public static Binding CreateMultiFactorAuthenticationBinding()
{
HttpsTransportBindingElement httpTransport = new HttpsTransportBindingElement();
httpTransport.MaxReceivedMessageSize = int.MaxValue;
//AddressHeader addressHeader = AddressHeader.CreateAddressHeader("Security", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", security, xmlObjectSerializer);
CustomBinding binding = new CustomBinding();
binding.Name = "myCustomBinding";
TransportSecurityBindingElement messageSecurity = TransportSecurityBindingElement.CreateUserNameOverTransportBindingElement();
messageSecurity.IncludeTimestamp = false;
messageSecurity.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12;
messageSecurity.SecurityHeaderLayout = SecurityHeaderLayout.Strict;
messageSecurity.SetKeyDerivation(false);
TextMessageEncodingBindingElement Quota = new TextMessageEncodingBindingElement(MessageVersion.Soap11, System.Text.Encoding.UTF8);
Quota.ReaderQuotas.MaxDepth = 32;
Quota.ReaderQuotas.MaxStringContentLength = Int32.MaxValue;
Quota.ReaderQuotas.MaxArrayLength = 16384;
Quota.ReaderQuotas.MaxBytesPerRead = 4096;
Quota.ReaderQuotas.MaxNameTableCharCount = 16384;
binding.Elements.Add(Quota);
binding.Elements.Add(messageSecurity);
binding.Elements.Add(httpTransport);
return(binding);
}
public SafeOnlineBinding()
{
HttpsTransportBindingElement httpsTransport = new HttpsTransportBindingElement();
TextMessageEncodingBindingElement encoding = new TextMessageEncodingBindingElement();
encoding.MessageVersion = MessageVersion.Soap11;
TransportSecurityBindingElement securityBinding = new TransportSecurityBindingElement();
securityBinding.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
securityBinding.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Default;
securityBinding.SetKeyDerivation(false);
X509SecurityTokenParameters certToken = new X509SecurityTokenParameters();
certToken.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
certToken.ReferenceStyle = SecurityTokenReferenceStyle.Internal;
certToken.RequireDerivedKeys = false;
certToken.X509ReferenceStyle = X509KeyIdentifierClauseType.Any;
securityBinding.EndpointSupportingTokenParameters.SignedEndorsing.Add(certToken);
securityBinding.LocalClientSettings.DetectReplays = false;
this.bindingElements = new BindingElementCollection();
this.bindingElements.Add(securityBinding);
this.bindingElements.Add(encoding);
this.bindingElements.Add(httpsTransport);
}
public static SecurityBindingElement BuildMessageSecurity(MessageSecurityType securityType)
{
if (securityType == MessageSecurityType.CertificateOverTransport)
{
TransportSecurityBindingElement messageSecurity = SecurityBindingElement.CreateCertificateOverTransportBindingElement(
MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11);
messageSecurity.IncludeTimestamp = true;
return(messageSecurity);
}
else if (securityType == MessageSecurityType.MutualCertificate)
{
SecurityBindingElement messageSecurity = SecurityBindingElement.CreateMutualCertificateBindingElement(
MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10, true);
messageSecurity.DefaultAlgorithmSuite = System.ServiceModel.Security.SecurityAlgorithmSuite.Basic128Rsa15;
messageSecurity.IncludeTimestamp = true;
return(messageSecurity);
}
else if (securityType == MessageSecurityType.None)
{
return(null);
}
else if (securityType == MessageSecurityType.UserNameOverTransport)
{
TransportSecurityBindingElement messageSecurity = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
messageSecurity.IncludeTimestamp = false;
messageSecurity.EnableUnsecuredResponse = true;
messageSecurity.DefaultAlgorithmSuite = System.ServiceModel.Security.Basic256SecurityAlgorithmSuite.Basic256;
messageSecurity.SetKeyDerivation(false);
messageSecurity.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
return(messageSecurity);
}
return(SecurityBindingElement.CreateSslNegotiationBindingElement(false));
}
public IdMappingClientImpl(string location, string pfxFilename, string password)
{
/*
* BasicHttpBinding basicBinding = new BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential);
* BasicHttpSecurity security = basicBinding.Security;
* security.Mode = BasicHttpSecurityMode.TransportWithMessageCredential;
*
* BasicHttpMessageSecurity messageSecurity = security.Message;
* messageSecurity.ClientCredentialType = BasicHttpMessageCredentialType.Certificate;
* messageSecurity.AlgorithmSuite = SecurityAlgorithmSuite.Default;
*
* HttpTransportSecurity transportSecurity = security.Transport;
* transportSecurity.ClientCredentialType = HttpClientCredentialType.None;
* transportSecurity.ProxyCredentialType = HttpProxyCredentialType.None;
* transportSecurity.Realm = "";
*
* BindingElementCollection bec = basicBinding.CreateBindingElements();
* TransportSecurityBindingElement tsp = bec.Find<TransportSecurityBindingElement>();
* HttpsTransportBindingElement httpsBinding = bec.Find<HttpsTransportBindingElement>();
* TextMessageEncodingBindingElement encoding = bec.Find<TextMessageEncodingBindingElement>();
* SecurityBindingElement securityBinding = bec.Find<SecurityBindingElement>();
* CustomBinding binding = new CustomBinding(tsp, encoding, httpsBinding);
*/
CustomBinding binding = new CustomBinding();
HttpsTransportBindingElement httpsTransport = new HttpsTransportBindingElement();
TextMessageEncodingBindingElement encoding = new TextMessageEncodingBindingElement();
encoding.MessageVersion = MessageVersion.Soap11;
//SecurityBindingElement securityBinding =
// SecurityBindingElement.CreateCertificateOverTransportBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);
//SecurityBindingElement securityBinding = SecurityBindingElement.CreateSslNegotiationBindingElement(false);
/*
* AsymmetricSecurityBindingElement securityBinding =
* (AsymmetricSecurityBindingElement)SecurityBindingElement.
