public void MessageSecurityIssuedToken() { WSHttpBinding binding = new WSHttpBinding(); binding.Security.Message.EstablishSecurityContext = false; binding.Security.Message.ClientCredentialType = MessageCredentialType.IssuedToken; SymmetricSecurityBindingElement sbe = binding.CreateBindingElements().Find <SymmetricSecurityBindingElement> (); Assert.IsNotNull(sbe, "#1"); Assert.AreEqual(0, sbe.EndpointSupportingTokenParameters.Signed.Count, "#1-1"); Assert.AreEqual(1, sbe.EndpointSupportingTokenParameters.Endorsing.Count, "#1-2"); Assert.AreEqual(0, sbe.EndpointSupportingTokenParameters.SignedEndorsing.Count, "#1-3"); Assert.AreEqual(0, sbe.EndpointSupportingTokenParameters.SignedEncrypted.Count, "#1-4"); IssuedSecurityTokenParameters p = sbe.EndpointSupportingTokenParameters.Endorsing [0] as IssuedSecurityTokenParameters; Assert.IsNotNull(p, "#2"); Assert.IsNotNull(p.ClaimTypeRequirements, "#2-1"); Assert.AreEqual(1, p.ClaimTypeRequirements.Count, "#2-2"); ClaimTypeRequirement r = p.ClaimTypeRequirements [0]; Assert.AreEqual(ClaimTypes.PPID, r.ClaimType, "#3-1"); Assert.IsFalse(r.IsOptional, "#3-2"); }
static void Main() { // Create a channel. EndpointAddress address = new EndpointAddress("http://localhost/servicemodelsamples/service.svc"); // <Snippet2> // <Snippet1> WSFederationHttpBinding binding = new WSFederationHttpBinding(); binding.Security.Message.ClaimTypeRequirements.Add (new ClaimTypeRequirement ("http://schemas.microsoft.com/ws/2005/05/identity/claims/EmailAddress")); binding.Security.Message.ClaimTypeRequirements.Add (new ClaimTypeRequirement ("http://schemas.microsoft.com/ws/2005/05/identity/claims/UserName", true)); // </Snippet1> ClaimTypeRequirement cr = new ClaimTypeRequirement ("http://schemas.microsoft.com/ws/2005/05/identity/claims/UserName", true); Console.WriteLine(cr.ClaimType); Console.WriteLine(cr.IsOptional); // </Snippet2> ChannelFactory <ICalculator> factory = new ChannelFactory <ICalculator>(binding, address); ICalculator channel = factory.CreateChannel(); // Call the Add service operation. double value1 = 100.00D; double value2 = 15.99D; double result = channel.Add(value1, value2); Console.WriteLine("Add({0},{1}) = {2}", value1, value2, result); // Call the Subtract service operation. value1 = 145.00D; value2 = 76.54D; result = channel.Subtract(value1, value2); Console.WriteLine("Subtract({0},{1}) = {2}", value1, value2, result); // Call the Multiply service operation. value1 = 9.00D; value2 = 81.25D; result = channel.Multiply(value1, value2); Console.WriteLine("Multiply({0},{1}) = {2}", value1, value2, result); // Call the Divide service operation. value1 = 22.00D; value2 = 7.00D; result = channel.Divide(value1, value2); Console.WriteLine("Divide({0},{1}) = {2}", value1, value2, result); Console.WriteLine(); Console.WriteLine("Press <ENTER> to terminate client."); Console.ReadLine(); ((IChannel)channel).Close(); }
//<snippet4> // This method creates a WSFederationHttpBinding. public static WSFederationHttpBinding CreateWSFederationHttpBinding() { // Create an instance of the WSFederationHttpBinding WSFederationHttpBinding b = new WSFederationHttpBinding(); // Set the security mode to Message b.Security.Mode = WSFederationHttpSecurityMode.Message; // Set the Algorithm Suite to Basic256Rsa15 b.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Basic256Rsa15; // Set NegotiateServiceCredential to true b.Security.Message.NegotiateServiceCredential = true; // Set IssuedKeyType to Symmetric b.Security.Message.IssuedKeyType = SecurityKeyType.SymmetricKey; // Set IssuedTokenType to SAML 1.1 b.Security.Message.IssuedTokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#samlv1.1"; // Extract the STS certificate from the certificate store X509Store store = new X509Store(StoreName.TrustedPeople, StoreLocation.CurrentUser); store.Open(OpenFlags.ReadOnly); X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindByThumbprint, "cd 54 88 85 0d 63 db ac 92 59 05 af ce b8 b1 de c3 67 9e 3f", false); store.Close(); // Create an EndpointIdentity from the STS certificate EndpointIdentity identity = EndpointIdentity.CreateX509CertificateIdentity(certs[0]); // Set the IssuerAddress using the address of the STS and the previously created EndpointIdentity b.Security.Message.IssuerAddress = new EndpointAddress(new Uri("http://localhost:8000/sts/x509"), identity); // <Snippet5> // Set the IssuerBinding to a WSHttpBinding loaded from config b.Security.Message.IssuerBinding = new WSHttpBinding("Issuer"); // </Snippet5> // Set the IssuerMetadataAddress using the metadata address of the STS and the previously created EndpointIdentity b.Security.Message.IssuerMetadataAddress = new EndpointAddress(new Uri("http://localhost:8001/sts/mex"), identity); // Create a ClaimTypeRequirement ClaimTypeRequirement ctr = new ClaimTypeRequirement("http://example.org/claim/c1", false); // Add the ClaimTypeRequirement to ClaimTypeRequirements b.Security.Message.ClaimTypeRequirements.Add(ctr); // Return the created binding return(b); }
