private ServiceCredentials GetServiceCredentials()
{
var serviceCredentials = new ServiceCredentials();
serviceCredentials.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom;
serviceCredentials.UserNameAuthentication.CustomUserNamePasswordValidator = new CustomUserNameValidator();
return serviceCredentials;
}
protected override void InitializeRuntime()
{
// Extract the ServiceCredentials behavior or create one.
ServiceCredentials serviceCredentials = this.Description.Behaviors.Find<ServiceCredentials>();
if (serviceCredentials == null)
{
serviceCredentials = new ServiceCredentials();
this.Description.Behaviors.Add(serviceCredentials);
}
// Set the service certificate.
serviceCredentials.ServiceCertificate.SetCertificate("CN=localhost");
/*
Setting the CertificateValidationMode to PeerOrChainTrust means that if the certificate
is in the Trusted People store, then it is trusted without performing a
validation of the certificate's issuer chain. This setting is used here for convenience so that the
sample can be run without having to have certificates issued by a certificate authority (CA).
This setting is less secure than the default, ChainTrust. The security implications of this
setting should be carefully considered before using PeerOrChainTrust in production code.
*/
serviceCredentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.PeerOrChainTrust;
// Create the custom binding and add an endpoint to the service.
Binding multipleTokensBinding = BindingHelper.CreateMultiFactorAuthenticationBinding();
this.AddServiceEndpoint(typeof(IEchoService), multipleTokensBinding, string.Empty);
base.InitializeRuntime();
}
public WSManServiceHost ()
{
var uri = new Uri ("http://localhost:5985/wsman");
_host = new ServiceHost(ManagementServer.Create ());
var binding = new WSManBinding();
_host.AddServiceEndpoint (typeof(IWSTransferContract),
binding, uri);
_host.AddServiceEndpoint (typeof(IWSEnumerationContract),
binding, uri);
_host.AddServiceEndpoint (typeof(IWSEventingContract),
binding, uri);
ServiceCredentials cred = new ServiceCredentials ();
cred.ServiceCertificate.Certificate = new X509Certificate2 ("powershell.pfx", "mono");
cred.ClientCertificate.Authentication.CertificateValidationMode =
X509CertificateValidationMode.None;
cred.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom;
cred.UserNameAuthentication.CustomUserNamePasswordValidator = new WSManUserNamePasswordValidator();
_host.Description.Behaviors.Add (cred);
var serviceBehavior = _host.Description.Behaviors.Find<ServiceBehaviorAttribute> ();
serviceBehavior.ConcurrencyMode = ConcurrencyMode.Multiple;
serviceBehavior.InstanceContextMode = InstanceContextMode.Single;
serviceBehavior.IncludeExceptionDetailInFaults = true;
_host.Description.Behaviors.Find<ServiceDebugBehavior> ()
.IncludeExceptionDetailInFaults = true;
ServiceMetadataBehavior smb = new ServiceMetadataBehavior ();
smb.HttpGetEnabled = true;
smb.HttpGetUrl = new Uri (uri.ToString () + "/wsdl");
_host.Description.Behaviors.Add (smb);
_host.Description.Behaviors.Add (new FilterMapExtensionServiceBehaviorAttribute());
//_host.Description.Behaviors.Add (new AddressingVersionExtensionServiceBehaviorAttribute());
}
public ServiceCredentialsSecurityTokenManager(System.ServiceModel.Description.ServiceCredentials parent)
{
if (parent == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("parent");
}
this.parent = parent;
}
public ServiceCredentialsSecurityTokenManager(System.ServiceModel.Description.ServiceCredentials parent)
{
if (parent == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("parent");
}
this.parent = parent;
}
public ServiceCredentials Clone()
{
ServiceCredentials ret = CloneCore();
if (ret.GetType() != GetType())
{
throw new NotImplementedException("CloneCore() must be implemented to return an instance of the same type in this custom ServiceCredentials type.");
