// Asking for PeerTrust alone should throw SecurityNegotiationException // if the certificate is not in the TrustedPeople store. For this test // we use a valid chain-trusted certificate that we know is not in the // TrustedPeople store. public static void Https_SecModeTrans_CertValMode_PeerTrust_Fails_Not_In_TrustedPeople() { EndpointAddress endpointAddress = null; string testString = "Hello"; ChannelFactory <IWcfService> factory = null; IWcfService serviceProxy = null; CommunicationException communicationException = null; try { // *** SETUP *** \\ BasicHttpsBinding binding = new BasicHttpsBinding(BasicHttpsSecurityMode.Transport); binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None; endpointAddress = new EndpointAddress(new Uri( Endpoints.Https_SecModeTrans_ClientCredTypeNone_ServerCertValModeChainTrust_Address)); factory = new ChannelFactory <IWcfService>(binding, endpointAddress); factory.Credentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication(); factory.Credentials.ServiceCertificate.SslCertificateAuthentication.CertificateValidationMode = X509CertificateValidationMode.PeerTrust; serviceProxy = factory.CreateChannel(); // *** EXECUTE *** \\ try { serviceProxy.Echo(testString); } catch (CommunicationException ce) { communicationException = ce; } // *** VALIDATE *** \\ Assert.True(communicationException != null, "Expected CommunicationException but no exception was thrown."); Assert.True(communicationException.GetType().Name == "SecurityNegotiationException", String.Format("Expected SecurityNegotiationException but received {0}", communicationException.ToString())); // *** CLEANUP *** \\ ((ICommunicationObject)serviceProxy).Close(); factory.Close(); } finally { // *** ENSURE CLEANUP *** \\ ScenarioTestHelpers.CloseCommunicationObjects((ICommunicationObject)serviceProxy, factory); } }
// Asking for PeerTrust alone should throw SecurityNegotiationException // if the certificate is not in the TrustedPeople store. For this test // we use a valid chain-trusted certificate that we know is not in the // TrustedPeople store. public static void NetTcp_SecModeTrans_CertValMode_PeerTrust_Fails_Not_In_TrustedPeople() { EndpointAddress endpointAddress = null; string testString = "Hello"; ChannelFactory <IWcfService> factory = null; IWcfService serviceProxy = null; CommunicationException communicationException = null; try { // *** SETUP *** \\ NetTcpBinding binding = new NetTcpBinding(SecurityMode.Transport); binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.None; endpointAddress = new EndpointAddress(new Uri( Endpoints.Tcp_CustomBinding_SslStreamSecurity_Address)); factory = new ChannelFactory <IWcfService>(binding, endpointAddress); factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.PeerTrust; serviceProxy = factory.CreateChannel(); // *** EXECUTE *** \\ try { serviceProxy.Echo(testString); } catch (CommunicationException ce) { communicationException = ce; } // *** VALIDATE *** \\ Assert.True(communicationException != null, "Expected CommunicationException but no exception was thrown."); Assert.True(communicationException.GetType().Name == "SecurityNegotiationException", String.Format("Expected SecurityNegotiationException but received {0}", communicationException.ToString())); // *** CLEANUP *** \\ // objects are in faulted state and will throw, so only use finally style cleanup } finally { // *** ENSURE CLEANUP *** \\ ScenarioTestHelpers.CloseCommunicationObjects((ICommunicationObject)serviceProxy, factory); } }
protected void OnMessageException(Microsoft.Transactions.Wsat.Messaging.RequestAsyncResult result, Message message, CommunicationException exception, Fault fault) { DebugTrace.Trace(TraceLevel.Warning, "{0} - {1} reading request with action {2}: {3}", base.GetType().Name, exception.GetType().Name, message.Headers.Action, exception.Message); this.SendFaultReply(result, fault); DebugTrace.Trace(TraceLevel.Warning, "Replied with {0} fault", fault.Code.Name); }
