internal SecurityBindingElement() : base() { _messageSecurityVersion = MessageSecurityVersion.Default; _includeTimestamp = defaultIncludeTimestamp; _localClientSettings = new LocalClientSecuritySettings(); _endpointSupportingTokenParameters = new SupportingTokenParameters(); _securityHeaderLayout = SecurityProtocolFactory.defaultSecurityHeaderLayout; }
internal SecurityBindingElement() : base() { _messageSecurityVersion = MessageSecurityVersion.Default; _includeTimestamp = defaultIncludeTimestamp; _localClientSettings = new LocalClientSecuritySettings(); _endpointSupportingTokenParameters = new SupportingTokenParameters(); _securityHeaderLayout = SecurityProtocolFactory.defaultSecurityHeaderLayout; throw ExceptionHelper.PlatformNotSupported("SecurityBindingElement is not supported"); }
CreateCertificateOverTransportBindingElement(MessageSecurityVersion version) { var be = new TransportSecurityBindingElement() { MessageSecurityVersion = version }; be.EndpointSupportingTokenParameters.SignedEncrypted.Add(new X509SecurityTokenParameters()); return(be); }
public AsymetricSecurityBE() { MessageSecurityVersion securityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10; SecurityBindingElement securityBE = SecurityBindingElement.CreateMutualCertificateBindingElement(securityVersion, true); securityBE.IncludeTimestamp = true; securityBE.SetKeyDerivation(false); securityBE.SecurityHeaderLayout = SecurityHeaderLayout.Lax; securityBE.EnableUnsecuredResponse = true; m_asymSecBE = securityBE as AsymmetricSecurityBindingElement; }
internal static SecurityStandardsManager CreateSecurityStandardsManager(MessageSecurityVersion securityVersion, SecurityTokenSerializer securityTokenSerializer) { if (securityVersion == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("securityVersion")); } if (securityTokenSerializer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("securityTokenSerializer"); } return(new SecurityStandardsManager(securityVersion, securityTokenSerializer)); }
public static void WSFederationHttpBindingTests_Succeeds(MessageSecurityVersion messageSecurityVersion, SecurityKeyType securityKeyType, bool useSecureConversation, string endpointSuffix, WSMessageEncoding encoding) { Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true; EndpointAddress issuerAddress = null; EndpointAddress serviceEndpointAddress = null; string tokenTargetAddress = null; string testString = "Hello"; ChannelFactory <IWcfService> factory = null; IWcfService serviceProxy = null; try { // *** SETUP *** \\ issuerAddress = new EndpointAddress(new Uri(Endpoints.WSFederationAuthorityLocalSTS + endpointSuffix)); tokenTargetAddress = Endpoints.Https_SecModeTransWithMessCred_ClientCredTypeIssuedTokenSaml2 + endpointSuffix + (useSecureConversation ? "/sc" : string.Empty) + "/" + Enum.GetName(typeof(WSMessageEncoding), encoding); serviceEndpointAddress = new EndpointAddress(new Uri(tokenTargetAddress)); var issuerBinding = new WSHttpBinding(SecurityMode.Transport); issuerBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic; WSFederationHttpBinding federationBinding = new WSFederationHttpBinding( new WSTrustTokenParameters { IssuerAddress = issuerAddress, IssuerBinding = issuerBinding, KeyType = securityKeyType, TokenType = Saml2Constants.OasisWssSaml2TokenProfile11, MessageSecurityVersion = messageSecurityVersion, }); federationBinding.MessageEncoding = encoding; federationBinding.Security.Message.EstablishSecurityContext = useSecureConversation; factory = new ChannelFactory <IWcfService>(federationBinding, serviceEndpointAddress); factory.Credentials.UserName.UserName = "******"; // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Not a real secret")] factory.Credentials.UserName.Password = "******"; serviceProxy = factory.CreateChannel(); // *** EXECUTE *** \\ string result = serviceProxy.Echo(testString); // *** VALIDATE *** \\ Assert.Equal(testString, result); // *** CLEANUP *** \\ ((ICommunicationObject)serviceProxy).Close(); factory.Close(); } finally { // *** ENSURE CLEANUP *** \\ ScenarioTestHelpers.CloseCommunicationObjects((ICommunicationObject)serviceProxy, factory); } }