}
return(ret);
}
protected ServiceCredentials(ServiceCredentials other)
{
initiator = other.initiator.Clone();
peer = other.peer.Clone();
recipient = other.recipient.Clone();
userpass = other.userpass.Clone();
windows = other.windows.Clone();
issued_token = other.issued_token.Clone();
secure_conversation = other.secure_conversation.Clone();
}
protected ServiceCredentials (ServiceCredentials other)
{
initiator = other.initiator.Clone ();
peer = other.peer.Clone ();
recipient = other.recipient.Clone ();
userpass = other.userpass.Clone ();
windows = other.windows.Clone ();
issued_token = other.issued_token.Clone ();
secure_conversation = other.secure_conversation.Clone ();
}
public ServiceCredentials Clone()
{
ServiceCredentials credentials = this.CloneCore();
if ((credentials == null) || (credentials.GetType() != base.GetType()))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotImplementedException(System.ServiceModel.SR.GetString("CloneNotImplementedCorrectly", new object[] { base.GetType(), (credentials != null) ? credentials.ToString() : "null" })));
}
return(credentials);
}
public static IServiceBehavior ServiceCredentials(X509Certificate2 certificate, Func<UserNamePasswordValidator> validator)
{
var serviceCredentials = new ServiceCredentials();
serviceCredentials.ServiceCertificate.Certificate = certificate;
serviceCredentials.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom;
serviceCredentials.UserNameAuthentication.CustomUserNamePasswordValidator = validator();
return serviceCredentials;
}
public ServiceCredentials Clone()
{
ServiceCredentials result = CloneCore();
if (result == null || result.GetType() != this.GetType())
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotImplementedException(SR.GetString(SR.CloneNotImplementedCorrectly, this.GetType(), (result != null) ? result.ToString() : "null")));
}
return(result);
}
public JwtRequestInterceptor(ServiceCredentials credentials)
: base(true)
{
if (credentials == null)
throw new ArgumentNullException("credentials");
_wifCredentials = credentials as FederatedServiceCredentials;
if (_wifCredentials == null)
throw new InvalidOperationException("WIF is not configured.");
}
public void ClientCertificate ()
{
X509CertificateInitiatorServiceCredential cc =
new ServiceCredentials ().ClientCertificate;
Assert.IsNull (cc.Certificate, "#1");
Assert.AreEqual (X509CertificateValidationMode.ChainTrust, cc.Authentication.CertificateValidationMode, "#2-1");
Assert.IsNull (cc.Authentication.CustomCertificateValidator, "#2-2");
Assert.IsTrue (cc.Authentication.IncludeWindowsGroups, "#2-3");
Assert.IsFalse (cc.Authentication.MapClientCertificateToWindowsAccount, "#2-4");
Assert.AreEqual (X509RevocationMode.Online, cc.Authentication.RevocationMode, "#2-5");
Assert.AreEqual (StoreLocation.LocalMachine, cc.Authentication.TrustedStoreLocation, "#2-6");
}
public void IssuedTokenAuthentication ()
{
IssuedTokenServiceCredential ic =
new ServiceCredentials ().IssuedTokenAuthentication;
Assert.IsFalse (ic.AllowUntrustedRsaIssuers, "#1");
Assert.AreEqual (X509CertificateValidationMode.ChainTrust, ic.CertificateValidationMode, "#2");
Assert.IsNull (ic.CustomCertificateValidator, "#3");
Assert.AreEqual (0, ic.KnownCertificates.Count, "#4");
Assert.AreEqual (X509RevocationMode.Online, ic.RevocationMode, "#5");
Assert.IsNull (ic.SamlSerializer, "#6");
Assert.AreEqual (StoreLocation.LocalMachine, ic.TrustedStoreLocation, "#7");
}
protected ServiceCredentials(ServiceCredentials other)
{
if (other == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("other");
}
this.userName = new UserNamePasswordServiceCredential(other.userName);
this.clientCertificate = new X509CertificateInitiatorServiceCredential(other.clientCertificate);
