Exemple #1
0
 private ServiceCredentials GetServiceCredentials()
 {
     var serviceCredentials = new ServiceCredentials();
     serviceCredentials.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom;
     serviceCredentials.UserNameAuthentication.CustomUserNamePasswordValidator = new CustomUserNameValidator();
     return serviceCredentials;
 }
        protected override void InitializeRuntime()
        {
            // Extract the ServiceCredentials behavior or create one.
            ServiceCredentials serviceCredentials = this.Description.Behaviors.Find<ServiceCredentials>();
            if (serviceCredentials == null)
            {
                serviceCredentials = new ServiceCredentials();
                this.Description.Behaviors.Add(serviceCredentials);
            }

            // Set the service certificate.
            serviceCredentials.ServiceCertificate.SetCertificate("CN=localhost");

            /*
            Setting the CertificateValidationMode to PeerOrChainTrust means that if the certificate
            is in the Trusted People store, then it is trusted without performing a
            validation of the certificate's issuer chain. This setting is used here for convenience so that the
            sample can be run without having to have certificates issued by a certificate authority (CA).
            This setting is less secure than the default, ChainTrust. The security implications of this
            setting should be carefully considered before using PeerOrChainTrust in production code.
            */
            serviceCredentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.PeerOrChainTrust;

            // Create the custom binding and add an endpoint to the service.
            Binding multipleTokensBinding = BindingHelper.CreateMultiFactorAuthenticationBinding();
            this.AddServiceEndpoint(typeof(IEchoService), multipleTokensBinding, string.Empty);

            base.InitializeRuntime();
        }
Exemple #3
0
		public WSManServiceHost ()
		{
			var uri = new Uri ("http://localhost:5985/wsman");
			_host = new ServiceHost(ManagementServer.Create ());
			var binding = new WSManBinding();
			_host.AddServiceEndpoint (typeof(IWSTransferContract),
			                          binding, uri);
			_host.AddServiceEndpoint (typeof(IWSEnumerationContract),
			                          binding, uri);
			_host.AddServiceEndpoint (typeof(IWSEventingContract),
			                          binding, uri);

			
			ServiceCredentials cred = new ServiceCredentials ();
			cred.ServiceCertificate.Certificate = new X509Certificate2 ("powershell.pfx", "mono");
			cred.ClientCertificate.Authentication.CertificateValidationMode =
				X509CertificateValidationMode.None;
			cred.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom;
			cred.UserNameAuthentication.CustomUserNamePasswordValidator = new WSManUserNamePasswordValidator();
			_host.Description.Behaviors.Add (cred);
			var serviceBehavior = _host.Description.Behaviors.Find<ServiceBehaviorAttribute> ();
			serviceBehavior.ConcurrencyMode = ConcurrencyMode.Multiple;
			serviceBehavior.InstanceContextMode = InstanceContextMode.Single;
			serviceBehavior.IncludeExceptionDetailInFaults = true;
			_host.Description.Behaviors.Find<ServiceDebugBehavior> ()
				.IncludeExceptionDetailInFaults = true;
			ServiceMetadataBehavior smb = new ServiceMetadataBehavior ();
			smb.HttpGetEnabled = true;
			smb.HttpGetUrl = new Uri (uri.ToString () + "/wsdl");
			_host.Description.Behaviors.Add (smb);
			_host.Description.Behaviors.Add (new FilterMapExtensionServiceBehaviorAttribute());
			//_host.Description.Behaviors.Add (new AddressingVersionExtensionServiceBehaviorAttribute());
		}
 public ServiceCredentialsSecurityTokenManager(System.ServiceModel.Description.ServiceCredentials parent)
 {
     if (parent == null)
     {
         throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("parent");
     }
     this.parent = parent;
 }
Exemple #5
0
 public ServiceCredentialsSecurityTokenManager(System.ServiceModel.Description.ServiceCredentials parent)
 {
     if (parent == null)
     {
         throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("parent");
     }
     this.parent = parent;
 }
        public ServiceCredentials Clone()
        {
            ServiceCredentials ret = CloneCore();