public static void AssertSymmetricSecurityBindingElement( SecurityAlgorithmSuite algorithm, bool includeTimestamp, SecurityKeyEntropyMode keyEntropyMode, MessageProtectionOrder messageProtectionOrder, MessageSecurityVersion messageSecurityVersion, bool requireSignatureConfirmation, SecurityHeaderLayout securityHeaderLayout, // EndpointSupportingTokenParameters int endorsing, int signed, int signedEncrypted, int signedEndorsing, // ProtectionTokenParameters bool hasProtectionTokenParameters, SecurityTokenInclusionMode protectionTokenInclusionMode, SecurityTokenReferenceStyle protectionTokenReferenceStyle, bool protectionTokenRequireDerivedKeys, // LocalClientSettings bool cacheCookies, int renewalThresholdPercentage, bool detectReplays, SymmetricSecurityBindingElement be, string label) { AssertSecurityBindingElement( algorithm, includeTimestamp, keyEntropyMode, messageSecurityVersion, securityHeaderLayout, // EndpointSupportingTokenParameters endorsing, signed, signedEncrypted, signedEndorsing, // LocalClientSettings cacheCookies, renewalThresholdPercentage, detectReplays, be, label); Assert.AreEqual(messageProtectionOrder, be.MessageProtectionOrder, label + ".MessageProtectionOrder"); Assert.AreEqual(requireSignatureConfirmation, be.RequireSignatureConfirmation, label + ".RequireSignatureConfirmation"); if (!hasProtectionTokenParameters) { Assert.IsNull(be.ProtectionTokenParameters, label + ".ProtectionTokenParameters (null)"); } else { AssertSecurityTokenParameters( protectionTokenInclusionMode, protectionTokenReferenceStyle, protectionTokenRequireDerivedKeys, be.ProtectionTokenParameters, label + ".ProtectionTokenParameters"); } }
internal SecurityBindingElement() : base() { _messageSecurityVersion = MessageSecurityVersion.Default; _keyEntropyMode = AcceleratedTokenProvider.defaultKeyEntropyMode; IncludeTimestamp = defaultIncludeTimestamp; _defaultAlgorithmSuite = defaultDefaultAlgorithmSuite; LocalClientSettings = new LocalClientSecuritySettings(); EndpointSupportingTokenParameters = new SupportingTokenParameters(); OptionalEndpointSupportingTokenParameters = new SupportingTokenParameters(); _operationSupportingTokenParameters = new Dictionary <string, SupportingTokenParameters>(); _optionalOperationSupportingTokenParameters = new Dictionary <string, SupportingTokenParameters>(); _securityHeaderLayout = SecurityProtocolFactory.defaultSecurityHeaderLayout; }
CreateMutualCertificateBindingElement( MessageSecurityVersion version, bool allowSerializedSigningTokenOnReply) { if (version == null) { throw new ArgumentNullException("version"); } if (allowSerializedSigningTokenOnReply) { throw new NotSupportedException("allowSerializedSigningTokenOnReply is not supported"); } if (version.SecurityVersion == SecurityVersion.WSSecurity10) { var recipient = new X509SecurityTokenParameters( X509KeyIdentifierClauseType.Any, SecurityTokenInclusionMode.Never); recipient.RequireDerivedKeys = false; var initiator = new X509SecurityTokenParameters( X509KeyIdentifierClauseType.Any, SecurityTokenInclusionMode.AlwaysToRecipient); initiator.RequireDerivedKeys = false; return(new AsymmetricSecurityBindingElement(recipient, initiator) { MessageSecurityVersion = version }); } else { X509SecurityTokenParameters p = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Thumbprint); p.RequireDerivedKeys = false; var sym = new SymmetricSecurityBindingElement() { MessageSecurityVersion = version, RequireSignatureConfirmation = true }; X509SecurityTokenParameters p2 = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Thumbprint); p2.ReferenceStyle = SecurityTokenReferenceStyle.External; sym.ProtectionTokenParameters = p2; sym.EndpointSupportingTokenParameters.Endorsing.Add(p); return(sym); } }
private WsTrustVersion GetWsTrustVersion(MessageSecurityVersion messageSecurityVersion) { if (messageSecurityVersion.TrustVersion == TrustVersion.WSTrust13) { return(WsTrustVersion.Trust13); } if (messageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005) { return(WsTrustVersion.TrustFeb2005); } throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new NotSupportedException(LogHelper.FormatInvariant("Unsupported TrustVersion: '{0}'.", MessageSecurityVersion.TrustVersion)), System.Diagnostics.Tracing.EventLevel.Error); }
