protected override void ApplyConfiguration()
{
base.ApplyConfiguration();
Credentials.ServiceCertificate.Certificate = TestHost.CertificateFromFriendlyName(StoreName.My, StoreLocation.LocalMachine, "WCF Bridge - Machine certificate generated by the CertificateManager");
Credentials.UseIdentityConfiguration = true;
Uri serverBasePathUri = BaseAddresses[0]; // Just in case an address isn't found for https, prevents a NRE
foreach (var baseAddress in BaseAddresses)
{
if (baseAddress.Scheme == "https")
{
serverBasePathUri = baseAddress;
break;
}
}
var audienceUriBuilder = new UriBuilder(serverBasePathUri);
audienceUriBuilder.Path = audienceUriBuilder.Path + "/" + Address; // localhost
audienceUriBuilder.Host = "localhost"; // When IIS hosted Host was the fqdn, self hosted it's localhost
Credentials.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(audienceUriBuilder.Uri);
audienceUriBuilder.Host = System.Net.Dns.GetHostEntry("127.0.0.1").HostName; // fqdn
Credentials.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(audienceUriBuilder.Uri);
audienceUriBuilder.Host = Environment.MachineName; // netbios name
Credentials.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(audienceUriBuilder.Uri);
Credentials.IdentityConfiguration.CertificateValidationMode = X509CertificateValidationMode.None;
var issuerUri = new Uri(serverBasePathUri, FederationSTSServiceHost.BasePath + "/" + FederationSTSServiceHost.RelativePath);
Credentials.IdentityConfiguration.IssuerNameRegistry = new CustomIssuerNameRegistry(issuerUri.ToString());
}
protected override void ApplyConfiguration()
{
base.ApplyConfiguration();
Credentials.ServiceCertificate.Certificate = TestHost.CertificateFromFriendlyName(StoreName.My, StoreLocation.LocalMachine, "WCF Bridge - Machine certificate generated by the CertificateManager");
Credentials.UseIdentityConfiguration = true;
Uri serverBasePathUri = BaseAddresses[0]; // Just in case an address isn't found for https, prevents a NRE
foreach (var baseAddress in BaseAddresses)
{
if (baseAddress.Scheme == "https")
{
serverBasePathUri = baseAddress;
break;
}
}
foreach (var tuple in FederationSTSServiceHost.EndpointList)
{
foreach (string encodingName in Enum.GetNames(typeof(WSMessageEncoding)))
{
AddAllowedAudienceUri(serverBasePathUri, tuple.Item3 + "/" + encodingName);
AddAllowedAudienceUri(serverBasePathUri, tuple.Item3 + "/sc/" + encodingName);
}
}
Credentials.IdentityConfiguration.CertificateValidationMode = X509CertificateValidationMode.None;
Credentials.IdentityConfiguration.IssuerNameRegistry = new CustomIssuerNameRegistry();
}
protected override void ApplyConfiguration()
{
base.ApplyConfiguration();
string certThumprint = TestHost.CertificateFromFriendlyName(StoreName.My, StoreLocation.LocalMachine, "WCF Bridge - TcpCertificateWithSubjectCanonicalNameLocalhostResource").Thumbprint;
this.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindByThumbprint,
certThumprint);
}
protected override void ApplyConfiguration()
{
base.ApplyConfiguration();
string certThumprint = TestHost.CertificateFromFriendlyName(StoreName.My, StoreLocation.LocalMachine, "WCF Bridge - Machine certificate generated by the CertificateManager").Thumbprint;
this.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindByThumbprint,
certThumprint);
}
protected override void ApplyConfiguration()
{
base.ApplyConfiguration();
string thumbprint = TestHost.CertificateFromFriendlyName(StoreName.My, StoreLocation.LocalMachine, "WCF Bridge - TcpInvalidEkuServerCert").Thumbprint;
this.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindByThumbprint,
thumbprint);
}
protected override void ApplyConfiguration()
{
base.ApplyConfiguration();
string certThumprint = TestHost.CertificateFromFriendlyName(StoreName.TrustedPeople, StoreLocation.LocalMachine, "WCF Bridge - UserPeerTrustCertificateResource").Thumbprint;
this.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine,
StoreName.TrustedPeople,
X509FindType.FindByThumbprint,
certThumprint);
}
protected override void ApplyConfiguration()
{
base.ApplyConfiguration();
// Ensure the https certificate is installed before this endpoint resource is used
string thumbprint = TestHost.CertificateFromFriendlyName(StoreName.My, StoreLocation.LocalMachine, "WCF Bridge - Machine certificate generated by the CertificateManager").Thumbprint;
this.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
this.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindByThumbprint,
thumbprint);
}
protected override void ApplyConfiguration()
{
base.ApplyConfiguration();
this.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.Custom;
this.Credentials.ClientCertificate.Authentication.CustomCertificateValidator = new MyX509CertificateValidator("DO_NOT_TRUST_WcfBridgeRootCA");
string thumbprint = TestHost.CertificateFromFriendlyName(StoreName.My, StoreLocation.LocalMachine, "WCF Bridge - Machine certificate generated by the CertificateManager").Thumbprint;
this.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindByThumbprint,
thumbprint);
}
protected override void ApplyConfiguration()
{
base.ApplyConfiguration();
Credentials.ServiceCertificate.Certificate = TestHost.CertificateFromFriendlyName(StoreName.My, StoreLocation.LocalMachine, "WCF Bridge - Machine certificate generated by the CertificateManager");
Credentials.UseIdentityConfiguration = true;
var serverBasePathUri = BaseAddresses[0];
var audienceUri = new Uri(serverBasePathUri, BasePath + "/" + Address);
Credentials.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(audienceUri);
Credentials.IdentityConfiguration.CertificateValidationMode = X509CertificateValidationMode.None;
var issuerUri = new Uri(serverBasePathUri, FederationSTSServiceHost.BasePath + "/" + FederationSTSServiceHost.RelativePath);
Credentials.IdentityConfiguration.IssuerNameRegistry = new CustomIssuerNameRegistry(issuerUri.ToString());
}
protected void ConfigureService()
{
base.ApplyConfiguration();
var config = ServiceContract.SecurityTokenServiceConfiguration;
config.SigningCredentials = new X509SigningCredentials(TestHost.CertificateFromFriendlyName(StoreName.My, StoreLocation.LocalMachine, "WCF Bridge - STSMetaData"));
config.ServiceCertificate = TestHost.CertificateFromFriendlyName(StoreName.My, StoreLocation.LocalMachine, "WCF Bridge - Machine certificate generated by the CertificateManager");
config.SecurityTokenService = typeof(SelfHostSecurityTokenService);
config.TokenIssuerName = "SelfHostSTS";
config.SecurityTokenHandlerCollectionManager[SecurityTokenHandlerCollectionManager.Usage.ActAs] = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection();
config.SecurityTokenHandlerCollectionManager[SecurityTokenHandlerCollectionManager.Usage.OnBehalfOf] = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection();
config.CertificateValidationMode = X509CertificateValidationMode.ChainTrust;
config.IssuerNameRegistry = new ReturnX509SubjectNameOrRSAIssuerNameRegistry();
Credentials.ServiceCertificate.Certificate = config.ServiceCertificate;
Credentials.UseIdentityConfiguration = true;
}
public CustomIssuerNameRegistry()
{
var issuerCert = TestHost.CertificateFromFriendlyName(StoreName.My, StoreLocation.LocalMachine, "WCF Bridge - STSMetaData");
_issuer = issuerCert.SubjectName.Name;
}
