public void MessageSecurityUserName() { WSHttpBinding binding = new WSHttpBinding(); binding.Security.Message.NegotiateServiceCredential = false; binding.Security.Message.EstablishSecurityContext = false; binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName; SymmetricSecurityBindingElement sbe = binding.CreateBindingElements().Find <SymmetricSecurityBindingElement> (); Assert.IsNotNull(sbe, "#1"); Assert.AreEqual(false, sbe.RequireSignatureConfirmation, "#1-2"); X509SecurityTokenParameters sp = sbe.ProtectionTokenParameters as X509SecurityTokenParameters; Assert.IsNotNull(sp, "#2"); Assert.AreEqual(SecurityTokenReferenceStyle.Internal, sp.ReferenceStyle, "#3"); Assert.AreEqual(SecurityTokenInclusionMode.Never, sp.InclusionMode, "#4"); UserNameSecurityTokenParameters up = sbe.EndpointSupportingTokenParameters.SignedEncrypted [0] as UserNameSecurityTokenParameters; Assert.AreEqual(SecurityTokenReferenceStyle.Internal, up.ReferenceStyle, "#5"); Assert.AreEqual(SecurityTokenInclusionMode.AlwaysToRecipient, up.InclusionMode, "#6"); }
public void CreateUserNameForSslBindingElement() { SymmetricSecurityBindingElement be = SecurityBindingElement.CreateUserNameForSslBindingElement(); SecurityAssert.AssertSymmetricSecurityBindingElement( SecurityAlgorithmSuite.Default, true, // IncludeTimestamp SecurityKeyEntropyMode.CombinedEntropy, MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature, MessageSecurityVersion.Default, false, // RequireSignatureConfirmation SecurityHeaderLayout.Strict, // EndpointSupportingTokenParameters: endorsing, signed, signedEncrypted, signedEndorsing (by count) 0, 0, 1, 0, // ProtectionTokenParameters true, SecurityTokenInclusionMode.AlwaysToRecipient, SecurityTokenReferenceStyle.Internal, true, // LocalClientSettings true, 60, true, be, ""); UserNameSecurityTokenParameters up = be.EndpointSupportingTokenParameters.SignedEncrypted [0] as UserNameSecurityTokenParameters; // FIXME: test it // FIXME: test ProtectionTokenParameters }
// this method reverses CreateMutualCertificateBindingElement() logic internal static bool IsUserNameOverTransportBinding(SecurityBindingElement sbe) { // do not check local settings: sbe.LocalServiceSettings and sbe.LocalClientSettings if (!sbe.IncludeTimestamp) { return(false); } if (!(sbe is TransportSecurityBindingElement)) { return(false); } SupportingTokenParameters parameters = sbe.EndpointSupportingTokenParameters; if (parameters.Signed.Count != 0 || parameters.SignedEncrypted.Count != 1 || parameters.Endorsing.Count != 0 || parameters.SignedEndorsing.Count != 0) { return(false); } UserNameSecurityTokenParameters userNameParameters = parameters.SignedEncrypted[0] as UserNameSecurityTokenParameters; if (userNameParameters == null) { return(false); } return(true); }
/// <summary> /// /// </summary> /// <param name="accountCredentials"></param> /// <returns>A disposable object you should wrap in using() statement</returns> public static DocuSignWeb.APIServiceSoap CreateApiProxy(AccountCredentials accountCredentials) { #if true // the envelope is finally constructed we are ready to send it in DocuSignWeb.APIServiceSoapClient apiService = new DocuSignWeb.APIServiceSoapClient("APIServiceSoap", accountCredentials.ApiUrl); apiService.ClientCredentials.UserName.UserName = accountCredentials.UserName; apiService.ClientCredentials.UserName.Password = accountCredentials.Password; return(apiService); #else // this is a security token configuration // this is required for certain calls like RequestRecipientToken // you need to get a certificate from Thawte or VeriSign first and install it DocuSignWeb.APIServiceSoapClient apiService = new DocuSignWeb.APIServiceSoapClient("APIServiceSoap1", accountCredentials.ApiUrl); apiService.ClientCredentials.UserName.UserName = "******" + ConfigurationManager.AppSettings["IntegratorsKey"] + "]" + ConfigurationManager.AppSettings["APIUserEmail"]; apiService.ClientCredentials.UserName.Password = ConfigurationManager.AppSettings["Password"]; // // need to add the supporting token since DocuSign uses dual authentication for // for critical calls CustomBinding binding = (CustomBinding)apiService.Endpoint.Binding; BindingElementCollection elements = binding.CreateBindingElements(); SecurityBindingElement security = elements.Find <SecurityBindingElement>(); UserNameSecurityTokenParameters tokenParameters = new UserNameSecurityTokenParameters(); tokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient; tokenParameters.RequireDerivedKeys = false; security.EndpointSupportingTokenParameters.SignedEncrypted.Add( tokenParameters); apiService.Endpoint.Binding = new CustomBinding(elements.ToArray());; return(apiService); #endif }