private WsTrustVersion GetWsTrustVersion(MessageSecurityVersion messageSecurityVersion) { if (messageSecurityVersion.TrustVersion == TrustVersion.WSTrust13) { return(WsTrustVersion.Trust13); } if (messageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005) { return(WsTrustVersion.TrustFeb2005); } throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new NotSupportedException(LogHelper.FormatInvariant(SR.GetResourceString(SR.WsTrustVersionNotSupported), MessageSecurityVersion.TrustVersion)), EventLevel.Error); }
private WsTrustVersion GetWsTrustVersion(MessageSecurityVersion messageSecurityVersion) { if (messageSecurityVersion.TrustVersion == TrustVersion.WSTrust13) { return(WsTrustVersion.Trust13); } if (messageSecurityVersion.TrustVersion == TrustVersion.WSTrustFeb2005) { return(WsTrustVersion.TrustFeb2005); } throw new NotSupportedException($"Unsupported TrustVersion: '{MessageSecurityVersion.TrustVersion}'."); }
private WsSecurityVersion GetWsSecurityVersion(MessageSecurityVersion messageSecurityVersion) { if (messageSecurityVersion.SecurityVersion == SecurityVersion.WSSecurity10) { return(WsSecurityVersion.Security10); } if (messageSecurityVersion.SecurityVersion == SecurityVersion.WSSecurity11) { return(WsSecurityVersion.Security11); } throw new NotSupportedException($"Unsupported SecurityVersion: '{MessageSecurityVersion.SecurityVersion}'."); }
internal SecurityBindingElement(SecurityBindingElement elementToBeCloned) : base(elementToBeCloned) { if (elementToBeCloned == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("elementToBeCloned"); } _includeTimestamp = elementToBeCloned._includeTimestamp; _messageSecurityVersion = elementToBeCloned._messageSecurityVersion; _securityHeaderLayout = elementToBeCloned._securityHeaderLayout; _endpointSupportingTokenParameters = elementToBeCloned._endpointSupportingTokenParameters.Clone(); _localClientSettings = elementToBeCloned._localClientSettings.Clone(); throw ExceptionHelper.PlatformNotSupported("SecurityBindingElement cloning not supported."); }
public override object ConvertTo(ITypeDescriptorContext context, System.Globalization.CultureInfo culture, object value, Type destinationType) { if (typeof(string) == destinationType && value is MessageSecurityVersion) { string retval = null; MessageSecurityVersion securityVersion = (MessageSecurityVersion)value; #if DESKTOP if (securityVersion == MessageSecurityVersion.Default) { retval = ConfigurationStrings.Default; } else #endif if (securityVersion == MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11) { retval = ConfigurationStrings.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11; } else if (securityVersion == MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10) { retval = ConfigurationStrings.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10; } else if (securityVersion == MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10) { retval = ConfigurationStrings.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10; } #if DESKTOP else if (securityVersion == MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10) { retval = ConfigurationStrings.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10; } else if (securityVersion == MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12) { retval = ConfigurationStrings.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12; } else if (securityVersion == MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10) { retval = ConfigurationStrings.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10; } #endif else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value", SR.GetString(SR.ConfigInvalidClassInstanceValue, typeof(MessageSecurityVersion).FullName))); } return(retval); } return(base.ConvertTo(context, culture, value, destinationType)); }
