ||
|  |                 { | ||
|  |                     spnList.Add((string)configElement[MetabaseSettingsIis7Constants.NameAttributeName]); | ||
|  |                 } | ||
|  |             } | ||
|  | 
 | ||
|  |             static internal IEnumerable<string> GetApplicationPaths(ConfigurationElement site) | ||
|  |             { | ||
|  |                 List<string> appPaths = new List<string>(); | ||
|  |                 ConfigurationElementCollection applications = site.GetCollection(); | ||
|  |                 foreach (ConfigurationElement application in applications) | ||
|  |                 { | ||
|  |                     string appPath = (string)application["path"]; | ||
|  |                     appPaths.Add(appPath); | ||
|  |                 } | ||
|  |                 return appPaths; | ||
|  |             } | ||
|  | 
 | ||
|  |         } | ||
|  |     } | ||
|  | 
 | ||
|  |     // Note: There is a dependency on this class name and CreateMetabaseSettings  | ||
|  |     // method name from System.ServiceModel.dll | ||
|  |     [SuppressMessage(FxCop.Category.Performance, FxCop.Rule.AvoidUninstantiatedInternalClasses, | ||
|  |                 Justification = "Instantiated by System.ServiceModel")] | ||
|  |     internal class MetabaseSettingsIis7Factory | ||
|  |     { | ||
|  |         internal static MetabaseSettings CreateMetabaseSettings() | ||
|  |         { | ||
|  |             MethodInfo method = MetabaseSettingsIis7V2.GetSectionMethod; | ||
|  |             if (method != null) | ||
|  |             { | ||
|  |                 return new MetabaseSettingsIis7V2(); | ||
|  |             } | ||
|  | 
 | ||
|  |             return new MetabaseSettingsIis7(); | ||
|  |         } | ||
|  |     } | ||
|  | } |