Esempio n. 1
0
      public static Binding CreateMultiFactorAuthenticationBinding()
      {
          HttpsTransportBindingElement httpTransport = new HttpsTransportBindingElement();

          httpTransport.MaxReceivedMessageSize = int.MaxValue;


          //AddressHeader addressHeader = AddressHeader.CreateAddressHeader("Security", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", security, xmlObjectSerializer);


          CustomBinding binding = new CustomBinding();

          binding.Name = "myCustomBinding";

          TransportSecurityBindingElement messageSecurity = TransportSecurityBindingElement.CreateUserNameOverTransportBindingElement();

          messageSecurity.IncludeTimestamp = false;

          messageSecurity.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12;
          messageSecurity.SecurityHeaderLayout   = SecurityHeaderLayout.Strict;
          messageSecurity.SetKeyDerivation(false);
          TextMessageEncodingBindingElement Quota = new TextMessageEncodingBindingElement(MessageVersion.Soap11, System.Text.Encoding.UTF8);

          Quota.ReaderQuotas.MaxDepth = 32;
          Quota.ReaderQuotas.MaxStringContentLength = Int32.MaxValue;
          Quota.ReaderQuotas.MaxArrayLength         = 16384;
          Quota.ReaderQuotas.MaxBytesPerRead        = 4096;
          Quota.ReaderQuotas.MaxNameTableCharCount  = 16384;


          binding.Elements.Add(Quota);
          binding.Elements.Add(messageSecurity);
          binding.Elements.Add(httpTransport);
          return(binding);
      }
        public SafeOnlineBinding()
        {
            HttpsTransportBindingElement      httpsTransport = new HttpsTransportBindingElement();
            TextMessageEncodingBindingElement encoding       = new TextMessageEncodingBindingElement();

            encoding.MessageVersion = MessageVersion.Soap11;

            TransportSecurityBindingElement securityBinding = new TransportSecurityBindingElement();

            securityBinding.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
            securityBinding.DefaultAlgorithmSuite  = SecurityAlgorithmSuite.Default;
            securityBinding.SetKeyDerivation(false);
            X509SecurityTokenParameters certToken = new X509SecurityTokenParameters();

            certToken.InclusionMode      = SecurityTokenInclusionMode.AlwaysToRecipient;
            certToken.ReferenceStyle     = SecurityTokenReferenceStyle.Internal;
            certToken.RequireDerivedKeys = false;
            certToken.X509ReferenceStyle = X509KeyIdentifierClauseType.Any;
            securityBinding.EndpointSupportingTokenParameters.SignedEndorsing.Add(certToken);
            securityBinding.LocalClientSettings.DetectReplays = false;

            this.bindingElements = new BindingElementCollection();
            this.bindingElements.Add(securityBinding);
            this.bindingElements.Add(encoding);
            this.bindingElements.Add(httpsTransport);
        }
Esempio n. 3
0
 public static SecurityBindingElement BuildMessageSecurity(MessageSecurityType securityType)
 {
     if (securityType == MessageSecurityType.CertificateOverTransport)
     {
         TransportSecurityBindingElement messageSecurity = SecurityBindingElement.CreateCertificateOverTransportBindingElement(
             MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11);
         messageSecurity.IncludeTimestamp = true;
         return(messageSecurity);
     }
     else if (securityType == MessageSecurityType.MutualCertificate)
     {
         SecurityBindingElement messageSecurity = SecurityBindingElement.CreateMutualCertificateBindingElement(
             MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10, true);
         messageSecurity.DefaultAlgorithmSuite = System.ServiceModel.Security.SecurityAlgorithmSuite.Basic128Rsa15;
         messageSecurity.IncludeTimestamp      = true;
         return(messageSecurity);
     }
     else if (securityType == MessageSecurityType.None)
     {
         return(null);
     }
     else if (securityType == MessageSecurityType.UserNameOverTransport)
     {
         TransportSecurityBindingElement messageSecurity = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
         messageSecurity.IncludeTimestamp        = false;
         messageSecurity.EnableUnsecuredResponse = true;
         messageSecurity.DefaultAlgorithmSuite   = System.ServiceModel.Security.Basic256SecurityAlgorithmSuite.Basic256;
         messageSecurity.SetKeyDerivation(false);
         messageSecurity.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
         return(messageSecurity);
     }
     return(SecurityBindingElement.CreateSslNegotiationBindingElement(false));
 }
        public IdMappingClientImpl(string location, string pfxFilename, string password)
        {
            /*
             * BasicHttpBinding basicBinding = new BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential);
             * BasicHttpSecurity security = basicBinding.Security;
             * security.Mode = BasicHttpSecurityMode.TransportWithMessageCredential;
             *
             * BasicHttpMessageSecurity messageSecurity = security.Message;
             * messageSecurity.ClientCredentialType = BasicHttpMessageCredentialType.Certificate;
             * messageSecurity.AlgorithmSuite = SecurityAlgorithmSuite.Default;
             *
             * HttpTransportSecurity transportSecurity = security.Transport;
             * transportSecurity.ClientCredentialType = HttpClientCredentialType.None;
             * transportSecurity.ProxyCredentialType = HttpProxyCredentialType.None;
             * transportSecurity.Realm = "";
             *
             * BindingElementCollection bec = basicBinding.CreateBindingElements();
             * TransportSecurityBindingElement tsp = bec.Find<TransportSecurityBindingElement>();
             * HttpsTransportBindingElement httpsBinding = bec.Find<HttpsTransportBindingElement>();
             * TextMessageEncodingBindingElement encoding = bec.Find<TextMessageEncodingBindingElement>();
             * SecurityBindingElement securityBinding = bec.Find<SecurityBindingElement>();
             * CustomBinding binding = new CustomBinding(tsp, encoding, httpsBinding);
             */
            CustomBinding binding = new CustomBinding();
            HttpsTransportBindingElement      httpsTransport = new HttpsTransportBindingElement();
            TextMessageEncodingBindingElement encoding       = new TextMessageEncodingBindingElement();

            encoding.MessageVersion = MessageVersion.Soap11;

