public void SecureConvProviderGetToken() { InitiatorServiceModelSecurityTokenRequirement r = CreateRequirement(); // it still requires SecurityAlgorithmSuite on GetToken(). r.SecurityAlgorithmSuite = SecurityAlgorithmSuite.Default; // the actual security binding element requires // ProtectionTokenParameters. r.SecureConversationSecurityBindingElement = SecurityBindingElement.CreateAnonymousForCertificateBindingElement(); // the above requires service certificate BindingContext ctx = r.GetProperty <BindingContext> (ReqType.IssuerBindingContextProperty); ClientCredentials cred = new ClientCredentials(); cred.ServiceCertificate.DefaultCertificate = cert; ctx.BindingParameters.Add(cred); // without it, identity check fails on IssuerAddress // (TargetAddress is used when IssuerAddress is not set) r.TargetAddress = new EndpointAddress(new Uri("http://localhost:8080"), new X509CertificateEndpointIdentity(cert)); SecurityTokenProvider p = def_c.CreateSecurityTokenProvider(r); Assert.IsNotNull(p, "#1"); // non-standard provider, it looks similar to IssuedSecurityTokenProvider. ((ICommunicationObject)p).Open(); p.GetToken(TimeSpan.FromSeconds(5)); }
public void CreateAnonymousForCertificateBindingElement() { SymmetricSecurityBindingElement be = SecurityBindingElement.CreateAnonymousForCertificateBindingElement(); SecurityAssert.AssertSymmetricSecurityBindingElement( SecurityAlgorithmSuite.Default, true, // IncludeTimestamp SecurityKeyEntropyMode.CombinedEntropy, MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature, MessageSecurityVersion.Default, true, // RequireSignatureConfirmation SecurityHeaderLayout.Strict, // EndpointSupportingTokenParameters: endorsing, signed, signedEncrypted, signedEndorsing (by count) 0, 0, 0, 0, // ProtectionTokenParameters true, SecurityTokenInclusionMode.Never, SecurityTokenReferenceStyle.Internal, true, // LocalClientSettings true, 60, true, be, ""); // test ProtectionTokenParameters X509SecurityTokenParameters tp = be.ProtectionTokenParameters as X509SecurityTokenParameters; Assert.IsNotNull(tp, "#2-1"); SecurityAssert.AssertSecurityTokenParameters( SecurityTokenInclusionMode.Never, SecurityTokenReferenceStyle.Internal, true, tp, "Protection"); Assert.AreEqual(X509KeyIdentifierClauseType.Thumbprint, tp.X509ReferenceStyle, "#2-2"); }
public static Binding CreateCustomBinding() { // <Snippet8> // <Snippet3> SymmetricSecurityBindingElement b = SecurityBindingElement. CreateAnonymousForCertificateBindingElement(); // </Snippet3> // <Snippet4> BindingElementCollection outputBindings = new BindingElementCollection(); // </Snippet4> // <Snippet5> b.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic128; b.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; b.ProtectionTokenParameters = new KerberosSecurityTokenParameters(); // </Snippet5> // </Snippet8> // <Snippet6> outputBindings.Add(b); outputBindings.Add(new TextMessageEncodingBindingElement()); outputBindings.Add(new HttpTransportBindingElement()); // </Snippet6> // <Snippet7> return(new CustomBinding(outputBindings)); // </Snippet7> }
// <Snippet2> // These public methods create custom bindings based on the built-in // authentication modes that use the static methods of // the System.ServiceModel.Channels.SecurityBindingElement class. public static Binding CreateAnonymousForCertificateBinding() { BindingElementCollection bec = new BindingElementCollection(); bec.Add(SecurityBindingElement. CreateAnonymousForCertificateBindingElement()); bec.Add(new TextMessageEncodingBindingElement()); bec.Add(new HttpTransportBindingElement()); return(new CustomBinding(bec)); }
internal SecurityBindingElement CreateSecurityBindingElement() { SymmetricSecurityBindingElement result; bool isKerberosSelected = false; switch (this.clientCredentialType) { case MessageCredentialType.None: result = SecurityBindingElement.CreateAnonymousForCertificateBindingElement(); break; case MessageCredentialType.UserName: result = SecurityBindingElement.CreateUserNameForCertificateBindingElement(); break; case MessageCredentialType.Certificate: result = (SymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement(); break; case MessageCredentialType.Windows: result = SecurityBindingElement.CreateKerberosBindingElement(); isKerberosSelected = true; break; case MessageCredentialType.IssuedToken: result = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(), this.algorithmSuite)); break; default: Fx.Assert("unknown ClientCredentialType"); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException()); } result.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11; // set the algorithm suite and issued token params if required if (wasAlgorithmSuiteSet || !isKerberosSelected) { result.DefaultAlgorithmSuite = this.AlgorithmSuite; } else if (isKerberosSelected) { result.DefaultAlgorithmSuite = SecurityAlgorithmSuite.KerberosDefault; } result.IncludeTimestamp = false; result.LocalServiceSettings.DetectReplays = false; result.LocalClientSettings.DetectReplays = false; return(result); }