internal SecurityBindingElement(SecurityBindingElement elementToBeCloned) : base(elementToBeCloned) { if (elementToBeCloned == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("elementToBeCloned"); } _includeTimestamp = elementToBeCloned._includeTimestamp; _messageSecurityVersion = elementToBeCloned._messageSecurityVersion; _securityHeaderLayout = elementToBeCloned._securityHeaderLayout; _endpointSupportingTokenParameters = elementToBeCloned._endpointSupportingTokenParameters.Clone(); _localClientSettings = elementToBeCloned._localClientSettings.Clone(); _maxReceivedMessageSize = elementToBeCloned._maxReceivedMessageSize; _readerQuotas = elementToBeCloned._readerQuotas; }
internal SecurityBindingElement CreateMessageSecurity(bool isSecureTransportMode) { SecurityBindingElement algorithmSuite; if (!isSecureTransportMode) { if (this.clientCredentialType != BasicHttpMessageCredentialType.Certificate) { throw Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(Microsoft.ServiceBus.SR.GetString(Resources.BasicHttpMessageSecurityRequiresCertificate, new object[0]))); } algorithmSuite = SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10, true); } else { MessageSecurityVersion wSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10 = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10; switch (this.clientCredentialType) { case BasicHttpMessageCredentialType.UserName: { algorithmSuite = SecurityBindingElement.CreateUserNameOverTransportBindingElement(); algorithmSuite.MessageSecurityVersion = wSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10; algorithmSuite.DefaultAlgorithmSuite = this.AlgorithmSuite; algorithmSuite.SecurityHeaderLayout = SecurityHeaderLayout.Lax; algorithmSuite.SetKeyDerivation(false); InvokeHelper.InvokeInstanceSet(algorithmSuite.GetType(), algorithmSuite, "DoNotEmitTrust", true); return(algorithmSuite); } case BasicHttpMessageCredentialType.Certificate: { algorithmSuite = SecurityBindingElement.CreateCertificateOverTransportBindingElement(wSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10); algorithmSuite.DefaultAlgorithmSuite = this.AlgorithmSuite; algorithmSuite.SecurityHeaderLayout = SecurityHeaderLayout.Lax; algorithmSuite.SetKeyDerivation(false); InvokeHelper.InvokeInstanceSet(algorithmSuite.GetType(), algorithmSuite, "DoNotEmitTrust", true); return(algorithmSuite); } } Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.DebugAssert("Unsupported basic http message credential type"); throw Microsoft.ServiceBus.Diagnostics.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException()); } algorithmSuite.DefaultAlgorithmSuite = this.AlgorithmSuite; algorithmSuite.SecurityHeaderLayout = SecurityHeaderLayout.Lax; algorithmSuite.SetKeyDerivation(false); InvokeHelper.InvokeInstanceSet(algorithmSuite.GetType(), algorithmSuite, "DoNotEmitTrust", true); return(algorithmSuite); }
internal SecurityBindingElement() : base() { _messageSecurityVersion = MessageSecurityVersion.Default; _keyEntropyMode = SecurityKeyEntropyMode.CombinedEntropy; // AcceleratedTokenProvider.defaultKeyEntropyMode; IncludeTimestamp = DefaultIncludeTimestamp; _defaultAlgorithmSuite = s_defaultDefaultAlgorithmSuite; LocalServiceSettings = new LocalServiceSecuritySettings(); EndpointSupportingTokenParameters = new SupportingTokenParameters(); OptionalEndpointSupportingTokenParameters = new SupportingTokenParameters(); _operationSupportingTokenParameters = new Dictionary <string, SupportingTokenParameters>(); _optionalOperationSupportingTokenParameters = new Dictionary <string, SupportingTokenParameters>(); _securityHeaderLayout = SecurityHeaderLayout.Strict; // SecurityProtocolFactory.defaultSecurityHeaderLayout; AllowInsecureTransport = DefaultAllowInsecureTransport; EnableUnsecuredResponse = DefaultEnableUnsecuredResponse; ProtectTokens = DefaultProtectTokens; }
