1 //------------------------------------------------------------ 2 // Copyright (c) Microsoft Corporation. All rights reserved. 3 //------------------------------------------------------------ 4 5 namespace System.ServiceModel.Diagnostics 6 { 7 using System; 8 using System.Diagnostics; 9 using System.Globalization; 10 using System.IdentityModel.Claims; 11 using System.IdentityModel.Policy; 12 using System.IdentityModel.Selectors; 13 using System.IdentityModel.Tokens; 14 using System.Runtime.Diagnostics; 15 using System.ServiceModel.Channels; 16 using System.ServiceModel.Diagnostics.Application; 17 using System.ServiceModel.Dispatcher; 18 using System.ServiceModel.Security; 19 using System.ServiceModel.Security.Tokens; 20 using System.Xml; 21 22 class SecurityTraceRecord : TraceRecord 23 { 24 String traceName; SecurityTraceRecord(String traceName)25 internal SecurityTraceRecord(String traceName) 26 { 27 if (String.IsNullOrEmpty(traceName)) 28 this.traceName = "Empty"; 29 else 30 this.traceName = traceName; 31 } 32 33 internal override string EventId { get { return BuildEventId(traceName); } } 34 } 35 36 internal static class SecurityTraceRecordHelper 37 { 38 internal static void TraceRemovedCachedServiceToken<T>(IssuanceTokenProviderBase<T> provider, SecurityToken serviceToken) 39 where T : IssuanceTokenProviderState 40 { 41 if (DiagnosticUtility.ShouldTraceInformation) 42 { 43 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.IssuanceTokenProviderRemovedCachedToken, SR.GetString(SR.TraceCodeIssuanceTokenProviderRemovedCachedToken), new IssuanceProviderTraceRecord<T>(provider, serviceToken)); 44 } 45 } 46 47 internal static void TraceUsingCachedServiceToken<T>(IssuanceTokenProviderBase<T> provider, SecurityToken serviceToken, EndpointAddress target) 48 where T : IssuanceTokenProviderState 49 { 50 if (DiagnosticUtility.ShouldTraceInformation) 51 { 52 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.IssuanceTokenProviderUsingCachedToken, SR.GetString(SR.TraceCodeIssuanceTokenProviderUsingCachedToken), new IssuanceProviderTraceRecord<T>(provider, serviceToken, target)); 53 } 54 } 55 56 internal static void TraceBeginSecurityNegotiation<T>(IssuanceTokenProviderBase<T> provider, EndpointAddress target) 57 where T : IssuanceTokenProviderState 58 { 59 60 if (TD.SecurityNegotiationStartIsEnabled()) 61 { 62 TD.SecurityNegotiationStart(provider.EventTraceActivity); 63 } 64 65 if (DiagnosticUtility.ShouldTraceInformation) 66 { 67 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.IssuanceTokenProviderBeginSecurityNegotiation, SR.GetString(SR.TraceCodeIssuanceTokenProviderBeginSecurityNegotiation), new IssuanceProviderTraceRecord<T>(provider, target)); 68 } 69 } 70 71 internal static void TraceEndSecurityNegotiation<T>(IssuanceTokenProviderBase<T> provider, SecurityToken serviceToken, EndpointAddress target) 72 where T : IssuanceTokenProviderState 73 { 74 if (TD.SecurityNegotiationStopIsEnabled()) 75 { 76 TD.SecurityNegotiationStop(provider.EventTraceActivity); 77 } 78 79 if (DiagnosticUtility.ShouldTraceInformation) 80 { 81 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.IssuanceTokenProviderEndSecurityNegotiation, SR.GetString(SR.TraceCodeIssuanceTokenProviderEndSecurityNegotiation), new IssuanceProviderTraceRecord<T>(provider, serviceToken, target)); 82 } 83 } 84 85 internal static void TraceRedirectApplied<T>(IssuanceTokenProviderBase<T> provider, EndpointAddress newTarget, EndpointAddress oldTarget) 86 where T : IssuanceTokenProviderState 87 { 88 if (DiagnosticUtility.ShouldTraceInformation) 89 { 90 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.IssuanceTokenProviderRedirectApplied, SR.GetString(SR.TraceCodeIssuanceTokenProviderRedirectApplied), new IssuanceProviderTraceRecord<T>(provider, newTarget, oldTarget)); 91 } 92 } 93 94 internal static void TraceClientServiceTokenCacheFull<T>(IssuanceTokenProviderBase<T> provider, int cacheSize) 95 where T : IssuanceTokenProviderState 96 { 97 if (DiagnosticUtility.ShouldTraceInformation) 98 { 99 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.IssuanceTokenProviderServiceTokenCacheFull, SR.GetString(SR.TraceCodeIssuanceTokenProviderServiceTokenCacheFull), new IssuanceProviderTraceRecord<T>(provider, cacheSize)); 100 } 101 } 102 TraceClientSpnego(WindowsSspiNegotiation windowsNegotiation)103 internal static void TraceClientSpnego(WindowsSspiNegotiation windowsNegotiation) 104 { 105 if (DiagnosticUtility.ShouldTraceInformation) 106 { 107 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.SpnegoClientNegotiationCompleted, SR.GetString(SR.TraceCodeSpnegoClientNegotiationCompleted), new WindowsSspiNegotiationTraceRecord(windowsNegotiation)); 108 } 109 } 110 TraceServiceSpnego(WindowsSspiNegotiation windowsNegotiation)111 internal static void TraceServiceSpnego(WindowsSspiNegotiation windowsNegotiation) 112 { 113 if (DiagnosticUtility.ShouldTraceInformation) 114 { 115 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.SpnegoServiceNegotiationCompleted, SR.GetString(SR.TraceCodeSpnegoServiceNegotiationCompleted), new WindowsSspiNegotiationTraceRecord(windowsNegotiation)); 116 } 117 } 118 TraceClientOutgoingSpnego(WindowsSspiNegotiation windowsNegotiation)119 internal static void TraceClientOutgoingSpnego(WindowsSspiNegotiation windowsNegotiation) 120 { 121 if (DiagnosticUtility.ShouldTraceInformation) 122 { 123 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.SpnegoClientNegotiation, SR.GetString(SR.TraceCodeSpnegoClientNegotiation), new WindowsSspiNegotiationTraceRecord(windowsNegotiation)); 124 } 125 } 126 TraceServiceOutgoingSpnego(WindowsSspiNegotiation windowsNegotiation)127 internal static void TraceServiceOutgoingSpnego(WindowsSspiNegotiation windowsNegotiation) 128 { 129 if (DiagnosticUtility.ShouldTraceInformation) 130 { 131 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.SpnegoServiceNegotiation, SR.GetString(SR.TraceCodeSpnegoServiceNegotiation), new WindowsSspiNegotiationTraceRecord(windowsNegotiation)); 132 } 133 } 134 135 internal static void TraceNegotiationTokenAuthenticatorAttached<T>(NegotiationTokenAuthenticator<T> authenticator, IChannelListener transportChannelListener) 136 where T : NegotiationTokenAuthenticatorState 137 { 138 if (DiagnosticUtility.ShouldTraceInformation) 139 { 140 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.NegotiationAuthenticatorAttached, SR.GetString(SR.TraceCodeNegotiationAuthenticatorAttached), new NegotiationAuthenticatorTraceRecord<T>(authenticator, transportChannelListener)); 141 } 142 } 143 144 internal static void TraceServiceSecurityNegotiationCompleted<T>(Message message, NegotiationTokenAuthenticator<T> authenticator, SecurityContextSecurityToken serviceToken) 145 where T : NegotiationTokenAuthenticatorState 146 { 147 if (DiagnosticUtility.ShouldTraceInformation) 148 { 149 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.ServiceSecurityNegotiationCompleted, SR.GetString(SR.TraceCodeServiceSecurityNegotiationCompleted), 150 new NegotiationAuthenticatorTraceRecord<T>(authenticator, serviceToken)); 151 } 152 153 if (TD.ServiceSecurityNegotiationCompletedIsEnabled()) 154 { 155 EventTraceActivity activity = EventTraceActivityHelper.TryExtractActivity(message); 156 TD.ServiceSecurityNegotiationCompleted(activity); 157 } 158 } 159 160 internal static void TraceServiceSecurityNegotiationFailure<T>(EventTraceActivity eventTraceActivity, NegotiationTokenAuthenticator<T> authenticator, Exception e) 161 where T : NegotiationTokenAuthenticatorState 162 { 163 if (DiagnosticUtility.ShouldTraceWarning) 164 { 165 TraceUtility.TraceEvent(TraceEventType.Warning, TraceCode.SecurityNegotiationProcessingFailure, SR.GetString(SR.TraceCodeSecurityNegotiationProcessingFailure), new