internal SecurityBindingElement CreateSecurityBindingElement() { SymmetricSecurityBindingElement element; bool flag = false; switch (this.clientCredentialType) { case MessageCredentialType.None: element = SecurityBindingElement.CreateAnonymousForCertificateBindingElement(); break; case MessageCredentialType.Windows: element = SecurityBindingElement.CreateKerberosBindingElement(); flag = true; break; case MessageCredentialType.UserName: element = SecurityBindingElement.CreateUserNameForCertificateBindingElement(); break; case MessageCredentialType.Certificate: element = (SymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement(); break; case MessageCredentialType.IssuedToken: element = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(), this.algorithmSuite)); break; default: throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException()); } element.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11; if (this.wasAlgorithmSuiteSet || !flag) { element.DefaultAlgorithmSuite = this.AlgorithmSuite; } else if (flag) { element.DefaultAlgorithmSuite = SecurityAlgorithmSuite.KerberosDefault; } element.IncludeTimestamp = false; element.LocalServiceSettings.DetectReplays = false; element.LocalClientSettings.DetectReplays = false; return(element); }
internal SecurityBindingElement CreateSecurityBindingElement(bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version) { if (isReliableSession && !this.IsSecureConversationEnabled()) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SecureConversationRequiredByReliableSession))); } SecurityBindingElement result; SecurityBindingElement oneShotSecurity; bool isKerberosSelected = false; bool emitBspAttributes = true; if (isSecureTransportMode) { switch (this.clientCredentialType) { case MessageCredentialType.None: throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ClientCredentialTypeMustBeSpecifiedForMixedMode))); case MessageCredentialType.UserName: oneShotSecurity = SecurityBindingElement.CreateUserNameOverTransportBindingElement(); break; case MessageCredentialType.Certificate: oneShotSecurity = SecurityBindingElement.CreateCertificateOverTransportBindingElement(); break; case MessageCredentialType.Windows: oneShotSecurity = SecurityBindingElement.CreateSspiNegotiationOverTransportBindingElement(true); break; case MessageCredentialType.IssuedToken: oneShotSecurity = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(new WSSecurityTokenSerializer(emitBspAttributes)), this.algorithmSuite)); break; default: Fx.Assert("unknown ClientCredentialType"); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException()); } if (this.IsSecureConversationEnabled()) { result = SecurityBindingElement.CreateSecureConversationBindingElement(oneShotSecurity, true); } else { result = oneShotSecurity; } } else { if (negotiateServiceCredential) { switch (this.clientCredentialType) { case MessageCredentialType.None: oneShotSecurity = SecurityBindingElement.CreateSslNegotiationBindingElement(false, true); break; case MessageCredentialType.UserName: oneShotSecurity = SecurityBindingElement.CreateUserNameForSslBindingElement(true); break; case MessageCredentialType.Certificate: oneShotSecurity = SecurityBindingElement.CreateSslNegotiationBindingElement(true, true); break; case MessageCredentialType.Windows: oneShotSecurity = SecurityBindingElement.CreateSspiNegotiationBindingElement(true); break; case MessageCredentialType.IssuedToken: oneShotSecurity = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(new WSSecurityTokenSerializer(emitBspAttributes)), this.algorithmSuite), true); break; default: Fx.Assert("unknown ClientCredentialType"); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException()); } } else { switch (this.clientCredentialType) { case MessageCredentialType.None: oneShotSecurity = SecurityBindingElement.CreateAnonymousForCertificateBindingElement(); break; case