public override BindingElementCollection CreateBindingElements()
{
var bindingElements = new BindingElementCollection();
// if passing credentials via message security, add a security element
TransportSecurityBindingElement transportSecurityElement = null;
if (this.SecurityMode == AssertEncryptionHttpSecurityMode.UserNameOverMessage)
{
transportSecurityElement = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
}
if (this.SecurityMode == AssertEncryptionHttpSecurityMode.UserNameOverTransport)
{
transportSecurityElement = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
}
if (transportSecurityElement != null)
{
bindingElements.Add(transportSecurityElement);
}
// add a message encoder element
//if (this.MessageEncoding == WSMessageEncoding.Text)
// bindingElements.Add(this.TextEncoding);
//else if (this.MessageEncoding == WSMessageEncoding.Mtom)
// bindingElements.Add(this.MtomEncoding);
// add a transport element
bindingElements.Add(this.GetTransport());
return(bindingElements);
}
public static OmnitureWebServicePortTypeClient GetClient(string username, string secret, string endpoint)
{
var httpsTransportBindingElement = new HttpsTransportBindingElement
{
UseDefaultWebProxy = false,
MaxReceivedMessageSize = 2147483647
};
var transportSecurityBindingElement = new TransportSecurityBindingElement();
transportSecurityBindingElement.EndpointSupportingTokenParameters.SignedEncrypted.Add(new SecurityTokenParameters());
transportSecurityBindingElement.IncludeTimestamp = false;
var customTextMessageBindingElement = new CustomTextMessageBindingElement {
MessageVersion = MessageVersion.Soap11
};
var bindingElements = new List <BindingElement>
{
transportSecurityBindingElement,
customTextMessageBindingElement,
httpsTransportBindingElement
};
Binding customBinding = new CustomBinding(bindingElements.ToArray());
var endpointAddress = new EndpointAddress(endpoint);
var clientCredential = new ClientCredentials(new Info(username, secret));
var omnitureWebServicePortTypeClient = new OmnitureWebServicePortTypeClient(customBinding, endpointAddress);
omnitureWebServicePortTypeClient.Endpoint.Behaviors.Remove(typeof(System.ServiceModel.Description.ClientCredentials));
omnitureWebServicePortTypeClient.Endpoint.Behaviors.Add(clientCredential);
return(omnitureWebServicePortTypeClient);
}
public static SecurityBindingElement BuildMessageSecurity(MessageSecurityType securityType)
{
if (securityType == MessageSecurityType.CertificateOverTransport)
{
TransportSecurityBindingElement messageSecurity = SecurityBindingElement.CreateCertificateOverTransportBindingElement(
MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11);
messageSecurity.IncludeTimestamp = true;
return(messageSecurity);
}
else if (securityType == MessageSecurityType.MutualCertificate)
{
SecurityBindingElement messageSecurity = SecurityBindingElement.CreateMutualCertificateBindingElement(
MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10, true);
messageSecurity.DefaultAlgorithmSuite = System.ServiceModel.Security.SecurityAlgorithmSuite.Basic128Rsa15;
messageSecurity.IncludeTimestamp = true;
return(messageSecurity);
}
else if (securityType == MessageSecurityType.None)
{
return(null);
}
else if (securityType == MessageSecurityType.UserNameOverTransport)
{
TransportSecurityBindingElement messageSecurity = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
messageSecurity.IncludeTimestamp = false;
messageSecurity.EnableUnsecuredResponse = true;
messageSecurity.DefaultAlgorithmSuite = System.ServiceModel.Security.Basic256SecurityAlgorithmSuite.Basic256;
messageSecurity.SetKeyDerivation(false);
messageSecurity.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
return(messageSecurity);
}
return(SecurityBindingElement.CreateSslNegotiationBindingElement(false));
}
public override BindingElementCollection CreateBindingElements()
{
BindingElementCollection bindingElements = new BindingElementCollection();
TransportSecurityBindingElement security = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
security.IncludeTimestamp = false;
bindingElements.Add(security);
TextMessageEncodingBindingElement messageEncoding = new TextMessageEncodingBindingElement();
messageEncoding.MessageVersion = MessageVersion.Soap11;
bindingElements.Add(messageEncoding);
HttpsTransportBindingElement transport = new HttpsTransportBindingElement();
transport.MaxReceivedMessageSize = int.MaxValue;
transport.ManualAddressing = false;
transport.AllowCookies = false;
transport.AuthenticationScheme = AuthenticationSchemes.Anonymous;
transport.BypassProxyOnLocal = false;
transport.DecompressionEnabled = true;
transport.HostNameComparisonMode = HostNameComparisonMode.StrongWildcard;
transport.KeepAliveEnabled = true;
transport.ProxyAuthenticationScheme = AuthenticationSchemes.Anonymous;
transport.TransferMode = TransferMode.Buffered;
transport.UnsafeConnectionNtlmAuthentication = false;
transport.UseDefaultWebProxy = true;
bindingElements.Add(transport);
return(bindingElements.Clone());
}
//<snippet2>
// This method creates a CustomBinding based on a WSFederationHttpBinding which does not use secure conversation.
public static CustomBinding CreateFederationBindingWithoutSecureSession(WSFederationHttpBinding inputBinding)
{
// This CustomBinding starts out identical to the specified WSFederationHttpBinding.
CustomBinding outputBinding = new CustomBinding(inputBinding.CreateBindingElements());
// Find the SecurityBindingElement for message security.
SecurityBindingElement security = outputBinding.Elements.Find <SecurityBindingElement>();
// If the security mode is message, then the secure session settings are the protection token parameters.
SecureConversationSecurityTokenParameters secureConversation;
if (WSFederationHttpSecurityMode.Message == inputBinding.Security.Mode)
{
SymmetricSecurityBindingElement symmetricSecurity = security as SymmetricSecurityBindingElement;
secureConversation = symmetricSecurity.ProtectionTokenParameters as SecureConversationSecurityTokenParameters;
}
// If the security mode is message, then the secure session settings are the endorsing token parameters.
else if (WSFederationHttpSecurityMode.TransportWithMessageCredential == inputBinding.Security.Mode)
{
TransportSecurityBindingElement transportSecurity = security as TransportSecurityBindingElement;
secureConversation = transportSecurity.EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters;
}
else
{
throw new NotSupportedException(String.Format("Unhandled security mode {0}.", inputBinding.Security.Mode));
}
// Replace the secure session SecurityBindingElement with the bootstrap SecurityBindingElement.
int securityIndex = outputBinding.Elements.IndexOf(security);
outputBinding.Elements[securityIndex] = secureConversation.BootstrapSecurityBindingElement;
// Return modified binding.
return(outputBinding);
}
public static CustomBinding GetCustomBinding()
{
try
{
var customBinding = new CustomBinding();
TransportSecurityBindingElement userNameOverTransportSecurityBindingElement = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
userNameOverTransportSecurityBindingElement.MessageSecurityVersion = System.ServiceModel.MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
userNameOverTransportSecurityBindingElement.IncludeTimestamp = false;
customBinding.Elements.Add(userNameOverTransportSecurityBindingElement);
var textBindingElement = new TextMessageEncodingBindingElement();
customBinding.Elements.Add(textBindingElement);
var httpsBindingElement = new HttpsTransportBindingElement
{
AllowCookies = true,
MaxBufferSize = int.MaxValue,
MaxReceivedMessageSize = int.MaxValue
};
//httpsBindingElement.AuthenticationScheme = System.Net.AuthenticationSchemes.Basic;
customBinding.Elements.Add(httpsBindingElement);
//SecurityBindingElement securityBindingElement = SecurityBindingElement.
