internal void InitializeFrom(NonDualMessageSecurityOverHttp security)
{
base.InitializeFrom(security);
if (!security.EstablishSecurityContext)
{
this.EstablishSecurityContext = security.EstablishSecurityContext;
}
}
public IApiService Build()
{
var path = Uri.UnescapeDataString(new UriBuilder(Assembly.GetExecutingAssembly().CodeBase).Path);
var rootPath = Path.GetDirectoryName(path);
string certificateFilePath;
switch (_transmittalEnvironment.TransmissionMode)
{
case ETransmissionMode.Test:
certificateFilePath = $@"{rootPath}\Certificates\TestEnvironmentCertificate.CER";
break;
case ETransmissionMode.Production:
certificateFilePath = $@"{rootPath}\Certificates\ProductionEnvironmentCertificate.CER";
break;
case ETransmissionMode.OnlyValidate:
return(new ApiServiceClientMock(_transmittalEnvironment.SetupMockParameters));
default:
throw new ArgumentOutOfRangeException();
}
var binding = new WSHttpBinding(SecurityMode.Message);
var message = new NonDualMessageSecurityOverHttp
{
ClientCredentialType = MessageCredentialType.UserName,
NegotiateServiceCredential = false,
EstablishSecurityContext = false
};
binding.Security.Message = message;
var certificate = new X509Certificate2(X509Certificate.CreateFromCertFile(certificateFilePath));
var uri = new Uri(_transmittalEnvironment.EndpointUrl);
var endpointAddress = new EndpointAddress(uri, EndpointIdentity.CreateX509CertificateIdentity(certificate));
var service = new ApiServiceClient(binding, endpointAddress);
if (service.ClientCredentials == null)
{
throw new ArgumentNullException();
}
service.ClientCredentials.UserName.UserName = _transmittalEnvironment.Username;
service.ClientCredentials.UserName.Password = Crypter.DecryptString(_transmittalEnvironment.Password);
return(service);
}
public void DefaultValues()
{
WSHttpBinding b = new WSHttpBinding();
// common tests
DefaultValues(b, "http");
// WSHttpSecurity
WSHttpSecurity sec = b.Security;
Assert.IsNotNull(sec, "#2-1");
Assert.AreEqual(SecurityMode.Message, sec.Mode, "#2-2");
// Security.Message
NonDualMessageSecurityOverHttp msg = sec.Message;
Assert.IsNotNull(msg, "#2-3");
Assert.AreEqual(true, msg.EstablishSecurityContext, "#2-3-1");
Assert.AreEqual(SecurityAlgorithmSuite.Default,
msg.AlgorithmSuite, "#2-3-2");
// it is not worthy of test, just for checking default value.
Assert.AreEqual(MessageCredentialType.Windows,
msg.ClientCredentialType, "#2-3-3");
Assert.AreEqual(true, msg.NegotiateServiceCredential, "#2-3-4");
// FIXME: test Security.Transport
Assert.IsNotNull(sec.Transport, "#2-4");
// Binding elements
BindingElementCollection bec = b.CreateBindingElements();
Assert.AreEqual(4, bec.Count, "#5-1");
Assert.AreEqual(typeof(TransactionFlowBindingElement),
bec [0].GetType(), "#5-2");
Assert.AreEqual(typeof(SymmetricSecurityBindingElement),
bec [1].GetType(), "#5-3");
Assert.AreEqual(typeof(TextMessageEncodingBindingElement),
bec [2].GetType(), "#5-4");
Assert.AreEqual(typeof(HttpTransportBindingElement),
bec [3].GetType(), "#5-5");
}
internal void ApplyConfiguration(NonDualMessageSecurityOverHttp security)
{
base.ApplyConfiguration(security);
security.EstablishSecurityContext = EstablishSecurityContext;
}
/// <summary>
/// 创建MSHttpBindding
/// </summary>
/// <param name="serviceName"></param>
/// <param name="serviceUrl"></param>
/// <param name="securityMode"></param>
/// <param name="servicespace"></param>
/// <returns></returns>
private static WSHttpBinding CreateBindding(string serviceName, SecurityMode securityMode, string servicespace)
{
string bindingName = servicespace + "," + securityMode.GetHashCode().ToString() + "," + serviceName.ToString();
if (HttpRuntime.Cache[bindingName] != null)
{
return((WSHttpBinding)HttpRuntime.Cache[bindingName]);
}
lock (lockObj)
{
if (HttpRuntime.Cache[bindingName] != null)
{
return((WSHttpBinding)HttpRuntime.Cache[bindingName]);
}
WSHttpBinding ws = new WSHttpBinding();
//基本配置
ws.Security.Mode = securityMode;
ws.Namespace = servicespace;
ws.TransactionFlow = false;
ws.ReliableSession.Enabled = false;
ws.AllowCookies = false;
//使用代理
ws.BypassProxyOnLocal = false;
ws.CloseTimeout = TimeSpan.FromMinutes(1);
ws.OpenTimeout = TimeSpan.FromMinutes(1);
ws.ReceiveTimeout = TimeSpan.FromMinutes(10);
ws.SendTimeout = TimeSpan.FromMinutes(60);
ws.HostNameComparisonMode = HostNameComparisonMode.StrongWildcard;
ws.MaxBufferPoolSize = 10485760;
ws.MaxReceivedMessageSize = 2048576000;
ws.MessageEncoding = WSMessageEncoding.Text;