MessageCredentialType.UserName: oneShotSecurity = SecurityBindingElement.CreateUserNameForCertificateBindingElement(); break; case MessageCredentialType.Certificate: oneShotSecurity = SecurityBindingElement.CreateMutualCertificateBindingElement(); break; case MessageCredentialType.Windows: oneShotSecurity = SecurityBindingElement.CreateKerberosBindingElement(); isKerberosSelected = true; break; case MessageCredentialType.IssuedToken: oneShotSecurity = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(new WSSecurityTokenSerializer(emitBspAttributes)), this.algorithmSuite)); break; default: Fx.Assert("unknown ClientCredentialType"); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException()); } } if (this.IsSecureConversationEnabled()) { result = SecurityBindingElement.CreateSecureConversationBindingElement(oneShotSecurity, true); } else { result = oneShotSecurity; } } // set the algorithm suite and issued token params if required if (wasAlgorithmSuiteSet || (!isKerberosSelected)) { result.DefaultAlgorithmSuite = oneShotSecurity.DefaultAlgorithmSuite = this.AlgorithmSuite; } else if (isKerberosSelected) { result.DefaultAlgorithmSuite = oneShotSecurity.DefaultAlgorithmSuite = SecurityAlgorithmSuite.KerberosDefault; } result.IncludeTimestamp = true; oneShotSecurity.MessageSecurityVersion = version; result.MessageSecurityVersion = version; if (!isReliableSession) { result.LocalServiceSettings.ReconnectTransportOnFailure = false; result.LocalClientSettings.ReconnectTransportOnFailure = false; } else { result.LocalServiceSettings.ReconnectTransportOnFailure = true; result.LocalClientSettings.ReconnectTransportOnFailure = true; } if (this.IsSecureConversationEnabled()) { // issue the transition SCT for a short duration only oneShotSecurity.LocalServiceSettings.IssuedCookieLifetime = SpnegoTokenAuthenticator.defaultServerIssuedTransitionTokenLifetime; } return(result); }
internal SecurityBindingElement CreateSecurityBindingElement() { SymmetricSecurityBindingElement wSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11; switch (this.clientCredentialType) { case MessageCredentialType.None: { wSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11 = SecurityBindingElement.CreateAnonymousForCertificateBindingElement(); break; } case MessageCredentialType.Windows: { Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.DebugAssert("unsupported ClientCredentialType"); throw Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException()); } case MessageCredentialType.UserName: { wSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11 = SecurityBindingElement.CreateUserNameForCertificateBindingElement(); break; } case MessageCredentialType.Certificate: { wSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11 = (SymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement(); break; } case MessageCredentialType.IssuedToken: { object[] objArray = new object[] { SecurityUtil.CreateSecurityStandardsManager(new object[0]), this.algorithmSuite }; wSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11 = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(SecurityUtil.IssuedSecurityTokenParameters.CreateInfoCardParameters(objArray)); break; } default: { Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.DebugAssert("unsupported ClientCredentialType"); throw Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException()); } } wSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11; if (this.wasAlgorithmSuiteSet) { wSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11.DefaultAlgorithmSuite = this.AlgorithmSuite; } wSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11.IncludeTimestamp = false; wSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11.LocalServiceSettings.DetectReplays = false; wSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11.LocalClientSettings.DetectReplays = false; return(wSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11); }