            if (ret.GetType() != GetType())
            {
                throw new NotImplementedException("CloneCore() must be implemented to return an instance of the same type in this custom ServiceCredentials type.");
            }
            return(ret);
        }
 protected ServiceCredentials(ServiceCredentials other)
 {
     initiator           = other.initiator.Clone();
     peer                = other.peer.Clone();
     recipient           = other.recipient.Clone();
     userpass            = other.userpass.Clone();
     windows             = other.windows.Clone();
     issued_token        = other.issued_token.Clone();
     secure_conversation = other.secure_conversation.Clone();
 }
Exemple #8
0
		protected ServiceCredentials (ServiceCredentials other)
		{
			initiator = other.initiator.Clone ();
			peer = other.peer.Clone ();
			recipient = other.recipient.Clone ();
			userpass = other.userpass.Clone ();
			windows = other.windows.Clone ();
			issued_token = other.issued_token.Clone ();
			secure_conversation = other.secure_conversation.Clone ();
		}
        public ServiceCredentials Clone()
        {
            ServiceCredentials credentials = this.CloneCore();

            if ((credentials == null) || (credentials.GetType() != base.GetType()))
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotImplementedException(System.ServiceModel.SR.GetString("CloneNotImplementedCorrectly", new object[] { base.GetType(), (credentials != null) ? credentials.ToString() : "null" })));
            }
            return(credentials);
        }
		public static IServiceBehavior ServiceCredentials(X509Certificate2 certificate, Func<UserNamePasswordValidator> validator)
		{
			var serviceCredentials = new ServiceCredentials();
			serviceCredentials.ServiceCertificate.Certificate = certificate;

			serviceCredentials.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom;
			serviceCredentials.UserNameAuthentication.CustomUserNamePasswordValidator = validator();

			return serviceCredentials;
		}
        public ServiceCredentials Clone()
        {
            ServiceCredentials result = CloneCore();

            if (result == null || result.GetType() != this.GetType())
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotImplementedException(SR.GetString(SR.CloneNotImplementedCorrectly, this.GetType(), (result != null) ? result.ToString() : "null")));
            }
            return(result);
        }
        public JwtRequestInterceptor(ServiceCredentials credentials)
            : base(true)
        {
            if (credentials == null)
                throw new ArgumentNullException("credentials");

            _wifCredentials = credentials as FederatedServiceCredentials;

            if (_wifCredentials == null)
                throw new InvalidOperationException("WIF is not configured.");
        }
		public void ClientCertificate ()
		{
			X509CertificateInitiatorServiceCredential cc =
				new ServiceCredentials ().ClientCertificate;
			Assert.IsNull (cc.Certificate, "#1");
			Assert.AreEqual (X509CertificateValidationMode.ChainTrust, cc.Authentication.CertificateValidationMode, "#2-1");
			Assert.IsNull (cc.Authentication.CustomCertificateValidator, "#2-2");
			Assert.IsTrue (cc.Authentication.IncludeWindowsGroups, "#2-3");
			Assert.IsFalse (cc.Authentication.MapClientCertificateToWindowsAccount, "#2-4");
			Assert.AreEqual (X509RevocationMode.Online, cc.Authentication.RevocationMode, "#2-5");
			Assert.AreEqual (StoreLocation.LocalMachine, cc.Authentication.TrustedStoreLocation, "#2-6");
		}
		public void IssuedTokenAuthentication ()
		{
			IssuedTokenServiceCredential ic =
				new ServiceCredentials ().IssuedTokenAuthentication;
			Assert.IsFalse (ic.AllowUntrustedRsaIssuers, "#1");
			Assert.AreEqual (X509CertificateValidationMode.ChainTrust, ic.CertificateValidationMode, "#2");
			Assert.IsNull (ic.CustomCertificateValidator, "#3");
			Assert.AreEqual (0, ic.KnownCertificates.Count, "#4");
			Assert.AreEqual (X509RevocationMode.Online, ic.RevocationMode, "#5");
			Assert.IsNull (ic.SamlSerializer, "#6");
			Assert.AreEqual (StoreLocation.LocalMachine, ic.TrustedStoreLocation, "#7");
		}
 protected ServiceCredentials(ServiceCredentials other)
 {
     if (other == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("other");
     }
     this.userName = new UserNamePasswordServiceCredential(other.userName);
     this.clientCertificate = new X509CertificateInitiatorServiceCredential(other.clientCertificate);
     this.serviceCertificate = new X509CertificateRecipientServiceCredential(other.serviceCertificate);
     this.windows = new WindowsServiceCredential(other.windows);
     this.issuedToken = new IssuedTokenServiceCredential(other.issuedToken);
     this.peer = new PeerCredential(other.peer);
     this.secureConversation = new SecureConversationServiceCredential(other.secureConversation);
 }
 protected ServiceCredentials(ServiceCredentials other)
 {
     if (other == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("other");
     }
     this.userName           = new UserNamePasswordServiceCredential(other.userName);
     this.clientCertificate  = new X509CertificateInitiatorServiceCredential(other.clientCertificate);
     this.serviceCertificate = new X509CertificateRecipientServiceCredential(other.serviceCertificate);
     this.windows            = new WindowsServiceCredential(other.windows);
     this.issuedToken        = new IssuedTokenServiceCredential(other.issuedToken);
     this.peer = new PeerCredential(other.peer);
     this.secureConversation = new SecureConversationServiceCredential(other.secureConversation);
 }
		public void Peer ()
		{
			PeerCredential p = new ServiceCredentials ().Peer;
			Assert.IsNull (p.Certificate, "#1");
			Assert.IsNull (p.MeshPassword, "#2");
			X509PeerCertificateAuthentication pa = p.MessageSenderAuthentication;
			Assert.AreEqual (X509CertificateValidationMode.PeerOrChainTrust, pa.CertificateValidationMode, "#3-1");
			Assert.IsNull (pa.CustomCertificateValidator, "#3-2");
			Assert.AreEqual (X509RevocationMode.Online, pa.RevocationMode, "#3-3");
			Assert.AreEqual (StoreLocation.CurrentUser, pa.TrustedStoreLocation, "#3-4");
			pa = p.PeerAuthentication;
			Assert.AreEqual (X509CertificateValidationMode.PeerOrChainTrust, pa.CertificateValidationMode, "#4-1");
			Assert.IsNull (pa.CustomCertificateValidator, "#4-2");
			Assert.AreEqual (X509RevocationMode.Online, pa.RevocationMode, "#4-3");
			Assert.AreEqual (StoreLocation.CurrentUser, pa.TrustedStoreLocation, "#4-4");
		}
Exemple #18
0
        private void CreateServiceHost(Uri uri, string subjectName = null)
        {
            if (host != null) return;