this.serviceCertificate = new X509CertificateRecipientServiceCredential(other.serviceCertificate);
this.windows = new WindowsServiceCredential(other.windows);
this.issuedToken = new IssuedTokenServiceCredential(other.issuedToken);
this.peer = new PeerCredential(other.peer);
this.secureConversation = new SecureConversationServiceCredential(other.secureConversation);
}
protected ServiceCredentials(ServiceCredentials other)
{
if (other == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("other");
}
this.userName = new UserNamePasswordServiceCredential(other.userName);
this.clientCertificate = new X509CertificateInitiatorServiceCredential(other.clientCertificate);
this.serviceCertificate = new X509CertificateRecipientServiceCredential(other.serviceCertificate);
this.windows = new WindowsServiceCredential(other.windows);
this.issuedToken = new IssuedTokenServiceCredential(other.issuedToken);
this.peer = new PeerCredential(other.peer);
this.secureConversation = new SecureConversationServiceCredential(other.secureConversation);
}
public void Peer ()
{
PeerCredential p = new ServiceCredentials ().Peer;
Assert.IsNull (p.Certificate, "#1");
Assert.IsNull (p.MeshPassword, "#2");
X509PeerCertificateAuthentication pa = p.MessageSenderAuthentication;
Assert.AreEqual (X509CertificateValidationMode.PeerOrChainTrust, pa.CertificateValidationMode, "#3-1");
Assert.IsNull (pa.CustomCertificateValidator, "#3-2");
Assert.AreEqual (X509RevocationMode.Online, pa.RevocationMode, "#3-3");
Assert.AreEqual (StoreLocation.CurrentUser, pa.TrustedStoreLocation, "#3-4");
pa = p.PeerAuthentication;
Assert.AreEqual (X509CertificateValidationMode.PeerOrChainTrust, pa.CertificateValidationMode, "#4-1");
Assert.IsNull (pa.CustomCertificateValidator, "#4-2");
Assert.AreEqual (X509RevocationMode.Online, pa.RevocationMode, "#4-3");
Assert.AreEqual (StoreLocation.CurrentUser, pa.TrustedStoreLocation, "#4-4");
}
private void CreateServiceHost(Uri uri, string subjectName = null)
{
if (host != null) return;
CustomBinding binding = new CustomBinding();
binding.Elements.Add(new ByteStreamMessageEncodingBindingElement());
HttpTransportBindingElement transport;
ServiceCredentials behavior = null;
string scheme;
if (uri.Scheme.Equals("ws"))
{
transport = new HttpTransportBindingElement();
scheme = Uri.UriSchemeHttp;
}
else
{
transport = new HttpsTransportBindingElement();
scheme = Uri.UriSchemeHttps;
behavior = new ServiceCredentials();
behavior.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine,
StoreName.My, X509FindType.FindBySubjectName, subjectName);
}
transport.WebSocketSettings = new WebSocketTransportSettings()
{
TransportUsage = WebSocketTransportUsage.Always,
CreateNotificationOnConnection = false
};
binding.Elements.Add(transport);
host = new ServiceHost(typeof(WebSocketServerTool.Service));
UriBuilder newUri = new UriBuilder(uri)
{
Scheme = scheme
};
ServiceEndpoint endpoint = host.AddServiceEndpoint(typeof(IService),
binding, newUri.ToString());
if (behavior != null)
host.Description.Behaviors.Add(behavior);
host.Open();
}
static void Main(string[] args)
{
//Create a ServiceHost for the CalculatorService type
using (ServiceHost serviceHost = new ServiceHost(typeof(CalculatorService)))
{
//Create and configure the WseHttpBinding
WseHttpBinding binding = new WseHttpBinding();
binding.SecurityAssertion = WseSecurityAssertion.AnonymousForCertificate;
binding.EstablishSecurityContext = true;
binding.RequireDerivedKeys = true;
binding.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
serviceHost.AddServiceEndpoint(typeof(ICalculator), binding, "");
ServiceCredentials creds = new ServiceCredentials();
creds.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindBySubjectName,
"localhost");
serviceHost.Description.Behaviors.Add(creds);
serviceHost.Open();
// The service can now be accessed.
