//------------------------------------------------------------ // Copyright (c) Microsoft Corporation. All rights reserved. //------------------------------------------------------------ namespace System.ServiceModel { using System; using System.Text; using System.Collections.Generic; using System.Collections.ObjectModel; using System.ComponentModel; using System.Configuration; using System.Globalization; using System.Net; using System.Net.Security; using System.Runtime.Serialization; using System.Security.Principal; using System.ServiceModel.Channels; using System.ServiceModel.Configuration; using System.ServiceModel.Security; using System.Xml; public class WSHttpBinding : WSHttpBindingBase { static readonly MessageSecurityVersion WSMessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10; WSHttpSecurity security = new WSHttpSecurity(); public WSHttpBinding(string configName) : this() { ApplyConfiguration(configName); } public WSHttpBinding() : base() { } public WSHttpBinding(SecurityMode securityMode) : this(securityMode, false) { } public WSHttpBinding(SecurityMode securityMode, bool reliableSessionEnabled) : base(reliableSessionEnabled) { security.Mode = securityMode; } internal WSHttpBinding(WSHttpSecurity security, bool reliableSessionEnabled) : base(reliableSessionEnabled) { this.security = security == null ? new WSHttpSecurity() : security; } [DefaultValue(HttpTransportDefaults.AllowCookies)] public bool AllowCookies { get { return HttpTransport.AllowCookies; } set { HttpTransport.AllowCookies = value; HttpsTransport.AllowCookies = value; } } public WSHttpSecurity Security { get { return this.security; } set { if (value == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("value")); } this.security = value; } } void ApplyConfiguration(string configurationName) { WSHttpBindingCollectionElement section = WSHttpBindingCollectionElement.GetBindingCollectionElement(); WSHttpBindingElement element = section.Bindings[configurationName]; if (element == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ConfigurationErrorsException( SR.GetString(SR.ConfigInvalidBindingConfigurationName, configurationName, ConfigurationStrings.WSHttpBindingCollectionElementName))); } else { element.ApplyConfiguration(this); } } public override IChannelFactory BuildChannelFactory(BindingParameterCollection parameters) { if ((security.Mode == SecurityMode.Transport) && security.Transport.ClientCredentialType == HttpClientCredentialType.InheritedFromHost) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.HttpClientCredentialTypeInvalid, security.Transport.ClientCredentialType))); } return base.BuildChannelFactory(parameters); } public override BindingElementCollection CreateBindingElements() { if (ReliableSession.Enabled) { if (this.security.Mode == SecurityMode.Transport) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.WSHttpDoesNotSupportRMWithHttps))); } return base.CreateBindingElements(); } // if you make changes here, see also WS2007HttpBinding.TryCreate() internal static bool TryCreate(SecurityBindingElement sbe, TransportBindingElement transport, ReliableSessionBindingElement rsbe, TransactionFlowBindingElement tfbe, out Binding binding) { bool isReliableSession = (rsbe != null); binding = null; // reverse GetTransport HttpTransportSecurity transportSecurity = WSHttpSecurity.GetDefaultHttpTransportSecurity(); UnifiedSecurityMode mode; if (!GetSecurityModeFromTransport(transport, transportSecurity, out mode)) { return false; } HttpsTransportBindingElement httpsBinding = transport as HttpsTransportBindingElement; if (httpsBinding != null && httpsBinding.MessageSecurityVersion != null) { if (httpsBinding.MessageSecurityVersion.SecurityPolicyVersion != WSMessageSecurityVersion.SecurityPolicyVersion) { return false; } } WSHttpSecurity security; if (TryCreateSecurity(sbe, mode, transportSecurity, isReliableSession, out security)) { WSHttpBinding wsHttpBinding = new WSHttpBinding(security, isReliableSession); bool allowCookies; if (!TryGetAllowCookiesFromTransport(transport, out allowCookies)) { return false; } wsHttpBinding.AllowCookies = allowCookies; binding = wsHttpBinding; } if (rsbe != null && rsbe.ReliableMessagingVersion != ReliableMessagingVersion.WSReliableMessagingFebruary2005) { return false; } if (tfbe != null && tfbe.TransactionProtocol != TransactionProtocol.WSAtomicTransactionOctober2004) { return false; } return binding != null; } protected override TransportBindingElement GetTransport() { if (security.Mode == SecurityMode.None || security.Mode == SecurityMode.Message) { this.HttpTransport.ExtendedProtectionPolicy = security.Transport.ExtendedProtectionPolicy; return this.HttpTransport; } else { security.ApplyTransportSecurity(this.HttpsTransport); return this.HttpsTransport; } } internal static bool GetSecurityModeFromTransport(TransportBindingElement transport, HttpTransportSecurity transportSecurity, out UnifiedSecurityMode mode) { mode = UnifiedSecurityMode.None; if (transport is HttpsTransportBindingElement) { mode = UnifiedSecurityMode.Transport | UnifiedSecurityMode.TransportWithMessageCredential; WSHttpSecurity.ApplyTransportSecurity((HttpsTransportBindingElement)transport, transportSecurity); } else if (transport is HttpTransportBindingElement) { mode = UnifiedSecurityMode.None | UnifiedSecurityMode.Message; } else { return false; } return true; } internal static bool TryGetAllowCookiesFromTransport(TransportBindingElement transport, out bool allowCookies) { HttpTransportBindingElement httpTransportBindingElement = transport as HttpTransportBindingElement; if (httpTransportBindingElement == null) { allowCookies = false; return false; } else { allowCookies = httpTransportBindingElement.AllowCookies; return true; } } protected override SecurityBindingElement CreateMessageSecurity() { return security.CreateMessageSecurity(this.ReliableSession.Enabled, WSMessageSecurityVersion); } // if you make changes here, see also WS2007HttpBinding.TryCreateSecurity() static bool TryCreateSecurity(SecurityBindingElement sbe, UnifiedSecurityMode mode, HttpTransportSecurity transportSecurity, bool isReliableSession, out WSHttpSecurity security) { if (!WSHttpSecurity.TryCreate(sbe, mode, transportSecurity, isReliableSession, out security)) return false; // the last check: make sure that security binding element match the incoming security return SecurityElement.AreBindingsMatching(security.CreateMessageSecurity(isReliableSession, WSMessageSecurityVersion), sbe); } [EditorBrowsable(EditorBrowsableState.Never)] public bool ShouldSerializeSecurity() { return this.Security.InternalShouldSerialize(); } } }