protected override System.ServiceModel.Channels.SecurityBindingElement CreateMessageSecurity()
{
if (Security.Mode == SecurityMode.Transport || Security.Mode == SecurityMode.None)
{
return(null);
}
var element = new System.ServiceModel.Channels.SymmetricSecurityBindingElement();
element.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
element.RequireSignatureConfirmation = true;
switch (Security.Message.ClientCredentialType)
{
case MessageCredentialType.Certificate:
var p = new System.ServiceModel.Security.Tokens.X509SecurityTokenParameters(System.ServiceModel.Security.Tokens.X509KeyIdentifierClauseType.Thumbprint);
p.RequireDerivedKeys = false;
element.EndpointSupportingTokenParameters.Endorsing.Add(p);
goto default;
case MessageCredentialType.IssuedToken:
var istp = new System.ServiceModel.Security.Tokens.IssuedSecurityTokenParameters();
istp.IssuerBinding = new System.ServiceModel.Channels.CustomBinding(new System.ServiceModel.Channels.TextMessageEncodingBindingElement(), GetTransport());
element.EndpointSupportingTokenParameters.Endorsing.Add(istp);
goto default;
case MessageCredentialType.UserName:
element.EndpointSupportingTokenParameters.SignedEncrypted.Add(new System.ServiceModel.Security.Tokens.UserNameSecurityTokenParameters());
element.RequireSignatureConfirmation = false;
goto default;
case MessageCredentialType.Windows:
if (Security.Message.NegotiateServiceCredential)
{
element.ProtectionTokenParameters = new System.ServiceModel.Security.Tokens.SspiSecurityTokenParameters();
}
else
{
element.ProtectionTokenParameters = new System.ServiceModel.Security.Tokens.KerberosSecurityTokenParameters();
}
break;
default:
if (Security.Message.NegotiateServiceCredential)
{
element.ProtectionTokenParameters = new System.ServiceModel.Security.Tokens.SslSecurityTokenParameters(false, true);
}
else
{
element.ProtectionTokenParameters = new System.ServiceModel.Security.Tokens.X509SecurityTokenParameters(System.ServiceModel.Security.Tokens.X509KeyIdentifierClauseType.Thumbprint, System.ServiceModel.Security.Tokens.SecurityTokenInclusionMode.Never);
element.ProtectionTokenParameters.RequireDerivedKeys = true;
}
break;
}
if (!Security.Message.EstablishSecurityContext)
{
return(element);
}
var reqs = new System.ServiceModel.Security.ChannelProtectionRequirements();
return(System.ServiceModel.Channels.SecurityBindingElement.CreateSecureConversationBindingElement(element, true, reqs));
}
public static SymmetricSecurityBindingElement CreateIssuedTokenBindingElement(System.ServiceModel.Security.Tokens.IssuedSecurityTokenParameters issuedTokenParameters)
{
Contract.Ensures(Contract.Result <System.ServiceModel.Channels.SymmetricSecurityBindingElement>() != null);
return(default(SymmetricSecurityBindingElement));
}
public static SymmetricSecurityBindingElement CreateIssuedTokenForSslBindingElement(System.ServiceModel.Security.Tokens.IssuedSecurityTokenParameters issuedTokenParameters)
{
return(default(SymmetricSecurityBindingElement));
}
public static TransportSecurityBindingElement CreateIssuedTokenOverTransportBindingElement(System.ServiceModel.Security.Tokens.IssuedSecurityTokenParameters issuedTokenParameters)
{
Contract.Requires(issuedTokenParameters != null);
Contract.Ensures(Contract.Result <System.ServiceModel.Channels.TransportSecurityBindingElement>() != null);
return(default(TransportSecurityBindingElement));
}
public static SymmetricSecurityBindingElement CreateIssuedTokenForSslBindingElement(System.ServiceModel.Security.Tokens.IssuedSecurityTokenParameters issuedTokenParameters, bool requireCancellation)
{
Contract.Requires(issuedTokenParameters != null);
Contract.Ensures(Contract.Result <System.ServiceModel.Channels.SymmetricSecurityBindingElement>() != null);
return(default(SymmetricSecurityBindingElement));
}