NegotiationAuthenticatorTraceRecord<T>(authenticator, e)); 166 } 167 168 if (TD.SecurityNegotiationProcessingFailureIsEnabled()) 169 { 170 TD.SecurityNegotiationProcessingFailure(eventTraceActivity); 171 } 172 } 173 174 TraceSecurityContextTokenCacheFull(int capacity, int pruningAmount)175 internal static void TraceSecurityContextTokenCacheFull(int capacity, int pruningAmount) 176 { 177 if (DiagnosticUtility.ShouldTraceInformation) 178 { 179 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.SecurityContextTokenCacheFull, SR.GetString(SR.TraceCodeSecurityContextTokenCacheFull), 180 new SecurityContextTokenCacheTraceRecord(capacity, pruningAmount)); 181 } 182 } 183 TraceIdentityVerificationSuccess(EventTraceActivity eventTraceActivity, EndpointIdentity identity, Claim claim, Type identityVerifier)184 internal static void TraceIdentityVerificationSuccess(EventTraceActivity eventTraceActivity, EndpointIdentity identity, Claim claim, Type identityVerifier) 185 { 186 if (DiagnosticUtility.ShouldTraceInformation) 187 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.SecurityIdentityVerificationSuccess, SR.GetString(SR.TraceCodeSecurityIdentityVerificationSuccess), new IdentityVerificationSuccessTraceRecord(identity, claim, identityVerifier)); 188 189 if (TD.SecurityIdentityVerificationSuccessIsEnabled()) 190 { 191 TD.SecurityIdentityVerificationSuccess(eventTraceActivity); 192 } 193 } 194 TraceIdentityVerificationFailure(EndpointIdentity identity, AuthorizationContext authContext, Type identityVerifier)195 internal static void TraceIdentityVerificationFailure(EndpointIdentity identity, AuthorizationContext authContext, Type identityVerifier) 196 { 197 if (DiagnosticUtility.ShouldTraceInformation) 198 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.SecurityIdentityVerificationFailure, SR.GetString(SR.TraceCodeSecurityIdentityVerificationFailure), new IdentityVerificationFailureTraceRecord(identity, authContext, identityVerifier)); 199 } 200 TraceIdentityDeterminationSuccess(EndpointAddress epr, EndpointIdentity identity, Type identityVerifier)201 internal static void TraceIdentityDeterminationSuccess(EndpointAddress epr, EndpointIdentity identity, Type identityVerifier) 202 { 203 if (DiagnosticUtility.ShouldTraceInformation) 204 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.SecurityIdentityDeterminationSuccess, SR.GetString(SR.TraceCodeSecurityIdentityDeterminationSuccess), new IdentityDeterminationSuccessTraceRecord(epr, identity, identityVerifier)); 205 } 206 TraceIdentityDeterminationFailure(EndpointAddress epr, Type identityVerifier)207 internal static void TraceIdentityDeterminationFailure(EndpointAddress epr, Type identityVerifier) 208 { 209 if (DiagnosticUtility.ShouldTraceInformation) 210 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.SecurityIdentityDeterminationFailure, SR.GetString(SR.TraceCodeSecurityIdentityDeterminationFailure), new IdentityDeterminationFailureTraceRecord(epr, identityVerifier)); 211 } 212 TraceIdentityHostNameNormalizationFailure(EndpointAddress epr, Type identityVerifier, Exception e)213 internal static void TraceIdentityHostNameNormalizationFailure(EndpointAddress epr, Type identityVerifier, Exception e) 214 { 215 if (DiagnosticUtility.ShouldTraceInformation) 216 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.SecurityIdentityHostNameNormalizationFailure, SR.GetString(SR.TraceCodeSecurityIdentityHostNameNormalizationFailure), new IdentityHostNameNormalizationFailureTraceRecord(epr, identityVerifier, e)); 217 } 218 TraceExportChannelBindingEntry()219 internal static void TraceExportChannelBindingEntry() 220 { 221 if (DiagnosticUtility.ShouldTraceInformation) 222 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.ExportSecurityChannelBindingEntry, SR.GetString(SR.TraceCodeExportSecurityChannelBindingEntry), (object)null); 223 } 224 TraceExportChannelBindingExit()225 internal static void TraceExportChannelBindingExit() 226 { 227 if (DiagnosticUtility.ShouldTraceInformation) 228 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.ExportSecurityChannelBindingExit, SR.GetString(SR.TraceCodeExportSecurityChannelBindingExit)); 229 } 230 TraceImportChannelBindingEntry()231 internal static void TraceImportChannelBindingEntry() 232 { 233 if (DiagnosticUtility.ShouldTraceInformation) 234 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.ImportSecurityChannelBindingEntry, SR.GetString(SR.TraceCodeImportSecurityChannelBindingEntry), (object)null); 235 } 236 TraceImportChannelBindingExit()237 internal static void TraceImportChannelBindingExit() 238 { 239 if (DiagnosticUtility.ShouldTraceInformation) 240 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.ImportSecurityChannelBindingExit, SR.GetString(SR.TraceCodeImportSecurityChannelBindingExit)); 241 } 242 TraceTokenProviderOpened(EventTraceActivity eventTraceActivity, SecurityTokenProvider provider)243 internal static void TraceTokenProviderOpened(EventTraceActivity eventTraceActivity, SecurityTokenProvider provider) 244 { 245 if (TD.SecurityTokenProviderOpenedIsEnabled()) 246 { 247 TD.SecurityTokenProviderOpened(eventTraceActivity); 248 } 249 250 if (DiagnosticUtility.ShouldTraceInformation) 251 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.SecurityTokenProviderOpened, SR.GetString(SR.TraceCodeSecurityTokenProviderOpened), new TokenProviderTraceRecord(provider)); 252 } 253 TraceTokenProviderClosed(SecurityTokenProvider provider)254 internal static void TraceTokenProviderClosed(SecurityTokenProvider provider) 255 { 256 if (DiagnosticUtility.ShouldTraceInformation) 257 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.SecurityTokenProviderClosed, SR.GetString(SR.TraceCodeSecurityTokenProviderClosed), new TokenProviderTraceRecord(provider)); 258 } 259 TraceTokenAuthenticatorOpened(SecurityTokenAuthenticator authenticator)260 internal static void TraceTokenAuthenticatorOpened(SecurityTokenAuthenticator authenticator) 261 { 262 if (DiagnosticUtility.ShouldTraceVerbose) 263 TraceUtility.TraceEvent(TraceEventType.Verbose, TraceCode.SecurityTokenAuthenticatorOpened, SR.GetString(SR.TraceCodeSecurityTokenAuthenticatorOpened), new TokenAuthenticatorTraceRecord(authenticator)); 264 } 265 TraceTokenAuthenticatorClosed(SecurityTokenAuthenticator authenticator)266 internal static void TraceTokenAuthenticatorClosed(SecurityTokenAuthenticator authenticator) 267 { 268 if (DiagnosticUtility.ShouldTraceInformation) 269 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.SecurityTokenAuthenticatorClosed, SR.GetString(SR.TraceCodeSecurityTokenAuthenticatorClosed), new TokenAuthenticatorTraceRecord(authenticator)); 270 } 271 TraceOutgoingMessageSecured(SecurityProtocol binding, Message message)272 internal static void TraceOutgoingMessageSecured(SecurityProtocol binding, Message message) 273 { 274 if (TD.OutgoingMessageSecuredIsEnabled()) 275 { 276 EventTraceActivity eventTraceActivity = EventTraceActivityHelper.TryExtractActivity(message); 277 TD.OutgoingMessageSecured(eventTraceActivity); 278 } 279 280 if (DiagnosticUtility.ShouldTraceInformation) 281 { 282 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.SecurityBindingOutgoingMessageSecured, 283 SR.GetString(SR.TraceCodeSecurityBindingOutgoingMessageSecured), new MessageSecurityTraceRecord(binding, message), null, null, message); 284 } 285 } 286 TraceIncomingMessageVerified(SecurityProtocol binding, Message message)287 internal static void TraceIncomingMessageVerified(SecurityProtocol binding, Message message) 288 { 289 if (TD.IncomingMessageVerifiedIsEnabled()) 290 { 291 EventTraceActivity eventTraceActivity = EventTraceActivityHelper.TryExtractActivity(message); 292 TD.IncomingMessageVerified(eventTraceActivity); 293 } 294 295 if (DiagnosticUtility.ShouldTraceInformation) 