public override object ConvertFrom(ITypeDescriptorContext context, System.Globalization.CultureInfo culture, object value) { if (value is string) { string version = (string)value; MessageSecurityVersion retval = null; switch (version) { case ConfigurationStrings.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11: retval = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11; break; case ConfigurationStrings.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10: retval = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10; break; case ConfigurationStrings.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10: retval = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10; break; #if DESKTOP case ConfigurationStrings.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10: retval = MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10; break; case ConfigurationStrings.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12: retval = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12; break; case ConfigurationStrings.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10: retval = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10; break; case ConfigurationStrings.Default: retval = MessageSecurityVersion.Default; break; #endif default: throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value", SR.GetString(SR.ConfigInvalidClassFactoryValue, version, typeof(MessageSecurityVersion).FullName))); } return(retval); } return(base.ConvertFrom(context, culture, value)); }
public virtual Task OnOpenAsync(TimeSpan timeout) { if (SecurityBindingElement == null) { OnPropertySettingsError(nameof(SecurityBindingElement), true); } if (SecurityTokenManager == null) { OnPropertySettingsError(nameof(SecurityTokenManager), true); } MessageSecurityVersion = _standardsManager.MessageSecurityVersion; TimeoutHelper timeoutHelper = new TimeoutHelper(timeout); _expectOutgoingMessages = ActAsInitiator || SupportsRequestReply; _expectIncomingMessages = !ActAsInitiator || SupportsRequestReply; if (!ActAsInitiator) { throw ExceptionHelper.PlatformNotSupported(); } if (DetectReplays) { if (!SupportsReplayDetection) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(nameof(DetectReplays), SR.Format(SR.SecurityProtocolCannotDoReplayDetection, this)); } if (MaxClockSkew == TimeSpan.MaxValue || ReplayWindow == TimeSpan.MaxValue) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.NoncesCachedInfinitely)); } // If DetectReplays is true and nonceCache is null then use the default InMemoryNonceCache. if (_nonceCache == null) { // The nonce needs to be cached for replayWindow + 2*clockSkew to eliminate replays _nonceCache = new InMemoryNonceCache(ReplayWindow + MaxClockSkew + MaxClockSkew, MaxCachedNonces); } } //derivedKeyTokenAuthenticator = new NonValidatingSecurityTokenAuthenticator<DerivedKeySecurityToken>(); return(Task.CompletedTask); }
public RequestSecurityToken(MessageSecurityVersion messageSecurityVersion, SecurityTokenSerializer securityTokenSerializer, XmlElement requestSecurityTokenXml, string context, string tokenType, string requestType, int keySize, SecurityKeyIdentifierClause renewTarget, SecurityKeyIdentifierClause closeTarget) : this(SecurityUtils.CreateSecurityStandardsManager(messageSecurityVersion, securityTokenSerializer), requestSecurityTokenXml, context, tokenType, requestType, keySize, renewTarget, closeTarget) { }
/// <summary> /// Creates a shallow copy of 'other'. /// </summary> /// <param name="other">The WSTrustTokenParameters to copy.</param> protected WSTrustTokenParameters(WSTrustTokenParameters other) : base(other) { foreach (var parameter in other.AdditionalRequestParameters) { AdditionalRequestParameters.Add(parameter); } CacheIssuedTokens = other.CacheIssuedTokens; foreach (var claimType in ClaimTypes) { ClaimTypes.Add(claimType); } _issuedTokenRenewalThresholdPercentage = other.IssuedTokenRenewalThresholdPercentage; KeySize = other.KeySize; _maxIssuedTokenCachingTime = other.MaxIssuedTokenCachingTime; _messageSecurityVersion = other.MessageSecurityVersion; }