// <snippet2> public override BindingElementCollection CreateBindingElements() { //SecurityBindingElement sbe = bec.Find<SecurityBindingElement>(); BindingElementCollection bec = new BindingElementCollection(); // By default http transport is used SecurityBindingElement securityBinding; BindingElement transport; switch (assertion) { case WseSecurityAssertion.UsernameOverTransport: transport = new HttpsTransportBindingElement(); securityBinding = (TransportSecurityBindingElement)SecurityBindingElement.CreateUserNameOverTransportBindingElement(); if (establishSecurityContext == true) { throw new InvalidOperationException("Secure Conversation is not supported for this Security Assertion Type"); } if (requireSignatureConfirmation == true) { throw new InvalidOperationException("Signature Confirmation is not supported for this Security Assertion Type"); } break; case WseSecurityAssertion.MutualCertificate10: transport = new HttpTransportBindingElement(); securityBinding = SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10); if (requireSignatureConfirmation == true) { throw new InvalidOperationException("Signature Confirmation is not supported for this Security Assertion Type"); } ((AsymmetricSecurityBindingElement)securityBinding).MessageProtectionOrder = messageProtectionOrder; break; case WseSecurityAssertion.UsernameForCertificate: transport = new HttpTransportBindingElement(); securityBinding = (SymmetricSecurityBindingElement)SecurityBindingElement.CreateUserNameForCertificateBindingElement(); // We want signatureconfirmation on the bootstrap process // either for the application messages or for the RST/RSTR ((SymmetricSecurityBindingElement)securityBinding).RequireSignatureConfirmation = requireSignatureConfirmation; ((SymmetricSecurityBindingElement)securityBinding).MessageProtectionOrder = messageProtectionOrder; break; case WseSecurityAssertion.AnonymousForCertificate: transport = new HttpTransportBindingElement(); securityBinding = (SymmetricSecurityBindingElement)SecurityBindingElement.CreateAnonymousForCertificateBindingElement(); ((SymmetricSecurityBindingElement)securityBinding).RequireSignatureConfirmation = requireSignatureConfirmation; ((SymmetricSecurityBindingElement)securityBinding).MessageProtectionOrder = messageProtectionOrder; break; case WseSecurityAssertion.MutualCertificate11: transport = new HttpTransportBindingElement(); securityBinding = SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11); ((SymmetricSecurityBindingElement)securityBinding).RequireSignatureConfirmation = requireSignatureConfirmation; ((SymmetricSecurityBindingElement)securityBinding).MessageProtectionOrder = messageProtectionOrder; break; case WseSecurityAssertion.Kerberos: transport = new HttpTransportBindingElement(); securityBinding = (SymmetricSecurityBindingElement)SecurityBindingElement.CreateKerberosBindingElement(); ((SymmetricSecurityBindingElement)securityBinding).RequireSignatureConfirmation = requireSignatureConfirmation; ((SymmetricSecurityBindingElement)securityBinding).MessageProtectionOrder = messageProtectionOrder; break; default: throw new NotSupportedException("This supplied Wse security assertion is not supported"); } //Set defaults for the security binding securityBinding.IncludeTimestamp = true; // Derived Keys // set the preference for derived keys before creating SecureConversationBindingElement securityBinding.SetKeyDerivation(requireDerivedKeys); //Secure Conversation if (establishSecurityContext == true) { SymmetricSecurityBindingElement secureconversation = (SymmetricSecurityBindingElement)SymmetricSecurityBindingElement.CreateSecureConversationBindingElement( securityBinding, false); // This is the default //secureconversation.DefaultProtectionLevel = ProtectionLevel.EncryptAndSign; //Set defaults for the secure conversation binding secureconversation.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256; // We do not want signature confirmation on the application level messages // when secure conversation is enabled. secureconversation.RequireSignatureConfirmation = false; secureconversation.MessageProtectionOrder = messageProtectionOrder; secureconversation.SetKeyDerivation(requireDerivedKeys); securityBinding = secureconversation; } // Add the security binding to the binding collection bec.Add(securityBinding); // Add the message encoder. TextMessageEncodingBindingElement textelement = new TextMessageEncodingBindingElement(); textelement.MessageVersion = MessageVersion.Soap11WSAddressingAugust2004; //These are the defaults required for WSE //textelement.MessageVersion = MessageVersion.Soap11Addressing1; //textelement.WriteEncoding = System.Text.Encoding.UTF8; bec.Add(textelement); // Add the transport bec.Add(transport); // return the binding elements return(bec); }
