public static Binding CreateIssuedTokenForCertificateBinding()
{
BindingElementCollection bec = new BindingElementCollection();
bec.Add(SecurityBindingElement.
CreateIssuedTokenForCertificateBindingElement(
new IssuedSecurityTokenParameters()));
bec.Add(new TextMessageEncodingBindingElement());
bec.Add(new HttpTransportBindingElement());
return(new CustomBinding(bec));
}
internal SecurityBindingElement CreateSecurityBindingElement()
{
SymmetricSecurityBindingElement result;
bool isKerberosSelected = false;
switch (this.clientCredentialType)
{
case MessageCredentialType.None:
result = SecurityBindingElement.CreateAnonymousForCertificateBindingElement();
break;
case MessageCredentialType.UserName:
result = SecurityBindingElement.CreateUserNameForCertificateBindingElement();
break;
case MessageCredentialType.Certificate:
result = (SymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement();
break;
case MessageCredentialType.Windows:
result = SecurityBindingElement.CreateKerberosBindingElement();
isKerberosSelected = true;
break;
case MessageCredentialType.IssuedToken:
result = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(), this.algorithmSuite));
break;
default:
Fx.Assert("unknown ClientCredentialType");
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
result.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11;
// set the algorithm suite and issued token params if required
if (wasAlgorithmSuiteSet || !isKerberosSelected)
{
result.DefaultAlgorithmSuite = this.AlgorithmSuite;
}
else if (isKerberosSelected)
{
result.DefaultAlgorithmSuite = SecurityAlgorithmSuite.KerberosDefault;
}
result.IncludeTimestamp = false;
result.LocalServiceSettings.DetectReplays = false;
result.LocalClientSettings.DetectReplays = false;
return(result);
}
protected override SecurityBindingElement CreateSecurityBindingElement()
{
SecurityBindingElement element;
IssuedSecurityTokenParameters issuedParameters =
new IssuedSecurityTokenParameters(TokenType, IssuerAddress, IssuerBinding)
{
KeyType = KeyType,
IssuerMetadataAddress = IssuerMetadataAddress
};
if (KeyType == SecurityKeyType.SymmetricKey)
{
issuedParameters.KeySize = AlgorithmSuite.DefaultSymmetricKeyLength;
}
else
{
issuedParameters.KeySize = 0;
}
if (ClaimTypeRequirement != null)
{
foreach (ClaimTypeRequirement requirement in ClaimTypeRequirement)
{
issuedParameters.ClaimTypeRequirements.Add(requirement);
}
}
AddAlgorithmParameters(AlgorithmSuite, base.TrustVersion, KeyType, ref issuedParameters);
if (SecurityMode.Message == base.SecurityMode)
{
element = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(issuedParameters);
}
else
{
if (SecurityMode.TransportWithMessageCredential != base.SecurityMode)
{
throw new InvalidOperationException("ID3226");
}
element = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(issuedParameters);
}
element.DefaultAlgorithmSuite = AlgorithmSuite;
element.IncludeTimestamp = true;
return(element);
}
static void Main(string[] args)
{
// Configure the issued token parameters with the correct settings
IssuedSecurityTokenParameters itp = new IssuedSecurityTokenParameters("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
itp.IssuerMetadataAddress = new EndpointAddress("http://localhost:6000/STS/mex");
itp.IssuerAddress = new EndpointAddress("http://localhost:6000/STS");
// Create the security binding element
SecurityBindingElement sbe = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(itp);
sbe.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
// Create the HTTP transport binding element
HttpTransportBindingElement httpBE = new HttpTransportBindingElement();
// Create the custom binding using the prepared binding elements
CustomBinding binding = new CustomBinding(sbe, httpBE);
Uri serviceUri = new Uri("http://localhost:6002/Service2");
using (ServiceHost host = new ServiceHost(typeof(Service2), serviceUri))
{
host.AddServiceEndpoint(typeof(IService2), binding, "");
host.Credentials.ServiceCertificate.SetCertificate("CN=localhost", StoreLocation.LocalMachine, StoreName.My);
// Enable metadata generation via HTTP GET
ServiceMetadataBehavior smb = new ServiceMetadataBehavior();
smb.HttpGetEnabled = true;
host.Description.Behaviors.Add(smb);
host.AddServiceEndpoint(typeof(IMetadataExchange), MetadataExchangeBindings.CreateMexHttpBinding(), "mex");
// Configure the service host to use the Windows Identity Foundation
ServiceConfiguration configuration = new ServiceConfiguration();
configuration.IssuerNameRegistry = new TrustedIssuerNameRegistry();
configuration.SecurityTokenHandlers.Configuration.AudienceRestriction.AllowedAudienceUris.Add(serviceUri);
FederatedServiceCredentials.ConfigureServiceHost(host, configuration);
host.Open();
Console.WriteLine("Service2 started, press ENTER to stop ...");
Console.ReadLine();
host.Close();
}
}
internal SecurityBindingElement CreateSecurityBindingElement()
{
SymmetricSecurityBindingElement element;
bool flag = false;
switch (this.clientCredentialType)
{
case MessageCredentialType.None:
element = SecurityBindingElement.CreateAnonymousForCertificateBindingElement();
break;
case MessageCredentialType.Windows:
element = SecurityBindingElement.CreateKerberosBindingElement();
flag = true;
break;
case MessageCredentialType.UserName:
element = SecurityBindingElement.CreateUserNameForCertificateBindingElement();
break;
case MessageCredentialType.Certificate:
element = (SymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement();
break;
case MessageCredentialType.IssuedToken:
element = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(), this.algorithmSuite));
break;
default:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
element.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11;
if (this.wasAlgorithmSuiteSet || !flag)
{
element.DefaultAlgorithmSuite = this.AlgorithmSuite;
}
else if (flag)
{
element.DefaultAlgorithmSuite = SecurityAlgorithmSuite.KerberosDefault;
}
element.IncludeTimestamp = false;
element.LocalServiceSettings.DetectReplays = false;
element.LocalClientSettings.DetectReplays = false;
return(element);
}
private static CustomBinding CreateBindingForAdfs2IssuedTokenBinding(EndpointAddress localStsAddress)
{
// Opret security binding element
var securityElement = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(
new IssuedSecurityTokenParameters
{
KeySize = 256,
// 256 bit keysize
KeyType = SecurityKeyType.SymmetricKey,
// Symmetriske nøgler
TokenType = SecurityTokenTypes.Saml11TokenProfile11, // SAML 1.1 tokens
IssuerAddress = localStsAddress,
IssuerBinding = new WS2007HttpBinding(SecurityMode.Message)
});
securityElement.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256Sha256;
securityElement.SecurityHeaderLayout = SecurityHeaderLayout.Strict;
securityElement.IncludeTimestamp = true;
securityElement.KeyEntropyMode = SecurityKeyEntropyMode.CombinedEntropy;
securityElement.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature;
securityElement.MessageSecurityVersion =
MessageSecurityVersion.
WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
securityElement.RequireSignatureConfirmation = true;
var textmessageEncoding = new TextMessageEncodingBindingElement
{
WriteEncoding = Encoding.UTF8,
MessageVersion = MessageVersion.Soap12WSAddressing10
};
var httpTransport = new HttpTransportBindingElement
{
AuthenticationScheme = AuthenticationSchemes.Anonymous,
ProxyAuthenticationScheme = AuthenticationSchemes.Anonymous
};
return(new CustomBinding(securityElement, textmessageEncoding, httpTransport));
}
public void CreateIssuedTokenForCertificateBindingElement1()
{
IssuedSecurityTokenParameters tp =
new IssuedSecurityTokenParameters();
SymmetricSecurityBindingElement be =
SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(tp);
SecurityAssert.AssertSymmetricSecurityBindingElement(
SecurityAlgorithmSuite.Default,
true, // IncludeTimestamp
SecurityKeyEntropyMode.CombinedEntropy,
MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature,
MessageSecurityVersion.Default,
true, // RequireSignatureConfirmation
SecurityHeaderLayout.Strict,
// EndpointSupportingTokenParameters: endorsing, signed, signedEncrypted, signedEndorsing (by count)
1, 0, 0, 0,
// ProtectionTokenParameters
true, SecurityTokenInclusionMode.Never, SecurityTokenReferenceStyle.Internal, true,
// LocalClientSettings
true, 60, true,
be, "");
// test ProtectionTokenParameters
X509SecurityTokenParameters ptp =
be.ProtectionTokenParameters
as X509SecurityTokenParameters;
Assert.IsNotNull(ptp, "#2-1");
SecurityAssert.AssertSecurityTokenParameters(
SecurityTokenInclusionMode.Never,
SecurityTokenReferenceStyle.Internal,
true, ptp, "Protection");
Assert.AreEqual(X509KeyIdentifierClauseType.Thumbprint, ptp.X509ReferenceStyle, "#2-2");
Assert.AreEqual(tp, be.EndpointSupportingTokenParameters.Endorsing [0], "EndpointParams.Endorsing[0]");
}
internal SecurityBindingElement CreateSecurityBindingElement(bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version)
{
if (isReliableSession && !this.IsSecureConversationEnabled())
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SecureConversationRequiredByReliableSession)));
}
SecurityBindingElement result;
SecurityBindingElement oneShotSecurity;
bool isKerberosSelected = false;
bool emitBspAttributes = true;
if (isSecureTransportMode)
{
switch (this.clientCredentialType)
{
case MessageCredentialType.None:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ClientCredentialTypeMustBeSpecifiedForMixedMode)));
case MessageCredentialType.UserName:
oneShotSecurity = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
break;
case MessageCredentialType.Certificate:
oneShotSecurity = SecurityBindingElement.CreateCertificateOverTransportBindingElement();
break;
case MessageCredentialType.Windows:
oneShotSecurity = SecurityBindingElement.CreateSspiNegotiationOverTransportBindingElement(true);
break;
case MessageCredentialType.IssuedToken:
oneShotSecurity = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(new WSSecurityTokenSerializer(emitBspAttributes)), this.algorithmSuite));
break;
default:
Fx.Assert("unknown ClientCredentialType");
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
if (this.IsSecureConversationEnabled())
{
result = SecurityBindingElement.CreateSecureConversationBindingElement(oneShotSecurity, true);
}
else
{
result = oneShotSecurity;
}
}
else
{
if (negotiateServiceCredential)
{
switch (this.clientCredentialType)
{
case MessageCredentialType.None:
oneShotSecurity = SecurityBindingElement.CreateSslNegotiationBindingElement(false, true);
break;
case MessageCredentialType.UserName:
oneShotSecurity = SecurityBindingElement.CreateUserNameForSslBindingElement(true);
break;
case MessageCredentialType.Certificate:
oneShotSecurity = SecurityBindingElement.CreateSslNegotiationBindingElement(true, true);
break;
case MessageCredentialType.Windows:
oneShotSecurity = SecurityBindingElement.CreateSspiNegotiationBindingElement(true);
break;
case MessageCredentialType.IssuedToken:
oneShotSecurity = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(new WSSecurityTokenSerializer(emitBspAttributes)), this.algorithmSuite), true);
break;
default:
Fx.Assert("unknown ClientCredentialType");
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
}
else
{
switch (this.clientCredentialType)
{
case MessageCredentialType.None:
oneShotSecurity = SecurityBindingElement.CreateAnonymousForCertificateBindingElement();
break;
case MessageCredentialType.UserName:
oneShotSecurity = SecurityBindingElement.CreateUserNameForCertificateBindingElement();
break;
case MessageCredentialType.Certificate:
oneShotSecurity = SecurityBindingElement.CreateMutualCertificateBindingElement();
break;
case MessageCredentialType.Windows:
oneShotSecurity = SecurityBindingElement.CreateKerberosBindingElement();
isKerberosSelected = true;
break;
case MessageCredentialType.IssuedToken:
oneShotSecurity = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(new WSSecurityTokenSerializer(emitBspAttributes)), this.algorithmSuite));
break;
default:
Fx.Assert("unknown ClientCredentialType");
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
}
if (this.IsSecureConversationEnabled())
{
