public void CreateIssuedTokenBindingElement1()
        {
            IssuedSecurityTokenParameters tp =
                new IssuedSecurityTokenParameters();
            SymmetricSecurityBindingElement be =
                SecurityBindingElement.CreateIssuedTokenBindingElement(tp);

            SecurityAssert.AssertSymmetricSecurityBindingElement(
                SecurityAlgorithmSuite.Default,
                true,                 // IncludeTimestamp
                SecurityKeyEntropyMode.CombinedEntropy,
                MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature,
                MessageSecurityVersion.Default,
                false,                 // RequireSignatureConfirmation
                SecurityHeaderLayout.Strict,
                // EndpointSupportingTokenParameters: endorsing, signed, signedEncrypted, signedEndorsing (by count)
                0, 0, 0, 0,
                // ProtectionTokenParameters
                true, SecurityTokenInclusionMode.AlwaysToRecipient, SecurityTokenReferenceStyle.Internal, true,
                // LocalClientSettings
                true, 60, true,

                be, "");

            // test ProtectionTokenParameters
            Assert.AreEqual(tp, be.ProtectionTokenParameters, "#2-1");
            SecurityAssert.AssertSecurityTokenParameters(
                SecurityTokenInclusionMode.AlwaysToRecipient,
                SecurityTokenReferenceStyle.Internal,
                true, tp, "Protection");
        }
Example #2
0
        public static Binding CreateIssuedTokenBinding()
        {
            BindingElementCollection bec = new BindingElementCollection();

            bec.Add(SecurityBindingElement.
                    CreateIssuedTokenBindingElement(
                        new IssuedSecurityTokenParameters()));
            bec.Add(new TextMessageEncodingBindingElement());
            bec.Add(new HttpTransportBindingElement());
            return(new CustomBinding(bec));
        }
Example #3
0
        private SecurityBindingElement CreateSecurityBindingElement()
        {
            // Create an issued token parameters object.
            IssuedSecurityTokenParameters issuedSecTok =
                new IssuedSecurityTokenParameters();

            // Create a security binding element with the parameter object.
            SymmetricSecurityBindingElement secBindingEle =
                SecurityBindingElement.CreateIssuedTokenBindingElement(issuedSecTok);

            // Create a Kerberos token parameter object and set the inclusion
            // mode to AlwaysToRecipient. Add the object as an endorsing token for
            // all operations of the endpoint.
            KerberosSecurityTokenParameters kstp = new KerberosSecurityTokenParameters();

            kstp.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
            secBindingEle.EndpointSupportingTokenParameters.Endorsing.Add(kstp);

            // Create a username token parameter object and set its
            // RequireDerivedKeys to false.
            UserNameSecurityTokenParameters userNameParams =
                new UserNameSecurityTokenParameters();

            userNameParams.RequireDerivedKeys = false;

            // Create a collection object for supporting tokens.
            SupportingTokenParameters stp = new SupportingTokenParameters();

            // Add the previously created supporting tokens.
            stp.Endorsing.Add(issuedSecTok);
            stp.SignedEncrypted.Add(userNameParams);

            // Create a generic dictionary item, a KeyValuePair object
            // that includes all supporting token parameters. Then add
            // it to the dictionary for operation-scope supporting tokens.
            KeyValuePair <string, SupportingTokenParameters> x =
                new KeyValuePair <string, SupportingTokenParameters>("1", stp);

            secBindingEle.OperationSupportingTokenParameters.Add(x);

            // See all dictionary items for the supporting tokens.
            Console.WriteLine("Reading Kevalue pairs");
            foreach (KeyValuePair <string, SupportingTokenParameters> kvp
                     in secBindingEle.OperationSupportingTokenParameters)
            {
                Console.WriteLine("{0}: {1}", kvp.Key, kvp.Value);
            }

            Console.ReadLine();

            return(secBindingEle);
        }
        protected internal virtual BindingElement CreateBindingElement(bool createTemplateOnly)
        {
            SecurityBindingElement result;

            switch (this.AuthenticationMode)
            {
            case AuthenticationMode.AnonymousForCertificate:
                result = SecurityBindingElement.CreateAnonymousForCertificateBindingElement();
                break;

            case AuthenticationMode.AnonymousForSslNegotiated:
                result = SecurityBindingElement.CreateSslNegotiationBindingElement(false, this.RequireSecurityContextCancellation);
                break;

            case AuthenticationMode.CertificateOverTransport:
                result = SecurityBindingElement.CreateCertificateOverTransportBindingElement(this.MessageSecurityVersion);
                break;

