// if any changes are made to this method, please reflect them in the corresponding TryCrete() method internal SecurityBindingElement CreateMessageSecurity(bool isSecureTransportMode) { SecurityBindingElement result; if (isSecureTransportMode) { MessageSecurityVersion version = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10; switch (_clientCredentialType) { case BasicHttpMessageCredentialType.Certificate: result = SecurityBindingElement.CreateCertificateOverTransportBindingElement(version); break; case BasicHttpMessageCredentialType.UserName: result = SecurityBindingElement.CreateUserNameOverTransportBindingElement(); result.MessageSecurityVersion = version; break; default: Fx.Assert("Unsupported basic http message credential type"); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException()); } } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.Format(SR.UnsupportedSecuritySetting, "Mode", BasicHttpSecurityMode.Message))); //if (_clientCredentialType != BasicHttpMessageCredentialType.Certificate) //{ // throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.Format(SR.BasicHttpMessageSecurityRequiresCertificate))); //} //result = SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10, true); } result.DefaultAlgorithmSuite = AlgorithmSuite; result.SecurityHeaderLayout = SecurityHeaderLayout.Lax; result.SetKeyDerivation(false); // result.DoNotEmitTrust = true; return(result); }
internal SecurityBindingElement CreateMessageSecurity(bool isReliableSessionEnabled, MessageSecurityVersion version) { if (this.mode == SecurityMode.Message || this.mode == SecurityMode.TransportWithMessageCredential) { return(this.messageSecurity.CreateSecurityBindingElement(this.Mode == SecurityMode.TransportWithMessageCredential, isReliableSessionEnabled, version)); } else { return(null); } }
public SecurityBindingElement CreateSecurityBindingElement(bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version) { if (isReliableSession && !IsSecureConversationEnabled()) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.Format(SR.SecureConversationRequiredByReliableSession))); } SecurityBindingElement result; bool isKerberosSelected = false; SecurityBindingElement oneShotSecurity; if (isSecureTransportMode) { switch (_clientCredentialType) { case MessageCredentialType.None: throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.Format(SR.ClientCredentialTypeMustBeSpecifiedForMixedMode))); case MessageCredentialType.UserName: oneShotSecurity = SecurityBindingElement.CreateUserNameOverTransportBindingElement(); break; case MessageCredentialType.Certificate: oneShotSecurity = SecurityBindingElement.CreateCertificateOverTransportBindingElement(); break; //case MessageCredentialType.Windows: // oneShotSecurity = SecurityBindingElement.CreateSspiNegotiationOverTransportBindingElement(true); // break; //case MessageCredentialType.IssuedToken: // oneShotSecurity = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(new WSSecurityTokenSerializer(emitBspAttributes: true)), this.algorithmSuite)); // break; default: Fx.Assert("unknown ClientCredentialType"); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException()); } if (IsSecureConversationEnabled()) { result = SecurityBindingElement.CreateSecureConversationBindingElement(oneShotSecurity, true); } else { result = oneShotSecurity; } } else { throw new PlatformNotSupportedException(); //TODO //if (negotiateServiceCredential) //{ // switch (this.clientCredentialType) // { // case MessageCredentialType.None: // oneShotSecurity = SecurityBindingElement.CreateSslNegotiationBindingElement(false, true); // break; // case MessageCredentialType.UserName: // oneShotSecurity = SecurityBindingElement.CreateUserNameForSslBindingElement(true); // break; // case MessageCredentialType.Certificate: // oneShotSecurity = SecurityBindingElement.CreateSslNegotiationBindingElement(true, true); // break; // case MessageCredentialType.Windows: // oneShotSecurity = SecurityBindingElement.CreateSspiNegotiationBindingElement(true); // break; // case MessageCredentialType.IssuedToken: // oneShotSecurity = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(new WSSecurityTokenSerializer(emitBspAttributes: true)), this.algorithmSuite), true); // break; // default: // Fx.Assert("unknown ClientCredentialType"); // throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException()); // } //} //else //{ // switch (this.clientCredentialType) // { // case MessageCredentialType.None: // oneShotSecurity = SecurityBindingElement.CreateAnonymousForCertificateBindingElement(); // break; // case MessageCredentialType.UserName: // oneShotSecurity = SecurityBindingElement.CreateUserNameForCertificateBindingElement(); // break; // case MessageCredentialType.Certificate: // oneShotSecurity = SecurityBindingElement.CreateMutualCertificateBindingElement(); // break; // case MessageCredentialType.Windows: // oneShotSecurity = SecurityBindingElement.CreateKerberosBindingElement(); // isKerberosSelected = true; // break; // case MessageCredentialType.IssuedToken: // oneShotSecurity = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(new WSSecurityTokenSerializer(emitBspAttributes: true)), this.algorithmSuite)); // break; // default: // Fx.Assert("unknown ClientCredentialType"); // throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException()); // } //} //if (IsSecureConversationEnabled()) //{ // result = SecurityBindingElement.CreateSecureConversationBindingElement(oneShotSecurity, true); //} //else //{ // result = oneShotSecurity; //} } // set the algorithm suite and issued token params if required if (WasAlgorithmSuiteSet || (!isKerberosSelected)) { result.DefaultAlgorithmSuite = oneShotSecurity.DefaultAlgorithmSuite = AlgorithmSuite; } else if (isKerberosSelected) { result.DefaultAlgorithmSuite = oneShotSecurity.DefaultAlgorithmSuite = SecurityAlgorithmSuite.KerberosDefault; } result.IncludeTimestamp = true; oneShotSecurity.MessageSecurityVersion = version; result.MessageSecurityVersion = version; if (!isReliableSession) { result.LocalServiceSettings.ReconnectTransportOnFailure = false; } else { result.LocalServiceSettings.ReconnectTransportOnFailure = true; } if (IsSecureConversationEnabled()) { oneShotSecurity.LocalServiceSettings.IssuedCookieLifetime = s_defaultServerIssuedTransitionTokenLifetime; //TODO SpNego when port, remove above and enable below. // issue the transition SCT for a short duration only // oneShotSecurity.LocalServiceSettings.IssuedCookieLifetime = SpnegoTokenAuthenticator.defaultServerIssuedTransitionTokenLifetime; } return(result); }