/// <summary> /// Sets the credentials to use for the service host. /// </summary> /// <param name="serviceHost"></param> public void SetServiceCredentials(System.ServiceModel.ServiceHostBase serviceHost) { if (serviceHost == null) { throw new ArgumentNullException("serviceHost"); } if (serviceHost.Credentials == null) { throw new ArgumentException("ServiceHost credentials may not be null."); } serviceHost.Credentials.ServiceCertificate.Certificate = null; // Set service certificate if (_enableSsl) { serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectName, Transport.ServiceDomainName); } // Set the trust level for client certificates X509ClientCertificateAuthentication x509ClientCertificateAuthentication = serviceHost.Credentials.ClientCertificate.Authentication; x509ClientCertificateAuthentication.CertificateValidationMode = X509CertificateValidationMode.PeerOrChainTrust; x509ClientCertificateAuthentication.TrustedStoreLocation = StoreLocation.LocalMachine; x509ClientCertificateAuthentication.RevocationMode = X509RevocationMode.NoCheck; x509ClientCertificateAuthentication.CustomCertificateValidator = new X509CertificateValidator(); }
private void Snippet1() { //<snippet1> // Create a service host. Uri httpUri = new Uri("http://localhost/Calculator"); ServiceHost sh = new ServiceHost(typeof(Calculator), httpUri); // Get a reference to the authentication object. X509ClientCertificateAuthentication myAuthProperties = sh.Credentials.ClientCertificate.Authentication; // Configure peer trust. myAuthProperties.CertificateValidationMode = X509CertificateValidationMode.PeerTrust; // Configure chain trust. myAuthProperties.CertificateValidationMode = X509CertificateValidationMode.ChainTrust; // Configure custom certificate validation. myAuthProperties.CertificateValidationMode = X509CertificateValidationMode.Custom; // Specify a custom certificate validator (not shown here) that inherits // from the X509CertificateValidator class. // creds.ClientCertificate.Authentication.CustomCertificateValidator = // new MyCertificateValidator(); //</snippet1> }
private void Snippet7() { //<snippet7> // Create a service host. Uri httpUri = new Uri("http://localhost/Calculator"); ServiceHost sh = new ServiceHost(typeof(Calculator), httpUri); // Create a binding that uses a certificate. WSHttpBinding b = new WSHttpBinding(SecurityMode.Message); b.Security.Message.ClientCredentialType = MessageCredentialType.Certificate; // Get a reference to the authentication object. X509ClientCertificateAuthentication myAuthProperties = sh.Credentials.ClientCertificate.Authentication; switch (myAuthProperties.CertificateValidationMode) { case X509CertificateValidationMode.ChainTrust: Console.WriteLine("ChainTrust"); break; case X509CertificateValidationMode.Custom: Console.WriteLine("Custom"); break; case X509CertificateValidationMode.None: Console.WriteLine("ChainTrust"); break; case X509CertificateValidationMode.PeerOrChainTrust: Console.WriteLine("PeerOrChainTrust"); break; case X509CertificateValidationMode.PeerTrust: Console.WriteLine("PeerTrust"); break; default: Console.WriteLine("Default"); break; } //</snippet7> }
private void Snippet4() { //<snippet4> // Create a service host. Uri httpUri = new Uri("http://localhost/Calculator"); ServiceHost sh = new ServiceHost(typeof(Calculator), httpUri); // Create a binding that uses Windows security. WSHttpBinding b = new WSHttpBinding(SecurityMode.Message); b.Security.Message.ClientCredentialType = MessageCredentialType.Windows; // Get a reference to the authentication object. X509ClientCertificateAuthentication myAuthProperties = sh.Credentials.ClientCertificate.Authentication; // Configure IncludeWindowsGroups. myAuthProperties.IncludeWindowsGroups = true; //</snippet4> }