public SecurityStandardsManager(MessageSecurityVersion messageSecurityVersion, SecurityTokenSerializer tokenSerializer) { if (messageSecurityVersion == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("messageSecurityVersion")); } if (tokenSerializer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenSerializer"); } _messageSecurityVersion = messageSecurityVersion; _tokenSerializer = tokenSerializer; if (messageSecurityVersion.SecureConversationVersion == SecureConversationVersion.WSSecureConversation13) { _secureConversationDriver = new WSSecureConversationDec2005.DriverDec2005(); } else { _secureConversationDriver = new WSSecureConversationFeb2005.DriverFeb2005(); } if (this.SecurityVersion == SecurityVersion.WSSecurity10 || this.SecurityVersion == SecurityVersion.WSSecurity11) { _idManager = WSSecurityJan2004.IdManager.Instance; } else { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("messageSecurityVersion", SRServiceModel.MessageSecurityVersionOutOfRange)); } _wsUtilitySpecificationVersion = WSUtilitySpecificationVersion.Default; if (messageSecurityVersion.MessageSecurityTokenVersion.TrustVersion == TrustVersion.WSTrust13) { _trustDriver = new WSTrustDec2005.DriverDec2005(this); } else { _trustDriver = new WSTrustFeb2005.DriverFeb2005(this); } }
void CallBegin(bool completedSynchronously) { IAsyncResult result = null; Exception exception = null; try { CardSpacePolicyElement[] chain; SecurityTokenManager tokenManager = credentials.CreateSecurityTokenManager(); requiresInfoCard = InfoCardHelper.IsInfocardRequired(binding, credentials, tokenManager, proxy.RemoteAddress, out chain, out relyingPartyIssuer); MessageSecurityVersion bindingSecurityVersion = InfoCardHelper.GetBindingSecurityVersionOrDefault(binding); WSSecurityTokenSerializer tokenSerializer = WSSecurityTokenSerializer.DefaultInstance; result = credentials.GetInfoCardTokenCallback.BeginInvoke(requiresInfoCard, chain, tokenManager.CreateSecurityTokenSerializer(bindingSecurityVersion.SecurityTokenVersion), callback, this); } catch (Exception e) { if (Fx.IsFatal(e)) { throw; } exception = e; } if (exception == null) { if (!result.CompletedSynchronously) { return; } this.CallEnd(result, out exception); } if (exception != null) { return; } this.CallComplete(completedSynchronously, null); }
public Collection <XmlElement> CreateRequestParameters( MessageSecurityVersion messageSecurityVersion, SecurityTokenSerializer securityTokenSerializer) { XmlDocument doc = new XmlDocument(); Collection <XmlElement> ret = new Collection <XmlElement> (); // KeyType string keyTypeUri = KeyType == SecurityKeyType.SymmetricKey ? Constants.WstSymmetricKeyTypeUri : Constants.WstAsymmetricKeyTypeUri; XmlElement kt = doc.CreateElement("t", "KeyType", Constants.WstNamespace); kt.AppendChild(doc.CreateTextNode(keyTypeUri)); ret.Add(kt); // ClaimTypes XmlElement cts = doc.CreateElement("t", "Claims", Constants.WstNamespace); foreach (ClaimTypeRequirement req in ClaimTypeRequirements) { XmlElement el = doc.CreateElement("wsid", "ClaimType", Constants.WsidNamespace); el.SetAttribute("Uri", req.ClaimType); if (req.IsOptional) { el.SetAttribute("Optional", "true"); } cts.AppendChild(el); } ret.Add(cts); // Additional parameters foreach (XmlElement el in AdditionalRequestParameters) { ret.Add(el); } return(ret); }
public override object ConvertTo(ITypeDescriptorContext context, CultureInfo culture, object value, Type destinationType) { if (!(typeof(string) == destinationType) || !(value is MessageSecurityVersion)) { return(base.ConvertTo(context, culture, value, destinationType)); } MessageSecurityVersion version = (MessageSecurityVersion)value; if (version == MessageSecurityVersion.Default) { return("Default"); } if (version == MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11) { return("WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11"); } if (version == MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10) { return("WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"); } if (version == MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10) { return("WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"); } if (version == MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10) { return("WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10"); } if (version == MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12) { return("WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12"); } if (version != MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value", System.ServiceModel.SR.GetString("ConfigInvalidClassInstanceValue", new object[] { typeof(MessageSecurityVersion).FullName }))); } return("WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10"); }
