1 //-----------------------------------------------------------------------------
2 // Copyright (c) Microsoft Corporation.  All rights reserved.
3 //-----------------------------------------------------------------------------
4 namespace System.ServiceModel.Security.Tokens
5 {
6     using System.IdentityModel.Claims;
7     using System.ServiceModel;
8     using System.IdentityModel.Policy;
9     using System.IdentityModel.Tokens;
10     using System.Collections.Generic;
11     using System.Collections.ObjectModel;
12     using System.Security.Principal;
13     using System.Net;
14 
15     public class SspiSecurityToken : SecurityToken
16     {
17         string id;
18         TokenImpersonationLevel impersonationLevel;
19         bool allowNtlm;
20         NetworkCredential networkCredential;
21         bool extractGroupsForWindowsAccounts;
22         bool allowUnauthenticatedCallers = SspiSecurityTokenProvider.DefaultAllowUnauthenticatedCallers;
23         DateTime effectiveTime;
24         DateTime expirationTime;
25 
SspiSecurityToken(TokenImpersonationLevel impersonationLevel, bool allowNtlm, NetworkCredential networkCredential)26         public SspiSecurityToken(TokenImpersonationLevel impersonationLevel, bool allowNtlm, NetworkCredential networkCredential)
27         {
28             this.impersonationLevel = impersonationLevel;
29             this.allowNtlm = allowNtlm;
30             this.networkCredential = SecurityUtils.GetNetworkCredentialsCopy(networkCredential);
31             this.effectiveTime = DateTime.UtcNow;
32             this.expirationTime = this.effectiveTime.AddHours(10);
33         }
34 
SspiSecurityToken(NetworkCredential networkCredential, bool extractGroupsForWindowsAccounts, bool allowUnauthenticatedCallers)35         public SspiSecurityToken(NetworkCredential networkCredential, bool extractGroupsForWindowsAccounts, bool allowUnauthenticatedCallers)
36         {
37             this.networkCredential = SecurityUtils.GetNetworkCredentialsCopy(networkCredential);
38             this.extractGroupsForWindowsAccounts = extractGroupsForWindowsAccounts;
39             this.allowUnauthenticatedCallers = allowUnauthenticatedCallers;
40             this.effectiveTime = DateTime.UtcNow;
41             this.expirationTime = this.effectiveTime.AddHours(10);
42         }
43 
44         public override string Id
45         {
46             get
47             {
48                 if (this.id == null)
49                     this.id = SecurityUniqueId.Create().Value;
50                 return this.id;
51             }
52         }
53 
54         public override DateTime ValidFrom
55         {
56             get { return this.effectiveTime; }
57         }
58 
59         public override DateTime ValidTo
60         {
61             get { return this.expirationTime; }
62         }
63 
64         public bool AllowUnauthenticatedCallers
65         {
66             get
67             {
68                 return this.allowUnauthenticatedCallers;
69             }
70         }
71 
72         public TokenImpersonationLevel ImpersonationLevel
73         {
74             get
75             {
76                 return this.impersonationLevel;
77             }
78         }
79 
80         public bool AllowNtlm
81         {
82             get
83             {
84                 return this.allowNtlm;
85             }
86         }
87 
88         public NetworkCredential NetworkCredential
89         {
90             get
91             {
92                 return this.networkCredential;
93             }
94         }
95 
96         public bool ExtractGroupsForWindowsAccounts
97         {
98             get
99             {
100                 return this.extractGroupsForWindowsAccounts;
101             }
102         }
103 
104         public override ReadOnlyCollection<SecurityKey> SecurityKeys
105         {
106             get
107             {
108                 return EmptyReadOnlyCollection<SecurityKey>.Instance;
109             }
110         }
111     }
112 }
113