            CustomBinding binding = new CustomBinding();
            binding.Elements.Add(new ByteStreamMessageEncodingBindingElement());

            HttpTransportBindingElement transport;
            ServiceCredentials behavior = null;
            string scheme;
            if (uri.Scheme.Equals("ws"))
            {
                transport = new HttpTransportBindingElement();
                scheme = Uri.UriSchemeHttp;
            }
            else
            {
                transport = new HttpsTransportBindingElement();
                scheme = Uri.UriSchemeHttps;
                behavior = new ServiceCredentials();
                behavior.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine,
                    StoreName.My, X509FindType.FindBySubjectName, subjectName);
            }

            transport.WebSocketSettings = new WebSocketTransportSettings()
            {
                TransportUsage = WebSocketTransportUsage.Always,
                CreateNotificationOnConnection = false
            };
            binding.Elements.Add(transport);

            host = new ServiceHost(typeof(WebSocketServerTool.Service));

            UriBuilder newUri = new UriBuilder(uri)
            {
                Scheme = scheme
            };

            ServiceEndpoint endpoint = host.AddServiceEndpoint(typeof(IService),
                binding, newUri.ToString());

            if (behavior != null)
                host.Description.Behaviors.Add(behavior);

            host.Open();
        }
Exemple #19
0
        static void Main(string[] args)
        {
            
            //Create a ServiceHost for the CalculatorService type
            using (ServiceHost serviceHost = new ServiceHost(typeof(CalculatorService)))
            {
                //Create and configure the WseHttpBinding
                WseHttpBinding binding = new WseHttpBinding();
                binding.SecurityAssertion = WseSecurityAssertion.AnonymousForCertificate;
                binding.EstablishSecurityContext = true;
                binding.RequireDerivedKeys = true;
                binding.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;

                serviceHost.AddServiceEndpoint(typeof(ICalculator), binding, "");
                ServiceCredentials creds = new ServiceCredentials();
                creds.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine,
                                                        StoreName.My,
                                                        X509FindType.FindBySubjectName,
                                                        "localhost");
                serviceHost.Description.Behaviors.Add(creds);
                serviceHost.Open();