//includeTimestamp
//messageProtectionOrder =
//customBinding.Elements.Find<SecurityBindingElement>().EnableUnsecuredResponse = true;
return(customBinding);
}
catch (Exception e)
{
Log4net.Error(string.Format("{0}, {1}", e.Message, e.StackTrace), e);
}
return(null);
}
public static Binding CreateMultiFactorAuthenticationBinding()
{
HttpsTransportBindingElement httpTransport = new HttpsTransportBindingElement();
httpTransport.MaxReceivedMessageSize = int.MaxValue;
//AddressHeader addressHeader = AddressHeader.CreateAddressHeader("Security", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", security, xmlObjectSerializer);
CustomBinding binding = new CustomBinding();
binding.Name = "myCustomBinding";
TransportSecurityBindingElement messageSecurity = TransportSecurityBindingElement.CreateUserNameOverTransportBindingElement();
messageSecurity.IncludeTimestamp = false;
messageSecurity.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12;
messageSecurity.SecurityHeaderLayout = SecurityHeaderLayout.Strict;
messageSecurity.SetKeyDerivation(false);
TextMessageEncodingBindingElement Quota = new TextMessageEncodingBindingElement(MessageVersion.Soap11, System.Text.Encoding.UTF8);
Quota.ReaderQuotas.MaxDepth = 32;
Quota.ReaderQuotas.MaxStringContentLength = Int32.MaxValue;
Quota.ReaderQuotas.MaxArrayLength = 16384;
Quota.ReaderQuotas.MaxBytesPerRead = 4096;
Quota.ReaderQuotas.MaxNameTableCharCount = 16384;
binding.Elements.Add(Quota);
binding.Elements.Add(messageSecurity);
binding.Elements.Add(httpTransport);
return(binding);
}
public SafeOnlineBinding()
{
HttpsTransportBindingElement httpsTransport = new HttpsTransportBindingElement();
TextMessageEncodingBindingElement encoding = new TextMessageEncodingBindingElement();
encoding.MessageVersion = MessageVersion.Soap11;
TransportSecurityBindingElement securityBinding = new TransportSecurityBindingElement();
securityBinding.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
securityBinding.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Default;
securityBinding.SetKeyDerivation(false);
X509SecurityTokenParameters certToken = new X509SecurityTokenParameters();
certToken.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
certToken.ReferenceStyle = SecurityTokenReferenceStyle.Internal;
certToken.RequireDerivedKeys = false;
certToken.X509ReferenceStyle = X509KeyIdentifierClauseType.Any;
securityBinding.EndpointSupportingTokenParameters.SignedEndorsing.Add(certToken);
securityBinding.LocalClientSettings.DetectReplays = false;
this.bindingElements = new BindingElementCollection();
this.bindingElements.Add(securityBinding);
this.bindingElements.Add(encoding);
this.bindingElements.Add(httpsTransport);
}
public static Binding UserNameBinding(MessageVersion messageVersion)
{
// NOTE: we use a non-secure transport here, which means the message will be visible to others.
HttpTransportBindingElement httpTransport = new HttpTransportBindingElement();
// the transport security binding element will be configured to require a username token
TransportSecurityBindingElement transportSecurity = new TransportSecurityBindingElement();
transportSecurity.EndpointSupportingTokenParameters.SignedEncrypted.Add(new UsernameTokenParameters());
// here you can require secure transport, in which case you'd probably replace HTTP with HTTPS as well
transportSecurity.AllowInsecureTransport = true;
transportSecurity.IncludeTimestamp = false;
//MtomMessageEncodingBindingElement mtom = new MtomMessageEncodingBindingElement
// {
// WriteEncoding = System.Text.Encoding.UTF8,
// MessageVersion = MessageVersion.Soap11WSAddressing10,
// MaxBufferSize = 2147483647
// };
//mtom.ReaderQuotas.MaxStringContentLength = 2147483647;
TextMessageEncodingBindingElement me = new TextMessageEncodingBindingElement(messageVersion, Encoding.UTF8);
return(new CustomBinding(transportSecurity, me, httpTransport));
}
public static OmnitureWebServicePortTypeClient GetClient( string username, string secret, string endpoint )
{
var httpsTransportBindingElement = new HttpsTransportBindingElement
{
UseDefaultWebProxy = false,
MaxReceivedMessageSize = 2147483647
};
var transportSecurityBindingElement = new TransportSecurityBindingElement();
transportSecurityBindingElement.EndpointSupportingTokenParameters.SignedEncrypted.Add( new SecurityTokenParameters() );
transportSecurityBindingElement.IncludeTimestamp = false;
var customTextMessageBindingElement = new CustomTextMessageBindingElement { MessageVersion = MessageVersion.Soap11 };
var bindingElements = new List<BindingElement>
{
transportSecurityBindingElement,
customTextMessageBindingElement,
httpsTransportBindingElement
};
Binding customBinding = new CustomBinding( bindingElements.ToArray() );
var endpointAddress = new EndpointAddress( endpoint );
var clientCredential = new ClientCredentials( new Info( username, secret ) );
var omnitureWebServicePortTypeClient = new OmnitureWebServicePortTypeClient( customBinding, endpointAddress );
omnitureWebServicePortTypeClient.Endpoint.Behaviors.Remove( typeof( System.ServiceModel.Description.ClientCredentials ) );
omnitureWebServicePortTypeClient.Endpoint.Behaviors.Add( clientCredential );
return omnitureWebServicePortTypeClient;
}
protected void AddTransportSecurityBindingElement(BindingElementCollection bindingElements)
{
TransportSecurityBindingElement item = new TransportSecurityBindingElement {
MessageSecurityVersion = MessagingVersionHelper.SecurityVersion(this.protocolVersion)
};
bindingElements.Add(item);
}
internal static bool IsSecurityBindingSuitableForChannelBinding(TransportSecurityBindingElement securityBindingElement)
{
#if FEATURE_CORECLR
throw new NotImplementedException("SupportingTokenParameters.Signed is not supported in .NET Core");
#else
return(securityBindingElement != null && (SecurityUtils.AreSecurityTokenParametersSuitableForChannelBinding(securityBindingElement.EndpointSupportingTokenParameters.Endorsing) || SecurityUtils.AreSecurityTokenParametersSuitableForChannelBinding(securityBindingElement.EndpointSupportingTokenParameters.Signed) || (SecurityUtils.AreSecurityTokenParametersSuitableForChannelBinding(securityBindingElement.EndpointSupportingTokenParameters.SignedEncrypted) || SecurityUtils.AreSecurityTokenParametersSuitableForChannelBinding(securityBindingElement.EndpointSupportingTokenParameters.SignedEndorsing))));
#endif
}
public static FNCEWS40PortTypeClient ConfigureBinding(String user, String domain, String password, String uri)
{
BindingElementCollection bec = new BindingElementCollection();
// Everything gets treated as if it is username credentials until
// right at the point of serialization.
