//----------------------------------------------------------------------------- // Copyright (c) Microsoft Corporation. All rights reserved. //----------------------------------------------------------------------------- namespace System.ServiceModel.ComIntegration { using System; using System.IdentityModel.Claims; using System.IdentityModel.Policy; using System.Security.Permissions; using System.Security.Principal; using System.ServiceModel; using System.ServiceModel.Channels; using System.ServiceModel.Security; using System.Transactions; using System.ServiceModel.Transactions; using System.ServiceModel.Diagnostics; using System.EnterpriseServices; static class MessageUtil { public static WindowsIdentity GetMessageIdentity(Message message) { WindowsIdentity callerIdentity = null; SecurityMessageProperty securityProp; securityProp = message.Properties.Security; if (securityProp != null) { ServiceSecurityContext context; context = securityProp.ServiceSecurityContext; if (context != null) { if (context.WindowsIdentity == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(Error.RequiresWindowsSecurity()); } callerIdentity = context.WindowsIdentity; } } if ((callerIdentity == null) || (callerIdentity.IsAnonymous)) { // No security, no identity, must be anonymous. callerIdentity = SecurityUtils.GetAnonymousIdentity(); } return callerIdentity; } // The demand is not added now (in 4.5), to avoid a breaking change. To be considered in the next version. /* [PermissionSet(SecurityAction.Demand, Unrestricted = true)] // because we call code from a non-APTCA assembly; transactions are not supported in partial trust, so customers should not be broken by this demand */ public static Transaction GetMessageTransaction(Message message) { ServiceConfig serviceConfig = new ServiceConfig(); serviceConfig.Transaction = TransactionOption.Disabled; ServiceDomain.Enter( serviceConfig ); try { return TransactionMessageProperty.TryGetTransaction(message); } finally { ServiceDomain.Leave(); } } } }