                // The service can now be accessed.
                Console.WriteLine("Press enter to terminate the service");
                // Uncomment the following to see the account the service is running under
                //Console.WriteLine("The service is running in the following account: {0}", WindowsIdentity.GetCurrent().Name);

                for (int i = 0; i < serviceHost.ChannelDispatchers.Count; ++i)
                {
                    ChannelDispatcher channelDispatcher = serviceHost.ChannelDispatchers[i] as ChannelDispatcher;
                    if (channelDispatcher != null)
                    {
                        for (int j=0; j<channelDispatcher.Endpoints.Count; ++j)
                        {
                            EndpointDispatcher endpointDispatcher = channelDispatcher.Endpoints[j];
                            Console.WriteLine("The service is listening on {0}", endpointDispatcher.EndpointAddress.Uri);
                        }
                    }
                }

                Console.WriteLine("The service is ready");
                Console.ReadLine();
            }
        }
        /// <summary>
        /// Initializes an instance of <see cref="FederatedSecurityTokenManager"/>.
        /// </summary>
        /// <param name="parentCredentials">ServiceCredentials that created this instance of TokenManager.</param>
        /// <exception cref="ArgumentNullException">The argument 'parentCredentials' is null.</exception>
        public FederatedSecurityTokenManager( ServiceCredentials parentCredentials )
            : base( parentCredentials )
        {
            if ( parentCredentials == null )
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "parentCredentials" );
            }

            if ( parentCredentials.IdentityConfiguration == null )
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "parentCredentials.IdentityConfiguration" );
            }

            _exceptionMapper = parentCredentials.ExceptionMapper;

            _securityTokenHandlerCollection = parentCredentials.IdentityConfiguration.SecurityTokenHandlers;                        
            _tokenCache = _securityTokenHandlerCollection.Configuration.Caches.SessionSecurityTokenCache;                        
            _cookieTransforms = SessionSecurityTokenHandler.DefaultCookieTransforms;
        }
Exemple #21
0
		public WSManServiceHost ()
		{ 
			try 
			{ 
				//localhost:5985/wsman
				SymmetricSecurityBindingElement sbe = SecurityBindingElement.CreateUserNameForSslBindingElement();
				//sbe.IncludeTimestamp = false;
				//sbe.LocalServiceSettings.DetectReplays = false;
				sbe.ProtectionTokenParameters = new X509SecurityTokenParameters ();
				// This "Never" is somehow mandatory (though I wonder why ...)
				sbe.ProtectionTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never;
				
				sbe.SetKeyDerivation (false);
				sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
				_host = new ServiceHost (typeof (WSManHttpService));
				HttpTransportBindingElement hbe = new HttpTransportBindingElement ();
				CustomBinding binding = new CustomBinding (sbe, hbe);
				binding.ReceiveTimeout = TimeSpan.FromSeconds (5);
				_host.AddServiceEndpoint (typeof(IWSManHttpService),
				                         binding, new Uri ("http://localhost:5985/wsman"));
				
				ServiceCredentials cred = new ServiceCredentials ();
				cred.ServiceCertificate.Certificate = new X509Certificate2 ("powershell.pfx", "mono");
				cred.ClientCertificate.Authentication.CertificateValidationMode =
					X509CertificateValidationMode.None;
				cred.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom;
				cred.UserNameAuthentication.CustomUserNamePasswordValidator = new WSManUserNamePasswordValidator();
				_host.Description.Behaviors.Add (cred);
				_host.Description.Behaviors.Find<ServiceDebugBehavior> ()
					.IncludeExceptionDetailInFaults = false;
				ServiceMetadataBehavior smb = new ServiceMetadataBehavior ();
				smb.HttpGetEnabled = true;
				smb.HttpGetUrl = new Uri ("http://localhost:5985/wsman/wsdl");
				_host.Description.Behaviors.Add (smb);



			} catch (Exception ex) {
				Console.WriteLine ("Could not create service...");
				Console.WriteLine (ex.Message);
			}
		}
        public override ServiceHostBase CreateServiceHost(string constructorString, Uri[] baseAddresses)
        {
            var config = CreateSecurityTokenServiceConfiguration(constructorString);
            var host = new WSTrustServiceHost(config, baseAddresses);

            // add behavior for load balancing support
            host.Description.Behaviors.Add(new UseRequestHeadersForMetadataAddressBehavior());