TransportSecurityBindingElement sbe = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
sbe.IncludeTimestamp = false;
bec.Add(sbe);
if (uri.IndexOf("SOAP") != -1)
{
// using the SOAP endpoint
TextMessageEncodingBindingElement tme = new TextMessageEncodingBindingElement();
tme.MessageVersion = MessageVersion.Soap11;
tme.ReaderQuotas.MaxDepth = 1024;
tme.ReaderQuotas.MaxStringContentLength = 1024 * 1024;
bec.Add(tme);
}
else
{
MtomMessageEncodingBindingElement mme = new MtomMessageEncodingBindingElement();
mme.MessageVersion = MessageVersion.Soap12;
mme.ReaderQuotas.MaxDepth = 1024;
mme.ReaderQuotas.MaxStringContentLength = 1024 * 1024;
mme.MaxBufferSize = 2147483647;
bec.Add(mme);
}
HttpsTransportBindingElement tbe = new HttpsTransportBindingElement();
tbe.MaxReceivedMessageSize = 2147483647;
tbe.MaxBufferSize = 2147483647;
bec.Add(tbe);
CustomBinding binding = new CustomBinding(bec);
binding.ReceiveTimeout = new TimeSpan(TimeSpan.TicksPerDay); // 100 nanonsecond units, make it 1 day
binding.SendTimeout = binding.ReceiveTimeout;
EndpointAddress endpoint = new EndpointAddress(uri);
port = new FNCEWS40PortTypeClient(binding, endpoint);
port.ClientCredentials.UserName.UserName = user;
port.ClientCredentials.UserName.Password = password;
// set up the Localization header, minus the locale. We assume
// the timezone cannot change between calls, but that the locale
// may.
localization = new Localization();
localization.Timezone = GetTimezone();
return(port);
}
protected override SecurityBindingElement CreateSecurity()
{
TransportSecurityBindingElement security = new TransportSecurityBindingElement();
security.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
security.EnableUnsecuredResponse = true;
security.IncludeTimestamp = true;
security.EndpointSupportingTokenParameters.Signed.Add(new UserNameSecurityTokenParameters());
return security;
}
private static void ValidateUserNamePasswordSecurityBindingElement(TransportSecurityBindingElement transportSecurityBindingElement)
{
bool singleSignedEncryptedParam = transportSecurityBindingElement.EndpointSupportingTokenParameters.SignedEncrypted.Count == 1;
System.Diagnostics.Debug.Assert(singleSignedEncryptedParam, "Unexpected number of SignedEncrypted token parameters in transport security binding!");
if (!singleSignedEncryptedParam)
{
return;
}
if (transportSecurityBindingElement.MessageSecurityVersion != MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10 &&
transportSecurityBindingElement.MessageSecurityVersion != MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10 &&
transportSecurityBindingElement.MessageSecurityVersion != MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11 &&
transportSecurityBindingElement.MessageSecurityVersion != MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10)
{
string values = string.Format(CultureInfo.InvariantCulture, "'{0}', '{1}', '{2}'",
MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10,
MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10,
MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11);
s_bindingValidationErrors.Add(string.Format(SR.BindingTransportMessageSecurityVersionNotSupportedFormat, transportSecurityBindingElement.MessageSecurityVersion, values));
}
if (transportSecurityBindingElement.DefaultAlgorithmSuite != SecurityAlgorithmSuite.Default)
{
s_bindingValidationErrors.Add(string.Format(SR.BindingTransportSecurityDefaultAlgorithmSuiteNotSupportedFormat,
transportSecurityBindingElement.DefaultAlgorithmSuite.GetType().FullName, SecurityAlgorithmSuite.Default.GetType().FullName));
}
var userNameParams = transportSecurityBindingElement.EndpointSupportingTokenParameters.SignedEncrypted[0] as UserNameSecurityTokenParameters;
if (userNameParams != null)
{
if (userNameParams.InclusionMode != SecurityTokenInclusionMode.AlwaysToRecipient)
{
s_bindingValidationErrors.Add(string.Format(SR.BindingTransportSecurityTokenParamsInclusionModeValueNotSupportedFormat,
userNameParams.InclusionMode, SecurityTokenInclusionMode.AlwaysToRecipient));
}
if (userNameParams.ReferenceStyle != SecurityTokenReferenceStyle.Internal)
{
s_bindingValidationErrors.Add(string.Format(SR.BindingTransportSecurityTokenParamsReferenceStyleNotSupportedFormat,
userNameParams.ReferenceStyle, SecurityTokenReferenceStyle.Internal));
}
if (userNameParams.RequireDerivedKeys != false)
{
s_bindingValidationErrors.Add(SR.BindingTransportSecurityTokenParamsRequiringDerivedKeysNotSupported);
}
}
else
{
s_bindingValidationErrors.Add(string.Format(SR.BindingTransportSecurityTokenParamsTypeNotSupportedFormat,
transportSecurityBindingElement.EndpointSupportingTokenParameters.SignedEncrypted[0].GetType().FullName, typeof(UserNameSecurityTokenParameters).FullName));
}
}
protected override SecurityBindingElement CreateSecurity()
{
TransportSecurityBindingElement security = new TransportSecurityBindingElement();
security.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
security.EnableUnsecuredResponse = true;
security.IncludeTimestamp = true;
security.EndpointSupportingTokenParameters.Signed.Add(new UserNameSecurityTokenParameters());
return(security);
}
public static void Method_CreateIssuedTokenOverTransportBindingElement()
{
IssuedSecurityTokenParameters tokenParameters = new IssuedSecurityTokenParameters();
TransportSecurityBindingElement securityBindingElement = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(tokenParameters);
Assert.Contains(tokenParameters, securityBindingElement.EndpointSupportingTokenParameters.Endorsing);
Assert.Equal(System.ServiceModel.MessageSecurityVersion.Default, securityBindingElement.MessageSecurityVersion);
Assert.False(securityBindingElement.LocalClientSettings.DetectReplays);
Assert.True(securityBindingElement.IncludeTimestamp);
Assert.Throws <System.ArgumentNullException>(() => SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(null));
}
protected override System.ServiceModel.Channels.SecurityBindingElement CreateSecurity()
{
TransportSecurityBindingElement security = new TransportSecurityBindingElement();
security.EnableUnsecuredResponse = true; //to allow faults.