result = SecurityBindingElement.CreateSecureConversationBindingElement(oneShotSecurity, true);
}
else
{
result = oneShotSecurity;
}
}
// set the algorithm suite and issued token params if required
if (wasAlgorithmSuiteSet || (!isKerberosSelected))
{
result.DefaultAlgorithmSuite = oneShotSecurity.DefaultAlgorithmSuite = this.AlgorithmSuite;
}
else if (isKerberosSelected)
{
result.DefaultAlgorithmSuite = oneShotSecurity.DefaultAlgorithmSuite = SecurityAlgorithmSuite.KerberosDefault;
}
result.IncludeTimestamp = true;
oneShotSecurity.MessageSecurityVersion = version;
result.MessageSecurityVersion = version;
if (!isReliableSession)
{
result.LocalServiceSettings.ReconnectTransportOnFailure = false;
result.LocalClientSettings.ReconnectTransportOnFailure = false;
}
else
{
result.LocalServiceSettings.ReconnectTransportOnFailure = true;
result.LocalClientSettings.ReconnectTransportOnFailure = true;
}
if (this.IsSecureConversationEnabled())
{
// issue the transition SCT for a short duration only
oneShotSecurity.LocalServiceSettings.IssuedCookieLifetime = SpnegoTokenAuthenticator.defaultServerIssuedTransitionTokenLifetime;
}
return(result);
}
internal SecurityBindingElement CreateSecurityBindingElement(bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version)
{
SecurityBindingElement element;
SecurityBindingElement element3;
if ((this.IssuedKeyType == SecurityKeyType.BearerKey) && (version.TrustVersion == TrustVersion.WSTrustFeb2005))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("BearerKeyIncompatibleWithWSFederationHttpBinding")));
}
if (isReliableSession && !this.EstablishSecurityContext)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("SecureConversationRequiredByReliableSession")));
}
bool emitBspRequiredAttributes = true;
IssuedSecurityTokenParameters issuedTokenParameters = new IssuedSecurityTokenParameters(this.IssuedTokenType, this.IssuerAddress, this.IssuerBinding)
{
IssuerMetadataAddress = this.issuerMetadataAddress,
KeyType = this.IssuedKeyType
};
if (this.IssuedKeyType == SecurityKeyType.SymmetricKey)
{
issuedTokenParameters.KeySize = this.AlgorithmSuite.DefaultSymmetricKeyLength;
}
else
{
issuedTokenParameters.KeySize = 0;
}
foreach (ClaimTypeRequirement requirement in this.claimTypeRequirements)
{
issuedTokenParameters.ClaimTypeRequirements.Add(requirement);
}
foreach (XmlElement element2 in this.TokenRequestParameters)
{
issuedTokenParameters.AdditionalRequestParameters.Add(element2);
}
WSSecurityTokenSerializer tokenSerializer = new WSSecurityTokenSerializer(version.SecurityVersion, version.TrustVersion, version.SecureConversationVersion, emitBspRequiredAttributes, null, null, null);
SecurityStandardsManager standardsManager = new SecurityStandardsManager(version, tokenSerializer);
issuedTokenParameters.AddAlgorithmParameters(this.AlgorithmSuite, standardsManager, this.issuedKeyType);
if (isSecureTransportMode)
{
element3 = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(issuedTokenParameters);
}
else if (this.negotiateServiceCredential)
{
element3 = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(issuedTokenParameters, version.SecurityPolicyVersion != SecurityPolicyVersion.WSSecurityPolicy11);
}
else
{
element3 = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(issuedTokenParameters);
}
element3.MessageSecurityVersion = version;
element3.DefaultAlgorithmSuite = this.AlgorithmSuite;
if (this.EstablishSecurityContext)
{
element = SecurityBindingElement.CreateSecureConversationBindingElement(element3, true);
}
else
{
element = element3;
}
element.MessageSecurityVersion = version;
element.DefaultAlgorithmSuite = this.AlgorithmSuite;
element.IncludeTimestamp = true;
if (!isReliableSession)
{
element.LocalServiceSettings.ReconnectTransportOnFailure = false;
element.LocalClientSettings.ReconnectTransportOnFailure = false;
}
else
{
element.LocalServiceSettings.ReconnectTransportOnFailure = true;
element.LocalClientSettings.ReconnectTransportOnFailure = true;
}
if (this.establishSecurityContext)
{
element3.LocalServiceSettings.IssuedCookieLifetime = NegotiationTokenAuthenticator <SspiNegotiationTokenAuthenticatorState> .defaultServerIssuedTransitionTokenLifetime;
}
return(element);
}
internal SecurityBindingElement CreateSecurityBindingElement()
{
SymmetricSecurityBindingElement wSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11;
switch (this.clientCredentialType)
{
case MessageCredentialType.None:
{
wSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11 = SecurityBindingElement.CreateAnonymousForCertificateBindingElement();
break;
}
case MessageCredentialType.Windows:
{
Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.DebugAssert("unsupported ClientCredentialType");
throw Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
case MessageCredentialType.UserName:
{
wSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11 = SecurityBindingElement.CreateUserNameForCertificateBindingElement();
break;
}
case MessageCredentialType.Certificate:
{
wSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11 = (SymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement();
break;
}
case MessageCredentialType.IssuedToken:
{
object[] objArray = new object[] { SecurityUtil.CreateSecurityStandardsManager(new object[0]), this.algorithmSuite };
wSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11 = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(SecurityUtil.IssuedSecurityTokenParameters.CreateInfoCardParameters(objArray));
break;
}
default:
{
Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.DebugAssert("unsupported ClientCredentialType");
throw Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
}
wSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11;
if (this.wasAlgorithmSuiteSet)
{
wSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11.DefaultAlgorithmSuite = this.AlgorithmSuite;
}
wSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11.IncludeTimestamp = false;
wSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11.LocalServiceSettings.DetectReplays = false;
wSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11.LocalClientSettings.DetectReplays = false;
return(wSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11);
}
internal SecurityBindingElement CreateSecurityBindingElement(bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version)
{
SecurityBindingElement element;
SecurityBindingElement element2;
if (isReliableSession && !this.IsSecureConversationEnabled())
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("SecureConversationRequiredByReliableSession")));
}
bool flag = false;
bool emitBspRequiredAttributes = true;
if (!isSecureTransportMode)
{
if (this.negotiateServiceCredential)
{
switch (this.clientCredentialType)
{
case MessageCredentialType.None:
element2 = SecurityBindingElement.CreateSslNegotiationBindingElement(false, true);
goto Label_01DA;
case MessageCredentialType.Windows:
element2 = SecurityBindingElement.CreateSspiNegotiationBindingElement(true);
goto Label_01DA;
case MessageCredentialType.UserName:
element2 = SecurityBindingElement.CreateUserNameForSslBindingElement(true);
goto Label_01DA;
case MessageCredentialType.Certificate:
element2 = SecurityBindingElement.CreateSslNegotiationBindingElement(true, true);
goto Label_01DA;
case MessageCredentialType.IssuedToken:
element2 = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(new WSSecurityTokenSerializer(emitBspRequiredAttributes)), this.algorithmSuite), true);
goto Label_01DA;
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
switch (this.clientCredentialType)
{
case MessageCredentialType.None:
element2 = SecurityBindingElement.CreateAnonymousForCertificateBindingElement();
goto Label_01DA;
case MessageCredentialType.Windows:
element2 = SecurityBindingElement.CreateKerberosBindingElement();
flag = true;
goto Label_01DA;
case MessageCredentialType.UserName:
element2 = SecurityBindingElement.CreateUserNameForCertificateBindingElement();
goto Label_01DA;
case MessageCredentialType.Certificate:
element2 = SecurityBindingElement.CreateMutualCertificateBindingElement();
goto Label_01DA;
case MessageCredentialType.IssuedToken:
element2 = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(new WSSecurityTokenSerializer(emitBspRequiredAttributes)), this.algorithmSuite));
goto Label_01DA;
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
switch (this.clientCredentialType)
{
case MessageCredentialType.None:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("ClientCredentialTypeMustBeSpecifiedForMixedMode")));
case MessageCredentialType.Windows:
element2 = SecurityBindingElement.CreateSspiNegotiationOverTransportBindingElement(true);
break;
case MessageCredentialType.UserName:
element2 = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
break;
case MessageCredentialType.Certificate:
element2 = SecurityBindingElement.CreateCertificateOverTransportBindingElement();
break;
case MessageCredentialType.IssuedToken:
element2 = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(IssuedSecurityTokenParameters.CreateInfoCardParameters(new SecurityStandardsManager(new WSSecurityTokenSerializer(emitBspRequiredAttributes)), this.algorithmSuite));
break;
default:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
if (this.IsSecureConversationEnabled())
{
element = SecurityBindingElement.CreateSecureConversationBindingElement(element2, true);
}
else
{
element = element2;
}
goto Label_01EE;
Label_01DA:
if (this.IsSecureConversationEnabled())
{
element = SecurityBindingElement.CreateSecureConversationBindingElement(element2, true);
}
else
{
element = element2;
}
Label_01EE:
if (this.wasAlgorithmSuiteSet || !flag)
{
element.DefaultAlgorithmSuite = element2.DefaultAlgorithmSuite = this.AlgorithmSuite;
}
else if (flag)
{
element.DefaultAlgorithmSuite = element2.DefaultAlgorithmSuite = SecurityAlgorithmSuite.KerberosDefault;
}
element.IncludeTimestamp = true;
element2.MessageSecurityVersion = version;
element.MessageSecurityVersion = version;
if (!isReliableSession)
{
element.LocalServiceSettings.ReconnectTransportOnFailure = false;
element.LocalClientSettings.ReconnectTransportOnFailure = false;
}
else
{
element.LocalServiceSettings.ReconnectTransportOnFailure = true;
element.LocalClientSettings.ReconnectTransportOnFailure = true;
}
if (this.IsSecureConversationEnabled())
{
element2.LocalServiceSettings.IssuedCookieLifetime = NegotiationTokenAuthenticator <SspiNegotiationTokenAuthenticatorState> .defaultServerIssuedTransitionTokenLifetime;
