public override ServiceHostBase CreateServiceHost(string constructorString, Uri[] baseAddresses)
{
string issuerName = WebConfigurationManager.AppSettings[Common.IssuerName];
string signingCertificateThumprint = WebConfigurationManager.AppSettings[Common.SigningCertificateThumbprint];
string issuerCertificateThumprint = WebConfigurationManager.AppSettings[Common.IssuerCertificateThumprint];
var config = new STSConfiguration(issuerName, signingCertificateThumprint, issuerCertificateThumprint);
Uri baseUri = baseAddresses.FirstOrDefault(a => a.Scheme == Uri.UriSchemeHttps);
if (baseUri == null)
{
throw new InvalidOperationException("The STS should be hosted under https.");
}
WSTrustServiceHost host = new WSTrustServiceHost(config, baseAddresses);
host.AddServiceEndpoint(typeof(IWSTrust13SyncContract), STSBinding, baseUri.AbsoluteUri);
return(host);
}
public override ServiceHostBase CreateServiceHost(string constructorString, Uri[] baseAddresses)
{
var config = CreateSecurityTokenServiceConfiguration(constructorString);
var host = new WSTrustServiceHost(config, baseAddresses);
// add behavior for load balancing support
host.Description.Behaviors.Add(new UseRequestHeadersForMetadataAddressBehavior());
// modify address filter mode for load balancing
var serviceBehavior = host.Description.Behaviors.Find<ServiceBehaviorAttribute>();
serviceBehavior.AddressFilterMode = AddressFilterMode.Any;
var credential = new ServiceCredentials();
credential.ServiceCertificate.Certificate = Configuration.TokenSigningCertificate;
host.Description.Behaviors.Add(credential);
host.AddServiceEndpoint(
typeof(IWSTrust13SyncContract),
new WindowsWSTrustBinding(SecurityMode.Message),
"/Message/Windows");
return host;
}
/// <summary>
/// Creates a service host to process WS-Trust 1.3 requests
/// </summary>
/// <param name="constructorString">The constructor string.</param>
/// <param name="baseAddresses">The base addresses.</param>
/// <returns>A WS-Trust ServiceHost</returns>
public override ServiceHostBase CreateServiceHost(string constructorString, Uri[] baseAddresses)
{
var globalConfiguration = ConfigurationRepository.Configuration;
var config = CreateSecurityTokenServiceConfiguration(constructorString);
var host = new WSTrustServiceHost(config, baseAddresses);
// add behavior for load balancing support
host.Description.Behaviors.Add(new UseRequestHeadersForMetadataAddressBehavior());
// modify address filter mode for load balancing
var serviceBehavior = host.Description.Behaviors.Find<ServiceBehaviorAttribute>();
serviceBehavior.AddressFilterMode = AddressFilterMode.Any;
// add and configure a mixed mode security endpoint
if (ConfigurationRepository.Endpoints.WSTrustMixed)
{
EndpointIdentity epi = null;
if (ConfigurationRepository.Configuration.EnableStrongEpiForSsl)
{
if (ConfigurationRepository.SslCertificate.Certificate == null)
{
throw new ServiceActivationException("No SSL certificate configured for strong endpoint identity.");
}
epi = EndpointIdentity.CreateX509CertificateIdentity(ConfigurationRepository.SslCertificate.Certificate);
}
if (globalConfiguration.EnableClientCertificates)
{
var sep2 = host.AddServiceEndpoint(
typeof(IWSTrust13SyncContract),
new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential),
Endpoints.Paths.WSTrustMixedCertificate);
if (epi != null)
{
sep2.Address = new EndpointAddress(sep2.Address.Uri, epi);
}
}
var sep = host.AddServiceEndpoint(
typeof(IWSTrust13SyncContract),
new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential),
Endpoints.Paths.WSTrustMixedUserName);
if (epi != null)
{
sep.Address = new EndpointAddress(sep.Address.Uri, epi);
}
}
// add and configure a message security endpoint
if (ConfigurationRepository.Endpoints.WSTrustMessage)
{
var credential = new ServiceCredentials();
credential.ServiceCertificate.Certificate = ConfigurationRepository.SigningCertificate.Certificate;
host.Description.Behaviors.Add(credential);
if (globalConfiguration.EnableClientCertificates)
{
host.AddServiceEndpoint(
typeof(IWSTrust13SyncContract),
new CertificateWSTrustBinding(SecurityMode.Message),
Endpoints.Paths.WSTrustMessageCertificate);
}
host.AddServiceEndpoint(
typeof(IWSTrust13SyncContract),
new UserNameWSTrustBinding(SecurityMode.Message),
Endpoints.Paths.WSTrustMessageUserName);
}
return host;
}
/// <summary>
/// Creates a service host to process WS-Trust 1.3 requests
/// </summary>
/// <param name="constructorString">The constructor string.</param>
/// <param name="baseAddresses">The base addresses.</param>
/// <returns>A WS-Trust ServiceHost</returns>
public override ServiceHostBase CreateServiceHost(string constructorString, Uri[] baseAddresses)
{
var globalConfiguration = ConfigurationRepository.Global;
var config = CreateSecurityTokenServiceConfiguration(constructorString);
var host = new WSTrustServiceHost(config, baseAddresses);