security.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
security.EndpointSupportingTokenParameters.Endorsing.Add(new ScDsspSecurityTokenParameter());
return(security);
}
protected override SecurityBindingElement CreateMessageSecurity()
{
if (this.Security.Mode == WSFederationHttpSecurityMode.None)
{
throw new InvalidOperationException("Only message and security is supported");
}
if (this.Security.Message.IssuedKeyType != SecurityKeyType.AsymmetricKey)
{
throw new InvalidOperationException("Only Asymmectric Keys are supported");
}
if (this.Security.Message.NegotiateServiceCredential)
{
throw new InvalidOperationException("Negocatiation of service credentials not supported");
}
if (this.Security.Message.EstablishSecurityContext)
{
throw new InvalidOperationException("Secure conversation not supported");
}
SecurityBindingElement security;
if (this.Security.Mode == WSFederationHttpSecurityMode.Message)
{
SymmetricSecurityBindingElement baseSecurity = (SymmetricSecurityBindingElement)base.CreateMessageSecurity();
AsymmetricSecurityBindingElement asecurity = new AsymmetricSecurityBindingElement();
asecurity.InitiatorTokenParameters = baseSecurity.EndpointSupportingTokenParameters.Endorsing[0];
X509SecurityTokenParameters serverToken = new X509SecurityTokenParameters();
serverToken.X509ReferenceStyle = X509KeyIdentifierClauseType.Any;
serverToken.InclusionMode = SecurityTokenInclusionMode.Never;
serverToken.RequireDerivedKeys = false;
asecurity.RecipientTokenParameters = serverToken;
security = asecurity;
}
else
{
TransportSecurityBindingElement baseSecurity = (TransportSecurityBindingElement)base.CreateMessageSecurity();
TransportSecurityBindingElement tsecurity = new TransportSecurityBindingElement();
tsecurity.EndpointSupportingTokenParameters.Endorsing.Add(baseSecurity.EndpointSupportingTokenParameters.Endorsing[0]);
security = tsecurity;
}
security.EnableUnsecuredResponse = true;
security.IncludeTimestamp = true;
security.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
security.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256;
security.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
security.SetKeyDerivation(false);
return(security);
}
/// <summary>
/// Creates the custom binding.
/// </summary>
/// <param name="isCertificate">If set to true certificate security will be used.</param>
/// <returns></returns>
/// <remarks></remarks>
public static Binding CreateCustomBinding(bool isCertificate, bool isHttps)
{
BindingElement securityBinding = null;
BindingElement transport = null;
if (isHttps)
{
HttpsTransportBindingElement httpsTransport = new HttpsTransportBindingElement();
transport = httpsTransport;
}
else
{
HttpTransportBindingElement httpTransport = new HttpTransportBindingElement();
transport = httpTransport;
}
TextMessageEncodingBindingElement messageEncoding = new TextMessageEncodingBindingElement();
if (!isCertificate)
{
TransportSecurityBindingElement messageSecurity = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
messageSecurity.IncludeTimestamp = false;
securityBinding = messageSecurity;
messageSecurity.AllowInsecureTransport = !isHttps;
}
else
{
AsymmetricSecurityBindingElement messageSecurity =
(AsymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateDuplexBindingElement
(
MessageSecurityVersion
.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10
);
messageSecurity.MessageProtectionOrder = MessageProtectionOrder.EncryptBeforeSign;
messageSecurity.AllowInsecureTransport = !isHttps;
securityBinding = messageSecurity;
messageEncoding.MessageVersion = MessageVersion.Soap11;
}
CustomBinding result = new CustomBinding(securityBinding,
messageEncoding,
transport);
return(result);
}
private static void ValidateTransportSecurityBindingElement(TransportSecurityBindingElement transportSecurityBindingElement)
{
if (transportSecurityBindingElement.EndpointSupportingTokenParameters.Signed.Count != 0 ||
transportSecurityBindingElement.EndpointSupportingTokenParameters.SignedEndorsing.Count != 0)
{
s_bindingValidationErrors.Add(SR.BindingTransportSecurityTokenSignedOrSignedEndorsingNotSupported);
}
else if (transportSecurityBindingElement.EndpointSupportingTokenParameters.SignedEncrypted.Count == 1)
{
ValidateUserNamePasswordSecurityBindingElement(transportSecurityBindingElement);
}
else if (transportSecurityBindingElement.EndpointSupportingTokenParameters.Endorsing.Count == 1)
{
SecureConversationSecurityTokenParameters endorsingTokenParams = transportSecurityBindingElement.EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters;
if (endorsingTokenParams != null)
{
if (endorsingTokenParams.RequireDerivedKeys)
{
s_bindingValidationErrors.Add(SR.BindingTransportSecurityTokenParamsRequiringDerivedKeysNotSupported);
}
TransportSecurityBindingElement bootstrapElement = endorsingTokenParams.BootstrapSecurityBindingElement as TransportSecurityBindingElement;
if (bootstrapElement == null)
{
s_bindingValidationErrors.Add(string.Format(SR.BindingTransportSecurityElementTypeNotSupportedFormat,
endorsingTokenParams.BootstrapSecurityBindingElement.GetType().FullName, typeof(TransportSecurityBindingElement).FullName));
}
else
{
ValidateTransportSecurityBindingElement(bootstrapElement);
}
}
}
if (!transportSecurityBindingElement.IncludeTimestamp)
{
s_bindingValidationErrors.Add(SR.BindingTransportSecurityMustIncludeTimestamp);
}
if (transportSecurityBindingElement.DefaultAlgorithmSuite != SecurityAlgorithmSuite.Default)
{
s_bindingValidationErrors.Add(string.Format(SR.BindingTransportSecurityDefaultAlgorithmSuiteNotSupportedFormat,
transportSecurityBindingElement.DefaultAlgorithmSuite.GetType().FullName, SecurityAlgorithmSuite.Default.GetType().FullName));
}
}
/// <summary>
/// Initializes the binding.
/// </summary>
/// <param name="namespaceUris">The namespace uris.</param>
/// <param name="factory">The factory.</param>
/// <param name="configuration">The configuration.</param>
/// <param name="description">The description.</param>
public UaHttpsSoapBinding(
NamespaceTable namespaceUris,
EncodeableFactory factory,
EndpointConfiguration configuration,
EndpointDescription description)
:
base(namespaceUris, factory, configuration)
{
if (description != null && description.SecurityMode != MessageSecurityMode.None)
{
TransportSecurityBindingElement bootstrap = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
bootstrap.IncludeTimestamp = true;
bootstrap.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
bootstrap.SecurityHeaderLayout = SecurityHeaderLayout.Strict;
m_security = SecurityBindingElement.CreateSecureConversationBindingElement(bootstrap);
m_security.IncludeTimestamp = true;
m_security.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
m_security.SecurityHeaderLayout = SecurityHeaderLayout.Strict;
}
m_encoding = new TextMessageEncodingBindingElement(MessageVersion.Soap12WSAddressing10, Encoding.UTF8);
// WCF does not distinguish between arrays and byte string.