            //SecurityBindingElement securityBinding =
            //	SecurityBindingElement.CreateCertificateOverTransportBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);
            //SecurityBindingElement securityBinding = SecurityBindingElement.CreateSslNegotiationBindingElement(false);

            /*
             * AsymmetricSecurityBindingElement securityBinding =
             * (AsymmetricSecurityBindingElement)SecurityBindingElement.
             * CreateMutualCertificateBindingElement(
             *      MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10, true);
             * securityBinding.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Default;
             * securityBinding.SetKeyDerivation(false);
             * securityBinding.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
             */
            SslStreamSecurityBindingElement sslStreamSecurity = new SslStreamSecurityBindingElement();
            //binding.Elements.Add(securityBinding);

            TransportSecurityBindingElement securityBinding = new TransportSecurityBindingElement();

            securityBinding.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
            securityBinding.DefaultAlgorithmSuite  = SecurityAlgorithmSuite.Default;
            securityBinding.SetKeyDerivation(false);
            X509SecurityTokenParameters certToken = new X509SecurityTokenParameters();

            certToken.InclusionMode      = SecurityTokenInclusionMode.AlwaysToRecipient;
            certToken.ReferenceStyle     = SecurityTokenReferenceStyle.Internal;
            certToken.RequireDerivedKeys = false;
            certToken.X509ReferenceStyle = X509KeyIdentifierClauseType.Any;
            securityBinding.EndpointSupportingTokenParameters.SignedEndorsing.Add(certToken);
            securityBinding.LocalClientSettings.DetectReplays = false;

            binding.Elements.Add(securityBinding);
            binding.Elements.Add(encoding);
            binding.Elements.Add(sslStreamSecurity);

            binding.Elements.Add(httpsTransport);

            /*
             * WSHttpBinding binding = new WSHttpBinding(SecurityMode.TransportWithMessageCredential);
             * WSHttpSecurity security = binding.Security;
             *
             * HttpTransportSecurity transportSecurity = security.Transport;
             * transportSecurity.ClientCredentialType = HttpClientCredentialType.None;
             * transportSecurity.ProxyCredentialType = HttpProxyCredentialType.None;
             * transportSecurity.Realm = "";
             *
             * NonDualMessageSecurityOverHttp messageSecurity = security.Message;
             * messageSecurity.ClientCredentialType = MessageCredentialType.Certificate;
             * messageSecurity.NegotiateServiceCredential = false;
             * messageSecurity.AlgorithmSuite = SecurityAlgorithmSuite.Default;
             */

            ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(SafeOnlineCertificateValidationCallback);

            string          address       = "https://" + location + "/safe-online-ws/idmapping";
            EndpointAddress remoteAddress = new EndpointAddress(address);

            Binding safeOnlineBinding = new SafeOnlineBinding();

            //this.client = new NameIdentifierMappingPortClient(safeOnlineBinding, remoteAddress);

            //X509Certificate2 certificate = new X509Certificate2("C:\\work\\test.pfx", "secret");

            /*
             * this.client.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser,
             *                                                             StoreName.My,
             *                                                             X509FindType.FindBySubjectName,
             *                                                             "Test");
             * this.client.Endpoint.Contract.ProtectionLevel = ProtectionLevel.Sign;
             */
            //this.client.Endpoint.Contract.Behaviors.Add(new SignBodyBehavior());
            //this.client.Endpoint.Behaviors.Add(new SafeOnlineMessageInspectorBehavior());

            /*
             * X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
             * store.Open(OpenFlags.ReadOnly);
             * X509Certificate2 cert = store.Certificates.Find(X509FindType.FindBySubjectName, "Test", false)[0];
             * this.client.ClientCredentials.ClientCertificate.Certificate = cert;
             */
            //Console.WriteLine("cert: " + this.client.ClientCredentials.ClientCertificate.Certificate);

            ChannelFactory <NameIdentifierMappingPort> channelFactory =
                new ChannelFactory <NameIdentifierMappingPort>(safeOnlineBinding, remoteAddress);

            channelFactory.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser,
                                                                        StoreName.My,
                                                                        X509FindType.FindBySubjectName,
                                                                        "Test");

            //channelFactory.Credentials.ClientCertificate.Certificate =
            //channelFactory.Endpoint.Behaviors.Add(new SafeOnlineMessageInspectorBehavior());
            //channelFactory.Endpoint.Contract.Behaviors.Add(new SignBodyBehavior());

            /*
             * Next does not work at all.
             * foreach (OperationDescription operation in channelFactory.Endpoint.Contract.Operations) {
             *      operation.ProtectionLevel = ProtectionLevel.Sign
             *      Console.WriteLine("operation: " + operation.Name);
             * }
             */
            channelFactory.Endpoint.Contract.ProtectionLevel = ProtectionLevel.Sign;
            this.client = channelFactory.CreateChannel();
        }