            case AuthenticationMode.IssuedToken:
                result = SecurityBindingElement.CreateIssuedTokenBindingElement(this.IssuedTokenParameters.Create(createTemplateOnly, this.templateKeyType));
                break;

            case AuthenticationMode.IssuedTokenForCertificate:
                result = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(this.IssuedTokenParameters.Create(createTemplateOnly, this.templateKeyType));
                break;

            case AuthenticationMode.IssuedTokenForSslNegotiated:
                result = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(this.IssuedTokenParameters.Create(createTemplateOnly, this.templateKeyType), this.RequireSecurityContextCancellation);
                break;

            case AuthenticationMode.IssuedTokenOverTransport:
                result = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(this.IssuedTokenParameters.Create(createTemplateOnly, this.templateKeyType));
                break;

            case AuthenticationMode.Kerberos:
                result = SecurityBindingElement.CreateKerberosBindingElement();
                break;

            case AuthenticationMode.KerberosOverTransport:
                result = SecurityBindingElement.CreateKerberosOverTransportBindingElement();
                break;

            case AuthenticationMode.MutualCertificateDuplex:
                result = SecurityBindingElement.CreateMutualCertificateDuplexBindingElement(this.MessageSecurityVersion);
                break;

            case AuthenticationMode.MutualCertificate:
                result = SecurityBindingElement.CreateMutualCertificateBindingElement(this.MessageSecurityVersion);
                break;

            case AuthenticationMode.MutualSslNegotiated:
                result = SecurityBindingElement.CreateSslNegotiationBindingElement(true, this.RequireSecurityContextCancellation);
                break;

            case AuthenticationMode.SspiNegotiated:
                result = SecurityBindingElement.CreateSspiNegotiationBindingElement(this.RequireSecurityContextCancellation);
                break;

            case AuthenticationMode.UserNameForCertificate:
                result = SecurityBindingElement.CreateUserNameForCertificateBindingElement();
                break;

            case AuthenticationMode.UserNameForSslNegotiated:
                result = SecurityBindingElement.CreateUserNameForSslBindingElement(this.RequireSecurityContextCancellation);
                break;

            case AuthenticationMode.UserNameOverTransport:
                result = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
                break;

            case AuthenticationMode.SspiNegotiatedOverTransport:
                result = SecurityBindingElement.CreateSspiNegotiationOverTransportBindingElement(this.RequireSecurityContextCancellation);
                break;

            default:
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidEnumArgumentException("AuthenticationMode", (int)this.AuthenticationMode, typeof(AuthenticationMode)));
            }

            this.ApplyConfiguration(result);

            return(result);
        }
Example #5
0
        /// <summary>
        /// Creates a custom binding based on an example generated from svcutil.exe
        /// </summary>
        /// <param name="exeConfigPath"></param>
        /// <returns></returns>
        /// <remarks>
        /// https://msdn.microsoft.com/en-us/library/ms731690(v=vs.110).aspx
        /// </remarks>
        public static List <CustomBinding> GetCustomBindings(string exeConfigPath)
        {
            if (string.IsNullOrWhiteSpace(exeConfigPath))
            {
                return(null);
            }

            var svcSection = Read.Config.ExeConfig.GetServiceModelSection(exeConfigPath);
            var configs    = new List <CustomBinding>();

            foreach (var section in svcSection.Bindings.CustomBinding.ConfiguredBindings.Cast <CustomBindingElement>())
            {
                var binding = new CustomBinding
                {
                    Name = section.Name,
                };
                var cfgSecurity = section[0] as SecurityElement;

                if (cfgSecurity == null)
                {
                    configs.Add(binding);
                    continue;
                }

                var mode = cfgSecurity.AuthenticationMode;
                var msgSecurityVersion   = cfgSecurity.MessageSecurityVersion;
                var issuedTokenParameter = new IssuedSecurityTokenParameters();
                if (cfgSecurity.IssuedTokenParameters.AdditionalRequestParameters != null)
                {
                    foreach (var arp in cfgSecurity.IssuedTokenParameters.AdditionalRequestParameters.Cast <XmlElementElement>())
                    {
                        issuedTokenParameter.AdditionalRequestParameters.Add(arp.XmlElement);
                    }
                }
                if (cfgSecurity.IssuedTokenParameters.Issuer?.Address != null)
                {
                    var address = cfgSecurity.IssuedTokenParameters.Issuer.Address;
                    var idElem  = cfgSecurity.IssuedTokenParameters.Issuer.Identity;

                    issuedTokenParameter.IssuerAddress = GetEnpointAddressWithIdentity(address, idElem);
                }

