// Asking for PeerTrust alone should throw SecurityNegotiationException
// if the certificate is not in the TrustedPeople store. For this test
// we use a valid chain-trusted certificate that we know is not in the
// TrustedPeople store.
public static void Https_SecModeTrans_CertValMode_PeerTrust_Fails_Not_In_TrustedPeople()
{
EndpointAddress endpointAddress = null;
string testString = "Hello";
ChannelFactory <IWcfService> factory = null;
IWcfService serviceProxy = null;
CommunicationException communicationException = null;
try
{
// *** SETUP *** \\
BasicHttpsBinding binding = new BasicHttpsBinding(BasicHttpsSecurityMode.Transport);
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
endpointAddress = new EndpointAddress(new Uri(
Endpoints.Https_SecModeTrans_ClientCredTypeNone_ServerCertValModeChainTrust_Address));
factory = new ChannelFactory <IWcfService>(binding, endpointAddress);
factory.Credentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication();
factory.Credentials.ServiceCertificate.SslCertificateAuthentication.CertificateValidationMode = X509CertificateValidationMode.PeerTrust;
serviceProxy = factory.CreateChannel();
// *** EXECUTE *** \\
try
{
serviceProxy.Echo(testString);
}
catch (CommunicationException ce)
{
communicationException = ce;
}
// *** VALIDATE *** \\
Assert.True(communicationException != null, "Expected CommunicationException but no exception was thrown.");
Assert.True(communicationException.GetType().Name == "SecurityNegotiationException",
String.Format("Expected SecurityNegotiationException but received {0}",
communicationException.ToString()));
// *** CLEANUP *** \\
((ICommunicationObject)serviceProxy).Close();
factory.Close();
}
finally
{
// *** ENSURE CLEANUP *** \\
ScenarioTestHelpers.CloseCommunicationObjects((ICommunicationObject)serviceProxy, factory);
}
}
// Asking for PeerTrust alone should throw SecurityNegotiationException
// if the certificate is not in the TrustedPeople store. For this test
// we use a valid chain-trusted certificate that we know is not in the
// TrustedPeople store.
public static void NetTcp_SecModeTrans_CertValMode_PeerTrust_Fails_Not_In_TrustedPeople()
{
EndpointAddress endpointAddress = null;
string testString = "Hello";
ChannelFactory <IWcfService> factory = null;
IWcfService serviceProxy = null;
CommunicationException communicationException = null;
try
{
// *** SETUP *** \\
NetTcpBinding binding = new NetTcpBinding(SecurityMode.Transport);
binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.None;
endpointAddress = new EndpointAddress(new Uri(
Endpoints.Tcp_CustomBinding_SslStreamSecurity_Address));
factory = new ChannelFactory <IWcfService>(binding, endpointAddress);
factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.PeerTrust;
serviceProxy = factory.CreateChannel();
// *** EXECUTE *** \\
try
{
serviceProxy.Echo(testString);
}
catch (CommunicationException ce)
{
communicationException = ce;
}
// *** VALIDATE *** \\
Assert.True(communicationException != null, "Expected CommunicationException but no exception was thrown.");
Assert.True(communicationException.GetType().Name == "SecurityNegotiationException",
String.Format("Expected SecurityNegotiationException but received {0}",
communicationException.ToString()));
// *** CLEANUP *** \\
// objects are in faulted state and will throw, so only use finally style cleanup
}
finally
{
// *** ENSURE CLEANUP *** \\
ScenarioTestHelpers.CloseCommunicationObjects((ICommunicationObject)serviceProxy, factory);
}
}
protected void OnMessageException(Microsoft.Transactions.Wsat.Messaging.RequestAsyncResult result, Message message, CommunicationException exception, Fault fault)
{
DebugTrace.Trace(TraceLevel.Warning, "{0} - {1} reading request with action {2}: {3}", base.GetType().Name, exception.GetType().Name, message.Headers.Action, exception.Message);
this.SendFaultReply(result, fault);
DebugTrace.Trace(TraceLevel.Warning, "Replied with {0} fault", fault.Code.Name);
}
// Asking for PeerTrust alone should throw SecurityNegotiationException
// if the certificate is not in the TrustedPeople store. For this test
// we use a valid chain-trusted certificate that we know is not in the
// TrustedPeople store.