            // modify address filter mode for load balancing
            var serviceBehavior = host.Description.Behaviors.Find<ServiceBehaviorAttribute>();
            serviceBehavior.AddressFilterMode = AddressFilterMode.Any;

            var credential = new ServiceCredentials();
            credential.ServiceCertificate.Certificate = Configuration.TokenSigningCertificate;
            host.Description.Behaviors.Add(credential);

            host.AddServiceEndpoint(
                typeof(IWSTrust13SyncContract),
                new WindowsWSTrustBinding(SecurityMode.Message),
                "/Message/Windows");

            return host;
        }
		public void CheckDuplicateAuthenticatorTypesService ()
		{
			SymmetricSecurityBindingElement be =
				new SymmetricSecurityBindingElement ();
			be.ProtectionTokenParameters =
				new X509SecurityTokenParameters ();
			be.EndpointSupportingTokenParameters.Endorsing.Add (
				new X509SecurityTokenParameters ());
			// This causes multiple supporting token authenticator
			// of the same type.
			be.OptionalEndpointSupportingTokenParameters.Endorsing.Add (
				new X509SecurityTokenParameters ());
			Binding b = new CustomBinding (be, new HttpTransportBindingElement ());
			ServiceCredentials cred = new ServiceCredentials ();
			cred.ServiceCertificate.Certificate =
				new X509Certificate2 ("Test/Resources/test.pfx", "mono");
			IChannelListener<IReplyChannel> ch = b.BuildChannelListener<IReplyChannel> (new Uri ("http://localhost:" + NetworkHelpers.FindFreePort ()), cred);
			try {
				ch.Open ();
			} finally {
				if (ch.State == CommunicationState.Closed)
					ch.Close ();
			}
		}
		public void OpenListenerNoPrivateKeyInServiceCertificate ()
		{
			CustomBinding rb = CreateBinding ();
			BindingParameterCollection bpl =
				new BindingParameterCollection ();
			ServiceCredentials cred = new ServiceCredentials ();
			cred.ServiceCertificate.Certificate =
				new X509Certificate2 ("Test/Resources/test.cer");
			IServiceBehavior sb = cred;
			sb.AddBindingParameters (null, null, null, bpl);
			IChannelListener<IReplyChannel> listener = rb.BuildChannelListener<IReplyChannel> (bpl);
			listener.Open ();
		}
		IChannelListener<IReplyChannel> CreateListener (ReplyHandler handler, RequestReceiver receiver)
		{
			CustomBinding rb = CreateBinding (handler, receiver);
			BindingParameterCollection bpl =
				new BindingParameterCollection ();
			ServiceCredentials cred = new ServiceCredentials ();
			cred.ServiceCertificate.Certificate =
				new X509Certificate2 ("Test/Resources/test.pfx", "mono");
			IServiceBehavior sb = cred;
			sb.AddBindingParameters (null, null, null, bpl);
			IChannelListener<IReplyChannel> listener = rb.BuildChannelListener<IReplyChannel> (bpl);
			return listener;
		}
			public CustomSecurityTokenManager(ServiceCredentials parent)
				: base(parent)
			{
			}
		public ServiceCredentialsSecurityTokenManager (
			ServiceCredentials credentials)
		{
			this.credentials = credentials;
		}
			public MyManager (ServiceCredentials cred)
				: base (cred)
			{
			}
		public void UserNameAuthentication ()
		{
			UserNamePasswordServiceCredential un =
				new ServiceCredentials ().UserNameAuthentication;
			Assert.AreEqual (TimeSpan.FromMinutes (15), un.CachedLogonTokenLifetime, "#1");
			Assert.IsFalse (un.CacheLogonTokens, "#2");
			Assert.IsNull (un.CustomUserNamePasswordValidator, "#3");
			Assert.IsTrue (un.IncludeWindowsGroups, "#4");
			Assert.AreEqual (0x80, un.MaxCachedLogonTokens, "#5");
			Assert.IsNull (un.MembershipProvider, "#6");
			Assert.AreEqual (UserNamePasswordValidationMode.Windows, un.UserNamePasswordValidationMode, "#7");

			// TODO: WindowsAuthentication if we have infinite amount of free time.
		}
        /// <summary>
        /// Creates a service host to process WS-Trust 1.3 requests
        /// </summary>
        /// <param name="constructorString">The constructor string.</param>
        /// <param name="baseAddresses">The base addresses.</param>
        /// <returns>A WS-Trust ServiceHost</returns>
        public override ServiceHostBase CreateServiceHost(string constructorString, Uri[] baseAddresses)
        {
            var globalConfiguration = ConfigurationRepository.Configuration;
            var config = CreateSecurityTokenServiceConfiguration(constructorString);
            var host = new WSTrustServiceHost(config, baseAddresses);
            