Console.WriteLine("Press enter to terminate the service");
// Uncomment the following to see the account the service is running under
//Console.WriteLine("The service is running in the following account: {0}", WindowsIdentity.GetCurrent().Name);
for (int i = 0; i < serviceHost.ChannelDispatchers.Count; ++i)
{
ChannelDispatcher channelDispatcher = serviceHost.ChannelDispatchers[i] as ChannelDispatcher;
if (channelDispatcher != null)
{
for (int j=0; j<channelDispatcher.Endpoints.Count; ++j)
{
EndpointDispatcher endpointDispatcher = channelDispatcher.Endpoints[j];
Console.WriteLine("The service is listening on {0}", endpointDispatcher.EndpointAddress.Uri);
}
}
}
Console.WriteLine("The service is ready");
Console.ReadLine();
}
}
/// <summary>
/// Initializes an instance of <see cref="FederatedSecurityTokenManager"/>.
/// </summary>
/// <param name="parentCredentials">ServiceCredentials that created this instance of TokenManager.</param>
/// <exception cref="ArgumentNullException">The argument 'parentCredentials' is null.</exception>
public FederatedSecurityTokenManager( ServiceCredentials parentCredentials )
: base( parentCredentials )
{
if ( parentCredentials == null )
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "parentCredentials" );
}
if ( parentCredentials.IdentityConfiguration == null )
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "parentCredentials.IdentityConfiguration" );
}
_exceptionMapper = parentCredentials.ExceptionMapper;
_securityTokenHandlerCollection = parentCredentials.IdentityConfiguration.SecurityTokenHandlers;
_tokenCache = _securityTokenHandlerCollection.Configuration.Caches.SessionSecurityTokenCache;
_cookieTransforms = SessionSecurityTokenHandler.DefaultCookieTransforms;
}
public WSManServiceHost ()
{
try
{
//localhost:5985/wsman
SymmetricSecurityBindingElement sbe = SecurityBindingElement.CreateUserNameForSslBindingElement();
//sbe.IncludeTimestamp = false;
//sbe.LocalServiceSettings.DetectReplays = false;
sbe.ProtectionTokenParameters = new X509SecurityTokenParameters ();
// This "Never" is somehow mandatory (though I wonder why ...)
sbe.ProtectionTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never;
sbe.SetKeyDerivation (false);
sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
_host = new ServiceHost (typeof (WSManHttpService));
HttpTransportBindingElement hbe = new HttpTransportBindingElement ();
CustomBinding binding = new CustomBinding (sbe, hbe);
binding.ReceiveTimeout = TimeSpan.FromSeconds (5);
_host.AddServiceEndpoint (typeof(IWSManHttpService),
binding, new Uri ("http://localhost:5985/wsman"));
ServiceCredentials cred = new ServiceCredentials ();
cred.ServiceCertificate.Certificate = new X509Certificate2 ("powershell.pfx", "mono");
cred.ClientCertificate.Authentication.CertificateValidationMode =
X509CertificateValidationMode.None;
cred.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom;
cred.UserNameAuthentication.CustomUserNamePasswordValidator = new WSManUserNamePasswordValidator();
_host.Description.Behaviors.Add (cred);
_host.Description.Behaviors.Find<ServiceDebugBehavior> ()
.IncludeExceptionDetailInFaults = false;
ServiceMetadataBehavior smb = new ServiceMetadataBehavior ();
smb.HttpGetEnabled = true;
smb.HttpGetUrl = new Uri ("http://localhost:5985/wsman/wsdl");
_host.Description.Behaviors.Add (smb);
} catch (Exception ex) {
Console.WriteLine ("Could not create service...");
Console.WriteLine (ex.Message);
}
}
public override ServiceHostBase CreateServiceHost(string constructorString, Uri[] baseAddresses)
{
var config = CreateSecurityTokenServiceConfiguration(constructorString);
var host = new WSTrustServiceHost(config, baseAddresses);
// add behavior for load balancing support
host.Description.Behaviors.Add(new UseRequestHeadersForMetadataAddressBehavior());
// modify address filter mode for load balancing
var serviceBehavior = host.Description.Behaviors.Find<ServiceBehaviorAttribute>();
serviceBehavior.AddressFilterMode = AddressFilterMode.Any;
var credential = new ServiceCredentials();
credential.ServiceCertificate.Certificate = Configuration.TokenSigningCertificate;
host.Description.Behaviors.Add(credential);
host.AddServiceEndpoint(
typeof(IWSTrust13SyncContract),
new WindowsWSTrustBinding(SecurityMode.Message),
"/Message/Windows");
return host;
}
public void CheckDuplicateAuthenticatorTypesService ()
{
SymmetricSecurityBindingElement be =
new SymmetricSecurityBindingElement ();
be.ProtectionTokenParameters =
new X509SecurityTokenParameters ();
be.EndpointSupportingTokenParameters.Endorsing.Add (
new X509SecurityTokenParameters ());
// This causes multiple supporting token authenticator
// of the same type.