CreateUserNameForSslBindingElement(bool requireCancellation) { SymmetricSecurityBindingElement be = new SymmetricSecurityBindingElement(); be.ProtectionTokenParameters = CreateProtectionTokenParameters(false); UserNameSecurityTokenParameters utp = new UserNameSecurityTokenParameters(); be.EndpointSupportingTokenParameters.SignedEncrypted.Add(utp); return(be); }
CreateUserNameForCertificateBindingElement() { SymmetricSecurityBindingElement be = new SymmetricSecurityBindingElement(); be.ProtectionTokenParameters = CreateProtectionTokenParameters(true); UserNameSecurityTokenParameters utp = new UserNameSecurityTokenParameters(); be.EndpointSupportingTokenParameters.SignedEncrypted.Add(utp); return(be); }
private SecurityBindingElement CreateSecurityBindingElement() { // Create an issued token parameters object. IssuedSecurityTokenParameters issuedSecTok = new IssuedSecurityTokenParameters(); // Create a security binding element with the parameter object. SymmetricSecurityBindingElement secBindingEle = SecurityBindingElement.CreateIssuedTokenBindingElement(issuedSecTok); // Create a Kerberos token parameter object and set the inclusion // mode to AlwaysToRecipient. Add the object as an endorsing token for // all operations of the endpoint. KerberosSecurityTokenParameters kstp = new KerberosSecurityTokenParameters(); kstp.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient; secBindingEle.EndpointSupportingTokenParameters.Endorsing.Add(kstp); // Create a username token parameter object and set its // RequireDerivedKeys to false. UserNameSecurityTokenParameters userNameParams = new UserNameSecurityTokenParameters(); userNameParams.RequireDerivedKeys = false; // Create a collection object for supporting tokens. SupportingTokenParameters stp = new SupportingTokenParameters(); // Add the previously created supporting tokens. stp.Endorsing.Add(issuedSecTok); stp.SignedEncrypted.Add(userNameParams); // Create a generic dictionary item, a KeyValuePair object // that includes all supporting token parameters. Then add // it to the dictionary for operation-scope supporting tokens. KeyValuePair <string, SupportingTokenParameters> x = new KeyValuePair <string, SupportingTokenParameters>("1", stp); secBindingEle.OperationSupportingTokenParameters.Add(x); // See all dictionary items for the supporting tokens. Console.WriteLine("Reading Kevalue pairs"); foreach (KeyValuePair <string, SupportingTokenParameters> kvp in secBindingEle.OperationSupportingTokenParameters) { Console.WriteLine("{0}: {1}", kvp.Key, kvp.Value); } Console.ReadLine(); return(secBindingEle); }
public static void Main() { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement(); //sbe.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10; //sbe.RequireSignatureConfirmation = true; sbe.ProtectionTokenParameters = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.Never); UserNameSecurityTokenParameters p = new UserNameSecurityTokenParameters(); p.RequireDerivedKeys = false; sbe.EndpointSupportingTokenParameters.SignedEncrypted.Add(p); //sbe.EndpointSupportingTokenParameters.Signed.Add (p); ServiceHost host = new ServiceHost(typeof(Foo)); HttpTransportBindingElement hbe = new HttpTransportBindingElement(); CustomBinding binding = new CustomBinding(sbe, hbe); binding.ReceiveTimeout = TimeSpan.FromSeconds(5); host.AddServiceEndpoint("IFoo", binding, new Uri("http://localhost:8080")); ServiceCredentials cred = new ServiceCredentials(); cred.ServiceCertificate.Certificate = new X509Certificate2("test.pfx", "mono"); cred.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom; cred.UserNameAuthentication.CustomUserNamePasswordValidator = new GodUserNamePasswordValidator(); host.Description.Behaviors.Add(cred); host.Description.Behaviors.Find <ServiceDebugBehavior> () .IncludeExceptionDetailInFaults = true; foreach (ServiceEndpoint se in host.Description.Endpoints) { se.Behaviors.Add(new StdErrInspectionBehavior()); } ServiceMetadataBehavior smb = new ServiceMetadataBehavior(); smb.HttpGetEnabled = true; smb.HttpGetUrl = new Uri("http://localhost:8080/wsdl"); host.Description.Behaviors.Add(smb); host.Open(); Console.WriteLine("Hit [CR] key to close ..."); Console.ReadLine(); host.Close(); }