int maxArrayLength = configuration.MaxArrayLength;
if (configuration.MaxArrayLength < configuration.MaxByteStringLength)
{
maxArrayLength = configuration.MaxByteStringLength;
}
m_encoding.ReaderQuotas.MaxArrayLength = maxArrayLength;
m_encoding.ReaderQuotas.MaxStringContentLength = configuration.MaxStringLength;
m_encoding.ReaderQuotas.MaxBytesPerRead = Int32.MaxValue;
m_encoding.ReaderQuotas.MaxDepth = Int32.MaxValue;
m_encoding.ReaderQuotas.MaxNameTableCharCount = Int32.MaxValue;
m_transport = new HttpsTransportBindingElement();
m_transport.AllowCookies = false;
m_transport.AuthenticationScheme = System.Net.AuthenticationSchemes.Anonymous;
m_transport.ManualAddressing = false;
m_transport.MaxBufferSize = configuration.MaxMessageSize;
m_transport.MaxReceivedMessageSize = configuration.MaxMessageSize;
m_transport.TransferMode = TransferMode.Buffered;
}
public static CollateralRegistrationSearchService2016Client CreatePPSRClient(string url,
string username,
string password, UrlType urlType)
{
CustomBinding binding = new CustomBinding();
var security = TransportSecurityBindingElement.CreateUserNameOverTransportBindingElement();
security.IncludeTimestamp = false;
security.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256;
security.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
MessageEncodingBindingElement encoding = null;
if (urlType == UrlType.MTOM)
{
encoding = new MtomMessageEncodingBindingElement();
encoding.MessageVersion = MessageVersion.Soap11;
}
else
{
encoding = new TextMessageEncodingBindingElement();
encoding.MessageVersion = MessageVersion.Soap11;
}
var transport = new HttpsTransportBindingElement();
transport.MaxReceivedMessageSize = 20000000; // 20 megs
binding.Elements.Add(security);
binding.Elements.Add(encoding);
binding.Elements.Add(transport);
CollateralRegistrationSearchService2016Client client = new CollateralRegistrationSearchService2016Client(binding,
new EndpointAddress(url));
// to use full client credential with Nonce uncomment this code:
// it looks like this might not be required - the service seems to work without it
// client.ChannelFactory.Endpoint.Behaviors.Add(new InspectorBehavior());
client.ChannelFactory.Endpoint.Behaviors.Remove <System.ServiceModel.Description.ClientCredentials>();
client.ChannelFactory.Endpoint.Behaviors.Add(new CustomCredentials());
client.ClientCredentials.UserName.UserName = username;
client.ClientCredentials.UserName.Password = password;
return(client);
}
public static void Method_CreateUserNameOverTransportBindingElement()
{
TransportSecurityBindingElement securityBindingElement = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
Assert.True(securityBindingElement != null, "The created TransportSecurityBindingElement should not be null.");
Assert.True(securityBindingElement.IncludeTimestamp);
Assert.False(securityBindingElement.LocalClientSettings.DetectReplays);
Assert.True(securityBindingElement.EndpointSupportingTokenParameters.SignedEncrypted[0] is UserNameSecurityTokenParameters);
securityBindingElement.IncludeTimestamp = false;
securityBindingElement.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
var binding = new CustomBinding();
binding.Elements.Add(securityBindingElement);
SecurityBindingElement element = binding.Elements.Find <SecurityBindingElement>();
Assert.True(element != null, "SecurityBindingElement added to binding elements should not be null.");
Assert.Equal(element, securityBindingElement);
}
static void Main(string[] args)
{
try
{
//for invalid ssl server certificate
System.Net.ServicePointManager.ServerCertificateValidationCallback +=
(se, cert, chain, sslerror) =>
{
return(true);
};
CustomBinding binding = new CustomBinding();
var security = TransportSecurityBindingElement.CreateUserNameOverTransportBindingElement();
security.IncludeTimestamp = true;
security.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256;
security.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
security.EnableUnsecuredResponse = true;
var encoding = new TextMessageEncodingBindingElement();
encoding.MessageVersion = MessageVersion.Soap11;
var transport = new HttpsTransportBindingElement();
transport.MaxReceivedMessageSize = 2000000;
binding.Elements.Add(security);
binding.Elements.Add(encoding);
binding.Elements.Add(transport);
WSClient.Proxy.TargetWS client = new Proxy.TargetWS(binding,
new EndpointAddress(Properties.Settings.Default.Url));
//change credential for the custom credentials instance
client.ChannelFactory.Endpoint.Behaviors.Remove <System.ServiceModel.Description.ClientCredentials>();
client.ChannelFactory.Endpoint.Behaviors.Add(new CustomCredentials());
client.ClientCredentials.UserName.UserName = Properties.Settings.Default.username;
client.ClientCredentials.UserName.Password = Properties.Settings.Default.password;
Proxy.Message message = new WSClient.Proxy.Message();
message.id = "whatever";
client.foo(message);
System.Console.Write("Success");
}
catch (Exception ex)
{
System.Console.Write(ex.Message);
}
}
/// <summary>
/// Builds the <see cref="SecurityBindingElement"/> for the RelyingParty channel.
/// </summary>
/// <returns>a <see cref="SecurityBindingElement"/> for the RelyingParty channel.</returns>
/// <remarks>Creates a new <see cref="TransportBindingElement"/> and adds <see cref="WSTrustTokenParameters"/> to the appropriate EndpointSupportingTokenParameters (Endorsing or Signed).
/// <para>Sets: <see cref="MessageSecurityVersion"/> == <see cref="WSTrustTokenParameters.MessageSecurityVersion"/>.</para></para>
/// <para>Sets: <see cref="IncludeTimestamp"/> == true.</para></remarks>
protected override SecurityBindingElement CreateMessageSecurity()
{
WSTrustTokenParameters.RequireDerivedKeys = false;
var result = new TransportSecurityBindingElement
{
IncludeTimestamp = true,
MessageSecurityVersion = WSTrustTokenParameters.MessageSecurityVersion
};
if (WSTrustTokenParameters.KeyType == SecurityKeyType.BearerKey)
{
result.EndpointSupportingTokenParameters.Signed.Add(WSTrustTokenParameters);
}
else
{
result.EndpointSupportingTokenParameters.Endorsing.Add(WSTrustTokenParameters);
}
if (Security.Message.EstablishSecurityContext)
{
var securityContextWrappingElement = new TransportSecurityBindingElement
{
IncludeTimestamp = true,
MessageSecurityVersion = WSTrustTokenParameters.MessageSecurityVersion
};
securityContextWrappingElement.LocalClientSettings.DetectReplays = false;
var scParameters = new SecureConversationSecurityTokenParameters(result)
{
RequireCancellation = true,
RequireDerivedKeys = false
};
securityContextWrappingElement.EndpointSupportingTokenParameters.Endorsing.Add(scParameters);
result = securityContextWrappingElement;
}
SecurityBindingElement = result;
return(result);
}
/// <summary>
/// Cria um binding para comunicação.