internal SecurityBindingElement CreateSecurityBindingElement(bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version) { SecurityBindingElement element; SecurityBindingElement element2; if (isReliableSession && !this.IsSecureConversationEnabled()) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("SecureConversationRequiredByReliableSession"))); } bool flag = false; bool emitBspRequiredAttributes = true; if (!isSecureTransportMode) { if (this.negotiateServiceCredential) { switch (this.clientCredentialType) { case MessageCredentialType.None: element2 = SecurityBindingElement.CreateSslNegotiationBindingElement(false, true); goto Label_01DA; case MessageCredentialType.Windows: element2 = SecurityBindingElement.CreateSspiNegotiationBindingElement(true); goto Label_01DA; case MessageCredentialType.UserName: element2 = SecurityBindingElement.CreateUserNameForSslBindingElement(true); goto Label_01DA; case MessageCredentialType.Certificate: element2 = SecurityBindingElement.CreateSslNegotiationBindingElement(true, true); goto Label_01DA; case MessageCredentialType.IssuedToken: element2 = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(new WSSecurityTokenSerializer(emitBspRequiredAttributes)), this.algorithmSuite), true); goto Label_01DA; } throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException()); } switch (this.clientCredentialType) { case MessageCredentialType.None: element2 = SecurityBindingElement.CreateAnonymousForCertificateBindingElement(); goto Label_01DA; case MessageCredentialType.Windows: element2 = SecurityBindingElement.CreateKerberosBindingElement(); flag = true; goto Label_01DA; case MessageCredentialType.UserName: element2 = SecurityBindingElement.CreateUserNameForCertificateBindingElement(); goto Label_01DA; case MessageCredentialType.Certificate: element2 = SecurityBindingElement.CreateMutualCertificateBindingElement(); goto Label_01DA; case MessageCredentialType.IssuedToken: element2 = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(new WSSecurityTokenSerializer(emitBspRequiredAttributes)), this.algorithmSuite)); goto Label_01DA; } throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException()); } switch (this.clientCredentialType) { case MessageCredentialType.None: throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("ClientCredentialTypeMustBeSpecifiedForMixedMode"))); case MessageCredentialType.Windows: element2 = SecurityBindingElement.CreateSspiNegotiationOverTransportBindingElement(true); break; case MessageCredentialType.UserName: element2 = SecurityBindingElement.CreateUserNameOverTransportBindingElement(); break; case MessageCredentialType.Certificate: element2 = SecurityBindingElement.CreateCertificateOverTransportBindingElement(); break; case MessageCredentialType.IssuedToken: element2 = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(new WSSecurityTokenSerializer(emitBspRequiredAttributes)), this.algorithmSuite)); break; default: throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException()); } if (this.IsSecureConversationEnabled()) { element = SecurityBindingElement.CreateSecureConversationBindingElement(element2, true); } else { element = element2; } goto Label_01EE; Label_01DA: if (this.IsSecureConversationEnabled()) { element = SecurityBindingElement.CreateSecureConversationBindingElement(element2, true); } else { element = element2; } Label_01EE: if (this.wasAlgorithmSuiteSet || !flag) { element.DefaultAlgorithmSuite = element2.DefaultAlgorithmSuite = this.AlgorithmSuite; } else if (flag) { element.DefaultAlgorithmSuite = element2.DefaultAlgorithmSuite = SecurityAlgorithmSuite.KerberosDefault; } element.IncludeTimestamp = true; element2.MessageSecurityVersion = version; element.MessageSecurityVersion = version; if (!isReliableSession) { element.LocalServiceSettings.ReconnectTransportOnFailure = false; element.LocalClientSettings.ReconnectTransportOnFailure = false; } else { element.LocalServiceSettings.ReconnectTransportOnFailure = true; element.LocalClientSettings.ReconnectTransportOnFailure = true; } if (this.IsSecureConversationEnabled()) { element2.LocalServiceSettings.IssuedCookieLifetime = NegotiationTokenAuthenticator <SspiNegotiationTokenAuthenticatorState> .defaultServerIssuedTransitionTokenLifetime; } return(element); }