be.OptionalEndpointSupportingTokenParameters.Endorsing.Add (
new X509SecurityTokenParameters ());
Binding b = new CustomBinding (be, new HttpTransportBindingElement ());
ServiceCredentials cred = new ServiceCredentials ();
cred.ServiceCertificate.Certificate =
new X509Certificate2 ("Test/Resources/test.pfx", "mono");
IChannelListener<IReplyChannel> ch = b.BuildChannelListener<IReplyChannel> (new Uri ("http://localhost:" + NetworkHelpers.FindFreePort ()), cred);
try {
ch.Open ();
} finally {
if (ch.State == CommunicationState.Closed)
ch.Close ();
}
}
public void OpenListenerNoPrivateKeyInServiceCertificate ()
{
CustomBinding rb = CreateBinding ();
BindingParameterCollection bpl =
new BindingParameterCollection ();
ServiceCredentials cred = new ServiceCredentials ();
cred.ServiceCertificate.Certificate =
new X509Certificate2 ("Test/Resources/test.cer");
IServiceBehavior sb = cred;
sb.AddBindingParameters (null, null, null, bpl);
IChannelListener<IReplyChannel> listener = rb.BuildChannelListener<IReplyChannel> (bpl);
listener.Open ();
}
IChannelListener<IReplyChannel> CreateListener (ReplyHandler handler, RequestReceiver receiver)
{
CustomBinding rb = CreateBinding (handler, receiver);
BindingParameterCollection bpl =
new BindingParameterCollection ();
ServiceCredentials cred = new ServiceCredentials ();
cred.ServiceCertificate.Certificate =
new X509Certificate2 ("Test/Resources/test.pfx", "mono");
IServiceBehavior sb = cred;
sb.AddBindingParameters (null, null, null, bpl);
IChannelListener<IReplyChannel> listener = rb.BuildChannelListener<IReplyChannel> (bpl);
return listener;
}
public CustomSecurityTokenManager(ServiceCredentials parent)
: base(parent)
{
}
public ServiceCredentialsSecurityTokenManager (
ServiceCredentials credentials)
{
this.credentials = credentials;
}
public MyManager (ServiceCredentials cred)
: base (cred)
{
}
public void UserNameAuthentication ()
{
UserNamePasswordServiceCredential un =
new ServiceCredentials ().UserNameAuthentication;
Assert.AreEqual (TimeSpan.FromMinutes (15), un.CachedLogonTokenLifetime, "#1");
Assert.IsFalse (un.CacheLogonTokens, "#2");
Assert.IsNull (un.CustomUserNamePasswordValidator, "#3");
Assert.IsTrue (un.IncludeWindowsGroups, "#4");
Assert.AreEqual (0x80, un.MaxCachedLogonTokens, "#5");
Assert.IsNull (un.MembershipProvider, "#6");
Assert.AreEqual (UserNamePasswordValidationMode.Windows, un.UserNamePasswordValidationMode, "#7");
// TODO: WindowsAuthentication if we have infinite amount of free time.