296 { 297 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.SecurityBindingIncomingMessageVerified, 298 SR.GetString(SR.TraceCodeSecurityBindingIncomingMessageVerified), new MessageSecurityTraceRecord(binding, message), null, null, message); 299 } 300 } 301 TraceSecureOutgoingMessageFailure(SecurityProtocol binding, Message message)302 internal static void TraceSecureOutgoingMessageFailure(SecurityProtocol binding, Message message) 303 { 304 if (DiagnosticUtility.ShouldTraceWarning) 305 { 306 TraceUtility.TraceEvent(TraceEventType.Warning, TraceCode.SecurityBindingSecureOutgoingMessageFailure, 307 SR.GetString(SR.TraceCodeSecurityBindingSecureOutgoingMessageFailure), new MessageSecurityTraceRecord(binding, message), null, null, message); 308 } 309 } 310 TraceVerifyIncomingMessageFailure(SecurityProtocol binding, Message message)311 internal static void TraceVerifyIncomingMessageFailure(SecurityProtocol binding, Message message) 312 { 313 if (DiagnosticUtility.ShouldTraceWarning) 314 { 315 TraceUtility.TraceEvent(TraceEventType.Warning, TraceCode.SecurityBindingVerifyIncomingMessageFailure, 316 SR.GetString(SR.TraceCodeSecurityBindingVerifyIncomingMessageFailure), new MessageSecurityTraceRecord(binding, message), null, null, message); 317 } 318 } 319 TraceSpnToSidMappingFailure(string spn, Exception e)320 internal static void TraceSpnToSidMappingFailure(string spn, Exception e) 321 { 322 if (DiagnosticUtility.ShouldTraceWarning) 323 TraceUtility.TraceEvent(TraceEventType.Warning, TraceCode.SecuritySpnToSidMappingFailure, SR.GetString(SR.TraceCodeSecuritySpnToSidMappingFailure), new SpnToSidMappingTraceRecord(spn, e)); 324 } 325 TraceSessionRedirectApplied(EndpointAddress previousTarget, EndpointAddress newTarget, GenericXmlSecurityToken sessionToken)326 internal static void TraceSessionRedirectApplied(EndpointAddress previousTarget, EndpointAddress newTarget, GenericXmlSecurityToken sessionToken) 327 { 328 if (DiagnosticUtility.ShouldTraceInformation) 329 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.SecuritySessionRedirectApplied, SR.GetString(SR.TraceCodeSecuritySessionRedirectApplied), new SessionRedirectAppliedTraceRecord(previousTarget, newTarget, sessionToken)); 330 } 331 TraceCloseMessageSent(SecurityToken sessionToken, EndpointAddress remoteTarget)332 internal static void TraceCloseMessageSent(SecurityToken sessionToken, EndpointAddress remoteTarget) 333 { 334 if (DiagnosticUtility.ShouldTraceInformation) 335 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.SecurityClientSessionCloseSent, SR.GetString(SR.TraceCodeSecurityClientSessionCloseSent), new ClientSessionTraceRecord(sessionToken, null, remoteTarget)); 336 } 337 TraceCloseResponseMessageSent(SecurityToken sessionToken, EndpointAddress remoteTarget)338 internal static void TraceCloseResponseMessageSent(SecurityToken sessionToken, EndpointAddress remoteTarget) 339 { 340 if (DiagnosticUtility.ShouldTraceInformation) 341 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.SecurityClientSessionCloseResponseSent, SR.GetString(SR.TraceCodeSecurityClientSessionCloseResponseSent), new ClientSessionTraceRecord(sessionToken, null, remoteTarget)); 342 } 343 TraceCloseMessageReceived(SecurityToken sessionToken, EndpointAddress remoteTarget)344 internal static void TraceCloseMessageReceived(SecurityToken sessionToken, EndpointAddress remoteTarget) 345 { 346 if (DiagnosticUtility.ShouldTraceInformation) 347 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.SecurityClientSessionCloseMessageReceived, SR.GetString(SR.TraceCodeSecurityClientSessionCloseMessageReceived), new ClientSessionTraceRecord(sessionToken, null, remoteTarget)); 348 } 349 TraceSessionKeyRenewalFault(SecurityToken sessionToken, EndpointAddress remoteTarget)350 internal static void TraceSessionKeyRenewalFault(SecurityToken sessionToken, EndpointAddress remoteTarget) 351 { 352 if (DiagnosticUtility.ShouldTraceWarning) 353 TraceUtility.TraceEvent(TraceEventType.Warning, TraceCode.SecuritySessionKeyRenewalFaultReceived, SR.GetString(SR.TraceCodeSecuritySessionKeyRenewalFaultReceived), new ClientSessionTraceRecord(sessionToken, null, remoteTarget)); 354 } 355 TraceRemoteSessionAbortedFault(SecurityToken sessionToken, EndpointAddress remoteTarget)356 internal static void TraceRemoteSessionAbortedFault(SecurityToken sessionToken, EndpointAddress remoteTarget) 357 { 358 if (DiagnosticUtility.ShouldTraceWarning) 359 TraceUtility.TraceEvent(TraceEventType.Warning, TraceCode.SecuritySessionAbortedFaultReceived, SR.GetString(SR.TraceCodeSecuritySessionAbortedFaultReceived), new ClientSessionTraceRecord(sessionToken, null, remoteTarget)); 360 } 361 TraceCloseResponseReceived(SecurityToken sessionToken, EndpointAddress remoteTarget)362 internal static void TraceCloseResponseReceived(SecurityToken sessionToken, EndpointAddress remoteTarget) 363 { 364 if (DiagnosticUtility.ShouldTraceInformation) 365 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.SecuritySessionClosedResponseReceived, SR.GetString(SR.TraceCodeSecuritySessionClosedResponseReceived), new ClientSessionTraceRecord(sessionToken, null, remoteTarget)); 366 } 367 TracePreviousSessionKeyDiscarded(SecurityToken previousSessionToken, SecurityToken currentSessionToken, EndpointAddress remoteAddress)368 internal static void TracePreviousSessionKeyDiscarded(SecurityToken previousSessionToken, SecurityToken currentSessionToken, EndpointAddress remoteAddress) 369 { 370 if (DiagnosticUtility.ShouldTraceInformation) 371 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.SecurityClientSessionPreviousKeyDiscarded, SR.GetString(SR.TraceCodeSecurityClientSessionPreviousKeyDiscarded), new ClientSessionTraceRecord(currentSessionToken, previousSessionToken, remoteAddress)); 372 } 373 TraceSessionKeyRenewed(SecurityToken newSessionToken, SecurityToken currentSessionToken, EndpointAddress remoteAddress)374 internal static void TraceSessionKeyRenewed(SecurityToken newSessionToken, SecurityToken currentSessionToken, EndpointAddress remoteAddress) 375 { 376 if (DiagnosticUtility.ShouldTraceInformation) 377 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.SecurityClientSessionKeyRenewed, SR.GetString(SR.TraceCodeSecurityClientSessionKeyRenewed), new ClientSessionTraceRecord(newSessionToken, currentSessionToken, remoteAddress)); 378 } 379 TracePendingSessionAdded(UniqueId sessionId, Uri listenAddress)380 internal static void TracePendingSessionAdded(UniqueId sessionId, Uri listenAddress) 381 { 382 if (DiagnosticUtility.ShouldTraceInformation) 383 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.SecurityPendingServerSessionAdded, SR.GetString(SR.TraceCodeSecurityPendingServerSessionAdded), new ServerSessionTraceRecord(sessionId, listenAddress)); 384 } 385 TracePendingSessionClosed(UniqueId sessionId, Uri listenAddress)386 internal static void TracePendingSessionClosed(UniqueId sessionId, Uri listenAddress) 387 { 388 if (DiagnosticUtility.ShouldTraceWarning) 389 TraceUtility.TraceEvent(TraceEventType.Warning, TraceCode.SecurityPendingServerSessionClosed, SR.GetString(SR.TraceCodeSecurityPendingServerSessionClosed), new ServerSessionTraceRecord(sessionId, listenAddress)); 390 } 391 TracePendingSessionActivated(UniqueId sessionId, Uri listenAddress)392 internal static void TracePendingSessionActivated(UniqueId sessionId, Uri listenAddress) 393 { 394 if (DiagnosticUtility.ShouldTraceInformation) 395 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.SecurityPendingServerSessionActivated, SR.GetString(SR.TraceCodeSecurityPendingServerSessionActivated), new ServerSessionTraceRecord(sessionId, listenAddress)); 396 } 397 TraceActiveSessionRemoved(UniqueId sessionId, Uri listenAddress)398 internal static void