public Activate ( |
||
context | ||
clientSoftwareCertificates | List |
|
identityToken | UserIdentityToken | |
identity | IUserIdentity | |
effectiveIdentity | IUserIdentity | |
localeIds | StringCollection | |
serverNonce | byte | |
return | bool |
public bool Activate(
OperationContext context,
List<SoftwareCertificate> clientSoftwareCertificates,
UserIdentityToken identityToken,
IUserIdentity identity,
IUserIdentity effectiveIdentity,
StringCollection localeIds,
byte[] serverNonce)
{
lock (m_lock)
{
// update user identity.
bool changed = false;
if (identityToken != null)
{
if (UpdateUserIdentity(identityToken, identity, effectiveIdentity))
{
changed = true;
}
}
// update local ids.
if (UpdateLocaleIds( localeIds ))
{
changed = true;
}
if (!m_activated)
{
// toggle the activated flag.
m_activated = true;
// save the software certificates.
m_softwareCertificates = clientSoftwareCertificates;
TraceState("FIRST ACTIVATION");
}
else
{
// bind to the new secure channel.
m_secureChannelId = context.ChannelContext.SecureChannelId;
TraceState("RE-ACTIVATION");
}
// update server nonce.
m_serverNonce = serverNonce;
// build list of signed certificates for audit event.
List<SignedSoftwareCertificate> signedSoftwareCertificates = new List<SignedSoftwareCertificate>();
if (clientSoftwareCertificates != null)
{
foreach (SoftwareCertificate softwareCertificate in clientSoftwareCertificates)
{
SignedSoftwareCertificate item = new SignedSoftwareCertificate();
item.CertificateData = softwareCertificate.SignedCertificate.GetRawCertData();
signedSoftwareCertificates.Add(item);
}
}
// raise an audit event.
ServerSystemContext systemContext = m_server.DefaultSystemContext.Copy(context);
ReportAuditActivateSessionEvent(systemContext);
// update the contact time.
lock (m_diagnostics)
{
m_diagnostics.ClientLastContactTime = DateTime.UtcNow;
}
// indicate whether the user context has changed.
return changed;
}
}
/// <summary> /// Activates an existing session /// </summary> public virtual bool ActivateSession( OperationContext context, NodeId authenticationToken, SignatureData clientSignature, List <SoftwareCertificate> clientSoftwareCertificates, ExtensionObject userIdentityToken, SignatureData userTokenSignature, StringCollection localeIds, out byte[] serverNonce) { serverNonce = null; Session session = null; UserIdentityToken newIdentity = null; UserTokenPolicy userTokenPolicy = null; lock (m_lock) { // find session. if (!m_sessions.TryGetValue(authenticationToken, out session)) { throw new ServiceResultException(StatusCodes.BadSessionClosed); } // check if session timeout has expired. if (session.HasExpired) { m_server.CloseSession(null, session.Id, false); throw new ServiceResultException(StatusCodes.BadSessionClosed); } // create new server nonce. serverNonce = Utils.Nonce.CreateNonce((uint)m_minNonceLength); // validate before activation. session.ValidateBeforeActivate( context, clientSignature, clientSoftwareCertificates, userIdentityToken, userTokenSignature, localeIds, serverNonce, out newIdentity, out userTokenPolicy); } IUserIdentity identity = null; IUserIdentity effectiveIdentity = null; ServiceResult error = null; try { // check if the application has a callback which validates the identity tokens. lock (m_eventLock) { if (m_ImpersonateUser != null) { ImpersonateEventArgs args = new ImpersonateEventArgs(newIdentity, userTokenPolicy); m_ImpersonateUser(session, args); if (ServiceResult.IsBad(args.IdentityValidationError)) { error = args.IdentityValidationError; } else { identity = args.Identity; effectiveIdentity = args.EffectiveIdentity; } } } // parse the token manually if the identity is not provided. if (identity == null) { identity = new UserIdentity(newIdentity); } // use the identity as the effectiveIdentity if not provided. if (effectiveIdentity == null) { effectiveIdentity = identity; } } catch (Exception e) { if (e is ServiceResultException) { throw e; } throw ServiceResultException.Create( StatusCodes.BadIdentityTokenInvalid, e, "Could not validate user identity token: {0}", newIdentity); } // check for validation error. if (ServiceResult.IsBad(error)) { throw new ServiceResultException(error); } // activate session. bool contextChanged = session.Activate( context, clientSoftwareCertificates, newIdentity, identity, effectiveIdentity, localeIds, serverNonce); // raise session related event. if (contextChanged) { RaiseSessionEvent(session, SessionEventReason.Activated); } // indicates that the identity context for the session has changed. return(contextChanged); }