protected internal virtual BindingElement CreateBindingElement(bool createTemplateOnly) { SecurityBindingElement result; switch (this.AuthenticationMode) { case AuthenticationMode.AnonymousForCertificate: result = SecurityBindingElement.CreateAnonymousForCertificateBindingElement(); break; case AuthenticationMode.AnonymousForSslNegotiated: result = SecurityBindingElement.CreateSslNegotiationBindingElement(false, this.RequireSecurityContextCancellation); break; case AuthenticationMode.CertificateOverTransport: result = SecurityBindingElement.CreateCertificateOverTransportBindingElement(this.MessageSecurityVersion); break; case AuthenticationMode.IssuedToken: result = SecurityBindingElement.CreateIssuedTokenBindingElement(this.IssuedTokenParameters.Create(createTemplateOnly, this.templateKeyType)); break; case AuthenticationMode.IssuedTokenForCertificate: result = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(this.IssuedTokenParameters.Create(createTemplateOnly, this.templateKeyType)); break; case AuthenticationMode.IssuedTokenForSslNegotiated: result = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(this.IssuedTokenParameters.Create(createTemplateOnly, this.templateKeyType), this.RequireSecurityContextCancellation); break; case AuthenticationMode.IssuedTokenOverTransport: result = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(this.IssuedTokenParameters.Create(createTemplateOnly, this.templateKeyType)); break; case AuthenticationMode.Kerberos: result = SecurityBindingElement.CreateKerberosBindingElement(); break; case AuthenticationMode.KerberosOverTransport: result = SecurityBindingElement.CreateKerberosOverTransportBindingElement(); break; case AuthenticationMode.MutualCertificateDuplex: result = SecurityBindingElement.CreateMutualCertificateDuplexBindingElement(this.MessageSecurityVersion); break; case AuthenticationMode.MutualCertificate: result = SecurityBindingElement.CreateMutualCertificateBindingElement(this.MessageSecurityVersion); break; case AuthenticationMode.MutualSslNegotiated: result = SecurityBindingElement.CreateSslNegotiationBindingElement(true, this.RequireSecurityContextCancellation); break; case AuthenticationMode.SspiNegotiated: result = SecurityBindingElement.CreateSspiNegotiationBindingElement(this.RequireSecurityContextCancellation); break; case AuthenticationMode.UserNameForCertificate: result = SecurityBindingElement.CreateUserNameForCertificateBindingElement(); break; case AuthenticationMode.UserNameForSslNegotiated: result = SecurityBindingElement.CreateUserNameForSslBindingElement(this.RequireSecurityContextCancellation); break; case AuthenticationMode.UserNameOverTransport: result = SecurityBindingElement.CreateUserNameOverTransportBindingElement(); break; case AuthenticationMode.SspiNegotiatedOverTransport: result = SecurityBindingElement.CreateSspiNegotiationOverTransportBindingElement(this.RequireSecurityContextCancellation); break; default: throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidEnumArgumentException("AuthenticationMode", (int)this.AuthenticationMode, typeof(AuthenticationMode))); } this.ApplyConfiguration(result); return(result); }
internal SecurityBindingElement CreateSecurityBindingElement(bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version) { SecurityBindingElement securityBindingElement; SecurityBindingElement securityBindingElement1; if (isReliableSession && !this.IsSecureConversationEnabled()) { throw Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(Microsoft.ServiceBus.SR.GetString(Resources.SecureConversationRequiredByReliableSession, new object[0]))); } bool flag = false; bool flag1 = true; if (!isSecureTransportMode) { if (!this.negotiateServiceCredential) { switch (this.clientCredentialType) { case MessageCredentialType.None: { securityBindingElement1 = SecurityBindingElement.CreateAnonymousForCertificateBindingElement(); goto Label0; } case MessageCredentialType.Windows: { securityBindingElement1 = SecurityBindingElement.CreateKerberosBindingElement(); flag = true; goto Label0; } case MessageCredentialType.UserName: { securityBindingElement1 = SecurityBindingElement.CreateUserNameForCertificateBindingElement(); goto Label0; } case MessageCredentialType.Certificate: { securityBindingElement1 = SecurityBindingElement.CreateMutualCertificateBindingElement(); goto Label0; } case MessageCredentialType.IssuedToken: { securityBindingElement1 = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(this.CreateInfoCardParameters(flag1)); goto Label0; } } Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.DebugAssert("unknown ClientCredentialType"); throw Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException()); } else { switch (this.clientCredentialType) { case