* CreateMutualCertificateBindingElement(
* MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10, true);
* securityBinding.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Default;
* securityBinding.SetKeyDerivation(false);
* securityBinding.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
*/
SslStreamSecurityBindingElement sslStreamSecurity = new SslStreamSecurityBindingElement();
//binding.Elements.Add(securityBinding);
TransportSecurityBindingElement securityBinding = new TransportSecurityBindingElement();
securityBinding.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
securityBinding.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Default;
securityBinding.SetKeyDerivation(false);
X509SecurityTokenParameters certToken = new X509SecurityTokenParameters();
certToken.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
certToken.ReferenceStyle = SecurityTokenReferenceStyle.Internal;
certToken.RequireDerivedKeys = false;
certToken.X509ReferenceStyle = X509KeyIdentifierClauseType.Any;
securityBinding.EndpointSupportingTokenParameters.SignedEndorsing.Add(certToken);
securityBinding.LocalClientSettings.DetectReplays = false;
binding.Elements.Add(securityBinding);
binding.Elements.Add(encoding);
binding.Elements.Add(sslStreamSecurity);
binding.Elements.Add(httpsTransport);
/*
* WSHttpBinding binding = new WSHttpBinding(SecurityMode.TransportWithMessageCredential);
* WSHttpSecurity security = binding.Security;
*
* HttpTransportSecurity transportSecurity = security.Transport;
* transportSecurity.ClientCredentialType = HttpClientCredentialType.None;
* transportSecurity.ProxyCredentialType = HttpProxyCredentialType.None;
* transportSecurity.Realm = "";
*
* NonDualMessageSecurityOverHttp messageSecurity = security.Message;
* messageSecurity.ClientCredentialType = MessageCredentialType.Certificate;
* messageSecurity.NegotiateServiceCredential = false;
* messageSecurity.AlgorithmSuite = SecurityAlgorithmSuite.Default;
*/
ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(SafeOnlineCertificateValidationCallback);
string address = "https://" + location + "/safe-online-ws/idmapping";
EndpointAddress remoteAddress = new EndpointAddress(address);
Binding safeOnlineBinding = new SafeOnlineBinding();
//this.client = new NameIdentifierMappingPortClient(safeOnlineBinding, remoteAddress);
//X509Certificate2 certificate = new X509Certificate2("C:\\work\\test.pfx", "secret");
/*
* this.client.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser,
* StoreName.My,
* X509FindType.FindBySubjectName,
* "Test");
* this.client.Endpoint.Contract.ProtectionLevel = ProtectionLevel.Sign;
*/
//this.client.Endpoint.Contract.Behaviors.Add(new SignBodyBehavior());
//this.client.Endpoint.Behaviors.Add(new SafeOnlineMessageInspectorBehavior());
/*
* X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
* store.Open(OpenFlags.ReadOnly);
* X509Certificate2 cert = store.Certificates.Find(X509FindType.FindBySubjectName, "Test", false)[0];
* this.client.ClientCredentials.ClientCertificate.Certificate = cert;
*/
//Console.WriteLine("cert: " + this.client.ClientCredentials.ClientCertificate.Certificate);
ChannelFactory <NameIdentifierMappingPort> channelFactory =
new ChannelFactory <NameIdentifierMappingPort>(safeOnlineBinding, remoteAddress);
channelFactory.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser,
StoreName.My,
X509FindType.FindBySubjectName,
"Test");
//channelFactory.Credentials.ClientCertificate.Certificate =
//channelFactory.Endpoint.Behaviors.Add(new SafeOnlineMessageInspectorBehavior());
//channelFactory.Endpoint.Contract.Behaviors.Add(new SignBodyBehavior());
/*
* Next does not work at all.
* foreach (OperationDescription operation in channelFactory.Endpoint.Contract.Operations) {
* operation.ProtectionLevel = ProtectionLevel.Sign
* Console.WriteLine("operation: " + operation.Name);
* }
*/
channelFactory.Endpoint.Contract.ProtectionLevel = ProtectionLevel.Sign;
this.client = channelFactory.CreateChannel();
}