static void Run() { AsymmetricSecurityBindingElement sbe = new AsymmetricSecurityBindingElement(); //sbe.SecurityHeaderLayout = SecurityHeaderLayout.Lax; //sbe.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11; //sbe.RequireSignatureConfirmation = true; //sbe.LocalClientSettings.DetectReplays = false; //sbe.IncludeTimestamp = false; X509SecurityTokenParameters p = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.IssuerSerial, SecurityTokenInclusionMode.AlwaysToRecipient); p.RequireDerivedKeys = false; //sbe.EndpointSupportingTokenParameters.Endorsing.Add (p); UserNameSecurityTokenParameters up = new UserNameSecurityTokenParameters(); sbe.EndpointSupportingTokenParameters.Signed.Add(up); sbe.RecipientTokenParameters = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.Never); sbe.InitiatorTokenParameters = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.AlwaysToRecipient); sbe.SetKeyDerivation(false); sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; HttpTransportBindingElement hbe = new HttpTransportBindingElement(); CustomBinding binding = new CustomBinding(new XBE(), sbe, hbe); X509Certificate2 cert = new X509Certificate2("test.pfx", "mono"); X509Certificate2 cert2 = new X509Certificate2("test2.pfx", "mono"); FooProxy proxy = new FooProxy(binding, new EndpointAddress(new Uri("http://localhost:8080"), new X509CertificateEndpointIdentity(cert))); //proxy.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; proxy.ClientCredentials.UserName.UserName = "******"; proxy.ClientCredentials.ClientCertificate.Certificate = cert2; proxy.Endpoint.Behaviors.Add(new StdErrInspectionBehavior()); proxy.Open(); Console.WriteLine(proxy.Echo("TEST FOR ECHO")); }
public static APIServiceSoap CreateApiProxy(Account Identity, string password) { #if true // the envelope is finally constructed we are ready to send it in AccountCredentials accountCredentials = new AccountCredentials(); //If there are many accounts then the firet one is chosen for sending accountCredentials.AccountId = Identity.AccountID; accountCredentials.ApiUrl = "https://demo.docusign.net/api/3.0/api.asmx"; APIServiceSoapClient apiService = new APIServiceSoapClient("APIServiceSoap", accountCredentials.ApiUrl); apiService.ClientCredentials.UserName.UserName = Identity.UserID; apiService.ClientCredentials.UserName.Password = password; return(apiService); #else // this is a security token configuration // this is required for certain calls like RequestRecipientToken // you need to get a certificate from Thawte or VeriSign first and install it DocuSignWeb.APIServiceSoapClient apiService = new DocuSignWeb.APIServiceSoapClient("APIServiceSoap1", accountCredentials.ApiUrl); apiService.ClientCredentials.UserName.UserName = ConfigurationManager.AppSettings["APIUserName"]; apiService.ClientCredentials.UserName.Password = ConfigurationManager.AppSettings["Password"]; // // need to add the supporting token since DocuSign uses dual authentication for // for critical calls CustomBinding binding = (CustomBinding)apiService.Endpoint.Binding; BindingElementCollection elements = binding.CreateBindingElements(); SecurityBindingElement security = elements.Find <SecurityBindingElement>(); UserNameSecurityTokenParameters tokenParameters = new UserNameSecurityTokenParameters(); tokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient; tokenParameters.RequireDerivedKeys = false; security.EndpointSupportingTokenParameters.SignedEncrypted.Add( tokenParameters); apiService.Endpoint.Binding = new CustomBinding(elements.ToArray());; return(apiService); #endif }