// add behavior for load balancing support
host.Description.Behaviors.Add(new UseRequestHeadersForMetadataAddressBehavior());
// modify address filter mode for load balancing
var serviceBehavior = host.Description.Behaviors.Find <ServiceBehaviorAttribute>();
serviceBehavior.AddressFilterMode = AddressFilterMode.Any;
// add and configure a mixed mode security endpoint
if (ConfigurationRepository.WSTrust.Enabled &&
ConfigurationRepository.WSTrust.EnableMixedModeSecurity &&
!ConfigurationRepository.Global.DisableSSL)
{
EndpointIdentity epi = null;
if (ConfigurationRepository.WSTrust.EnableClientCertificateAuthentication)
{
var sep2 = host.AddServiceEndpoint(
typeof(IWSTrust13SyncContract),
new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential),
Endpoints.Paths.WSTrustMixedCertificate);
if (epi != null)
{
sep2.Address = new EndpointAddress(sep2.Address.Uri, epi);
}
}
var sep = host.AddServiceEndpoint(
typeof(IWSTrust13SyncContract),
new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential),
Endpoints.Paths.WSTrustMixedUserName);
if (epi != null)
{
sep.Address = new EndpointAddress(sep.Address.Uri, epi);
}
}
// add and configure a message security endpoint
if (ConfigurationRepository.WSTrust.Enabled && ConfigurationRepository.WSTrust.EnableMessageSecurity)
{
var credential = new ServiceCredentials();
credential.ServiceCertificate.Certificate = ConfigurationRepository.Keys.SigningCertificate;
host.Description.Behaviors.Add(credential);
if (ConfigurationRepository.WSTrust.EnableClientCertificateAuthentication)
{
host.AddServiceEndpoint(
typeof(IWSTrust13SyncContract),
new CertificateWSTrustBinding(SecurityMode.Message),
Endpoints.Paths.WSTrustMessageCertificate);
}
host.AddServiceEndpoint(
typeof(IWSTrust13SyncContract),
new UserNameWSTrustBinding(SecurityMode.Message),
Endpoints.Paths.WSTrustMessageUserName);
}
ServiceMetadataBehavior metad = host.Description.Behaviors.Find <ServiceMetadataBehavior>();
if (metad == null)
{
metad = new ServiceMetadataBehavior();
}
for (int i = 0; i < baseAddresses.Length; i++)
{
// there will be two bindings: one for http and one secure
switch (baseAddresses[i].Scheme)
{
case "http":
metad.HttpGetEnabled = true;
metad.HttpGetUrl = new Uri(baseAddresses[i], "/issue/wstrust/mex");
break;
case "https":
metad.HttpsGetEnabled = true;
metad.HttpsGetUrl = new Uri(baseAddresses[i], "/issue/wstrust/mex");
break;
}
}
return(host);
}
/// <summary>
/// Creates a service host to process WS-Trust 1.3 requests
/// </summary>
/// <param name="constructorString">The constructor string.</param>
/// <param name="baseAddresses">The base addresses.</param>
/// <returns>A WS-Trust ServiceHost</returns>
public override ServiceHostBase CreateServiceHost(string constructorString, Uri[] baseAddresses)
{
var globalConfiguration = ConfigurationRepository.Global;
var config = CreateSecurityTokenServiceConfiguration(constructorString);
var host = new WSTrustServiceHost(config, baseAddresses);
// add behavior for load balancing support
host.Description.Behaviors.Add(new UseRequestHeadersForMetadataAddressBehavior());
// modify address filter mode for load balancing
var serviceBehavior = host.Description.Behaviors.Find <ServiceBehaviorAttribute>();
serviceBehavior.AddressFilterMode = AddressFilterMode.Any;
// add and configure a mixed mode security endpoint
if (ConfigurationRepository.WSTrust.Enabled &&
ConfigurationRepository.WSTrust.EnableMixedModeSecurity &&
!ConfigurationRepository.Global.DisableSSL)
{
EndpointIdentity epi = null;
if (ConfigurationRepository.WSTrust.EnableClientCertificateAuthentication)
{
var sep2 = host.AddServiceEndpoint(
typeof(IWSTrust13SyncContract),
new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential),
Endpoints.Paths.WSTrustMixedCertificate);
if (epi != null)
{
sep2.Address = new EndpointAddress(sep2.Address.Uri, epi);
}
}
var sep = host.AddServiceEndpoint(
typeof(IWSTrust13SyncContract),
new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential),
Endpoints.Paths.WSTrustMixedUserName);
if (epi != null)
{
sep.Address = new EndpointAddress(sep.Address.Uri, epi);
}
}
// add and configure a message security endpoint
if (ConfigurationRepository.WSTrust.Enabled && ConfigurationRepository.WSTrust.EnableMessageSecurity)
{
var credential = new ServiceCredentials();
credential.ServiceCertificate.Certificate = ConfigurationRepository.Keys.SigningCertificate;
host.Description.Behaviors.Add(credential);
if (ConfigurationRepository.WSTrust.EnableClientCertificateAuthentication)
{
host.AddServiceEndpoint(
typeof(IWSTrust13SyncContract),
new CertificateWSTrustBinding(SecurityMode.Message),
Endpoints.Paths.WSTrustMessageCertificate);
}
host.AddServiceEndpoint(
typeof(IWSTrust13SyncContract),
new UserNameWSTrustBinding(SecurityMode.Message),
Endpoints.Paths.WSTrustMessageUserName);
}
return(host);
}