/// </summary>
/// <param name="securityMode">Modo de segurança.</param>
/// <param name="requireClientCertificates"></param>
/// <returns></returns>
public static Binding CreateBinding(SecurityMode securityMode, bool requireClientCertificates)
{
WSHttpBinding binding = new WSHttpBinding(securityMode);
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
binding.ReaderQuotas = System.Xml.XmlDictionaryReaderQuotas.Max;
binding.MaxReceivedMessageSize = System.Xml.XmlDictionaryReaderQuotas.Max.MaxStringContentLength;
Binding binding2 = binding;
if ((securityMode == SecurityMode.Transport) && requireClientCertificates)
{
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
BindingElementCollection bindingElementsInTopDownChannelStackOrder = binding.CreateBindingElements();
TransportSecurityBindingElement item = new TransportSecurityBindingElement();
System.ServiceModel.Security.Tokens.X509SecurityTokenParameters parameters = new System.ServiceModel.Security.Tokens.X509SecurityTokenParameters();
parameters.InclusionMode = System.ServiceModel.Security.Tokens.SecurityTokenInclusionMode.AlwaysToRecipient;
item.EndpointSupportingTokenParameters.Endorsing.Add(parameters);
bindingElementsInTopDownChannelStackOrder.Insert(bindingElementsInTopDownChannelStackOrder.Count - 1, item);
binding2 = new CustomBinding(bindingElementsInTopDownChannelStackOrder);
}
return(binding2);
}
public static Binding ConfigureCrmOnlineBinding <TChannel>(this ClientBase <TChannel> client, Uri issuerUri)
where TChannel : class
{
if (null == client)
{
throw new ArgumentNullException("client");
}
//When this is represented in the configuration file, it attempts to show the CardSpace dialog.
//As a workaround, the binding is being setup manually using code.
TransportSecurityBindingElement securityElement = new TransportSecurityBindingElement();
securityElement.DefaultAlgorithmSuite = SecurityAlgorithmSuite.TripleDes;
securityElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
securityElement.EndpointSupportingTokenParameters.Signed.Add(
new System.ServiceModel.Security.Tokens.IssuedSecurityTokenParameters()
{
RequireDerivedKeys = false,
KeySize = 192,
IssuerAddress = new EndpointAddress(issuerUri),
});
//Create a new list of the binding elements
List <BindingElement> elementList = new List <BindingElement>();
elementList.Add(securityElement);
elementList.AddRange(client.Endpoint.Binding.CreateBindingElements());
Binding binding = new CustomBinding(elementList);
client.ChannelFactory.Endpoint.Binding = binding;
//Configure the channel factory for use with federation
client.ChannelFactory.ConfigureChannelFactory();
return(client.Endpoint.Binding);
}
public virtual bool TryImportWsspTransportBindingAssertion(MetadataImporter importer, ICollection<XmlElement> assertions, out TransportSecurityBindingElement binding, out XmlElement assertion)
{
Collection<Collection<XmlElement>> collection;
binding = null;
if (this.TryImportWsspAssertion(assertions, "TransportBinding", out assertion) && this.TryGetNestedPolicyAlternatives(importer, assertion, out collection))
{
foreach (Collection<XmlElement> collection2 in collection)
{
XmlElement element;
binding = new TransportSecurityBindingElement();
if (((this.TryImportWsspTransportTokenAssertion(importer, collection2, out element) && this.TryImportWsspAlgorithmSuiteAssertion(importer, collection2, binding)) && (this.TryImportWsspLayoutAssertion(importer, collection2, binding) && this.TryImportWsspIncludeTimestampAssertion(collection2, binding))) && (collection2.Count == 0))
{
if (!importer.State.ContainsKey("InSecureConversationBootstrapBindingImportMode"))
{
assertions.Add(element);
}
break;
}
binding = null;
}
}
return (binding != null);
}
public virtual bool TryImportWsspTransportBindingAssertion(MetadataImporter importer, ICollection<XmlElement> assertions, out TransportSecurityBindingElement binding, out XmlElement assertion)
{
binding = null;
Collection<Collection<XmlElement>> alternatives;
if (TryImportWsspAssertion(assertions, TransportBindingName, out assertion)
&& TryGetNestedPolicyAlternatives(importer, assertion, out alternatives))
{
foreach (Collection<XmlElement> alternative in alternatives)
{
XmlElement transportTokenAssertion;
binding = new TransportSecurityBindingElement();
if (TryImportWsspTransportTokenAssertion(importer, alternative, out transportTokenAssertion)
&& TryImportWsspAlgorithmSuiteAssertion(importer, alternative, binding)
&& TryImportWsspLayoutAssertion(importer, alternative, binding)
&& TryImportWsspIncludeTimestampAssertion(alternative, binding)
&& alternative.Count == 0)
{
if (false == importer.State.ContainsKey(SecurityBindingElementImporter.InSecureConversationBootstrapBindingImportMode))
{
// The transportTokenAssertion should be consumed by the transport binding importer
// for all primary bindings. However, for secure conversation bootstrap bindings
// the bootstrap policy does not contain any transport assertions, so adding the
// transport token assertion to the collection of unimported assertions would
// increase the likelihood of policy import failure due to unrecognized assertions.