// Asking for PeerTrust alone should throw SecurityNegotiationException // if the certificate is not in the TrustedPeople store. For this test // we use a valid chain-trusted certificate that we know is not in the // TrustedPeople store. public static void NetTcp_SecModeTrans_CertValMode_PeerTrust_Fails_Not_In_TrustedPeople() { #if FULLXUNIT_NOTSUPPORTED bool root_Certificate_Installed = Root_Certificate_Installed(); bool client_Certificate_Installed = Client_Certificate_Installed(); bool peer_Certificate_Installed = Peer_Certificate_Installed(); bool ssl_Available = SSL_Available(); if (!root_Certificate_Installed || !client_Certificate_Installed || !peer_Certificate_Installed || !ssl_Available) { Console.WriteLine("---- Test SKIPPED --------------"); Console.WriteLine("Attempting to run the test in ToF, a ConditionalFact evaluated as FALSE."); Console.WriteLine("Root_Certificate_Installed evaluated as {0}", root_Certificate_Installed); Console.WriteLine("Client_Certificate_Installed evaluated as {0}", client_Certificate_Installed); Console.WriteLine("Peer_Certificate_Installed evaluated as {0}", peer_Certificate_Installed); Console.WriteLine("SSL_Available evaluated as {0}", ssl_Available); return; } #endif EndpointAddress endpointAddress = null; string testString = "Hello"; ChannelFactory <IWcfService> factory = null; IWcfService serviceProxy = null; CommunicationException communicationException = null; try { // *** SETUP *** \\ NetTcpBinding binding = new NetTcpBinding(SecurityMode.Transport); binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.None; endpointAddress = new EndpointAddress(new Uri( Endpoints.Tcp_CustomBinding_SslStreamSecurity_Address)); factory = new ChannelFactory <IWcfService>(binding, endpointAddress); factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.PeerTrust; serviceProxy = factory.CreateChannel(); // *** EXECUTE *** \\ try { serviceProxy.Echo(testString); } catch (CommunicationException ce) { communicationException = ce; } // *** VALIDATE *** \\ Assert.True(communicationException != null, "Expected CommunicationException but no exception was thrown."); Assert.True(communicationException.GetType().Name == "SecurityNegotiationException", String.Format("Expected SecurityNegotiationException but received {0}", communicationException.ToString())); // *** CLEANUP *** \\ // objects are in faulted state and will throw, so only use finally style cleanup } finally { // *** ENSURE CLEANUP *** \\ ScenarioTestHelpers.CloseCommunicationObjects((ICommunicationObject)serviceProxy, factory); } }
protected void OnMessageException(Message message, CommunicationException exception) { DebugTrace.Trace(TraceLevel.Warning, "{0} - {1} reading datagram with action {2}: {3}", base.GetType().Name, exception.GetType().Name, message.Headers.Action, exception.Message); EndpointAddress faultToHeader = Library.GetFaultToHeader(message.Headers, this.protocolVersion); if (faultToHeader == null) { DebugTrace.Trace(TraceLevel.Warning, "Ignoring invalid datagram - a fault-to header could not be obtained"); } else { DatagramProxy proxy = null; try { proxy = this.CreateFaultProxy(faultToHeader); } catch (CreateChannelFailureException exception2) { Microsoft.Transactions.Bridge.DiagnosticUtility.ExceptionUtility.TraceHandledException(exception2, TraceEventType.Warning); DebugTrace.Trace(TraceLevel.Warning, "Ignoring invalid datagram: {0}", exception2.Message); } if (proxy != null) { try { IAsyncResult ar = proxy.BeginSendFault(message.Headers.MessageId, Faults.Version(this.protocolVersion).InvalidParameters, null, null); proxy.EndSendMessage(ar); if (DebugTrace.Warning) { DebugTrace.Trace(TraceLevel.Warning, "Sent InvalidParameters fault to {0}", proxy.To.Uri); } } catch (WsatSendFailureException exception3) { Microsoft.Transactions.Bridge.DiagnosticUtility.ExceptionUtility.TraceHandledException(exception3, TraceEventType.Warning); if (DebugTrace.Warning) { DebugTrace.Trace(TraceLevel.Warning, "{0} sending InvalidParameters fault to {1}: {2}", exception3.GetType().Name, proxy.To.Uri, exception3.Message); } } finally { proxy.Release(); } } } }