public override XmlElement CreateWsspRsaTokenAssertion(RsaSecurityTokenParameters parameters) { XmlElement tokenAssertion = this.CreateWsspAssertion("KeyValueToken"); this.SetIncludeTokenValue(tokenAssertion, parameters.InclusionMode); return(tokenAssertion); }
protected virtual SecurityBindingElement ApplyMessageSecurity(SecurityBindingElement securityBindingElement) { if (securityBindingElement == null) { throw new ArgumentNullException(nameof(securityBindingElement)); } if (TrustVersion.WSTrustFeb2005 == _trustVersion) { securityBindingElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10; } else { securityBindingElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10; } if (_enableRsaProofKeys) { RsaSecurityTokenParameters item = new RsaSecurityTokenParameters { InclusionMode = SecurityTokenInclusionMode.Never, RequireDerivedKeys = false }; securityBindingElement.OptionalEndpointSupportingTokenParameters.Endorsing.Add(item); } return(securityBindingElement); }
public override XmlElement CreateWsspRsaTokenAssertion(RsaSecurityTokenParameters parameters) { XmlElement result = CreateWsspAssertion(KeyValueTokenName); SetIncludeTokenValue(result, parameters.InclusionMode); return(result); }
public override bool TryImportWsspRsaTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters) { SecurityTokenInclusionMode mode; Collection <Collection <XmlElement> > collection; parameters = null; if ((this.IsWsspAssertion(assertion, "KeyValueToken") && this.TryGetIncludeTokenValue(assertion, out mode)) && !this.TryGetNestedPolicyAlternatives(importer, assertion, out collection)) { parameters = new RsaSecurityTokenParameters(); parameters.InclusionMode = mode; } return(parameters != null); }
public override bool TryImportWsspRsaTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters) { parameters = null; SecurityTokenInclusionMode inclusionMode; Collection <Collection <XmlElement> > alternatives; if (IsWsspAssertion(assertion, KeyValueTokenName) && TryGetIncludeTokenValue(assertion, out inclusionMode) && TryGetNestedPolicyAlternatives(importer, assertion, out alternatives) == false) { parameters = new RsaSecurityTokenParameters(); parameters.InclusionMode = inclusionMode; } return(parameters != null); }
private static ServiceHost StartSTS(Type type, string stsLabel, Uri baseAddress, Uri baseMexAddress) { // Create the service host Uri stsAddress = new Uri(baseAddress.AbsoluteUri + "/" + stsLabel); ServiceHost serviceHost = new ServiceHost(type, stsAddress); // Don't require derived keys for the issue method ServiceEndpoint stsEndpoint = serviceHost.Description.Endpoints.Find(typeof(nl.telin.authep.sts.IWSTrustContract)); BindingElementCollection bindingElements = stsEndpoint.Binding.CreateBindingElements(); SecurityBindingElement sbe = bindingElements.Find <SecurityBindingElement>(); RsaSecurityTokenParameters rsaParams = new RsaSecurityTokenParameters(); rsaParams.InclusionMode = SecurityTokenInclusionMode.Never; rsaParams.RequireDerivedKeys = false; SupportingTokenParameters requirements = new SupportingTokenParameters(); requirements.Endorsing.Add(rsaParams); sbe.OptionalOperationSupportingTokenParameters.Add(nl.telin.authep.sts.Constants.WSTrust.Actions.Issue, requirements); stsEndpoint.Binding = new CustomBinding(bindingElements); serviceHost.Credentials.ServiceCertificate.Certificate = SigningCertificate; // Add an https mex listener string mexAddress = baseMexAddress.AbsoluteUri + "/" + stsLabel + "/mex"; serviceHost.AddServiceEndpoint(ServiceMetadataBehavior.MexContractName, MetadataExchangeBindings.CreateMexHttpsBinding(), mexAddress); // Disable CRL serviceHost.Credentials.IssuedTokenAuthentication.RevocationMode = X509RevocationMode.NoCheck; // Open the service serviceHost.Open(); // Display the endpoints foreach (ChannelDispatcher cd in serviceHost.ChannelDispatchers) { foreach (EndpointDispatcher ed in cd.Endpoints) { Console.WriteLine("Listener = {0}, State = {1}", ed.EndpointAddress.ToString(), cd.State.ToString()); } } return(serviceHost); }
public void GetPropertySecurityCapabilities() { ISecurityCapabilities c; RsaSecurityTokenParameters rsa = new RsaSecurityTokenParameters(); UserNameSecurityTokenParameters user = new UserNameSecurityTokenParameters(); X509SecurityTokenParameters x509 = new X509SecurityTokenParameters(); SecureConversationSecurityTokenParameters sc1 = new SecureConversationSecurityTokenParameters(); sc1.BootstrapSecurityBindingElement = new SymmetricSecurityBindingElement(); // empty SecureConversationSecurityTokenParameters sc2 = new SecureConversationSecurityTokenParameters(); sc2.BootstrapSecurityBindingElement = new SymmetricSecurityBindingElement(x509); SecureConversationSecurityTokenParameters sc3 = new SecureConversationSecurityTokenParameters(); sc3.BootstrapSecurityBindingElement = new AsymmetricSecurityBindingElement(null, x509); SecureConversationSecurityTokenParameters sc4 = new SecureConversationSecurityTokenParameters(); sc4.BootstrapSecurityBindingElement = new AsymmetricSecurityBindingElement(x509, null); // no parameters c = GetSecurityCapabilities( new SymmetricSecurityBindingElement()); AssertSecurityCapabilities( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, false, false, false, c, "#1"); // x509 parameters for both c = GetSecurityCapabilities( new SymmetricSecurityBindingElement(x509)); AssertSecurityCapabilities( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, true, true, true, c, "#2"); // no initiator parameters c = GetSecurityCapabilities( new AsymmetricSecurityBindingElement(x509, null)); AssertSecurityCapabilities( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, false, false, true, c, "#3"); // no recipient parameters c = GetSecurityCapabilities( new AsymmetricSecurityBindingElement(null, x509)); AssertSecurityCapabilities( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, true, true, false, c, "#4"); // initiator does not support identity c = GetSecurityCapabilities( new AsymmetricSecurityBindingElement(x509, rsa)); AssertSecurityCapabilities( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, true, false, true, c, "#5"); // recipient does not support server auth c = GetSecurityCapabilities( new AsymmetricSecurityBindingElement(user, x509)); AssertSecurityCapabilities( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, true, true, false, c, "#6"); // secureconv with no symm. bootstrap params c = GetSecurityCapabilities( new SymmetricSecurityBindingElement(sc1)); AssertSecurityCapabilities( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, false, false, false, c, "#7"); // secureconv with x509 symm. bootstrap params c = GetSecurityCapabilities( new SymmetricSecurityBindingElement(sc2)); AssertSecurityCapabilities( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, true, true, true, c, "#8"); // secureconv with x509 initiator bootstrap params c = GetSecurityCapabilities( new SymmetricSecurityBindingElement(sc3)); AssertSecurityCapabilities( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, true, true, false, c, "#9"); // secureconv with x509 recipient bootstrap params c = GetSecurityCapabilities( new SymmetricSecurityBindingElement(sc4)); AssertSecurityCapabilities( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, false, false, true, c, "#10"); // FIXME: find out such cases that returns other ProtectionLevel values. }