            // add behavior for load balancing support
            host.Description.Behaviors.Add(new UseRequestHeadersForMetadataAddressBehavior());

            // modify address filter mode for load balancing
            var serviceBehavior = host.Description.Behaviors.Find<ServiceBehaviorAttribute>();
            serviceBehavior.AddressFilterMode = AddressFilterMode.Any;

            // add and configure a mixed mode security endpoint
            if (ConfigurationRepository.Endpoints.WSTrustMixed)
            {
                EndpointIdentity epi = null;
                if (ConfigurationRepository.Configuration.EnableStrongEpiForSsl)
                {
                    if (ConfigurationRepository.SslCertificate.Certificate == null)
                    {
                        throw new ServiceActivationException("No SSL certificate configured for strong endpoint identity.");
                    }

                    epi = EndpointIdentity.CreateX509CertificateIdentity(ConfigurationRepository.SslCertificate.Certificate);
                }

                if (globalConfiguration.EnableClientCertificates)
                {
                    var sep2 = host.AddServiceEndpoint(
                        typeof(IWSTrust13SyncContract),
                        new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential),
                        Endpoints.Paths.WSTrustMixedCertificate);

                    if (epi != null)
                    {
                        sep2.Address = new EndpointAddress(sep2.Address.Uri, epi);
                    }
                }

                var sep = host.AddServiceEndpoint(
                    typeof(IWSTrust13SyncContract),
                    new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential),
                    Endpoints.Paths.WSTrustMixedUserName);

                if (epi != null)
                {
                    sep.Address = new EndpointAddress(sep.Address.Uri, epi);
                }
            }

            // add and configure a message security endpoint
            if (ConfigurationRepository.Endpoints.WSTrustMessage)
            {
                var credential = new ServiceCredentials();
                credential.ServiceCertificate.Certificate = ConfigurationRepository.SigningCertificate.Certificate;
                host.Description.Behaviors.Add(credential);

                if (globalConfiguration.EnableClientCertificates)
                {
                    host.AddServiceEndpoint(
                        typeof(IWSTrust13SyncContract),
                        new CertificateWSTrustBinding(SecurityMode.Message),
                        Endpoints.Paths.WSTrustMessageCertificate);
                }

                host.AddServiceEndpoint(
                    typeof(IWSTrust13SyncContract),
                    new UserNameWSTrustBinding(SecurityMode.Message),
                    Endpoints.Paths.WSTrustMessageUserName);
            }

            return host;
        }
Exemple #31
0
 public static void SetupCert(ServiceCredentials credentials)
 {
     credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectName, "zhiqiang.com");
     credentials.ClientCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;
 }
		public void ClientAcceptUpgrade ()
		{
			ServiceCredentials cred = new ServiceCredentials ();
			X509Certificate2 cert = 
				new X509Certificate2 ("Test/Resources/test.cer");
			cred.ServiceCertificate.Certificate = cert;
			X509CertificateEndpointIdentity ident =
				new X509CertificateEndpointIdentity (cert);
			StreamSecurityUpgradeProvider p = CreateClientProvider (cred, ident);
			p.Open ();
			try {
				StreamSecurityUpgradeAcceptor a =
					p.CreateUpgradeAcceptor ()
					as StreamSecurityUpgradeAcceptor;
				Assert.IsNotNull (a, "#1");
				SecurityMessageProperty prop =
					a.GetRemoteSecurity ();
				Assert.IsNull (prop, "#2"); // hmm
				Stream s = a.AcceptUpgrade (new MemoryStream (new byte [] {1, 2, 3, 4, 5}));
			} finally {
				p.Close ();
			}
		}
		public void RejectInclusionModeNever ()
		{
			AsymmetricSecurityBindingElement sbe =
				new AsymmetricSecurityBindingElement ();
			sbe.InitiatorTokenParameters = sbe.RecipientTokenParameters =
				new X509SecurityTokenParameters (
					X509KeyIdentifierClauseType.Thumbprint,
					// this leads to the failure.
					SecurityTokenInclusionMode.Never);
			ServiceHost host = new ServiceHost (typeof (Foo));
			HttpTransportBindingElement hbe =
				new HttpTransportBindingElement ();
			CustomBinding binding = new CustomBinding (sbe, hbe);
			host.AddServiceEndpoint (typeof (IFoo),
				binding, new Uri ("http://localhost:" + NetworkHelpers.FindFreePort ()));
			ServiceCredentials cred = new ServiceCredentials ();
			cred.ServiceCertificate.Certificate =
				new X509Certificate2 ("Test/Resources/test.pfx", "mono");
			cred.ClientCertificate.Authentication.CertificateValidationMode =
				X509CertificateValidationMode.None;
			host.Description.Behaviors.Add (cred);
			try {
				host.Open ();
			} finally {
				if (host.State == CommunicationState.Opened)
					host.Close ();
			}
		}
		public void VerifyX509MessageSecurityAtService ()
		{
			AsymmetricSecurityBindingElement clisbe =
				new AsymmetricSecurityBindingElement ();
			clisbe.InitiatorTokenParameters =
				new X509SecurityTokenParameters ();
			clisbe.RecipientTokenParameters =
				new X509SecurityTokenParameters ();