}
/// <summary>
/// Creates a service host to process WS-Trust 1.3 requests
/// </summary>
/// <param name="constructorString">The constructor string.</param>
/// <param name="baseAddresses">The base addresses.</param>
/// <returns>A WS-Trust ServiceHost</returns>
public override ServiceHostBase CreateServiceHost(string constructorString, Uri[] baseAddresses)
{
var globalConfiguration = ConfigurationRepository.Configuration;
var config = CreateSecurityTokenServiceConfiguration(constructorString);
var host = new WSTrustServiceHost(config, baseAddresses);
// add behavior for load balancing support
host.Description.Behaviors.Add(new UseRequestHeadersForMetadataAddressBehavior());
// modify address filter mode for load balancing
var serviceBehavior = host.Description.Behaviors.Find<ServiceBehaviorAttribute>();
serviceBehavior.AddressFilterMode = AddressFilterMode.Any;
// add and configure a mixed mode security endpoint
if (ConfigurationRepository.Endpoints.WSTrustMixed)
{
EndpointIdentity epi = null;
if (ConfigurationRepository.Configuration.EnableStrongEpiForSsl)
{
if (ConfigurationRepository.SslCertificate.Certificate == null)
{
throw new ServiceActivationException("No SSL certificate configured for strong endpoint identity.");
}
epi = EndpointIdentity.CreateX509CertificateIdentity(ConfigurationRepository.SslCertificate.Certificate);
}
if (globalConfiguration.EnableClientCertificates)
{
var sep2 = host.AddServiceEndpoint(
typeof(IWSTrust13SyncContract),
new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential),
Endpoints.Paths.WSTrustMixedCertificate);
if (epi != null)
{
sep2.Address = new EndpointAddress(sep2.Address.Uri, epi);
}
}
var sep = host.AddServiceEndpoint(
typeof(IWSTrust13SyncContract),
new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential),
Endpoints.Paths.WSTrustMixedUserName);
if (epi != null)
{
sep.Address = new EndpointAddress(sep.Address.Uri, epi);
}
}
// add and configure a message security endpoint
if (ConfigurationRepository.Endpoints.WSTrustMessage)
{
var credential = new ServiceCredentials();
credential.ServiceCertificate.Certificate = ConfigurationRepository.SigningCertificate.Certificate;
host.Description.Behaviors.Add(credential);
if (globalConfiguration.EnableClientCertificates)
{
host.AddServiceEndpoint(
typeof(IWSTrust13SyncContract),
new CertificateWSTrustBinding(SecurityMode.Message),
Endpoints.Paths.WSTrustMessageCertificate);
}
host.AddServiceEndpoint(
typeof(IWSTrust13SyncContract),
new UserNameWSTrustBinding(SecurityMode.Message),
Endpoints.Paths.WSTrustMessageUserName);
}
return host;
}
public static void SetupCert(ServiceCredentials credentials)
{
credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectName, "zhiqiang.com");
credentials.ClientCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;
}
public void ClientAcceptUpgrade ()
{
ServiceCredentials cred = new ServiceCredentials ();
X509Certificate2 cert =
new X509Certificate2 ("Test/Resources/test.cer");
cred.ServiceCertificate.Certificate = cert;
X509CertificateEndpointIdentity ident =
new X509CertificateEndpointIdentity (cert);
StreamSecurityUpgradeProvider p = CreateClientProvider (cred, ident);
p.Open ();
try {
StreamSecurityUpgradeAcceptor a =
p.CreateUpgradeAcceptor ()
as StreamSecurityUpgradeAcceptor;
Assert.IsNotNull (a, "#1");
SecurityMessageProperty prop =
a.GetRemoteSecurity ();
Assert.IsNull (prop, "#2"); // hmm
Stream s = a.AcceptUpgrade (new MemoryStream (new byte [] {1, 2, 3, 4, 5}));
} finally {
p.Close ();
}
}
public void RejectInclusionModeNever ()
{
AsymmetricSecurityBindingElement sbe =
new AsymmetricSecurityBindingElement ();
sbe.InitiatorTokenParameters = sbe.RecipientTokenParameters =
new X509SecurityTokenParameters (
X509KeyIdentifierClauseType.Thumbprint,
// this leads to the failure.