TraceActiveSessionRemoved(UniqueId sessionId, Uri listenAddress) 399 { 400 if (DiagnosticUtility.ShouldTraceInformation) 401 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.SecurityActiveServerSessionRemoved, SR.GetString(SR.TraceCodeSecurityActiveServerSessionRemoved), new ServerSessionTraceRecord(sessionId, listenAddress)); 402 } 403 TraceNewServerSessionKeyIssued(SecurityContextSecurityToken newToken, SecurityContextSecurityToken supportingToken, Uri listenAddress)404 internal static void TraceNewServerSessionKeyIssued(SecurityContextSecurityToken newToken, SecurityContextSecurityToken supportingToken, Uri listenAddress) 405 { 406 if (DiagnosticUtility.ShouldTraceInformation) 407 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.SecurityNewServerSessionKeyIssued, SR.GetString(SR.TraceCodeSecurityNewServerSessionKeyIssued), new ServerSessionTraceRecord(newToken, supportingToken, listenAddress)); 408 } 409 TraceInactiveSessionFaulted(SecurityContextSecurityToken sessionToken, Uri listenAddress)410 internal static void TraceInactiveSessionFaulted(SecurityContextSecurityToken sessionToken, Uri listenAddress) 411 { 412 if (DiagnosticUtility.ShouldTraceWarning) 413 TraceUtility.TraceEvent(TraceEventType.Warning, TraceCode.SecurityInactiveSessionFaulted, SR.GetString(SR.TraceCodeSecurityInactiveSessionFaulted), new ServerSessionTraceRecord(sessionToken, (SecurityContextSecurityToken)null, listenAddress)); 414 } 415 TraceServerSessionKeyUpdated(SecurityContextSecurityToken sessionToken, Uri listenAddress)416 internal static void TraceServerSessionKeyUpdated(SecurityContextSecurityToken sessionToken, Uri listenAddress) 417 { 418 if (DiagnosticUtility.ShouldTraceInformation) 419 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.SecurityServerSessionKeyUpdated, SR.GetString(SR.TraceCodeSecurityServerSessionKeyUpdated), new ServerSessionTraceRecord(sessionToken, (SecurityContextSecurityToken)null, listenAddress)); 420 } 421 TraceServerSessionCloseReceived(SecurityContextSecurityToken sessionToken, Uri listenAddress)422 internal static void TraceServerSessionCloseReceived(SecurityContextSecurityToken sessionToken, Uri listenAddress) 423 { 424 if (DiagnosticUtility.ShouldTraceInformation) 425 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.SecurityServerSessionCloseReceived, SR.GetString(SR.TraceCodeSecurityServerSessionCloseReceived), new ServerSessionTraceRecord(sessionToken, (SecurityContextSecurityToken)null, listenAddress)); 426 } 427 TraceServerSessionCloseResponseReceived(SecurityContextSecurityToken sessionToken, Uri listenAddress)428 internal static void TraceServerSessionCloseResponseReceived(SecurityContextSecurityToken sessionToken, Uri listenAddress) 429 { 430 if (DiagnosticUtility.ShouldTraceInformation) 431 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.SecurityServerSessionCloseResponseReceived, SR.GetString(SR.TraceCodeSecurityServerSessionCloseResponseReceived), new ServerSessionTraceRecord(sessionToken, (SecurityContextSecurityToken)null, listenAddress)); 432 } 433 TraceSessionRenewalFaultSent(SecurityContextSecurityToken sessionToken, Uri listenAddress, Message message)434 internal static void TraceSessionRenewalFaultSent(SecurityContextSecurityToken sessionToken, Uri listenAddress, Message message) 435 { 436 if (DiagnosticUtility.ShouldTraceWarning) 437 { 438 TraceUtility.TraceEvent(TraceEventType.Warning, TraceCode.SecurityServerSessionRenewalFaultSent, 439 SR.GetString(SR.TraceCodeSecurityServerSessionRenewalFaultSent), new ServerSessionTraceRecord(sessionToken, message, listenAddress), null, null, message); 440 } 441 } 442 TraceSessionAbortedFaultSent(SecurityContextSecurityToken sessionToken, Uri listenAddress)443 internal static void TraceSessionAbortedFaultSent(SecurityContextSecurityToken sessionToken, Uri listenAddress) 444 { 445 if (DiagnosticUtility.ShouldTraceWarning) 446 TraceUtility.TraceEvent(TraceEventType.Warning, TraceCode.SecurityServerSessionAbortedFaultSent, SR.GetString(SR.TraceCodeSecurityServerSessionAbortedFaultSent), new ServerSessionTraceRecord(sessionToken, (SecurityContextSecurityToken)null, listenAddress)); 447 } 448 TraceSessionClosedResponseSent(SecurityContextSecurityToken sessionToken, Uri listenAddress)449 internal static void TraceSessionClosedResponseSent(SecurityContextSecurityToken sessionToken, Uri listenAddress) 450 { 451 if (DiagnosticUtility.ShouldTraceInformation) 452 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.SecuritySessionCloseResponseSent, SR.GetString(SR.TraceCodeSecuritySessionCloseResponseSent), new ServerSessionTraceRecord(sessionToken, (SecurityContextSecurityToken)null, listenAddress)); 453 } 454 TraceSessionClosedSent(SecurityContextSecurityToken sessionToken, Uri listenAddress)455 internal static void TraceSessionClosedSent(SecurityContextSecurityToken sessionToken, Uri listenAddress) 456 { 457 if (DiagnosticUtility.ShouldTraceInformation) 458 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.SecuritySessionServerCloseSent, SR.GetString(SR.TraceCodeSecuritySessionServerCloseSent), new ServerSessionTraceRecord(sessionToken, (SecurityContextSecurityToken)null, listenAddress)); 459 } 460 TraceRenewFaultSendFailure(SecurityContextSecurityToken sessionToken, Uri listenAddress, Exception e)461 internal static void TraceRenewFaultSendFailure(SecurityContextSecurityToken sessionToken, Uri listenAddress, Exception e) 462 { 463 if (DiagnosticUtility.ShouldTraceWarning) 464 TraceUtility.TraceEvent(TraceEventType.Warning, TraceCode.SecuritySessionRenewFaultSendFailure, SR.GetString(SR.TraceCodeSecuritySessionRenewFaultSendFailure), new ServerSessionTraceRecord(sessionToken, listenAddress), e); 465 } 466 TraceSessionAbortedFaultSendFailure(SecurityContextSecurityToken sessionToken, Uri listenAddress, Exception e)467 internal static void TraceSessionAbortedFaultSendFailure(SecurityContextSecurityToken sessionToken, Uri listenAddress, Exception e) 468 { 469 if (DiagnosticUtility.ShouldTraceWarning) 470 TraceUtility.TraceEvent(TraceEventType.Warning, TraceCode.SecuritySessionAbortedFaultSendFailure, SR.GetString(SR.TraceCodeSecuritySessionAbortedFaultSendFailure), new ServerSessionTraceRecord(sessionToken, listenAddress), e); 471 } 472 TraceSessionClosedResponseSendFailure(SecurityContextSecurityToken sessionToken, Uri listenAddress, Exception e)473 internal static void TraceSessionClosedResponseSendFailure(SecurityContextSecurityToken sessionToken, Uri listenAddress, Exception e) 474 { 475 if (DiagnosticUtility.ShouldTraceWarning) 476 TraceUtility.TraceEvent(TraceEventType.Warning, TraceCode.SecuritySessionClosedResponseSendFailure, SR.GetString(SR.TraceCodeSecuritySessionClosedResponseSendFailure), new ServerSessionTraceRecord(sessionToken, listenAddress), e); 477 } 478 TraceSessionCloseSendFailure(SecurityContextSecurityToken sessionToken, Uri listenAddress, Exception e)479 internal static void TraceSessionCloseSendFailure(SecurityContextSecurityToken sessionToken, Uri listenAddress, Exception e) 480 { 481 if (DiagnosticUtility.ShouldTraceWarning) 482 TraceUtility.TraceEvent(TraceEventType.Warning, TraceCode.SecuritySessionServerCloseSendFailure, SR.GetString(SR.TraceCodeSecuritySessionServerCloseSendFailure), new ServerSessionTraceRecord(sessionToken, listenAddress), e); 483 } 484 TraceBeginSecuritySessionOperation(SecuritySessionOperation operation, EndpointAddress target, SecurityToken currentToken)485 internal static void TraceBeginSecuritySessionOperation(SecuritySessionOperation operation, EndpointAddress target, SecurityToken currentToken) 486 { 487 if (DiagnosticUtility.ShouldTraceInformation) 488 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.SecuritySessionRequestorStartOperation, SR.GetString(SR.TraceCodeSecuritySessionRequestorStartOperation), new