}
return(element);
}
protected internal virtual BindingElement CreateBindingElement(bool createTemplateOnly)
{
SecurityBindingElement result;
switch (this.AuthenticationMode)
{
case AuthenticationMode.AnonymousForCertificate:
result = SecurityBindingElement.CreateAnonymousForCertificateBindingElement();
break;
case AuthenticationMode.AnonymousForSslNegotiated:
result = SecurityBindingElement.CreateSslNegotiationBindingElement(false, this.RequireSecurityContextCancellation);
break;
case AuthenticationMode.CertificateOverTransport:
result = SecurityBindingElement.CreateCertificateOverTransportBindingElement(this.MessageSecurityVersion);
break;
case AuthenticationMode.IssuedToken:
result = SecurityBindingElement.CreateIssuedTokenBindingElement(this.IssuedTokenParameters.Create(createTemplateOnly, this.templateKeyType));
break;
case AuthenticationMode.IssuedTokenForCertificate:
result = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(this.IssuedTokenParameters.Create(createTemplateOnly, this.templateKeyType));
break;
case AuthenticationMode.IssuedTokenForSslNegotiated:
result = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(this.IssuedTokenParameters.Create(createTemplateOnly, this.templateKeyType), this.RequireSecurityContextCancellation);
break;
case AuthenticationMode.IssuedTokenOverTransport:
result = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(this.IssuedTokenParameters.Create(createTemplateOnly, this.templateKeyType));
break;
case AuthenticationMode.Kerberos:
result = SecurityBindingElement.CreateKerberosBindingElement();
break;
case AuthenticationMode.KerberosOverTransport:
result = SecurityBindingElement.CreateKerberosOverTransportBindingElement();
break;
case AuthenticationMode.MutualCertificateDuplex:
result = SecurityBindingElement.CreateMutualCertificateDuplexBindingElement(this.MessageSecurityVersion);
break;
case AuthenticationMode.MutualCertificate:
result = SecurityBindingElement.CreateMutualCertificateBindingElement(this.MessageSecurityVersion);
break;
case AuthenticationMode.MutualSslNegotiated:
result = SecurityBindingElement.CreateSslNegotiationBindingElement(true, this.RequireSecurityContextCancellation);
break;
case AuthenticationMode.SspiNegotiated:
result = SecurityBindingElement.CreateSspiNegotiationBindingElement(this.RequireSecurityContextCancellation);
break;
case AuthenticationMode.UserNameForCertificate:
result = SecurityBindingElement.CreateUserNameForCertificateBindingElement();
break;
case AuthenticationMode.UserNameForSslNegotiated:
result = SecurityBindingElement.CreateUserNameForSslBindingElement(this.RequireSecurityContextCancellation);
break;
case AuthenticationMode.UserNameOverTransport:
result = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
break;
case AuthenticationMode.SspiNegotiatedOverTransport:
result = SecurityBindingElement.CreateSspiNegotiationOverTransportBindingElement(this.RequireSecurityContextCancellation);
break;
default:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidEnumArgumentException("AuthenticationMode", (int)this.AuthenticationMode, typeof(AuthenticationMode)));
}
this.ApplyConfiguration(result);
return(result);
}
internal SecurityBindingElement CreateSecurityBindingElement(bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version)
{
SecurityBindingElement securityBindingElement;
SecurityBindingElement securityBindingElement1;
if (isReliableSession && !this.IsSecureConversationEnabled())
{
throw Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(Microsoft.ServiceBus.SR.GetString(Resources.SecureConversationRequiredByReliableSession, new object[0])));
}
bool flag = false;
bool flag1 = true;
if (!isSecureTransportMode)
{
if (!this.negotiateServiceCredential)
{
switch (this.clientCredentialType)
{
case MessageCredentialType.None:
{
securityBindingElement1 = SecurityBindingElement.CreateAnonymousForCertificateBindingElement();
goto Label0;
}
case MessageCredentialType.Windows:
{
securityBindingElement1 = SecurityBindingElement.CreateKerberosBindingElement();
flag = true;
goto Label0;
}
case MessageCredentialType.UserName:
{
securityBindingElement1 = SecurityBindingElement.CreateUserNameForCertificateBindingElement();
goto Label0;
}
case MessageCredentialType.Certificate:
{
securityBindingElement1 = SecurityBindingElement.CreateMutualCertificateBindingElement();
goto Label0;
}
case MessageCredentialType.IssuedToken:
{
securityBindingElement1 = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(this.CreateInfoCardParameters(flag1));
goto Label0;
}
}
Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.DebugAssert("unknown ClientCredentialType");
throw Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
else
{
switch (this.clientCredentialType)
{
case MessageCredentialType.None:
{
securityBindingElement1 = SecurityBindingElement.CreateSslNegotiationBindingElement(false, true);
goto Label0;
}
case MessageCredentialType.Windows:
{
securityBindingElement1 = SecurityBindingElement.CreateSspiNegotiationBindingElement(true);
goto Label0;
}
case MessageCredentialType.UserName:
{
securityBindingElement1 = SecurityBindingElement.CreateUserNameForSslBindingElement(true);