SecurityTokenInclusionMode.Never);
ServiceHost host = new ServiceHost (typeof (Foo));
HttpTransportBindingElement hbe =
new HttpTransportBindingElement ();
CustomBinding binding = new CustomBinding (sbe, hbe);
host.AddServiceEndpoint (typeof (IFoo),
binding, new Uri ("http://localhost:" + NetworkHelpers.FindFreePort ()));
ServiceCredentials cred = new ServiceCredentials ();
cred.ServiceCertificate.Certificate =
new X509Certificate2 ("Test/Resources/test.pfx", "mono");
cred.ClientCertificate.Authentication.CertificateValidationMode =
X509CertificateValidationMode.None;
host.Description.Behaviors.Add (cred);
try {
host.Open ();
} finally {
if (host.State == CommunicationState.Opened)
host.Close ();
}
}
public void VerifyX509MessageSecurityAtService ()
{
AsymmetricSecurityBindingElement clisbe =
new AsymmetricSecurityBindingElement ();
clisbe.InitiatorTokenParameters =
new X509SecurityTokenParameters ();
clisbe.RecipientTokenParameters =
new X509SecurityTokenParameters ();
AsymmetricSecurityBindingElement svcsbe =
new AsymmetricSecurityBindingElement ();
svcsbe.InitiatorTokenParameters =
new X509SecurityTokenParameters ();
svcsbe.RecipientTokenParameters =
new X509SecurityTokenParameters ();
CustomBinding b_req = new CustomBinding (clisbe,
new HttpTransportBindingElement ());
b_req.ReceiveTimeout = b_req.SendTimeout = TimeSpan.FromSeconds (10);
CustomBinding b_res = new CustomBinding (svcsbe, new HttpTransportBindingElement ());
b_res.ReceiveTimeout = b_res.SendTimeout = TimeSpan.FromSeconds (10);
EndpointAddress remaddr = new EndpointAddress (
new Uri ("http://localhost:" + NetworkHelpers.FindFreePort ()),
new X509CertificateEndpointIdentity (cert2));
CalcProxy proxy = null;
ServiceHost host = new ServiceHost (typeof (CalcService));
host.AddServiceEndpoint (typeof (ICalc), b_res, "http://localhost:" + NetworkHelpers.FindFreePort ());
ServiceCredentials cred = new ServiceCredentials ();
cred.ServiceCertificate.Certificate = cert;
host.Description.Behaviors.Add (cred);
try {
host.Open ();
proxy = new CalcProxy (b_req, remaddr);
proxy.ClientCredentials.ClientCertificate.Certificate = cert;
// FIXME: on WinFX, when this Begin method
// is invoked before the listener setup, it
// somehow works, while ours doesn't.
//IAsyncResult result = proxy.BeginSum (1, 2, null, null);
//Assert.AreEqual (3, proxy.EndSum (result));
Assert.AreEqual (3, proxy.Sum (1, 2));
} finally {
if (host.State == CommunicationState.Opened)
host.Close ();
}
}
public void SecureConversationAuthentication ()
{
SecureConversationServiceCredential sc =
new ServiceCredentials ().SecureConversationAuthentication;
Assert.AreEqual (5, sc.SecurityContextClaimTypes.Count, "#1");
Collection<Type> types = new Collection<Type> (new Type [] {
typeof (SamlAuthorizationDecisionClaimResource),
typeof (SamlAuthenticationClaimResource),
typeof (SamlAccessDecision),
typeof (SamlAuthorityBinding),
typeof (SamlNameIdentifierClaimResource)});
foreach (Type type in sc.SecurityContextClaimTypes)
if (!types.Contains (type))
Assert.Fail (type.ToString ());
DataProtectionSecurityStateEncoder sse = sc.SecurityStateEncoder
as DataProtectionSecurityStateEncoder;
Assert.IsNotNull (sse, "#2-1");
Assert.IsTrue (sse.UseCurrentUserProtectionScope, "#2-2");
}
protected internal override object CreateBehavior ()
{
var sb = new ServiceCredentials ();
// IssuedToken
foreach (AllowedAudienceUriElement ae in IssuedTokenAuthentication.AllowedAudienceUris)
sb.IssuedTokenAuthentication.AllowedAudienceUris.Add (ae.AllowedAudienceUri);
sb.IssuedTokenAuthentication.AllowUntrustedRsaIssuers = IssuedTokenAuthentication.AllowUntrustedRsaIssuers;