/// <summary>Initializes a new instance of the <see cref="T:System.ServiceModel.Security.Tokens.IssuedSecurityTokenParameters" /> class.</summary> /// <param name="other">The other instance of this class.</param> /// <exception cref="T:System.ArgumentNullException"> /// <paramref name="other" /> is null.</exception> protected IssuedSecurityTokenParameters(IssuedSecurityTokenParameters other) : base((SecurityTokenParameters)other) { this.defaultMessageSecurityVersion = other.defaultMessageSecurityVersion; this.issuerAddress = other.issuerAddress; this.keyType = other.keyType; this.tokenType = other.tokenType; this.keySize = other.keySize; this.useStrTransform = other.useStrTransform; foreach (XmlNode requestParameter in other.additionalRequestParameters) { this.additionalRequestParameters.Add((XmlElement)requestParameter.Clone()); } foreach (ClaimTypeRequirement claimTypeRequirement in other.claimTypeRequirements) { this.claimTypeRequirements.Add(claimTypeRequirement); } if (other.issuerBinding != null) { this.issuerBinding = (Binding) new CustomBinding(other.issuerBinding); } this.issuerMetadataAddress = other.issuerMetadataAddress; }
protected IssuedSecurityTokenParameters(IssuedSecurityTokenParameters other) : base(other) { this.additionalRequestParameters = new Collection <XmlElement>(); this.alternativeIssuerEndpoints = new Collection <AlternativeIssuerEndpoint>(); this.claimTypeRequirements = new Collection <ClaimTypeRequirement>(); this.defaultMessageSecurityVersion = other.defaultMessageSecurityVersion; this.issuerAddress = other.issuerAddress; this.keyType = other.keyType; this.tokenType = other.tokenType; this.keySize = other.keySize; foreach (XmlElement element in other.additionalRequestParameters) { this.additionalRequestParameters.Add((XmlElement)element.Clone()); } foreach (ClaimTypeRequirement requirement in other.claimTypeRequirements) { this.claimTypeRequirements.Add(requirement); } if (other.issuerBinding != null) { this.issuerBinding = new CustomBinding(other.issuerBinding); } this.issuerMetadataAddress = other.issuerMetadataAddress; }
protected IssuedSecurityTokenParameters(IssuedSecurityTokenParameters other) : base(other) { _defaultMessageSecurityVersion = other._defaultMessageSecurityVersion; _issuerAddress = other._issuerAddress; _keyType = other._keyType; _tokenType = other._tokenType; _keySize = other._keySize; _useStrTransform = other._useStrTransform; foreach (XmlElement parameter in other._additionalRequestParameters) { _additionalRequestParameters.Add((XmlElement)parameter.Clone()); } foreach (ClaimTypeRequirement c in other._claimTypeRequirements) { _claimTypeRequirements.Add(c); } if (other._issuerBinding != null) { _issuerBinding = new CustomBinding(other._issuerBinding); } _issuerMetadataAddress = other._issuerMetadataAddress; }
public virtual void OnOpen(TimeSpan timeout) { if (this.SecurityBindingElement == null) { this.OnPropertySettingsError("SecurityBindingElement", true); } if (this.SecurityTokenManager == null) { this.OnPropertySettingsError("SecurityTokenManager", true); } _messageSecurityVersion = _standardsManager.MessageSecurityVersion; TimeoutHelper timeoutHelper = new TimeoutHelper(timeout); _expectOutgoingMessages = this.ActAsInitiator || this.SupportsRequestReply; _expectIncomingMessages = !this.ActAsInitiator || this.SupportsRequestReply; if (!_actAsInitiator) { AddSupportingTokenAuthenticators(_securityBindingElement.EndpointSupportingTokenParameters, false, (IList <SupportingTokenAuthenticatorSpecification>)_channelSupportingTokenAuthenticatorSpecification); // validate the token authenticator types and create a merged map if needed. if (!