goto Label0;
}
case MessageCredentialType.Certificate:
{
securityBindingElement1 = SecurityBindingElement.CreateSslNegotiationBindingElement(true, true);
goto Label0;
}
case MessageCredentialType.IssuedToken:
{
securityBindingElement1 = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(this.CreateInfoCardParameters(flag1), true);
goto Label0;
}
}
Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.DebugAssert("unknown ClientCredentialType");
throw Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
Label0:
securityBindingElement = (!this.IsSecureConversationEnabled() ? securityBindingElement1 : SecurityBindingElement.CreateSecureConversationBindingElement(securityBindingElement1, true));
}
else
{
switch (this.clientCredentialType)
{
case MessageCredentialType.None:
{
throw Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(Microsoft.ServiceBus.SR.GetString(Resources.ClientCredentialTypeMustBeSpecifiedForMixedMode, new object[0])));
}
case MessageCredentialType.Windows:
{
securityBindingElement1 = SecurityBindingElement.CreateSspiNegotiationOverTransportBindingElement(true);
break;
}
case MessageCredentialType.UserName:
{
securityBindingElement1 = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
break;
}
case MessageCredentialType.Certificate:
{
securityBindingElement1 = SecurityBindingElement.CreateCertificateOverTransportBindingElement();
break;
}
case MessageCredentialType.IssuedToken:
{
securityBindingElement1 = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(this.CreateInfoCardParameters(flag1));
break;
}
default:
{
Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.DebugAssert("unknown ClientCredentialType");
throw Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException());
}
}
securityBindingElement = (!this.IsSecureConversationEnabled() ? securityBindingElement1 : SecurityBindingElement.CreateSecureConversationBindingElement(securityBindingElement1, true));
}
if (this.wasAlgorithmSuiteSet || !flag)
{
SecurityAlgorithmSuite algorithmSuite = this.AlgorithmSuite;
SecurityAlgorithmSuite securityAlgorithmSuite = algorithmSuite;
securityBindingElement1.DefaultAlgorithmSuite = algorithmSuite;
securityBindingElement.DefaultAlgorithmSuite = securityAlgorithmSuite;
}
else if (flag)
{
SecurityAlgorithmSuite basic128 = SecurityAlgorithmSuite.Basic128;
SecurityAlgorithmSuite securityAlgorithmSuite1 = basic128;
securityBindingElement1.DefaultAlgorithmSuite = basic128;
securityBindingElement.DefaultAlgorithmSuite = securityAlgorithmSuite1;
}
securityBindingElement.IncludeTimestamp = true;
securityBindingElement1.MessageSecurityVersion = version;
securityBindingElement.MessageSecurityVersion = version;
if (isReliableSession)
{
securityBindingElement.LocalServiceSettings.ReconnectTransportOnFailure = true;
securityBindingElement.LocalClientSettings.ReconnectTransportOnFailure = true;
}
else
{
securityBindingElement.LocalServiceSettings.ReconnectTransportOnFailure = false;
securityBindingElement.LocalClientSettings.ReconnectTransportOnFailure = false;
}
if (this.IsSecureConversationEnabled())
{
securityBindingElement1.LocalServiceSettings.IssuedCookieLifetime = TimeSpan.FromMinutes(15);
}
return(securityBindingElement);
}
internal SecurityBindingElement CreateSecurityBindingElement(bool isSecureTransportMode,
bool isReliableSession,
MessageSecurityVersion version)
{
if ((this.IssuedKeyType == SecurityKeyType.BearerKey) &&
(version.TrustVersion == TrustVersion.WSTrustFeb2005))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.BearerKeyIncompatibleWithWSFederationHttpBinding)));
}
if (isReliableSession && !this.EstablishSecurityContext)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SecureConversationRequiredByReliableSession)));
}
SecurityBindingElement result;
bool emitBspAttributes = true;
IssuedSecurityTokenParameters issuedParameters = new IssuedSecurityTokenParameters(this.IssuedTokenType, this.IssuerAddress, this.IssuerBinding);
issuedParameters.IssuerMetadataAddress = this.issuerMetadataAddress;
issuedParameters.KeyType = this.IssuedKeyType;
if (this.IssuedKeyType == SecurityKeyType.SymmetricKey)
{
issuedParameters.KeySize = this.AlgorithmSuite.DefaultSymmetricKeyLength;
}
else
{
issuedParameters.KeySize = 0;
}
foreach (ClaimTypeRequirement c in this.claimTypeRequirements)
{
issuedParameters.ClaimTypeRequirements.Add(c);
}
foreach (XmlElement p in this.TokenRequestParameters)
{
issuedParameters.AdditionalRequestParameters.Add(p);
}
WSSecurityTokenSerializer versionSpecificSerializer = new WSSecurityTokenSerializer(version.SecurityVersion,
version.TrustVersion,
version.SecureConversationVersion,
emitBspAttributes,
null, null, null);
SecurityStandardsManager versionSpecificStandardsManager = new SecurityStandardsManager(version, versionSpecificSerializer);
issuedParameters.AddAlgorithmParameters(this.AlgorithmSuite, versionSpecificStandardsManager, this.issuedKeyType);
SecurityBindingElement issuedTokenSecurity;
if (isSecureTransportMode)
{
issuedTokenSecurity = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(issuedParameters);
}
else
{
if (negotiateServiceCredential)
{
// We should have passed 'true' as RequireCancelation to be consistent with other standard bindings.