			AsymmetricSecurityBindingElement svcsbe =
				new AsymmetricSecurityBindingElement ();
			svcsbe.InitiatorTokenParameters =
				new X509SecurityTokenParameters ();
			svcsbe.RecipientTokenParameters =
				new X509SecurityTokenParameters ();

			CustomBinding b_req = new CustomBinding (clisbe,
				new HttpTransportBindingElement ());

			b_req.ReceiveTimeout = b_req.SendTimeout = TimeSpan.FromSeconds (10);

			CustomBinding b_res = new CustomBinding (svcsbe, new HttpTransportBindingElement ());
			b_res.ReceiveTimeout = b_res.SendTimeout = TimeSpan.FromSeconds (10);

			EndpointAddress remaddr = new EndpointAddress (
				new Uri ("http://localhost:" + NetworkHelpers.FindFreePort ()),
				new X509CertificateEndpointIdentity (cert2));
			CalcProxy proxy = null;
			ServiceHost host = new ServiceHost (typeof (CalcService));
			host.AddServiceEndpoint (typeof (ICalc), b_res, "http://localhost:" + NetworkHelpers.FindFreePort ());

			ServiceCredentials cred = new ServiceCredentials ();
			cred.ServiceCertificate.Certificate = cert;
			host.Description.Behaviors.Add (cred);
			try {
				host.Open ();

				proxy = new CalcProxy (b_req, remaddr);
				proxy.ClientCredentials.ClientCertificate.Certificate = cert;

				// FIXME: on WinFX, when this Begin method
				// is invoked before the listener setup, it
				// somehow works, while ours doesn't.
				//IAsyncResult result = proxy.BeginSum (1, 2, null, null);
				//Assert.AreEqual (3, proxy.EndSum (result));
				Assert.AreEqual (3, proxy.Sum (1, 2));
			} finally {
				if (host.State == CommunicationState.Opened)
					host.Close ();
			}
		}
		public void SecureConversationAuthentication ()
		{
			SecureConversationServiceCredential sc =
				new ServiceCredentials ().SecureConversationAuthentication;
			Assert.AreEqual (5, sc.SecurityContextClaimTypes.Count, "#1");
			Collection<Type> types = new Collection<Type> (new Type [] {
				typeof (SamlAuthorizationDecisionClaimResource),
				typeof (SamlAuthenticationClaimResource),
				typeof (SamlAccessDecision),
				typeof (SamlAuthorityBinding),
				typeof (SamlNameIdentifierClaimResource)});
			foreach (Type type in sc.SecurityContextClaimTypes)
				if (!types.Contains (type))
					Assert.Fail (type.ToString ());
			DataProtectionSecurityStateEncoder sse = sc.SecurityStateEncoder
				as DataProtectionSecurityStateEncoder;
			Assert.IsNotNull (sse, "#2-1");
			Assert.IsTrue (sse.UseCurrentUserProtectionScope, "#2-2");
		}
		protected internal override object CreateBehavior ()
		{
			var sb = new ServiceCredentials ();