public static void NetTcp_SecModeTrans_CertValMode_PeerTrust_Fails_Not_In_TrustedPeople()
{
#if FULLXUNIT_NOTSUPPORTED
bool root_Certificate_Installed = Root_Certificate_Installed();
bool client_Certificate_Installed = Client_Certificate_Installed();
bool peer_Certificate_Installed = Peer_Certificate_Installed();
bool ssl_Available = SSL_Available();
if (!root_Certificate_Installed ||
!client_Certificate_Installed ||
!peer_Certificate_Installed ||
!ssl_Available)
{
Console.WriteLine("---- Test SKIPPED --------------");
Console.WriteLine("Attempting to run the test in ToF, a ConditionalFact evaluated as FALSE.");
Console.WriteLine("Root_Certificate_Installed evaluated as {0}", root_Certificate_Installed);
Console.WriteLine("Client_Certificate_Installed evaluated as {0}", client_Certificate_Installed);
Console.WriteLine("Peer_Certificate_Installed evaluated as {0}", peer_Certificate_Installed);
Console.WriteLine("SSL_Available evaluated as {0}", ssl_Available);
return;
}
#endif
EndpointAddress endpointAddress = null;
string testString = "Hello";
ChannelFactory <IWcfService> factory = null;
IWcfService serviceProxy = null;
CommunicationException communicationException = null;
try
{
// *** SETUP *** \\
NetTcpBinding binding = new NetTcpBinding(SecurityMode.Transport);
binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.None;
endpointAddress = new EndpointAddress(new Uri(
Endpoints.Tcp_CustomBinding_SslStreamSecurity_Address));
factory = new ChannelFactory <IWcfService>(binding, endpointAddress);
factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.PeerTrust;
serviceProxy = factory.CreateChannel();
// *** EXECUTE *** \\
try
{
serviceProxy.Echo(testString);
}
catch (CommunicationException ce)
{
communicationException = ce;
}
// *** VALIDATE *** \\
Assert.True(communicationException != null, "Expected CommunicationException but no exception was thrown.");
Assert.True(communicationException.GetType().Name == "SecurityNegotiationException",
String.Format("Expected SecurityNegotiationException but received {0}",
communicationException.ToString()));
// *** CLEANUP *** \\
// objects are in faulted state and will throw, so only use finally style cleanup
}
finally
{
// *** ENSURE CLEANUP *** \\
ScenarioTestHelpers.CloseCommunicationObjects((ICommunicationObject)serviceProxy, factory);
}
}
protected void OnMessageException(Message message, CommunicationException exception)
{
DebugTrace.Trace(TraceLevel.Warning, "{0} - {1} reading datagram with action {2}: {3}", base.GetType().Name, exception.GetType().Name, message.Headers.Action, exception.Message);
EndpointAddress faultToHeader = Library.GetFaultToHeader(message.Headers, this.protocolVersion);
if (faultToHeader == null)
{
DebugTrace.Trace(TraceLevel.Warning, "Ignoring invalid datagram - a fault-to header could not be obtained");
}
else
{
DatagramProxy proxy = null;
try
{
proxy = this.CreateFaultProxy(faultToHeader);
}
catch (CreateChannelFailureException exception2)
{
Microsoft.Transactions.Bridge.DiagnosticUtility.ExceptionUtility.TraceHandledException(exception2, TraceEventType.Warning);
DebugTrace.Trace(TraceLevel.Warning, "Ignoring invalid datagram: {0}", exception2.Message);
}
if (proxy != null)
{
try
{
IAsyncResult ar = proxy.BeginSendFault(message.Headers.MessageId, Faults.Version(this.protocolVersion).InvalidParameters, null, null);
proxy.EndSendMessage(ar);
if (DebugTrace.Warning)
{
DebugTrace.Trace(TraceLevel.Warning, "Sent InvalidParameters fault to {0}", proxy.To.Uri);
}
}
catch (WsatSendFailureException exception3)
{
Microsoft.Transactions.Bridge.DiagnosticUtility.ExceptionUtility.TraceHandledException(exception3, TraceEventType.Warning);
if (DebugTrace.Warning)
{
DebugTrace.Trace(TraceLevel.Warning, "{0} sending InvalidParameters fault to {1}: {2}", exception3.GetType().Name, proxy.To.Uri, exception3.Message);
}
}
finally
{
proxy.Release();
}
}
}
}