// However, to limit the change for Orcas, we scope down to just newer version of WSSecurityPolicy.
issuedTokenSecurity = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(issuedParameters, version.SecurityPolicyVersion != SecurityPolicyVersion.WSSecurityPolicy11);
}
else
{
issuedTokenSecurity = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(issuedParameters);
}
}
issuedTokenSecurity.MessageSecurityVersion = version;
issuedTokenSecurity.DefaultAlgorithmSuite = this.AlgorithmSuite;
if (this.EstablishSecurityContext)
{
result = SecurityBindingElement.CreateSecureConversationBindingElement(issuedTokenSecurity, true);
}
else
{
result = issuedTokenSecurity;
}
result.MessageSecurityVersion = version;
result.DefaultAlgorithmSuite = this.AlgorithmSuite;
result.IncludeTimestamp = true;
if (!isReliableSession)
{
result.LocalServiceSettings.ReconnectTransportOnFailure = false;
result.LocalClientSettings.ReconnectTransportOnFailure = false;
}
else
{
result.LocalServiceSettings.ReconnectTransportOnFailure = true;
result.LocalClientSettings.ReconnectTransportOnFailure = true;
}
if (this.establishSecurityContext)
{
// issue the transition SCT for a short duration only
issuedTokenSecurity.LocalServiceSettings.IssuedCookieLifetime = SpnegoTokenAuthenticator.defaultServerIssuedTransitionTokenLifetime;
}
return(result);
}
public static eHtalkMessage GetResponseSync(eHtalkMessage msg, X509Certificate2 extInterfaCertificate, string esbEndpoint, string relyingParty, string identityProviderURL, X509Certificate2 userCertificate, string wsaddressingTo, Stopwatch stopw)
{
#if !CC
IssuedSecurityTokenProvider provider = new IssuedSecurityTokenProvider();
provider.SecurityTokenSerializer = new WSSecurityTokenSerializer();
provider.TargetAddress = new EndpointAddress(new Uri(relyingParty), new AddressHeader[0]);
provider.IssuerAddress = new EndpointAddress(new Uri(identityProviderURL), new AddressHeader[0]);
provider.SecurityAlgorithmSuite = SecurityAlgorithmSuite.Basic256;
provider.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
ClientCredentials credentials = new ClientCredentials
{
ClientCertificate = { Certificate = userCertificate }
};
provider.IssuerChannelBehaviors.Add(credentials);
HttpsTransportBindingElement tbe = new HttpsTransportBindingElement
{
AuthenticationScheme = AuthenticationSchemes.Digest,
RequireClientCertificate = true,
KeepAliveEnabled = false
};
CustomBinding stsBinding = new CustomBinding(new BindingElement[] { tbe });
provider.IssuerBinding = stsBinding;
provider.Open();
var token = provider.GetToken(TimeSpan.FromSeconds(30.0)) as GenericXmlSecurityToken;
#endif
#if CC
var cc = new EhealthCryptoController();
var token = cc.GetSamlTokenForHealthProfessional(relyingParty);
#endif
if (token == null)
{
throw new ApplicationException("No AT token received");
}
Console.WriteLine(string.Format("Ziskany AT token in {0}", stopw.ElapsedMilliseconds));
CustomBinding binding = new CustomBinding();
SecurityBindingElement sbe = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(new IssuedSecurityTokenParameters()
{
RequireDerivedKeys = true, KeyType = SecurityKeyType.SymmetricKey
});
sbe.MessageSecurityVersion =
MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
sbe.SecurityHeaderLayout = SecurityHeaderLayout.Strict;
sbe.IncludeTimestamp = true;
//sbe.AllowInsecureTransport = true;
sbe.SetKeyDerivation(true);
sbe.KeyEntropyMode = SecurityKeyEntropyMode.ClientEntropy;
binding.Elements.Add(sbe);
binding.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap12WSAddressing10, System.Text.Encoding.UTF8));
binding.Elements.Add(new HttpsTransportBindingElement()
{
RequireClientCertificate = true, KeepAliveEnabled = true
});
var regEx = new Regex(@"https?://([^/]+)");
var dnsIdentity = regEx.Match(wsaddressingTo).Groups[1].Captures[0].Value;
var channelFactory = new ChannelFactory <IeHealthSyncService>(binding,
new EndpointAddress(
new Uri(wsaddressingTo),
new DnsEndpointIdentity(dnsIdentity),
new AddressHeader[] { }));
channelFactory.Credentials.SupportInteractive = false;
channelFactory.Credentials.ClientCertificate.Certificate = userCertificate;
channelFactory.Credentials.ServiceCertificate.DefaultCertificate = extInterfaCertificate;
channelFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode =
X509CertificateValidationMode.None;
channelFactory.ConfigureChannelFactory <IeHealthSyncService>();
channelFactory.Endpoint.Behaviors.Add(new ClientViaBehavior(new Uri(esbEndpoint)));
var channel = channelFactory.CreateChannelWithIssuedToken(token);
Console.WriteLine(string.Format("vytvoreny kanal: {0}", stopw.ElapsedMilliseconds));
var stopw1 = new Stopwatch();
eHtalkMessage data = null;
int wait = 1;
for (int i = 0; i < 20; i++)
{
stopw1.Reset();
stopw1.Start();
msg.Header.MessageInfo.MessageID = Guid.NewGuid().ToString("D");
Debug.WriteLine("Start calling", "MyCustom");
try
{
data = channel.GetData(msg);
}
catch (CommunicationException ex)
{
data = channel.GetData(msg);
}
Console.WriteLine(string.Format("po {1} sekundach: {0}", stopw1.ElapsedMilliseconds, wait));
Thread.Sleep(wait * 1000);
wait = wait * 2;
}
return(data);
}
/// <summary>
/// Creates a custom binding based on an example generated from svcutil.exe
