protected override System.ServiceModel.Channels.SecurityBindingElement CreateMessageSecurity() { if (Security.Mode == SecurityMode.Transport || Security.Mode == SecurityMode.None) { return(null); } var element = new System.ServiceModel.Channels.SymmetricSecurityBindingElement(); element.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10; element.RequireSignatureConfirmation = true; switch (Security.Message.ClientCredentialType) { case MessageCredentialType.Certificate: var p = new System.ServiceModel.Security.Tokens.X509SecurityTokenParameters(System.ServiceModel.Security.Tokens.X509KeyIdentifierClauseType.Thumbprint); p.RequireDerivedKeys = false; element.EndpointSupportingTokenParameters.Endorsing.Add(p); goto default; case MessageCredentialType.IssuedToken: var istp = new System.ServiceModel.Security.Tokens.IssuedSecurityTokenParameters(); istp.IssuerBinding = new System.ServiceModel.Channels.CustomBinding(new System.ServiceModel.Channels.TextMessageEncodingBindingElement(), GetTransport()); element.EndpointSupportingTokenParameters.Endorsing.Add(istp); goto default; case MessageCredentialType.UserName: element.EndpointSupportingTokenParameters.SignedEncrypted.Add(new System.ServiceModel.Security.Tokens.UserNameSecurityTokenParameters()); element.RequireSignatureConfirmation = false; goto default; case MessageCredentialType.Windows: if (Security.Message.NegotiateServiceCredential) { element.ProtectionTokenParameters = new System.ServiceModel.Security.Tokens.SspiSecurityTokenParameters(); } else { element.ProtectionTokenParameters = new System.ServiceModel.Security.Tokens.KerberosSecurityTokenParameters(); } break; default: if (Security.Message.NegotiateServiceCredential) { element.ProtectionTokenParameters = new System.ServiceModel.Security.Tokens.SslSecurityTokenParameters(false, true); } else { element.ProtectionTokenParameters = new System.ServiceModel.Security.Tokens.X509SecurityTokenParameters(System.ServiceModel.Security.Tokens.X509KeyIdentifierClauseType.Thumbprint, System.ServiceModel.Security.Tokens.SecurityTokenInclusionMode.Never); element.ProtectionTokenParameters.RequireDerivedKeys = true; } break; } if (!Security.Message.EstablishSecurityContext) { return(element); } var reqs = new System.ServiceModel.Security.ChannelProtectionRequirements(); return(System.ServiceModel.Channels.SecurityBindingElement.CreateSecureConversationBindingElement(element, true, reqs)); }
/// <summary> /// Cria um binding para comunicação. /// </summary> /// <param name="securityMode">Modo de segurança.</param> /// <param name="requireClientCertificates"></param> /// <returns></returns> public static System.ServiceModel.Channels.Binding CreateBinding(SecurityMode securityMode, bool requireClientCertificates) { WSHttpBinding binding = new WSHttpBinding(securityMode); binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None; binding.ReaderQuotas = System.Xml.XmlDictionaryReaderQuotas.Max; binding.MaxReceivedMessageSize = System.Xml.XmlDictionaryReaderQuotas.Max.MaxStringContentLength; System.ServiceModel.Channels.Binding binding2 = binding; if ((securityMode == SecurityMode.Transport) && requireClientCertificates) { binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate; System.ServiceModel.Channels.BindingElementCollection bindingElementsInTopDownChannelStackOrder = binding.CreateBindingElements(); var item = new System.ServiceModel.Channels.TransportSecurityBindingElement(); System.ServiceModel.Security.Tokens.X509SecurityTokenParameters parameters = new System.ServiceModel.Security.Tokens.X509SecurityTokenParameters(); parameters.InclusionMode = System.ServiceModel.Security.Tokens.SecurityTokenInclusionMode.AlwaysToRecipient; item.EndpointSupportingTokenParameters.Endorsing.Add(parameters); bindingElementsInTopDownChannelStackOrder.Insert(bindingElementsInTopDownChannelStackOrder.Count - 1, item); binding2 = new System.ServiceModel.Channels.CustomBinding(bindingElementsInTopDownChannelStackOrder); } return(binding2); }