internal void ApplyConfiguration(X509ClientCertificateAuthentication cert) { if (cert == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("cert"); } cert.CertificateValidationMode = this.CertificateValidationMode; cert.RevocationMode = this.RevocationMode; cert.TrustedStoreLocation = this.TrustedStoreLocation; cert.IncludeWindowsGroups = this.IncludeWindowsGroups; cert.MapClientCertificateToWindowsAccount = this.MapClientCertificateToWindowsAccount; if (!string.IsNullOrEmpty(this.CustomCertificateValidatorType)) { Type c = Type.GetType(this.CustomCertificateValidatorType, true); if (!typeof(X509CertificateValidator).IsAssignableFrom(c)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ConfigurationErrorsException(System.ServiceModel.SR.GetString("ConfigInvalidCertificateValidatorType", new object[] { this.CustomCertificateValidatorType, typeof(X509CertificateValidator).ToString() }))); } cert.CustomCertificateValidator = (X509CertificateValidator)Activator.CreateInstance(c); } }
private void Snippet5() { //<snippet5> // Create a service host. Uri httpUri = new Uri("http://localhost/Calculator"); ServiceHost sh = new ServiceHost(typeof(Calculator), httpUri); // Create a binding that uses a certificate. WSHttpBinding b = new WSHttpBinding(SecurityMode.Message); b.Security.Message.ClientCredentialType = MessageCredentialType.Certificate; // Get a reference to the authentication object. X509ClientCertificateAuthentication myAuthProperties = sh.Credentials.ClientCertificate.Authentication; // Configure ChainTrust with no revocation check. myAuthProperties.CertificateValidationMode = X509CertificateValidationMode.ChainTrust; myAuthProperties.RevocationMode = X509RevocationMode.NoCheck; //</snippet5> }
private void Snippet6() { //<snippet6> // Create a service host. Uri httpUri = new Uri("http://localhost/Calculator"); ServiceHost sh = new ServiceHost(typeof(Calculator), httpUri); // Create a binding that uses a certificate. WSHttpBinding b = new WSHttpBinding(SecurityMode.Message); b.Security.Message.ClientCredentialType = MessageCredentialType.Certificate; // Get a reference to the authentication object. X509ClientCertificateAuthentication myAuthProperties = sh.Credentials.ClientCertificate.Authentication; // Configure peer trust. myAuthProperties.CertificateValidationMode = X509CertificateValidationMode.PeerTrust; myAuthProperties.TrustedStoreLocation = StoreLocation.LocalMachine; //</snippet6> }
protected override void ApplyConfiguration() { try { //Check if there is a valid configuration section Configuration.Section section = Configuration.Section.GetSection(); if (section == null || section.Services == null) { //System.IO.File.WriteAllText(@"test.txt", string.Format("section is null")); return; } //Check if there is a valid configuration for this service Configuration.ServiceElement element = section.Services.GetElementByKey(Description.ConfigurationName); if (element == null) { //StringBuilder sb = new StringBuilder(); //foreach (Configuration.ServiceElement service in section.Services) //{ // sb.AppendLine(service.Name); //} //System.IO.File.WriteAllText(@"test2.txt", string.Format("element is null, Description.Name: {0}\r\nAll services list:{1}", Description.ConfigurationName, sb.ToString())); return; } X509Certificate2 serverCertificate = element.GetServerCertificate(); //Set the server certificate if (serverCertificate != null) { this.Credentials.ServiceCertificate.Certificate = serverCertificate; } else { //System.IO.File.WriteAllText(@"test3.txt", string.Format("serverCertificate is null")); } //Set the userNameAuthentication Configuration.UserNameAuthenticationElement userNameAuthElement = section.UserNameAuthentication; if (userNameAuthElement != null) { this.Credentials.UserNameAuthentication.UserNamePasswordValidationMode = userNameAuthElement.UserNamePasswordValidationMode; // Don't know how to configure the MembershipProvider from conig files, currently use default membership provider //this.Credentials.UserNameAuthentication.MembershipProvider = userNameAuthElement.MembershipProviderName; } base.ApplyConfiguration(); //Set the client certificates and the validator if (string.IsNullOrEmpty(element.ClientCertificates) == false) { X509ClientCertificateAuthentication authentication = this.Credentials.ClientCertificate.Authentication; authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom; authentication.CustomCertificateValidator = new CustomCertificateValidator(element.GetClientCertificates()); } } catch (Exception ex) { //throw; System.IO.File.WriteAllText(System.Web.Hosting.HostingEnvironment.MapPath("~/Exception2.txt"), string.Format("Error occurred: {0}\r\n{1}\r\n{2}", ex.Message, ex.Source, ex.StackTrace)); } finally { } }