/// </summary>
/// <param name="exeConfigPath"></param>
/// <returns></returns>
/// <remarks>
/// https://msdn.microsoft.com/en-us/library/ms731690(v=vs.110).aspx
/// </remarks>
public static List <CustomBinding> GetCustomBindings(string exeConfigPath)
{
if (string.IsNullOrWhiteSpace(exeConfigPath))
{
return(null);
}
var svcSection = Read.Config.ExeConfig.GetServiceModelSection(exeConfigPath);
var configs = new List <CustomBinding>();
foreach (var section in svcSection.Bindings.CustomBinding.ConfiguredBindings.Cast <CustomBindingElement>())
{
var binding = new CustomBinding
{
Name = section.Name,
};
var cfgSecurity = section[0] as SecurityElement;
if (cfgSecurity == null)
{
configs.Add(binding);
continue;
}
var mode = cfgSecurity.AuthenticationMode;
var msgSecurityVersion = cfgSecurity.MessageSecurityVersion;
var issuedTokenParameter = new IssuedSecurityTokenParameters();
if (cfgSecurity.IssuedTokenParameters.AdditionalRequestParameters != null)
{
foreach (var arp in cfgSecurity.IssuedTokenParameters.AdditionalRequestParameters.Cast <XmlElementElement>())
{
issuedTokenParameter.AdditionalRequestParameters.Add(arp.XmlElement);
}
}
if (cfgSecurity.IssuedTokenParameters.Issuer?.Address != null)
{
var address = cfgSecurity.IssuedTokenParameters.Issuer.Address;
var idElem = cfgSecurity.IssuedTokenParameters.Issuer.Identity;
issuedTokenParameter.IssuerAddress = GetEnpointAddressWithIdentity(address, idElem);
}
if (cfgSecurity.IssuedTokenParameters.Issuer?.Binding != null)
{
issuedTokenParameter.IssuerBinding = GetBindingByName(cfgSecurity.IssuedTokenParameters.Issuer.Binding);
}
if (cfgSecurity.IssuedTokenParameters.IssuerMetadata?.Address != null)
{
var address = cfgSecurity.IssuedTokenParameters.IssuerMetadata.Address;
var idElem = cfgSecurity.IssuedTokenParameters.IssuerMetadata.Identity;
issuedTokenParameter.IssuerMetadataAddress = GetEnpointAddressWithIdentity(address, idElem);
}
SecurityBindingElement securityElemnt;
switch (mode)
{
case AuthenticationMode.IssuedTokenOverTransport:
securityElemnt =
SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(issuedTokenParameter);
break;
case AuthenticationMode.AnonymousForCertificate:
securityElemnt = SecurityBindingElement.CreateAnonymousForCertificateBindingElement();
break;
case AuthenticationMode.AnonymousForSslNegotiated:
securityElemnt = SecurityBindingElement.CreateSslNegotiationBindingElement(false);
break;
case AuthenticationMode.CertificateOverTransport:
securityElemnt =
SecurityBindingElement.CreateCertificateOverTransportBindingElement(msgSecurityVersion);
break;
case AuthenticationMode.IssuedToken:
securityElemnt = SecurityBindingElement.CreateIssuedTokenBindingElement(issuedTokenParameter);
break;
case AuthenticationMode.IssuedTokenForCertificate:
securityElemnt = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(issuedTokenParameter);
break;
case AuthenticationMode.IssuedTokenForSslNegotiated:
securityElemnt = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(issuedTokenParameter);
break;
case AuthenticationMode.Kerberos:
securityElemnt = SecurityBindingElement.CreateKerberosBindingElement();
break;
case AuthenticationMode.KerberosOverTransport:
securityElemnt = SecurityBindingElement.CreateKerberosOverTransportBindingElement();
break;
case AuthenticationMode.MutualCertificate:
securityElemnt = SecurityBindingElement.CreateMutualCertificateBindingElement(msgSecurityVersion);
break;
case AuthenticationMode.MutualCertificateDuplex:
securityElemnt = SecurityBindingElement.CreateMutualCertificateDuplexBindingElement(msgSecurityVersion);
break;
case AuthenticationMode.MutualSslNegotiated:
securityElemnt = SecurityBindingElement.CreateSslNegotiationBindingElement(false);
break;
case AuthenticationMode.SspiNegotiated:
securityElemnt = SecurityBindingElement.CreateSspiNegotiationBindingElement();
break;
case AuthenticationMode.SspiNegotiatedOverTransport:
securityElemnt = SecurityBindingElement.CreateSspiNegotiationOverTransportBindingElement();
break;
case AuthenticationMode.UserNameForCertificate:
securityElemnt = SecurityBindingElement.CreateUserNameForCertificateBindingElement();
break;
case AuthenticationMode.UserNameForSslNegotiated:
securityElemnt = SecurityBindingElement.CreateUserNameForSslBindingElement();
break;
case AuthenticationMode.UserNameOverTransport:
securityElemnt = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
break;
default:
throw new NotImplementedException();
}
securityElemnt.AllowInsecureTransport = cfgSecurity.AllowInsecureTransport;
securityElemnt.DefaultAlgorithmSuite = cfgSecurity.DefaultAlgorithmSuite;
securityElemnt.EnableUnsecuredResponse = cfgSecurity.EnableUnsecuredResponse;
securityElemnt.IncludeTimestamp = cfgSecurity.IncludeTimestamp;
securityElemnt.MessageSecurityVersion = cfgSecurity.MessageSecurityVersion;
securityElemnt.KeyEntropyMode = cfgSecurity.KeyEntropyMode;
securityElemnt.ProtectTokens = cfgSecurity.ProtectTokens;
securityElemnt.SecurityHeaderLayout = cfgSecurity.SecurityHeaderLayout;
securityElemnt.SetKeyDerivation(cfgSecurity.RequireDerivedKeys);
binding.Elements.Add(securityElemnt);
configs.Add(binding);
}
return(configs);
}