_channelSupportingTokenAuthenticatorSpecification.IsReadOnly) { if (_channelSupportingTokenAuthenticatorSpecification.Count == 0) { _channelSupportingTokenAuthenticatorSpecification = EmptyTokenAuthenticators; } else { _expectSupportingTokens = true; foreach (SupportingTokenAuthenticatorSpecification tokenAuthenticatorSpec in _channelSupportingTokenAuthenticatorSpecification) { SecurityUtils.OpenTokenAuthenticatorIfRequired(tokenAuthenticatorSpec.TokenAuthenticator, timeoutHelper.RemainingTime()); if (tokenAuthenticatorSpec.SecurityTokenAttachmentMode == SecurityTokenAttachmentMode.Endorsing || tokenAuthenticatorSpec.SecurityTokenAttachmentMode == SecurityTokenAttachmentMode.SignedEndorsing) { if (tokenAuthenticatorSpec.TokenParameters.RequireDerivedKeys && !tokenAuthenticatorSpec.TokenParameters.HasAsymmetricKey) { _expectKeyDerivation = true; } } SecurityTokenAttachmentMode mode = tokenAuthenticatorSpec.SecurityTokenAttachmentMode; if (mode == SecurityTokenAttachmentMode.SignedEncrypted || mode == SecurityTokenAttachmentMode.Signed || mode == SecurityTokenAttachmentMode.SignedEndorsing) { _expectChannelSignedTokens = true; if (mode == SecurityTokenAttachmentMode.SignedEncrypted) { _expectChannelBasicTokens = true; } } if (mode == SecurityTokenAttachmentMode.Endorsing || mode == SecurityTokenAttachmentMode.SignedEndorsing) { _expectChannelEndorsingTokens = true; } } _channelSupportingTokenAuthenticatorSpecification = new ReadOnlyCollection <SupportingTokenAuthenticatorSpecification>((Collection <SupportingTokenAuthenticatorSpecification>)_channelSupportingTokenAuthenticatorSpecification); } } VerifyTypeUniqueness(_channelSupportingTokenAuthenticatorSpecification); MergeSupportingTokenAuthenticators(timeoutHelper.RemainingTime()); } if (this.DetectReplays) { if (!this.SupportsReplayDetection) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("DetectReplays", SR.Format(SR.SecurityProtocolCannotDoReplayDetection, this)); } if (this.MaxClockSkew == TimeSpan.MaxValue || this.ReplayWindow == TimeSpan.MaxValue) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.NoncesCachedInfinitely)); } // If DetectReplays is true and nonceCache is null then use the default InMemoryNonceCache. if (_nonceCache == null) { // The nonce needs to be cached for replayWindow + 2*clockSkew to eliminate replays _nonceCache = new InMemoryNonceCache(this.ReplayWindow + this.MaxClockSkew + this.MaxClockSkew, this.MaxCachedNonces); } } _derivedKeyTokenAuthenticator = new NonValidatingSecurityTokenAuthenticator <DerivedKeySecurityToken>(); }
public override bool IsSecurityVersionSupported(MessageSecurityVersion version) { return version == MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10 || version == MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12 || version == MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10; }
public override bool IsSecurityVersionSupported(MessageSecurityVersion version) { return version == MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10 || version == MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11 || version == MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10; }
public Collection<XmlElement> CreateRequestParameters ( MessageSecurityVersion messageSecurityVersion, SecurityTokenSerializer securityTokenSerializer) { XmlDocument doc = new XmlDocument (); Collection<XmlElement> ret = new Collection<XmlElement> (); // KeyType string keyTypeUri = KeyType == SecurityKeyType.SymmetricKey ? Constants.WstSymmetricKeyTypeUri : Constants.WstAsymmetricKeyTypeUri; XmlElement kt = doc.CreateElement ("t", "KeyType", Constants.WstNamespace); kt.AppendChild (doc.CreateTextNode (keyTypeUri)); ret.Add (kt); // ClaimTypes XmlElement cts = doc.CreateElement ("t", "Claims", Constants.WstNamespace); foreach (ClaimTypeRequirement req in ClaimTypeRequirements) { XmlElement el = doc.CreateElement ("wsid", "ClaimType", Constants.WsidNamespace); el.SetAttribute ("Uri", req.ClaimType); if (req.IsOptional) el.SetAttribute ("Optional", "true"); cts.AppendChild (el); } ret.Add (cts); // Additional parameters foreach (XmlElement el in AdditionalRequestParameters) ret.Add (el); return ret; }