SessionRequestorTraceRecord(operation, currentToken, (GenericXmlSecurityToken)null, target)); 489 } 490 TraceSecuritySessionOperationSuccess(SecuritySessionOperation operation, EndpointAddress target, SecurityToken currentToken, SecurityToken issuedToken)491 internal static void TraceSecuritySessionOperationSuccess(SecuritySessionOperation operation, EndpointAddress target, SecurityToken currentToken, SecurityToken issuedToken) 492 { 493 if (DiagnosticUtility.ShouldTraceInformation) 494 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.SecuritySessionRequestorOperationSuccess, SR.GetString(SR.TraceCodeSecuritySessionRequestorOperationSuccess), new SessionRequestorTraceRecord(operation, currentToken, issuedToken, target)); 495 } 496 TraceSecuritySessionOperationFailure(SecuritySessionOperation operation, EndpointAddress target, SecurityToken currentToken, Exception e)497 internal static void TraceSecuritySessionOperationFailure(SecuritySessionOperation operation, EndpointAddress target, SecurityToken currentToken, Exception e) 498 { 499 if (DiagnosticUtility.ShouldTraceWarning) 500 TraceUtility.TraceEvent(TraceEventType.Warning, TraceCode.SecuritySessionRequestorOperationFailure, SR.GetString(SR.TraceCodeSecuritySessionRequestorOperationFailure), new SessionRequestorTraceRecord(operation, currentToken, e, target)); 501 } 502 TraceServerSessionOperationException(SecuritySessionOperation operation, Exception e, Uri listenAddress)503 internal static void TraceServerSessionOperationException(SecuritySessionOperation operation, Exception e, Uri listenAddress) 504 { 505 if (DiagnosticUtility.ShouldTraceWarning) 506 TraceUtility.TraceEvent(TraceEventType.Warning, TraceCode.SecuritySessionResponderOperationFailure, SR.GetString(SR.TraceCodeSecuritySessionResponderOperationFailure), new SessionResponderTraceRecord(operation, e, listenAddress)); 507 } 508 TraceImpersonationSucceeded(EventTraceActivity eventTraceActivity, DispatchOperationRuntime operation)509 internal static void TraceImpersonationSucceeded(EventTraceActivity eventTraceActivity, DispatchOperationRuntime operation) 510 { 511 if (DiagnosticUtility.ShouldTraceInformation) 512 TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.SecurityImpersonationSuccess, SR.GetString(SR.TraceCodeSecurityImpersonationSuccess), new ImpersonationTraceRecord(operation)); 513 514 if (TD.SecurityImpersonationSuccessIsEnabled()) 515 { 516 TD.SecurityImpersonationSuccess(eventTraceActivity); 517 } 518 519 } 520 TraceImpersonationFailed(EventTraceActivity eventTraceActivity, DispatchOperationRuntime operation, Exception e)521 internal static void TraceImpersonationFailed(EventTraceActivity eventTraceActivity, DispatchOperationRuntime operation, Exception e) 522 { 523 if (DiagnosticUtility.ShouldTraceWarning) 524 TraceUtility.TraceEvent(TraceEventType.Warning, TraceCode.SecurityImpersonationFailure, SR.GetString(SR.TraceCodeSecurityImpersonationFailure), new ImpersonationTraceRecord(operation), e); 525 526 if (TD.SecurityImpersonationFailureIsEnabled()) 527 { 528 TD.SecurityImpersonationFailure(eventTraceActivity); 529 } 530 } 531 WritePossibleGenericXmlToken(XmlWriter writer, string startElement, SecurityToken token)532 static void WritePossibleGenericXmlToken(XmlWriter writer, string startElement, SecurityToken token) 533 { 534 if (writer == null) 535 return; 536 537 writer.WriteStartElement(startElement); 538 GenericXmlSecurityToken gxt = token as GenericXmlSecurityToken; 539 if (gxt != null) 540 { 541 WriteGenericXmlToken(writer, gxt); 542 } 543 else 544 { 545 if (token != null) 546 writer.WriteElementString("TokenType", token.GetType().ToString()); 547 } 548 writer.WriteEndElement(); 549 } 550 WriteGenericXmlToken(XmlWriter xml, SecurityToken sessiontoken)551 static void WriteGenericXmlToken(XmlWriter xml, SecurityToken sessiontoken) 552 { 553 if (xml == null || sessiontoken == null) 554 return; 555 xml.WriteElementString("SessionTokenType", sessiontoken.GetType().ToString()); 556 xml.WriteElementString("ValidFrom", XmlConvert.ToString(sessiontoken.ValidFrom, XmlDateTimeSerializationMode.Utc)); 557 xml.WriteElementString("ValidTo", XmlConvert.ToString(sessiontoken.ValidTo, XmlDateTimeSerializationMode.Utc)); 558 GenericXmlSecurityToken token = sessiontoken as GenericXmlSecurityToken; 559 if (token != null) 560 { 561 if (token.InternalTokenReference != null) 562 { 563 xml.WriteElementString("InternalTokenReference", token.InternalTokenReference.ToString()); 564 } 565 if (token.ExternalTokenReference != null) 566 { 567 xml.WriteElementString("ExternalTokenReference", token.ExternalTokenReference.ToString()); 568 } 569 xml.WriteElementString("IssuedTokenElementName", token.TokenXml.LocalName); 570 xml.WriteElementString("IssuedTokenElementNamespace", token.TokenXml.NamespaceURI); 571 } 572 } 573 WriteSecurityContextToken(XmlWriter xml, SecurityContextSecurityToken token)574 static void WriteSecurityContextToken(XmlWriter xml, SecurityContextSecurityToken token) 575 { 576 577 xml.WriteElementString("ContextId", token.ContextId.ToString()); 578 if (token.KeyGeneration != null) 579 { 580 xml.WriteElementString("KeyGeneration", token.KeyGeneration.ToString()); 581 } 582 } 583 WriteClaim(XmlWriter xml, Claim claim)584 static internal void WriteClaim(XmlWriter xml, Claim claim) 585 { 586 if (xml == null) 587 throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("xml"); 588 589 if (claim != null) 590 { 591 xml.WriteStartElement("Claim"); 592 593 if (null != DiagnosticUtility.DiagnosticTrace 594 && null != DiagnosticUtility.DiagnosticTrace.TraceSource 595 && DiagnosticUtility.DiagnosticTrace.ShouldLogPii) 596 { 597 // 598 // ClaimType 599 // 600 xml.WriteElementString("ClaimType", claim.ClaimType); 601 602 // 603 // Right 604 // 605 xml.WriteElementString("Right", claim.Right); 606 607 // 608 // Resource object type: most of time, it is a System.String 609 // 610 if (claim.Resource != null) 611 xml.WriteElementString("ResourceType", claim.Resource.GetType().ToString()); 612 else 613 xml.WriteElementString("Resource", "null"); 614 } 615 else 616 { 617 xml.WriteString(claim.GetType().AssemblyQualifiedName); 618 } 619 620 621 xml.WriteEndElement(); 622 } 623 } 624 625 class SessionResponderTraceRecord : SecurityTraceRecord 626 { 627 SecuritySessionOperation operation; 628 Exception e; 629 Uri listenAddress; 630 SessionResponderTraceRecord(SecuritySessionOperation operation, Exception e, Uri listenAddress)631 public SessionResponderTraceRecord(SecuritySessionOperation operation, Exception e, Uri listenAddress) 632 : base("SecuritySession") 633 { 634 this.operation = operation; 635 this.e = e; 636 this.listenAddress = listenAddress; 637 } 638 WriteTo(XmlWriter xml)639 internal override void WriteTo(XmlWriter xml) 640 { 641 if (xml == null) 642 return; 643 644 xml.WriteElementString("Operation", this.operation.ToString()); 645 646 if (this.e != null) 647 { 648 xml.WriteElementString("Exception", e.ToString()); 649 } 650 651 if (this.listenAddress != null) 652 xml.WriteElementString("ListenAddress", this.listenAddress.ToString()); 653 } 654 } 655 656 class SessionRequestorTraceRecord : SecurityTraceRecord 657 { 658 SecuritySessionOperation operation; 659 SecurityToken currentToken; 660 SecurityToken issuedToken; 661 EndpointAddress target; 662 Exception e; 663 SessionRequestorTraceRecord(SecuritySessionOperation operation, SecurityToken currentToken, SecurityToken issuedToken, EndpointAddress target)664 public SessionRequestorTraceRecord(SecuritySessionOperation operation, SecurityToken currentToken, SecurityToken issuedToken, EndpointAddress target) 665 : base("SecuritySession") 666 { 667 this.operation = operation; 668 this.currentToken = currentToken; 669 this.issuedToken = issuedToken; 670 this.target = target; 671 } 672 SessionRequestorTraceRecord(SecuritySessionOperation operation, SecurityToken currentToken, Exception e, EndpointAddress target)673 public SessionRequestorTraceRecord(SecuritySessionOperation operation, SecurityToken currentToken, Exception e, EndpointAddress target) 674 : base("SecuritySession") 675 { 676 this.operation = operation; 677 this.currentToken = currentToken; 678 this.e = e; 679 this.target = target; 680 } 681 WriteTo(XmlWriter xml)682 internal override void WriteTo(XmlWriter xml) 683 { 684 if (xml == null) 685 return; 686 687 xml.WriteElementString("Operation", this.operation.ToString()); 688 689 if (this.currentToken != null) 690 { 691 WritePossibleGenericXmlToken(xml, "SupportingToken", this.currentToken); 692 } 693 if (this.issuedToken != null) 694 { 695 WritePossibleGenericXmlToken(xml, "IssuedToken", this.issuedToken); 696 } 697 if (this.e != null) 698 { 699 xml.WriteElementString("Exception", e.ToString()); 700 } 701 if (this.target != null) 702 { 703 xml.WriteElementString("RemoteAddress", this.target.ToString()); 704 } 705 } 706 } 707 708 class ServerSessionTraceRecord : SecurityTraceRecord 709 { 710 SecurityContextSecurityToken currentSessionToken; 711 SecurityContextSecurityToken newSessionToken; 712 UniqueId sessionId; 713 Message message; 714 Uri listenAddress; 715 ServerSessionTraceRecord(SecurityContextSecurityToken currentSessionToken, SecurityContextSecurityToken newSessionToken, Uri listenAddress)716 public ServerSessionTraceRecord(SecurityContextSecurityToken currentSessionToken, SecurityContextSecurityToken newSessionToken, Uri listenAddress) 717 : base("SecuritySession") 718 { 719 this.currentSessionToken = currentSessionToken; 720 this.newSessionToken = newSessionToken; 721 this.listenAddress = listenAddress; 722 } 723 ServerSessionTraceRecord(SecurityContextSecurityToken currentSessionToken, Message message, Uri listenAddress)724 public ServerSessionTraceRecord(SecurityContextSecurityToken currentSessionToken, Message message, Uri listenAddress) 725 : base("SecuritySession") 726 { 727 this.currentSessionToken = currentSessionToken; 728 this.message = message; 729 this.listenAddress = listenAddress; 730 } 731 ServerSessionTraceRecord(SecurityContextSecurityToken currentSessionToken, Uri listenAddress)732 public ServerSessionTraceRecord(SecurityContextSecurityToken currentSessionToken, Uri listenAddress) 733 : base("SecuritySession") 734 { 735 this.currentSessionToken = currentSessionToken; 736 this.listenAddress = listenAddress; 737 } 738 ServerSessionTraceRecord(UniqueId sessionId, Uri listenAddress)739 public ServerSessionTraceRecord(UniqueId sessionId, Uri listenAddress) 740 : base("SecuritySession") 741 { 742 this.sessionId = sessionId; 743 this.listenAddress = listenAddress; 744 } 745 WriteTo(XmlWriter xml)746 internal override void WriteTo(XmlWriter xml) 747 { 748 if (xml == null) 749 return; 750 751 if (this.currentSessionToken != null) 752 { 753 xml.WriteStartElement("CurrentSessionToken"); 754 WriteSecurityContextToken(xml, this.currentSessionToken); 755 xml.WriteEndElement(); 756 } 757 if (this.newSessionToken != null) 758 { 759 xml.WriteStartElement("NewSessionToken"); 760 WriteSecurityContextToken(xml, this.newSessionToken); 761 xml.WriteEndElement(); 762 } 763 if (this.sessionId != null) 764 { 765 XmlHelper.WriteElementStringAsUniqueId(xml, "SessionId", this.sessionId); 766 } 767 if (this.message != null) 768 { 769 xml.WriteElementString("MessageAction", message.Headers.Action); 770 } 771 if (this.listenAddress != null) 772 { 773 xml.WriteElementString("ListenAddress", this.listenAddress.ToString()); 774 } 775 } 776 } 777 778 class ClientSessionTraceRecord : SecurityTraceRecord 779 { 780 SecurityToken currentSessionToken; 781 SecurityToken previousSessionToken; 782 EndpointAddress remoteAddress; 783 ClientSessionTraceRecord(SecurityToken currentSessionToken, SecurityToken previousSessionToken, EndpointAddress remoteAddress)784 public ClientSessionTraceRecord(SecurityToken currentSessionToken, SecurityToken previousSessionToken, EndpointAddress remoteAddress) 785 : base("SecuritySession") 786 { 787 this.currentSessionToken = currentSessionToken; 788 this.previousSessionToken = previousSessionToken; 789 this.remoteAddress = remoteAddress; 790 } 791 WriteTo(XmlWriter xml)792 internal override void WriteTo(XmlWriter xml) 793 { 794 if (xml == null) 795 return; 796 797 if (this.remoteAddress != null) 798 xml.WriteElementString("RemoteAddress", remoteAddress.ToString()); 799 800 if (this.currentSessionToken != null) 801 { 802 xml.WriteStartElement("CurrentSessionToken"); 803 WriteGenericXmlToken(xml, this.currentSessionToken); 804 xml.WriteEndElement(); 805 } 806 if (this.previousSessionToken != null) 807 { 808 xml.WriteStartElement("PreviousSessionToken"); 809 WriteGenericXmlToken(xml, this.previousSessionToken); 810 xml.WriteEndElement(); 811 } 812 } 813 } 814 815 class SessionRedirectAppliedTraceRecord : SecurityTraceRecord 816 { 817 EndpointAddress previousTarget; 818 EndpointAddress newTarget; 819 GenericXmlSecurityToken sessionToken; 820 SessionRedirectAppliedTraceRecord(EndpointAddress previousTarget, EndpointAddress newTarget, GenericXmlSecurityToken sessionToken)821 public SessionRedirectAppliedTraceRecord(EndpointAddress previousTarget, EndpointAddress newTarget, GenericXmlSecurityToken sessionToken) 822 : base("SecuritySession") 823 { 824 this.previousTarget = previousTarget; 825 this.newTarget = newTarget; 826 this.sessionToken = sessionToken; 827 } 828 WriteTo(XmlWriter xml)829 internal override void WriteTo(XmlWriter xml) 830 { 831 if (xml == null) 832 return; 833 834 if (this.previousTarget != null) 835 xml.WriteElementString("OriginalRemoteAddress", this.previousTarget.ToString()); 836 837 if (this.newTarget != null) 838 xml.WriteElementString("NewRemoteAddress", this.newTarget.ToString()); 839 840 if (this.sessionToken != null) 841 { 842 xml.WriteStartElement("SessionToken"); 843 WriteGenericXmlToken(xml, this.sessionToken); 844 xml.WriteEndElement(); 845 } 846 } 847 } 848 849 class SpnToSidMappingTraceRecord : SecurityTraceRecord 850 { 851 string spn; 852 Exception e; 853 SpnToSidMappingTraceRecord(string spn, Exception e)854 public SpnToSidMappingTraceRecord(string spn, Exception e) 855 : base("SecurityIdentity") 856 { 857 this.spn = spn; 858 this.e = e; 859 } 860 WriteTo(XmlWriter xml)861 internal override void WriteTo(XmlWriter xml) 862 { 863 if (xml == null) 864 return; 865 866 if (this.spn != null) 867 xml.WriteElementString("ServicePrincipalName", this.spn); 868 869 if (this.e != null) 870 xml.WriteElementString("Exception", this.e.ToString()); 871 } 872 } 873 874 class MessageSecurityTraceRecord : SecurityTraceRecord 875 { 876 SecurityProtocol binding; 877 Message message; 878 MessageSecurityTraceRecord(SecurityProtocol binding, Message message)879 public MessageSecurityTraceRecord(SecurityProtocol binding, Message message) 880 : base("SecurityProtocol") 881 { 882 this.binding = binding; 883 this.message = message; 884 } 885 WriteTo(XmlWriter xml)886 internal override void WriteTo(XmlWriter xml) 887 { 888 if (xml == null) 889 return; 890 891 if (this.binding != null) 892 xml.WriteElementString("SecurityProtocol", this.binding.ToString()); 893 894 if (this.message != null) 895 { 896 string action = this.message.Headers.Action; 897 Uri to = this.message.Headers.To; 898 EndpointAddress replyTo = this.message.Headers.ReplyTo; 899 UniqueId id = this.message.Headers.MessageId; 900 if (!String.IsNullOrEmpty(action)) 901 { 902 xml.WriteElementString("Action", action); 903 } 904 if (to != null) 905 { 906 xml.WriteElementString("To", to.AbsoluteUri); 907 } 908 if (replyTo != null) 909 { 910 replyTo.WriteTo(this.message.Version.Addressing, xml); 911 } 912 if (id != null) 913 { 914 xml.WriteElementString("MessageId", id.ToString()); 915 } 916 } 917 else 918 { 919 xml.WriteElementString("Message", "null"); 920 } 921 } 922 } 923 924 class TokenProviderTraceRecord : SecurityTraceRecord 925 { 926 SecurityTokenProvider provider; 927 TokenProviderTraceRecord(SecurityTokenProvider provider)928 public TokenProviderTraceRecord(SecurityTokenProvider provider) 929 : base("SecurityTokenProvider") 930 { 931 this.provider = provider; 932 } 933 WriteTo(XmlWriter xml)934 internal override void WriteTo(XmlWriter xml) 935 { 936 if (xml == null) 937 return; 938 939 if (this.provider != null) 940 xml.WriteElementString("SecurityTokenProvider", this.provider.ToString()); 941 } 942 } 943 944 class TokenAuthenticatorTraceRecord : SecurityTraceRecord 945 { 946 SecurityTokenAuthenticator authenticator; 947 TokenAuthenticatorTraceRecord(SecurityTokenAuthenticator authenticator)948 public TokenAuthenticatorTraceRecord(SecurityTokenAuthenticator authenticator) 949 : base("SecurityTokenAuthenticator") 950 { 951 this.authenticator = authenticator; 952 } 953 WriteTo(XmlWriter xml)954 internal override void WriteTo(XmlWriter xml) 955 { 956 if (xml == null) 957 return; 958 959 if (this.authenticator != null) 960 xml.WriteElementString("SecurityTokenAuthenticator", this.authenticator.ToString()); 961 } 962 } 963 964 class SecurityContextTokenCacheTraceRecord : SecurityTraceRecord 965 { 966 int capacity; 967 int pruningAmount; 968 SecurityContextTokenCacheTraceRecord(int capacity, int pruningAmount)969 public SecurityContextTokenCacheTraceRecord(int capacity, int pruningAmount) 970 : base("ServiceSecurityNegotiation") 971 { 972 this.capacity = capacity; 973 this.pruningAmount = pruningAmount; 974 } 975 WriteTo(XmlWriter xml)976 internal override void WriteTo(XmlWriter xml) 977 { 978 if (xml == null) 979 return; 980 981 xml.WriteElementString("Capacity", this.capacity.ToString(NumberFormatInfo.InvariantInfo)); 982 xml.WriteElementString("PruningAmount", this.pruningAmount.ToString(NumberFormatInfo.InvariantInfo)); 983 } 984 } 985 986 class NegotiationAuthenticatorTraceRecord<T> : SecurityTraceRecord 987 where T : NegotiationTokenAuthenticatorState 988 { 989 NegotiationTokenAuthenticator<T> authenticator; 990 IChannelListener transportChannelListener; 991 SecurityContextSecurityToken serviceToken; 992 Exception e; 993 NegotiationAuthenticatorTraceRecord(NegotiationTokenAuthenticator<T> authenticator, IChannelListener transportChannelListener)994 public NegotiationAuthenticatorTraceRecord(NegotiationTokenAuthenticator<T> authenticator, IChannelListener transportChannelListener) 995 : base("NegotiationTokenAuthenticator") 996 { 997 this.authenticator = authenticator; 998 this.transportChannelListener = transportChannelListener; 999 } 1000 NegotiationAuthenticatorTraceRecord(NegotiationTokenAuthenticator<T> authenticator, Exception e)1001 public NegotiationAuthenticatorTraceRecord(NegotiationTokenAuthenticator<T> authenticator, Exception e) 1002 : base("NegotiationTokenAuthenticator") 1003 { 1004 this.authenticator = authenticator; 1005 this.e = e; 1006 } 1007 NegotiationAuthenticatorTraceRecord(NegotiationTokenAuthenticator<T> authenticator, SecurityContextSecurityToken serviceToken)1008 public NegotiationAuthenticatorTraceRecord(NegotiationTokenAuthenticator<T> authenticator, SecurityContextSecurityToken serviceToken) 1009 : base("NegotiationTokenAuthenticator") 1010 { 1011 this.authenticator = authenticator; 1012 this.serviceToken = serviceToken; 1013 } 1014 WriteTo(XmlWriter xml)1015 internal override void WriteTo(XmlWriter xml) 1016 { 1017 if (xml == null) 1018 return; 1019 1020 if (this.authenticator != null) 1021 xml.WriteElementString("NegotiationTokenAuthenticator", base.XmlEncode(this.authenticator.ToString())); 1022 1023 if (this.authenticator != null && this.authenticator.ListenUri != null) 1024 xml.WriteElementString("AuthenticatorListenUri", this.authenticator.ListenUri.AbsoluteUri); 1025 1026 if (this.serviceToken != null) 1027 { 1028 xml.WriteStartElement("SecurityContextSecurityToken"); 1029 WriteSecurityContextToken(xml, this.serviceToken); 1030 xml.WriteEndElement(); 1031 } 1032 if (this.transportChannelListener != null) 1033 { 1034 xml.WriteElementString("TransportChannelListener", base.XmlEncode(this.transportChannelListener.ToString())); 1035 1036 if (this.transportChannelListener.Uri != null) 1037 xml.WriteElementString("ListenUri", this.transportChannelListener.Uri.AbsoluteUri); 1038 } 1039 if (this.e != null) 1040 { 1041 xml.WriteElementString("Exception", base.XmlEncode(e.ToString())); 1042 } 1043 } 1044 } 1045 1046 class IdentityVerificationSuccessTraceRecord : SecurityTraceRecord 1047 { 1048 EndpointIdentity identity; 1049 Claim claim; 1050 Type identityVerifier; 1051 IdentityVerificationSuccessTraceRecord(EndpointIdentity identity, Claim claim, Type identityVerifier)1052 public IdentityVerificationSuccessTraceRecord(EndpointIdentity identity, Claim claim, Type identityVerifier) 1053 : base("ServiceIdentityVerification") 1054 { 1055 this.identity = identity; 1056 this.claim = claim; 1057 this.identityVerifier = identityVerifier; 1058 } 1059 WriteTo(XmlWriter xml)1060 internal override void WriteTo(XmlWriter xml) 1061 { 1062 if (xml == null) 1063 return; 1064 1065 XmlDictionaryWriter xmlWriter = XmlDictionaryWriter.CreateDictionaryWriter(xml); 1066 1067 if (this.identityVerifier != null) 1068 xml.WriteElementString("IdentityVerifierType", this.identityVerifier.ToString()); 1069 1070 if (this.identity != null) 1071 this.identity.WriteTo(xmlWriter); 1072 1073 if (this.claim != null) 1074 SecurityTraceRecordHelper.WriteClaim(xmlWriter, this.claim); 1075 } 1076 } 1077 1078 class IdentityVerificationFailureTraceRecord : SecurityTraceRecord 1079 { 1080 EndpointIdentity identity; 1081 AuthorizationContext authContext; 1082 Type identityVerifier; 1083 IdentityVerificationFailureTraceRecord(EndpointIdentity identity, AuthorizationContext authContext, Type identityVerifier)1084 public IdentityVerificationFailureTraceRecord(EndpointIdentity identity, AuthorizationContext authContext, Type identityVerifier) 1085 : base("ServiceIdentityVerification") 1086 { 1087 this.identity = identity; 1088 this.authContext = authContext; 1089 this.identityVerifier = identityVerifier; 1090 } 1091 WriteTo(XmlWriter xml)1092 internal override void WriteTo(XmlWriter xml) 1093 { 1094 if (xml == null) 1095 return; 1096 1097 XmlDictionaryWriter xmlWriter = XmlDictionaryWriter.CreateDictionaryWriter(xml); 1098 1099 if (this.identityVerifier != null) 1100 xml.WriteElementString("IdentityVerifierType", this.identityVerifier.ToString()); 1101 1102 if (this.identity != null) 1103 this.identity.WriteTo(xmlWriter); 1104 1105 if (this.authContext != null) 1106 { 1107 for (int i = 0; i < this.authContext.ClaimSets.Count; ++i) 1108 { 1109 ClaimSet claimSet = this.authContext.ClaimSets[i]; 1110 if (this.authContext.ClaimSets[i] == null) 1111 continue; 1112 1113 for (int j = 0; j < claimSet.Count; ++j) 1114 { 1115 Claim claim = claimSet[j]; 1116 if (claimSet[j] == null) 1117 continue; 1118 1119 xml.WriteStartElement("Claim"); 1120 1121 // currently ClaimType and Right cannot be null. Just being defensive 1122 if (claim.ClaimType != null) 1123 xml.WriteElementString("ClaimType", claim.ClaimType); 1124 else 1125 xml.WriteElementString("ClaimType", "null"); 1126 1127 if (claim.Right != null) 1128 xml.WriteElementString("Right", claim.Right); 1129 else 1130 xml.WriteElementString("Right", "null"); 1131 1132 if (claim.Resource != null) 1133 xml.WriteElementString("ResourceType", claim.Resource.GetType().ToString()); 1134 else 1135 