assertions.Add(transportTokenAssertion);
}
break;
}
else
{
binding = null;
}
}
}
return binding != null;
}
public virtual XmlElement CreateWsspTransportBindingAssertion(MetadataExporter exporter, TransportSecurityBindingElement binding, XmlElement transportTokenAssertion)
{
XmlElement result = CreateWsspAssertion(TransportBindingName);
result.AppendChild(
CreateWspPolicyWrapper(
exporter,
CreateWsspTransportTokenAssertion(exporter, transportTokenAssertion),
CreateWsspAlgorithmSuiteAssertion(exporter, binding.DefaultAlgorithmSuite),
CreateWsspLayoutAssertion(exporter, binding.SecurityHeaderLayout),
CreateWsspIncludeTimestampAssertion(binding.IncludeTimestamp)
));
return result;
}
private static ServiceHost CreateServiceHost(Type component)
{
ServiceHost sh = new ServiceHost(component);
sh.Open();
Console.WriteLine("Endpoint Listeners:");
Console.WriteLine("----------------");
foreach (ChannelDispatcher cd in sh.ChannelDispatchers)
{
foreach (EndpointDispatcher epd in cd.Endpoints)
{
Console.Write(epd.EndpointAddress.Uri.AbsoluteUri);
ConsoleColor origCol = Console.ForegroundColor;
ServiceEndpoint servend = sh.Description.Endpoints.Find(epd.EndpointAddress.Uri);
if (servend != null)
{
Console.WriteLine("\tPhysical listeningURI: " + servend.ListenUri.AbsoluteUri);
Console.ForegroundColor = ConsoleColor.DarkYellow;
BindingElementCollection bec = servend.Binding.CreateBindingElements();
foreach (BindingElement be in bec)
{
Console.WriteLine("\t" + be.GetType().ToString());
SymmetricSecurityBindingElement symBe = be as SymmetricSecurityBindingElement;
AsymmetricSecurityBindingElement asymBe = be as AsymmetricSecurityBindingElement;
TransportSecurityBindingElement transBe = be as TransportSecurityBindingElement;
if (symBe != null)
{
Console.WriteLine("\t\t" + symBe.ProtectionTokenParameters.GetType().ToString());
}
if (asymBe != null)
{
X509SecurityTokenParameters initParms = asymBe.InitiatorTokenParameters as X509SecurityTokenParameters;
X509SecurityTokenParameters recParms = asymBe.RecipientTokenParameters as X509SecurityTokenParameters;
if (initParms != null)
{
Console.WriteLine("\t\tInitiator Security Token Parmeter type");
Console.WriteLine("\t\t\t" + initParms.GetType().ToString() + Environment.NewLine + "\t\t\tInclusionMode: " + initParms.InclusionMode.ToString());
}
if (recParms != null)
{
Console.WriteLine("\t\tRecipient Security Token Parmeter type");
Console.WriteLine("\t\t\t" + recParms.GetType().ToString() + Environment.NewLine + "\t\t\tInclusionMode: " + recParms.InclusionMode.ToString());
}
}
if (transBe != null)
{
SupportingTokenParameters supTokParms = transBe.EndpointSupportingTokenParameters;
if (supTokParms.Endorsing.Count > 0)
{
ShowSecurityTokenParmeters(supTokParms.Endorsing, "Endorsing");
}
}
}
}
Console.ForegroundColor = origCol;
Console.WriteLine();
}
}
return(sh);
}
public static void CheckBasicHttpBinding(
Binding binding, string scheme, BasicHttpSecurityMode security,
WSMessageEncoding encoding, HttpClientCredentialType clientCred,
AuthenticationSchemes authScheme, TestLabel label)
{
label.EnterScope("http");
if (security == BasicHttpSecurityMode.Message)
{
Assert.That(binding, Is.InstanceOfType(typeof(CustomBinding)), label.Get());
}
else
{
Assert.That(binding, Is.InstanceOfType(typeof(BasicHttpBinding)), label.Get());
var basicHttp = (BasicHttpBinding)binding;
Assert.That(basicHttp.EnvelopeVersion, Is.EqualTo(EnvelopeVersion.Soap11), label.Get());
Assert.That(basicHttp.MessageVersion, Is.EqualTo(MessageVersion.Soap11), label.Get());
Assert.That(basicHttp.Scheme, Is.EqualTo(scheme), label.Get());
Assert.That(basicHttp.TransferMode, Is.EqualTo(TransferMode.Buffered), label.Get());
Assert.That(basicHttp.MessageEncoding, Is.EqualTo(encoding), label.Get());
Assert.That(basicHttp.Security, Is.Not.Null, label.Get());
Assert.That(basicHttp.Security.Mode, Is.EqualTo(security), label.Get());
Assert.That(basicHttp.Security.Transport.ClientCredentialType, Is.EqualTo(clientCred), label.Get());
Assert.That(basicHttp.Security.Message.AlgorithmSuite, Is.EqualTo(SecurityAlgorithmSuite.Basic256), label.Get());
}
label.EnterScope("elements");
var elements = binding.CreateBindingElements();
Assert.That(elements, Is.Not.Null, label.Get());
if ((security == BasicHttpSecurityMode.Message) ||
(security == BasicHttpSecurityMode.TransportWithMessageCredential))
{
Assert.That(elements.Count, Is.EqualTo(3), label.Get());
}
else
{
Assert.That(elements.Count, Is.EqualTo(2), label.Get());
}
TextMessageEncodingBindingElement textElement = null;
TransportSecurityBindingElement securityElement = null;
HttpTransportBindingElement transportElement = null;
AsymmetricSecurityBindingElement asymmSecurityElement = null;
MtomMessageEncodingBindingElement mtomElement = null;
foreach (var element in elements)
{
if (element is TextMessageEncodingBindingElement)
{
textElement = (TextMessageEncodingBindingElement)element;
}
else if (element is HttpTransportBindingElement)
{
transportElement = (HttpTransportBindingElement)element;
}
else if (element is TransportSecurityBindingElement)
{
securityElement = (TransportSecurityBindingElement)element;
}
else if (element is AsymmetricSecurityBindingElement)
{
asymmSecurityElement = (AsymmetricSecurityBindingElement)element;
}
else if (element is MtomMessageEncodingBindingElement)
{
mtomElement = (MtomMessageEncodingBindingElement)element;
}
else
{
Assert.Fail(string.Format(
"Unknown element: {0}", element.GetType()), label.Get());
}
}
label.EnterScope("text");
if (encoding == WSMessageEncoding.Text)
{
Assert.That(textElement, Is.Not.Null, label.Get());
Assert.That(textElement.WriteEncoding, Is.InstanceOfType(typeof(UTF8Encoding)), label.Get());
}
else
{
Assert.That(textElement, Is.Null, label.Get());
}
label.LeaveScope();
label.EnterScope("mtom");
if (encoding == WSMessageEncoding.Mtom)
{
Assert.That(mtomElement, Is.Not.Null, label.Get());
}
else
{
Assert.That(mtomElement, Is.Null, label.Get());
}
label.LeaveScope();
label.EnterScope("security");
if (security == BasicHttpSecurityMode.TransportWithMessageCredential)
{
Assert.That(securityElement, Is.Not.Null, label.Get());
Assert.That(securityElement.SecurityHeaderLayout,
Is.EqualTo(SecurityHeaderLayout.Lax), label.Get());
}
else
{
Assert.That(securityElement, Is.Null, label.Get());
}
label.LeaveScope();
label.EnterScope("asymmetric");
if (security == BasicHttpSecurityMode.Message)
{
Assert.That(asymmSecurityElement, Is.Not.Null, label.Get());
}
else
{
Assert.That(asymmSecurityElement, Is.Null, label.Get());
}
label.LeaveScope();
label.EnterScope("transport");
Assert.That(transportElement, Is.Not.Null, label.Get());
Assert.That(transportElement.Realm, Is.Empty, label.Get());
Assert.That(transportElement.Scheme, Is.EqualTo(scheme), label.Get());
Assert.That(transportElement.TransferMode, Is.EqualTo(TransferMode.Buffered), label.Get());