public void federation() { //var stsEp = new EndpointAddress("https://services-int.ehealth.fgov.be/IAM/SingleSignOnService/v1"); var stsEp = new EndpointAddress("https://localhost:8080/services/echo/soap12wss10"); var stsBinding = new WSHttpBinding(SecurityMode.TransportWithMessageCredential); stsBinding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate; stsBinding.Security.Message.NegotiateServiceCredential = false; stsBinding.Security.Message.EstablishSecurityContext = false; WSFederationHttpBinding binding; #if NETFRAMEWORK binding = new WSFederationHttpBinding(); binding.Security.Mode = WSFederationHttpSecurityMode.TransportWithMessageCredential; binding.Security.Message.IssuedKeyType = SecurityKeyType.AsymmetricKey; binding.Security.Message.IssuerAddress = stsEp; binding.Security.Message.IssuerBinding = stsBinding; binding.Security.Message.IssuedTokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"; ClaimTypeRequirement ctr = new ClaimTypeRequirement("http://example.org/claim/c1", false); binding.Security.Message.ClaimTypeRequirements.Add(ctr); #else var parameters = WSTrustTokenParameters.CreateWSFederationTokenParameters(stsBinding, stsEp); parameters.KeyType = SecurityKeyType.AsymmetricKey; parameters.TokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"; binding = new WSFederationHttpBinding(parameters); #endif var ep = new EndpointAddress("https://localhost:8080/services/echo/soap12"); ChannelFactory <IEchoService> channelFactory = new ChannelFactory <IEchoService>(binding, ep); channelFactory.Credentials.ClientCertificate.Certificate = rsa; IEchoService client = channelFactory.CreateChannel(); String pong = client.Echo("boe"); Assert.Equal("boe", pong); }
CreateWSFederationHttpBinding(bool isClient) { // Create an instance of the WSFederationHttpBinding. WSFederationHttpBinding b = new WSFederationHttpBinding(); // Set the security mode to Message. b.Security.Mode = WSFederationHttpSecurityMode.Message; //</snippet3> // Set the Algorithm Suite to Basic256Rsa15. b.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Basic256Rsa15; //</snippet5> // Set NegotiateServiceCredential to true. b.Security.Message.NegotiateServiceCredential = true; //</snippet6> // Set IssuedKeyType to Symmetric. b.Security.Message.IssuedKeyType = SecurityKeyType.SymmetricKey; //</snippet7> // Set IssuedTokenType to SAML 1.1 b.Security.Message.IssuedTokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#samlv1.1"; //</snippet4> //<snippet12> // Extract the STS certificate from the certificate store. X509Store store = new X509Store(StoreName.TrustedPeople, StoreLocation.CurrentUser); store.Open(OpenFlags.ReadOnly); X509Certificate2Collection certs = store.Certificates.Find( X509FindType.FindByThumbprint, "0000000000000000000000000000000000000000", false); store.Close(); // Create an EndpointIdentity from the STS certificate. EndpointIdentity identity = EndpointIdentity.CreateX509CertificateIdentity(certs[0]); //</snippet12> // Set the IssuerAddress using the address of the STS and the previously created // EndpointIdentity. b.Security.Message.IssuerAddress = new EndpointAddress(new Uri("http://localhost:8000/sts/x509"), identity); //</snippet8> // Set the IssuerBinding to a WSHttpBinding loaded from configuration. // The IssuerBinding is only used on federated clients. if (isClient) { b.Security.Message.IssuerBinding = new WSHttpBinding("Issuer"); } //</snippet9> // Set the IssuerMetadataAddress using the metadata address of the STS and the // previously created EndpointIdentity. The IssuerMetadataAddress is only used // on federated services. else { b.Security.Message.IssuerMetadataAddress = new EndpointAddress(new Uri("http://localhost:8001/sts/mex"), identity); } //</snippet10> // Create a ClaimTypeRequirement. ClaimTypeRequirement ctr = new ClaimTypeRequirement ("http://example.org/claim/c1", false); // Add the ClaimTypeRequirement to ClaimTypeRequirements b.Security.Message.ClaimTypeRequirements.Add(ctr); //</snippet11> // Return the created binding return(b); }