xml.WriteElementString("Resource", "null"); 1136 1137 xml.WriteEndElement(); 1138 } 1139 } 1140 } 1141 } 1142 } 1143 1144 class IdentityDeterminationSuccessTraceRecord : SecurityTraceRecord 1145 { 1146 EndpointIdentity identity; 1147 EndpointAddress epr; 1148 Type identityVerifier; 1149 IdentityDeterminationSuccessTraceRecord(EndpointAddress epr, EndpointIdentity identity, Type identityVerifier)1150 public IdentityDeterminationSuccessTraceRecord(EndpointAddress epr, EndpointIdentity identity, Type identityVerifier) 1151 : base("ServiceIdentityDetermination") 1152 { 1153 this.identity = identity; 1154 this.epr = epr; 1155 this.identityVerifier = identityVerifier; 1156 } 1157 WriteTo(XmlWriter xml)1158 internal override void WriteTo(XmlWriter xml) 1159 { 1160 if (xml == null) 1161 return; 1162 1163 if (this.identityVerifier != null) 1164 xml.WriteElementString("IdentityVerifierType", this.identityVerifier.ToString()); 1165 1166 if (this.identity != null) 1167 this.identity.WriteTo(XmlDictionaryWriter.CreateDictionaryWriter(xml)); 1168 1169 if (this.epr != null) 1170 this.epr.WriteTo(AddressingVersion.WSAddressing10, xml); 1171 } 1172 } 1173 1174 class IdentityDeterminationFailureTraceRecord : SecurityTraceRecord 1175 { 1176 Type identityVerifier; 1177 EndpointAddress epr; 1178 IdentityDeterminationFailureTraceRecord(EndpointAddress epr, Type identityVerifier)1179 public IdentityDeterminationFailureTraceRecord(EndpointAddress epr, Type identityVerifier) 1180 : base("ServiceIdentityDetermination") 1181 { 1182 this.epr = epr; 1183 this.identityVerifier = identityVerifier; 1184 } 1185 WriteTo(XmlWriter xml)1186 internal override void WriteTo(XmlWriter xml) 1187 { 1188 if (xml == null) 1189 return; 1190 1191 if (this.identityVerifier != null) 1192 xml.WriteElementString("IdentityVerifierType", this.identityVerifier.ToString()); 1193 1194 if (this.epr != null) 1195 this.epr.WriteTo(AddressingVersion.WSAddressing10, xml); 1196 } 1197 } 1198 1199 class IdentityHostNameNormalizationFailureTraceRecord : SecurityTraceRecord 1200 { 1201 Type identityVerifier; 1202 Exception e; 1203 EndpointAddress epr; 1204 IdentityHostNameNormalizationFailureTraceRecord(EndpointAddress epr, Type identityVerifier, Exception e)1205 public IdentityHostNameNormalizationFailureTraceRecord(EndpointAddress epr, Type identityVerifier, Exception e) 1206 : base("ServiceIdentityDetermination") 1207 { 1208 this.epr = epr; 1209 this.identityVerifier = identityVerifier; 1210 this.e = e; 1211 } 1212 WriteTo(XmlWriter xml)1213 internal override void WriteTo(XmlWriter xml) 1214 { 1215 if (xml == null) 1216 return; 1217 1218 if (this.identityVerifier != null) 1219 xml.WriteElementString("IdentityVerifierType", this.identityVerifier.ToString()); 1220 1221 if (this.epr != null) 1222 this.epr.WriteTo(AddressingVersion.WSAddressing10, xml); 1223 1224 if (e != null) 1225 xml.WriteElementString("Exception", e.ToString()); 1226 } 1227 } 1228 1229 class IssuanceProviderTraceRecord<T> : SecurityTraceRecord 1230 where T : IssuanceTokenProviderState 1231 { 1232 IssuanceTokenProviderBase<T> provider; 1233 EndpointAddress target; 1234 EndpointAddress newTarget; 1235 SecurityToken serviceToken; 1236 int cacheSize; 1237 IssuanceProviderTraceRecord(IssuanceTokenProviderBase<T> provider, SecurityToken serviceToken)1238 public IssuanceProviderTraceRecord(IssuanceTokenProviderBase<T> provider, SecurityToken serviceToken) 1239 : this(provider, serviceToken, null) 1240 { } 1241 IssuanceProviderTraceRecord(IssuanceTokenProviderBase<T> provider, EndpointAddress target)1242 public IssuanceProviderTraceRecord(IssuanceTokenProviderBase<T> provider, EndpointAddress target) 1243 : this(provider, (SecurityToken)null, target) 1244 { } 1245 IssuanceProviderTraceRecord(IssuanceTokenProviderBase<T> provider, SecurityToken serviceToken, EndpointAddress target)1246 public IssuanceProviderTraceRecord(IssuanceTokenProviderBase<T> provider, SecurityToken serviceToken, EndpointAddress target) 1247 : base("ClientSecurityNegotiation") 1248 { 1249 this.provider = provider; 1250 this.serviceToken = serviceToken; 1251 this.target = target; 1252 } 1253 IssuanceProviderTraceRecord(IssuanceTokenProviderBase<T> provider, EndpointAddress newTarget, EndpointAddress oldTarget)1254 public IssuanceProviderTraceRecord(IssuanceTokenProviderBase<T> provider, EndpointAddress newTarget, EndpointAddress oldTarget) 1255 : base("ClientSecurityNegotiation") 1256 { 1257 this.provider = provider; 1258 this.newTarget = newTarget; 1259 this.target = oldTarget; 1260 } 1261 IssuanceProviderTraceRecord(IssuanceTokenProviderBase<T> provider, int cacheSize)1262 public IssuanceProviderTraceRecord(IssuanceTokenProviderBase<T> provider, int cacheSize) 1263 : base("ClientSecurityNegotiation") 1264 { 1265 this.provider = provider; 1266 this.cacheSize = cacheSize; 1267 } 1268 WriteTo(XmlWriter xml)1269 internal override void WriteTo(XmlWriter xml) 1270 { 1271 if (xml == null) 1272 return; 1273 1274 if (this.provider != null) 1275 xml.WriteElementString("IssuanceTokenProvider", this.provider.ToString()); 1276 1277 if (this.serviceToken != null) 1278 WritePossibleGenericXmlToken(xml, "ServiceToken", this.serviceToken); 1279 1280 1281 if (this.target != null) 1282 { 1283 xml.WriteStartElement("Target"); 1284 this.target.WriteTo(AddressingVersion.WSAddressing10, xml); 1285 xml.WriteEndElement(); 1286 } 1287 1288 if (this.newTarget != null) 1289 { 1290 xml.WriteStartElement("PinnedTarget"); 1291 this.newTarget.WriteTo(AddressingVersion.WSAddressing10, xml); 1292 xml.WriteEndElement(); 1293 } 1294 1295 if (this.cacheSize != 0) 1296 { 1297 xml.WriteElementString("CacheSize", this.cacheSize.ToString(NumberFormatInfo.InvariantInfo)); 1298 } 1299 } 1300 } 1301 1302 class WindowsSspiNegotiationTraceRecord : SecurityTraceRecord 1303 { 1304 WindowsSspiNegotiation windowsNegotiation; 1305 WindowsSspiNegotiationTraceRecord(WindowsSspiNegotiation windowsNegotiation)1306 public WindowsSspiNegotiationTraceRecord(WindowsSspiNegotiation windowsNegotiation) 1307 : base("SpnegoSecurityNegotiation") 1308 { 1309 this.windowsNegotiation = windowsNegotiation; 1310 } 1311 WriteTo(XmlWriter xml)1312 internal override void WriteTo(XmlWriter xml) 1313 { 1314 if (xml == null) 1315 return; 1316 1317 if (this.windowsNegotiation != null) 1318 { 1319 xml.WriteElementString("Protocol", this.windowsNegotiation.ProtocolName); 1320 xml.WriteElementString("ServicePrincipalName", this.windowsNegotiation.ServicePrincipalName); 1321 xml.WriteElementString("MutualAuthentication", this.windowsNegotiation.IsMutualAuthFlag.ToString()); 1322 1323 if (this.windowsNegotiation.IsIdentifyFlag) 1324 { 1325 xml.WriteElementString("ImpersonationLevel", "Identify"); 1326 } 1327 else if (this.windowsNegotiation.IsDelegationFlag) 1328 { 1329 xml.WriteElementString("ImpersonationLevel", "Delegate"); 1330 } 1331 else 1332 { 1333 xml.WriteElementString("ImpersonationLevel", "Impersonate"); 1334 } 1335 } 1336 } 1337 } 1338 1339 1340 class ImpersonationTraceRecord : SecurityTraceRecord 1341 { 1342 private DispatchOperationRuntime operation; 1343 ImpersonationTraceRecord(DispatchOperationRuntime operation)1344 internal ImpersonationTraceRecord(DispatchOperationRuntime operation) 1345 : base("SecurityImpersonation") 1346 { 1347 this.operation = operation; 1348 } 1349 WriteTo(XmlWriter xml)1350 internal override void WriteTo(XmlWriter xml) 1351 { 1352 if (xml == null) 1353 { 1354 // We are inside tracing. Don't throw an exception here just 1355 // return. 1356 return; 1357 } 1358 1359 if (this.operation != null) 1360 { 1361 xml.WriteElementString("OperationAction", this.operation.Action); 1362 xml.WriteElementString("OperationName", this.operation.Name); 1363 } 1364 } 1365 } 1366 } 1367 } 1368