			// IssuedToken
			foreach (AllowedAudienceUriElement ae in IssuedTokenAuthentication.AllowedAudienceUris)
				sb.IssuedTokenAuthentication.AllowedAudienceUris.Add (ae.AllowedAudienceUri);
			sb.IssuedTokenAuthentication.AllowUntrustedRsaIssuers = IssuedTokenAuthentication.AllowUntrustedRsaIssuers;
			sb.IssuedTokenAuthentication.AudienceUriMode = IssuedTokenAuthentication.AudienceUriMode;

			if (!String.IsNullOrEmpty (IssuedTokenAuthentication.CustomCertificateValidatorType))
			sb.IssuedTokenAuthentication.CustomCertificateValidator = (X509CertificateValidator) CreateInstance (IssuedTokenAuthentication.CustomCertificateValidatorType);
			sb.IssuedTokenAuthentication.CertificateValidationMode = IssuedTokenAuthentication.CertificateValidationMode;
			sb.IssuedTokenAuthentication.RevocationMode = IssuedTokenAuthentication.RevocationMode;
			sb.IssuedTokenAuthentication.TrustedStoreLocation = IssuedTokenAuthentication.TrustedStoreLocation;
			foreach (X509CertificateTrustedIssuerElement ce in IssuedTokenAuthentication.KnownCertificates)
				sb.IssuedTokenAuthentication.KnownCertificates.Add (GetCertificate (ce.StoreLocation, ce.StoreName, ce.X509FindType, ce.FindValue));

			sb.IssuedTokenAuthentication.SamlSerializer = (SamlSerializer) CreateInstance (IssuedTokenAuthentication.SamlSerializerType);


			// Peer
			if (!String.IsNullOrEmpty (Peer.Certificate.FindValue))
				sb.Peer.SetCertificate (Peer.Certificate.StoreLocation, Peer.Certificate.StoreName, Peer.Certificate.X509FindType, Peer.Certificate.FindValue);
			// sb.Peer.MeshPassword = /* cannot fill it here */
			sb.Peer.MessageSenderAuthentication.CustomCertificateValidator = (X509CertificateValidator) CreateInstance (Peer.MessageSenderAuthentication.CustomCertificateValidatorType);
			sb.Peer.MessageSenderAuthentication.CertificateValidationMode = Peer.MessageSenderAuthentication.CertificateValidationMode;
			sb.Peer.MessageSenderAuthentication.RevocationMode = Peer.MessageSenderAuthentication.RevocationMode;
			sb.Peer.MessageSenderAuthentication.TrustedStoreLocation = Peer.MessageSenderAuthentication.TrustedStoreLocation;
			sb.Peer.PeerAuthentication.CustomCertificateValidator = (X509CertificateValidator) CreateInstance (Peer.PeerAuthentication.CustomCertificateValidatorType);
			sb.Peer.PeerAuthentication.CertificateValidationMode = Peer.PeerAuthentication.CertificateValidationMode;
			sb.Peer.PeerAuthentication.RevocationMode = Peer.PeerAuthentication.RevocationMode;
			sb.Peer.PeerAuthentication.TrustedStoreLocation = Peer.PeerAuthentication.TrustedStoreLocation;

			// WSSC
			sb.SecureConversationAuthentication.SecurityStateEncoder = (SecurityStateEncoder) CreateInstance (SecureConversationAuthentication.SecurityStateEncoderType);

			// X509
			if (!String.IsNullOrEmpty (ServiceCertificate.FindValue))
				sb.ServiceCertificate.SetCertificate (ServiceCertificate.StoreLocation, ServiceCertificate.StoreName, ServiceCertificate.X509FindType, ServiceCertificate.FindValue);

			// UserNamePassword
			sb.UserNameAuthentication.CachedLogonTokenLifetime = UserNameAuthentication.CachedLogonTokenLifetime;
			sb.UserNameAuthentication.CacheLogonTokens = UserNameAuthentication.CacheLogonTokens;
			sb.UserNameAuthentication.CustomUserNamePasswordValidator = (UserNamePasswordValidator) CreateInstance (UserNameAuthentication.CustomUserNamePasswordValidatorType);
			sb.UserNameAuthentication.IncludeWindowsGroups = UserNameAuthentication.IncludeWindowsGroups;
			sb.UserNameAuthentication.MaxCachedLogonTokens = UserNameAuthentication.MaxCachedLogonTokens;
			sb.UserNameAuthentication.MembershipProvider = (MembershipProvider) CreateInstance (UserNameAuthentication.MembershipProviderName);
			sb.UserNameAuthentication.UserNamePasswordValidationMode = UserNameAuthentication.UserNamePasswordValidationMode;

			// Windows
			sb.WindowsAuthentication.AllowAnonymousLogons = WindowsAuthentication.AllowAnonymousLogons;
			sb.WindowsAuthentication.IncludeWindowsGroups = WindowsAuthentication.IncludeWindowsGroups;

			return sb;
		}
Exemple #37
0
 protected ServiceCredentials(ServiceCredentials other)
 {
     throw new NotImplementedException();
 }