ws.UseDefaultWebProxy = true;
ws.TextEncoding = Encoding.UTF8;
//XmlDictionaryReaderQuotas ,一定要引用 System.Runtime.Serialization,才有这些属性值
//抵御某种类型的拒绝服务 (DoS) 攻击
ws.ReaderQuotas.MaxStringContentLength = 2048576000;
ws.ReaderQuotas.MaxArrayLength = 20485760;
ws.ReaderQuotas.MaxDepth = 32;
//传输级安全
HttpTransportSecurity hts = ws.Security.Transport;
hts.ClientCredentialType = HttpClientCredentialType.Windows;
hts.ProxyCredentialType = HttpProxyCredentialType.None;
hts.Realm = "";
//消息级安全
NonDualMessageSecurityOverHttp ndms = ws.Security.Message;
ndms.AlgorithmSuite = System.ServiceModel.Security.SecurityAlgorithmSuite.Default;
ndms.ClientCredentialType = MessageCredentialType.Windows;
ndms.EstablishSecurityContext = true;
ndms.NegotiateServiceCredential = true;
return(ws);
}
}
internal WSHttpSecurity(SecurityMode mode)
{
this.Mode = mode;
message = new NonDualMessageSecurityOverHttp();
transport = new HttpTransportSecurity();
}
internal void InitializeFrom(NonDualMessageSecurityOverHttp security)
{
base.InitializeFrom(security);
SetPropertyValueIfNotDefaultValue(ConfigurationStrings.EstablishSecurityContext, security.EstablishSecurityContext);
}
public static List <WSHttpBinding> GetWsHttpBindings(string exeConfigPath)
{
if (string.IsNullOrWhiteSpace(exeConfigPath))
{
return(null);
}
var svcSection = Read.Config.ExeConfig.GetServiceModelSection(exeConfigPath);
var configs = new List <WSHttpBinding>();
foreach (
var section in
svcSection.Bindings.WSHttpBinding.ConfiguredBindings
.Cast <WSHttpBindingElement>())
{
var df = new WSHttpBinding();
var binding = new WSHttpBinding
{
Name = section.Name,
MaxBufferPoolSize = section.MaxBufferPoolSize > 0 ? section.MaxBufferPoolSize : df.MaxBufferPoolSize,
MaxReceivedMessageSize = section.MaxReceivedMessageSize > 0 ? section.MaxReceivedMessageSize : df.MaxReceivedMessageSize,
CloseTimeout = section.CloseTimeout != TimeSpan.Zero ? section.CloseTimeout : df.CloseTimeout,
OpenTimeout = section.OpenTimeout != TimeSpan.Zero ? section.OpenTimeout : df.OpenTimeout,
SendTimeout = section.SendTimeout != TimeSpan.Zero ? section.SendTimeout : df.SendTimeout,
ReceiveTimeout =
section.ReceiveTimeout != TimeSpan.Zero ? section.ReceiveTimeout : df.ReceiveTimeout,
TextEncoding = section.TextEncoding ?? df.TextEncoding,
MessageEncoding = section.MessageEncoding,
AllowCookies = section.AllowCookies,
BypassProxyOnLocal = section.BypassProxyOnLocal,
TransactionFlow = section.TransactionFlow,
HostNameComparisonMode = section.HostNameComparisonMode,
UseDefaultWebProxy = section.UseDefaultWebProxy,
};
var readerQuotasSection = section.ReaderQuotas;
var readerQuotas = new System.Xml.XmlDictionaryReaderQuotas();
if (readerQuotasSection != null && readerQuotasSection.MaxDepth > 0)
{
readerQuotas.MaxDepth = readerQuotasSection.MaxDepth;
readerQuotas.MaxStringContentLength = readerQuotasSection.MaxStringContentLength;
readerQuotas.MaxArrayLength = readerQuotasSection.MaxArrayLength;
readerQuotas.MaxBytesPerRead = readerQuotasSection.MaxBytesPerRead;
readerQuotas.MaxNameTableCharCount = readerQuotasSection.MaxNameTableCharCount;
}
else
{
readerQuotas = null;
}
var reliableSessionSection = section.ReliableSession;
var dfRss = new OptionalReliableSession();
var reliableSession = new OptionalReliableSession
{
Enabled = reliableSessionSection.Enabled,
Ordered = reliableSessionSection.Ordered,
InactivityTimeout =
reliableSessionSection.InactivityTimeout != TimeSpan.Zero
? reliableSessionSection.InactivityTimeout
: dfRss.InactivityTimeout,
};
var messageSection = section.Security.Message;
var message = new NonDualMessageSecurityOverHttp
{
EstablishSecurityContext = messageSection.EstablishSecurityContext,
ClientCredentialType = messageSection.ClientCredentialType,
NegotiateServiceCredential = messageSection.NegotiateServiceCredential,
AlgorithmSuite = messageSection.AlgorithmSuite
};
var transportSection = section.Security.Transport;
var transport = new HttpTransportSecurity
{
ClientCredentialType = transportSection.ClientCredentialType,
ProxyCredentialType = transportSection.ProxyCredentialType
};
var wsHttpSecuritySection = section.Security;
var wsHttpSecurity = new WSHttpSecurity
{
Mode = wsHttpSecuritySection.Mode,
Transport = transport,
Message = message
};
;
binding.Security = wsHttpSecurity;
if (readerQuotas != null)
{
binding.ReaderQuotas = readerQuotas;
}
binding.ReliableSession = reliableSession;
configs.Add(binding);
}
return(configs);
}