                if (cfgSecurity.IssuedTokenParameters.Issuer?.Binding != null)
                {
                    issuedTokenParameter.IssuerBinding = GetBindingByName(cfgSecurity.IssuedTokenParameters.Issuer.Binding);
                }

                if (cfgSecurity.IssuedTokenParameters.IssuerMetadata?.Address != null)
                {
                    var address = cfgSecurity.IssuedTokenParameters.IssuerMetadata.Address;
                    var idElem  = cfgSecurity.IssuedTokenParameters.IssuerMetadata.Identity;
                    issuedTokenParameter.IssuerMetadataAddress = GetEnpointAddressWithIdentity(address, idElem);
                }

                SecurityBindingElement securityElemnt;
                switch (mode)
                {
                case AuthenticationMode.IssuedTokenOverTransport:
                    securityElemnt =
                        SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(issuedTokenParameter);
                    break;

                case AuthenticationMode.AnonymousForCertificate:
                    securityElemnt = SecurityBindingElement.CreateAnonymousForCertificateBindingElement();
                    break;

                case AuthenticationMode.AnonymousForSslNegotiated:
                    securityElemnt = SecurityBindingElement.CreateSslNegotiationBindingElement(false);
                    break;

                case AuthenticationMode.CertificateOverTransport:
                    securityElemnt =
                        SecurityBindingElement.CreateCertificateOverTransportBindingElement(msgSecurityVersion);
                    break;

                case AuthenticationMode.IssuedToken:
                    securityElemnt = SecurityBindingElement.CreateIssuedTokenBindingElement(issuedTokenParameter);
                    break;

                case AuthenticationMode.IssuedTokenForCertificate:
                    securityElemnt = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(issuedTokenParameter);
                    break;

                case AuthenticationMode.IssuedTokenForSslNegotiated:
                    securityElemnt = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(issuedTokenParameter);
                    break;

                case AuthenticationMode.Kerberos:
                    securityElemnt = SecurityBindingElement.CreateKerberosBindingElement();
                    break;

                case AuthenticationMode.KerberosOverTransport:
                    securityElemnt = SecurityBindingElement.CreateKerberosOverTransportBindingElement();
                    break;

                case AuthenticationMode.MutualCertificate:
                    securityElemnt = SecurityBindingElement.CreateMutualCertificateBindingElement(msgSecurityVersion);
                    break;

                case AuthenticationMode.MutualCertificateDuplex:
                    securityElemnt = SecurityBindingElement.CreateMutualCertificateDuplexBindingElement(msgSecurityVersion);
                    break;

                case AuthenticationMode.MutualSslNegotiated:
                    securityElemnt = SecurityBindingElement.CreateSslNegotiationBindingElement(false);
                    break;

                case AuthenticationMode.SspiNegotiated:
                    securityElemnt = SecurityBindingElement.CreateSspiNegotiationBindingElement();
                    break;

                case AuthenticationMode.SspiNegotiatedOverTransport:
                    securityElemnt = SecurityBindingElement.CreateSspiNegotiationOverTransportBindingElement();
                    break;

                case AuthenticationMode.UserNameForCertificate:
                    securityElemnt = SecurityBindingElement.CreateUserNameForCertificateBindingElement();
                    break;

                case AuthenticationMode.UserNameForSslNegotiated:
                    securityElemnt = SecurityBindingElement.CreateUserNameForSslBindingElement();
                    break;

                case AuthenticationMode.UserNameOverTransport:
                    securityElemnt = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
                    break;

                default:
                    throw new NotImplementedException();
                }

                securityElemnt.AllowInsecureTransport  = cfgSecurity.AllowInsecureTransport;
                securityElemnt.DefaultAlgorithmSuite   = cfgSecurity.DefaultAlgorithmSuite;
                securityElemnt.EnableUnsecuredResponse = cfgSecurity.EnableUnsecuredResponse;
                securityElemnt.IncludeTimestamp        = cfgSecurity.IncludeTimestamp;
                securityElemnt.MessageSecurityVersion  = cfgSecurity.MessageSecurityVersion;
                securityElemnt.KeyEntropyMode          = cfgSecurity.KeyEntropyMode;
                securityElemnt.ProtectTokens           = cfgSecurity.ProtectTokens;
                securityElemnt.SecurityHeaderLayout    = cfgSecurity.SecurityHeaderLayout;
                securityElemnt.SetKeyDerivation(cfgSecurity.RequireDerivedKeys);

                binding.Elements.Add(securityElemnt);
                configs.Add(binding);
            }

            return(configs);
        }