label.EnterScope("auth");
Assert.That(transportElement.AuthenticationScheme, Is.EqualTo(authScheme), label.Get());
label.LeaveScope(); // auth
label.LeaveScope(); // transport
label.LeaveScope(); // elements
label.LeaveScope(); // http
}
public void DefaultValues ()
{
var be = new TransportSecurityBindingElement ();
}
private TransportSecurityBindingElement CreateTransportBindingElement()
{
TransportSecurityBindingElement transportSecurityBindingElement = new TransportSecurityBindingElement();
transportSecurityBindingElement.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256Sha256;
transportSecurityBindingElement.IncludeTimestamp = true;
transportSecurityBindingElement.KeyEntropyMode = SecurityKeyEntropyMode.CombinedEntropy;
transportSecurityBindingElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12;
transportSecurityBindingElement.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
return transportSecurityBindingElement;
}
public static void Property_KeyEntropyMode()
{
TransportSecurityBindingElement securityBindingElement = new TransportSecurityBindingElement();
Assert.Equal(securityBindingElement.KeyEntropyMode, SecurityKeyEntropyMode.CombinedEntropy);
}
public static void CheckNetTcpBinding(
Binding binding, SecurityMode security, bool reliableSession,
TransferMode transferMode, TestLabel label)
{
label.EnterScope("net-tcp");
if (security == SecurityMode.Message)
{
Assert.That(binding, Is.InstanceOfType(typeof(CustomBinding)), label.Get());
}
else
{
Assert.That(binding, Is.InstanceOfType(typeof(NetTcpBinding)), label.Get());
var netTcp = (NetTcpBinding)binding;
Assert.That(netTcp.EnvelopeVersion, Is.EqualTo(EnvelopeVersion.Soap12), label.Get());
Assert.That(netTcp.MessageVersion, Is.EqualTo(MessageVersion.Soap12WSAddressing10), label.Get());
Assert.That(netTcp.Scheme, Is.EqualTo("net.tcp"), label.Get());
Assert.That(netTcp.TransferMode, Is.EqualTo(transferMode), label.Get());
label.EnterScope("security");
Assert.That(netTcp.Security, Is.Not.Null, label.Get());
Assert.That(netTcp.Security.Mode, Is.EqualTo(security), label.Get());
Assert.That(netTcp.Security.Transport, Is.Not.Null, label.Get());
Assert.That(netTcp.Security.Transport.ProtectionLevel, Is.EqualTo(ProtectionLevel.EncryptAndSign), label.Get());
Assert.That(netTcp.Security.Transport.ClientCredentialType, Is.EqualTo(TcpClientCredentialType.Windows), label.Get());
label.LeaveScope();
}
label.EnterScope("elements");
var elements = binding.CreateBindingElements();
Assert.That(elements, Is.Not.Null, label.Get());
TcpTransportBindingElement transportElement = null;
TransactionFlowBindingElement transactionFlowElement = null;
BinaryMessageEncodingBindingElement encodingElement = null;
WindowsStreamSecurityBindingElement windowsStreamElement = null;
ReliableSessionBindingElement reliableSessionElement = null;
TransportSecurityBindingElement transportSecurityElement = null;
SslStreamSecurityBindingElement sslStreamElement = null;
SymmetricSecurityBindingElement symmSecurityElement = null;
foreach (var element in elements)
{
if (element is TcpTransportBindingElement)
{
transportElement = (TcpTransportBindingElement)element;
}
else if (element is TransactionFlowBindingElement)
{
transactionFlowElement = (TransactionFlowBindingElement)element;
}
else if (element is BinaryMessageEncodingBindingElement)
{
encodingElement = (BinaryMessageEncodingBindingElement)element;
}
else if (element is WindowsStreamSecurityBindingElement)
{
windowsStreamElement = (WindowsStreamSecurityBindingElement)element;
}
else if (element is ReliableSessionBindingElement)
{
reliableSessionElement = (ReliableSessionBindingElement)element;
}
else if (element is TransportSecurityBindingElement)
{
transportSecurityElement = (TransportSecurityBindingElement)element;
}
else if (element is SslStreamSecurityBindingElement)
{
sslStreamElement = (SslStreamSecurityBindingElement)element;
}
else if (element is SymmetricSecurityBindingElement)
{
symmSecurityElement = (SymmetricSecurityBindingElement)element;
}
else
{
Assert.Fail(string.Format(
"Unknown element `{0}'.", element.GetType()), label.Get());
}
}
label.EnterScope("windows-stream");
if (security == SecurityMode.Transport)
{
Assert.That(windowsStreamElement, Is.Not.Null, label.Get());
Assert.That(windowsStreamElement.ProtectionLevel, Is.EqualTo(ProtectionLevel.EncryptAndSign), label.Get());
}
else
{
Assert.That(windowsStreamElement, Is.Null, label.Get());
}
label.LeaveScope();
label.EnterScope("reliable-session");
if (reliableSession)
{
Assert.That(reliableSessionElement, Is.Not.Null, label.Get());
}
else
{
Assert.That(reliableSessionElement, Is.Null, label.Get());
}
label.LeaveScope();
label.EnterScope("encoding");
Assert.That(encodingElement, Is.Not.Null, label.Get());
label.LeaveScope();
label.EnterScope("transaction");
if (security == SecurityMode.Message)
{
Assert.That(transactionFlowElement, Is.Null, label.Get());
}
else
{
Assert.That(transactionFlowElement, Is.Not.Null, label.Get());
}
label.LeaveScope();
label.EnterScope("transport");
Assert.That(transportElement, Is.Not.Null, label.Get());
Assert.That(transportElement.Scheme, Is.EqualTo("net.tcp"), label.Get());
Assert.That(transportElement.TransferMode, Is.EqualTo(transferMode), label.Get());
label.LeaveScope(); // transport
label.EnterScope("security");
switch (security)
{
case SecurityMode.None:
case SecurityMode.Transport:
Assert.That(transportSecurityElement, Is.Null, label.Get());
Assert.That(sslStreamElement, Is.Null, label.Get());
Assert.That(symmSecurityElement, Is.Null, label.Get());
break;
case SecurityMode.TransportWithMessageCredential:
Assert.That(transportSecurityElement, Is.Not.Null, label.Get());
Assert.That(sslStreamElement, Is.Not.Null, label.Get());
Assert.That(symmSecurityElement, Is.Null, label.Get());
break;
case SecurityMode.Message:
Assert.That(transportSecurityElement, Is.Null, label.Get());
Assert.That(sslStreamElement, Is.Null, label.Get());
Assert.That(symmSecurityElement, Is.Not.Null, label.Get());
break;
default:
throw new InvalidOperationException();
}
label.LeaveScope();
label.LeaveScope(); // elements
label.LeaveScope(); // net-tcp
}
public virtual XmlElement CreateWsspTransportBindingAssertion(MetadataExporter exporter, TransportSecurityBindingElement binding, XmlElement transportTokenAssertion)
{
XmlElement element = this.CreateWsspAssertion("TransportBinding");
element.AppendChild(this.CreateWspPolicyWrapper(exporter, new XmlElement[] { this.CreateWsspTransportTokenAssertion(exporter, transportTokenAssertion), this.CreateWsspAlgorithmSuiteAssertion(exporter, binding.DefaultAlgorithmSuite), this.CreateWsspLayoutAssertion(exporter, binding.SecurityHeaderLayout), this.CreateWsspIncludeTimestampAssertion(binding.IncludeTimestamp) }));
return element;
}