sb.IssuedTokenAuthentication.AudienceUriMode = IssuedTokenAuthentication.AudienceUriMode;
if (!String.IsNullOrEmpty (IssuedTokenAuthentication.CustomCertificateValidatorType))
sb.IssuedTokenAuthentication.CustomCertificateValidator = (X509CertificateValidator) CreateInstance (IssuedTokenAuthentication.CustomCertificateValidatorType);
sb.IssuedTokenAuthentication.CertificateValidationMode = IssuedTokenAuthentication.CertificateValidationMode;
sb.IssuedTokenAuthentication.RevocationMode = IssuedTokenAuthentication.RevocationMode;
sb.IssuedTokenAuthentication.TrustedStoreLocation = IssuedTokenAuthentication.TrustedStoreLocation;
foreach (X509CertificateTrustedIssuerElement ce in IssuedTokenAuthentication.KnownCertificates)
sb.IssuedTokenAuthentication.KnownCertificates.Add (GetCertificate (ce.StoreLocation, ce.StoreName, ce.X509FindType, ce.FindValue));
sb.IssuedTokenAuthentication.SamlSerializer = (SamlSerializer) CreateInstance (IssuedTokenAuthentication.SamlSerializerType);
// Peer
if (!String.IsNullOrEmpty (Peer.Certificate.FindValue))
sb.Peer.SetCertificate (Peer.Certificate.StoreLocation, Peer.Certificate.StoreName, Peer.Certificate.X509FindType, Peer.Certificate.FindValue);
// sb.Peer.MeshPassword = /* cannot fill it here */
sb.Peer.MessageSenderAuthentication.CustomCertificateValidator = (X509CertificateValidator) CreateInstance (Peer.MessageSenderAuthentication.CustomCertificateValidatorType);
sb.Peer.MessageSenderAuthentication.CertificateValidationMode = Peer.MessageSenderAuthentication.CertificateValidationMode;
sb.Peer.MessageSenderAuthentication.RevocationMode = Peer.MessageSenderAuthentication.RevocationMode;
sb.Peer.MessageSenderAuthentication.TrustedStoreLocation = Peer.MessageSenderAuthentication.TrustedStoreLocation;
sb.Peer.PeerAuthentication.CustomCertificateValidator = (X509CertificateValidator) CreateInstance (Peer.PeerAuthentication.CustomCertificateValidatorType);
sb.Peer.PeerAuthentication.CertificateValidationMode = Peer.PeerAuthentication.CertificateValidationMode;
sb.Peer.PeerAuthentication.RevocationMode = Peer.PeerAuthentication.RevocationMode;
sb.Peer.PeerAuthentication.TrustedStoreLocation = Peer.PeerAuthentication.TrustedStoreLocation;
// WSSC
sb.SecureConversationAuthentication.SecurityStateEncoder = (SecurityStateEncoder) CreateInstance (SecureConversationAuthentication.SecurityStateEncoderType);
// X509
if (!String.IsNullOrEmpty (ServiceCertificate.FindValue))
sb.ServiceCertificate.SetCertificate (ServiceCertificate.StoreLocation, ServiceCertificate.StoreName, ServiceCertificate.X509FindType, ServiceCertificate.FindValue);
// UserNamePassword
sb.UserNameAuthentication.CachedLogonTokenLifetime = UserNameAuthentication.CachedLogonTokenLifetime;
sb.UserNameAuthentication.CacheLogonTokens = UserNameAuthentication.CacheLogonTokens;
sb.UserNameAuthentication.CustomUserNamePasswordValidator = (UserNamePasswordValidator) CreateInstance (UserNameAuthentication.CustomUserNamePasswordValidatorType);
sb.UserNameAuthentication.IncludeWindowsGroups = UserNameAuthentication.IncludeWindowsGroups;
sb.UserNameAuthentication.MaxCachedLogonTokens = UserNameAuthentication.MaxCachedLogonTokens;
sb.UserNameAuthentication.MembershipProvider = (MembershipProvider) CreateInstance (UserNameAuthentication.MembershipProviderName);
sb.UserNameAuthentication.UserNamePasswordValidationMode = UserNameAuthentication.UserNamePasswordValidationMode;
// Windows
sb.WindowsAuthentication.AllowAnonymousLogons = WindowsAuthentication.AllowAnonymousLogons;
sb.WindowsAuthentication.IncludeWindowsGroups = WindowsAuthentication.IncludeWindowsGroups;
return sb;
}
protected ServiceCredentials(ServiceCredentials other)
{
throw new NotImplementedException();
}