MessageCredentialType.None: { securityBindingElement1 = SecurityBindingElement.CreateSslNegotiationBindingElement(false, true); goto Label0; } case MessageCredentialType.Windows: { securityBindingElement1 = SecurityBindingElement.CreateSspiNegotiationBindingElement(true); goto Label0; } case MessageCredentialType.UserName: { securityBindingElement1 = SecurityBindingElement.CreateUserNameForSslBindingElement(true); goto Label0; } case MessageCredentialType.Certificate: { securityBindingElement1 = SecurityBindingElement.CreateSslNegotiationBindingElement(true, true); goto Label0; } case MessageCredentialType.IssuedToken: { securityBindingElement1 = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(this.CreateInfoCardParameters(flag1), true); goto Label0; } } Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.DebugAssert("unknown ClientCredentialType"); throw Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException()); } Label0: securityBindingElement = (!this.IsSecureConversationEnabled() ? securityBindingElement1 : SecurityBindingElement.CreateSecureConversationBindingElement(securityBindingElement1, true)); } else { switch (this.clientCredentialType) { case MessageCredentialType.None: { throw Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(Microsoft.ServiceBus.SR.GetString(Resources.ClientCredentialTypeMustBeSpecifiedForMixedMode, new object[0]))); } case MessageCredentialType.Windows: { securityBindingElement1 = SecurityBindingElement.CreateSspiNegotiationOverTransportBindingElement(true); break; } case MessageCredentialType.UserName: { securityBindingElement1 = SecurityBindingElement.CreateUserNameOverTransportBindingElement(); break; } case MessageCredentialType.Certificate: { securityBindingElement1 = SecurityBindingElement.CreateCertificateOverTransportBindingElement(); break; } case MessageCredentialType.IssuedToken: { securityBindingElement1 = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(this.CreateInfoCardParameters(flag1)); break; } default: { Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.DebugAssert("unknown ClientCredentialType"); throw Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException()); } } securityBindingElement = (!this.IsSecureConversationEnabled() ? securityBindingElement1 : SecurityBindingElement.CreateSecureConversationBindingElement(securityBindingElement1, true)); } if (this.wasAlgorithmSuiteSet || !flag) { SecurityAlgorithmSuite algorithmSuite = this.AlgorithmSuite; SecurityAlgorithmSuite securityAlgorithmSuite = algorithmSuite; securityBindingElement1.DefaultAlgorithmSuite = algorithmSuite; securityBindingElement.DefaultAlgorithmSuite = securityAlgorithmSuite; } else if (flag) { SecurityAlgorithmSuite basic128 = SecurityAlgorithmSuite.Basic128; SecurityAlgorithmSuite securityAlgorithmSuite1 = basic128; securityBindingElement1.DefaultAlgorithmSuite = basic128; securityBindingElement.DefaultAlgorithmSuite = securityAlgorithmSuite1; } securityBindingElement.IncludeTimestamp = true; securityBindingElement1.MessageSecurityVersion = version; securityBindingElement.MessageSecurityVersion = version; if (isReliableSession) { securityBindingElement.LocalServiceSettings.ReconnectTransportOnFailure = true; securityBindingElement.LocalClientSettings.ReconnectTransportOnFailure = true; } else { securityBindingElement.LocalServiceSettings.ReconnectTransportOnFailure = false; securityBindingElement.LocalClientSettings.ReconnectTransportOnFailure = false; } if (this.IsSecureConversationEnabled()) { securityBindingElement1.LocalServiceSettings.IssuedCookieLifetime = TimeSpan.FromMinutes(15); } return(securityBindingElement); }
/// <summary> /// Creates a custom binding based on an example generated from svcutil.exe /// </summary> /// <param name="exeConfigPath"></param> /// <returns></returns> /// <remarks> /// https://msdn.microsoft.com/en-us/library/ms731690(v=vs.110).aspx /// </remarks> public static List <CustomBinding> GetCustomBindings(string exeConfigPath) { if (string.IsNullOrWhiteSpace(exeConfigPath)) { return(null); } var svcSection = Read.Config.ExeConfig.GetServiceModelSection(exeConfigPath); var configs = new List <CustomBinding>(); foreach (var section in svcSection.Bindings.CustomBinding.ConfiguredBindings.Cast <CustomBindingElement>()) { var binding = new CustomBinding { Name = section.Name, }; var cfgSecurity = section[0] as SecurityElement; if (cfgSecurity == null) { configs.Add(binding); continue; } var