static void Run() { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement(); UserNameSecurityTokenParameters p = new UserNameSecurityTokenParameters(); p.RequireDerivedKeys = false; sbe.EndpointSupportingTokenParameters.SignedEncrypted.Add(p); sbe.ProtectionTokenParameters = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.Never); HttpTransportBindingElement hbe = new HttpTransportBindingElement(); CustomBinding binding = new CustomBinding(new XBE(), sbe, hbe); X509Certificate2 cert = new X509Certificate2("test.pfx", "mono"); FooProxy proxy = new FooProxy(binding, new EndpointAddress(new Uri("http://localhost:8080"), new X509CertificateEndpointIdentity(cert))); proxy.ClientCredentials.UserName.UserName = "******"; proxy.Endpoint.Behaviors.Add(new StdErrInspectionBehavior()); proxy.Open(); Console.WriteLine(proxy.Echo("TEST FOR ECHO")); }
protected UserNameSecurityTokenParameters(UserNameSecurityTokenParameters other) : base(other) { base.RequireDerivedKeys = false; }
public void GetPropertySecurityCapabilities() { ISecurityCapabilities c; RsaSecurityTokenParameters rsa = new RsaSecurityTokenParameters(); UserNameSecurityTokenParameters user = new UserNameSecurityTokenParameters(); X509SecurityTokenParameters x509 = new X509SecurityTokenParameters(); SecureConversationSecurityTokenParameters sc1 = new SecureConversationSecurityTokenParameters(); sc1.BootstrapSecurityBindingElement = new SymmetricSecurityBindingElement(); // empty SecureConversationSecurityTokenParameters sc2 = new SecureConversationSecurityTokenParameters(); sc2.BootstrapSecurityBindingElement = new SymmetricSecurityBindingElement(x509); SecureConversationSecurityTokenParameters sc3 = new SecureConversationSecurityTokenParameters(); sc3.BootstrapSecurityBindingElement = new AsymmetricSecurityBindingElement(null, x509); SecureConversationSecurityTokenParameters sc4 = new SecureConversationSecurityTokenParameters(); sc4.BootstrapSecurityBindingElement = new AsymmetricSecurityBindingElement(x509, null); // no parameters c = GetSecurityCapabilities( new SymmetricSecurityBindingElement()); AssertSecurityCapabilities( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, false, false, false, c, "#1"); // x509 parameters for both c = GetSecurityCapabilities( new SymmetricSecurityBindingElement(x509)); AssertSecurityCapabilities( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, true, true, true, c, "#2"); // no initiator parameters c = GetSecurityCapabilities( new AsymmetricSecurityBindingElement(x509, null)); AssertSecurityCapabilities( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, false, false, true, c, "#3"); // no recipient parameters c = GetSecurityCapabilities( new AsymmetricSecurityBindingElement(null, x509)); AssertSecurityCapabilities( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, true, true, false, c, "#4"); // initiator does not support identity c = GetSecurityCapabilities( new AsymmetricSecurityBindingElement(x509, rsa)); AssertSecurityCapabilities( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, true, false, true, c, "#5"); // recipient does not support server auth c = GetSecurityCapabilities( new AsymmetricSecurityBindingElement(user, x509)); AssertSecurityCapabilities( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, true, true, false, c, "#6"); // secureconv with no symm. bootstrap params c = GetSecurityCapabilities( new SymmetricSecurityBindingElement(sc1)); AssertSecurityCapabilities( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, false, false, false, c, "#7"); // secureconv with x509 symm. bootstrap params c = GetSecurityCapabilities( new SymmetricSecurityBindingElement(sc2)); AssertSecurityCapabilities( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, true, true, true, c, "#8"); // secureconv with x509 initiator bootstrap params c = GetSecurityCapabilities( new SymmetricSecurityBindingElement(sc3)); AssertSecurityCapabilities( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, true, true, false, c, "#9"); // secureconv with x509 recipient bootstrap params c = GetSecurityCapabilities( new SymmetricSecurityBindingElement(sc4)); AssertSecurityCapabilities( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, false, false, true, c, "#10"); // FIXME: find out such cases that returns other ProtectionLevel values. }
protected UserNameSecurityTokenParameters(UserNameSecurityTokenParameters other) : base(other) { base.RequireDerivedKeys = false; }