mode = cfgSecurity.AuthenticationMode; var msgSecurityVersion = cfgSecurity.MessageSecurityVersion; var issuedTokenParameter = new IssuedSecurityTokenParameters(); if (cfgSecurity.IssuedTokenParameters.AdditionalRequestParameters != null) { foreach (var arp in cfgSecurity.IssuedTokenParameters.AdditionalRequestParameters.Cast <XmlElementElement>()) { issuedTokenParameter.AdditionalRequestParameters.Add(arp.XmlElement); } } if (cfgSecurity.IssuedTokenParameters.Issuer?.Address != null) { var address = cfgSecurity.IssuedTokenParameters.Issuer.Address; var idElem = cfgSecurity.IssuedTokenParameters.Issuer.Identity; issuedTokenParameter.IssuerAddress = GetEnpointAddressWithIdentity(address, idElem); } if (cfgSecurity.IssuedTokenParameters.Issuer?.Binding != null) { issuedTokenParameter.IssuerBinding = GetBindingByName(cfgSecurity.IssuedTokenParameters.Issuer.Binding); } if (cfgSecurity.IssuedTokenParameters.IssuerMetadata?.Address != null) { var address = cfgSecurity.IssuedTokenParameters.IssuerMetadata.Address; var idElem = cfgSecurity.IssuedTokenParameters.IssuerMetadata.Identity; issuedTokenParameter.IssuerMetadataAddress = GetEnpointAddressWithIdentity(address, idElem); } SecurityBindingElement securityElemnt; switch (mode) { case AuthenticationMode.IssuedTokenOverTransport: securityElemnt = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(issuedTokenParameter); break; case AuthenticationMode.AnonymousForCertificate: securityElemnt = SecurityBindingElement.CreateAnonymousForCertificateBindingElement(); break; case AuthenticationMode.AnonymousForSslNegotiated: securityElemnt = SecurityBindingElement.CreateSslNegotiationBindingElement(false); break; case AuthenticationMode.CertificateOverTransport: securityElemnt = SecurityBindingElement.CreateCertificateOverTransportBindingElement(msgSecurityVersion); break; case AuthenticationMode.IssuedToken: securityElemnt = SecurityBindingElement.CreateIssuedTokenBindingElement(issuedTokenParameter); break; case AuthenticationMode.IssuedTokenForCertificate: securityElemnt = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(issuedTokenParameter); break; case AuthenticationMode.IssuedTokenForSslNegotiated: securityElemnt = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(issuedTokenParameter); break; case AuthenticationMode.Kerberos: securityElemnt = SecurityBindingElement.CreateKerberosBindingElement(); break; case AuthenticationMode.KerberosOverTransport: securityElemnt = SecurityBindingElement.CreateKerberosOverTransportBindingElement(); break; case AuthenticationMode.MutualCertificate: securityElemnt = SecurityBindingElement.CreateMutualCertificateBindingElement(msgSecurityVersion); break; case AuthenticationMode.MutualCertificateDuplex: securityElemnt = SecurityBindingElement.CreateMutualCertificateDuplexBindingElement(msgSecurityVersion); break; case AuthenticationMode.MutualSslNegotiated: securityElemnt = SecurityBindingElement.CreateSslNegotiationBindingElement(false); break; case AuthenticationMode.SspiNegotiated: securityElemnt = SecurityBindingElement.CreateSspiNegotiationBindingElement(); break; case AuthenticationMode.SspiNegotiatedOverTransport: securityElemnt = SecurityBindingElement.CreateSspiNegotiationOverTransportBindingElement(); break; case AuthenticationMode.UserNameForCertificate: securityElemnt = SecurityBindingElement.CreateUserNameForCertificateBindingElement(); break; case AuthenticationMode.UserNameForSslNegotiated: securityElemnt = SecurityBindingElement.CreateUserNameForSslBindingElement(); break; case AuthenticationMode.UserNameOverTransport: securityElemnt = SecurityBindingElement.CreateUserNameOverTransportBindingElement(); break; default: throw new NotImplementedException(); } securityElemnt.AllowInsecureTransport = cfgSecurity.AllowInsecureTransport; securityElemnt.DefaultAlgorithmSuite = cfgSecurity.DefaultAlgorithmSuite; securityElemnt.EnableUnsecuredResponse = cfgSecurity.EnableUnsecuredResponse; securityElemnt.IncludeTimestamp = cfgSecurity.IncludeTimestamp; securityElemnt.MessageSecurityVersion = cfgSecurity.MessageSecurityVersion; securityElemnt.KeyEntropyMode = cfgSecurity.KeyEntropyMode; securityElemnt.ProtectTokens = cfgSecurity.ProtectTokens; securityElemnt.SecurityHeaderLayout = cfgSecurity.SecurityHeaderLayout; securityElemnt.SetKeyDerivation(cfgSecurity.RequireDerivedKeys); binding.Elements.Add(securityElemnt); configs.Add(binding); } return(configs); }