public ActionResult Webservice() { ViewBag.Message = "Your application description page."; // Setup the channel factory for the call to the backend service var binding = new WS2007FederationHttpBinding( WSFederationHttpSecurityMode.TransportWithMessageCredential); var factory = new ChannelFactory <WebService.IService>(binding, new EndpointAddress("https://[BackendService]/Service.svc")); // turn off CardSpace factory.Credentials.SupportInteractive = false; // Get the token representing the logged in user var actAsToken = GetActAsToken(); // Create the channel to the backend service using the acquired token var channel = factory.CreateChannelWithIssuedToken(actAsToken); // Call the service var serviceClaims = channel.GetClaimsPrincipal(); // At this point, you can compare the claims the are available to the backend service with the ones available to the web app // See for example that the backend service has knowledge of both the logged in user and the front end app through which the user is logged in ViewBag.Message = "Web service call succeeded!"; return(View()); }
public DataEntityCollectionDTO RetrieveEntityByNameQuery(string queryName, Dictionary <string, object> parameters, SecurityToken sessionToken) { SecuritySummary securitySummary = new SecuritySummary(); CallStatus callStatus = new CallStatus(); using (ChannelFactory <IDataEntityIO> factory = GetApplicationServerChannelFactory(_applicationServerAddress) ) { factory.Credentials.UseIdentityConfiguration = true; IDataEntityIO secureConnection = factory.CreateChannelWithIssuedToken(sessionToken); DataEntityCollectionDTO entities = secureConnection.RunNamedQuery(queryName, parameters, ref securitySummary, ref callStatus); if (callStatus.Result == CallStatusenumCallResult.Success) { return(entities); } StringBuilder sb = new StringBuilder(); foreach (ValidationError error in callStatus.Messages) { sb.AppendLine(error.Message); } throw new Exception("Call did not complete successfully" + Environment.NewLine + sb); } //TODO: CONTINUE WITH THIS METHOD SIMILAR TO StaffQuery return(null); }
public DataEntityCollectionDTO RetrieveEntityById(string entityName, Guid entityId, SecurityToken sessionToken) { SecuritySummary securitySummary = new SecuritySummary(); CallStatus callStatus = new CallStatus(); using (ChannelFactory<IDataEntityIO> factory = GetApplicationServerChannelFactory(_applicationServerAddress)) { factory.Credentials.UseIdentityConfiguration = true; IDataEntityIO secureConnection = factory.CreateChannelWithIssuedToken(sessionToken); List<string> fieldNames = GetFields(entityName); DataEntityCollectionDTO entities = secureConnection.ReadEntity( entityId, entityName, fieldNames, ref securitySummary, ref callStatus); if (callStatus.Result == CallStatusenumCallResult.Success) return entities; StringBuilder sb = new StringBuilder(); foreach (ValidationError error in callStatus.Messages) { sb.AppendLine(error.Message); } throw new Exception("Call did not complete successfully" + Environment.NewLine + sb); } }
/// <summary> /// Creates the instance internal. /// </summary> /// <typeparam name="TServiceContract">The type of the service contract.</typeparam> /// <param name="channelFactory">The channel factory.</param> /// <returns></returns> private TServiceContract CreateInstanceInternalClaims <TServiceContract>(ChannelFactory <TServiceContract> channelFactory) { foreach (var operation in channelFactory.Endpoint.Contract.Operations) { var dataContractSerializerOperationBehavior = operation.Behaviors.Find <DataContractSerializerOperationBehavior>(); if (dataContractSerializerOperationBehavior == null) { dataContractSerializerOperationBehavior = new DataContractSerializerOperationBehavior(operation); if (!operation.Behaviors.Contains(dataContractSerializerOperationBehavior)) { operation.Behaviors.Add(dataContractSerializerOperationBehavior); } } dataContractSerializerOperationBehavior.MaxItemsInObjectGraph = Int32.MaxValue; } // Add channelFactory.Endpoint Behaviors if (channelFactory.Endpoint.Behaviors.Find <CallerContextBehavior>() == null) { var endpointBehavior = new CallerContextBehavior(); channelFactory.Endpoint.Behaviors.Add(endpointBehavior); } #if DEBUG if (channelFactory.Endpoint.Behaviors.Find <ProfilerEndpointBehavior>() == null) { var profilerBehaviour = new ProfilerEndpointBehavior(); channelFactory.Endpoint.Behaviors.Add(profilerBehaviour); } #endif // Add channelFactory.Endpoint.Contract.Operations Behaviors // None /* * * var operationBehaviours = new List<IOperationBehavior>(); * * foreach (var operationBehavior in operationBehaviors) * { * foreach (var operation in channelFactory.Endpoint.Contract.Operations) * { * if (!operation.Behaviors.Contains(operationBehavior)) * { * operation.Behaviors.Add(operationBehavior); * } * } * } */ if (channelFactory.Credentials != null) { channelFactory.Credentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Impersonation; } return(channelFactory.CreateChannelWithIssuedToken(GetSecurityTokenDirectFromLocalSts())); }
public T GetService <T>(string endpointConfigurationName) { var factory = new ChannelFactory <T>(endpointConfigurationName); _activeServices.Add(factory); return(factory.CreateChannelWithIssuedToken(_authToken)); }
private static void CallMixedMode(SamlSecurityToken token) { var factory = new ChannelFactory <IServiceClientChannel>("*"); factory.ConfigureChannelFactory <IServiceClientChannel>(); var proxy = factory.CreateChannelWithIssuedToken <IServiceClientChannel>(token); proxy.Ping("foo"); proxy.Close(); }
/// <summary> /// Calls the Calculator service and uses an issued token explicitly rather /// than allowing WCF and the Windows Identity Foundation manage the issued token /// retrieval process. /// </summary> /// <param name="token">The security token.</param> private static void CallServiceWithExplicitToken(SecurityToken token) { // // Instantiate the ChannelFactory as usual. // ChannelFactory <ICalculator> calcFactory = new ChannelFactory <ICalculator>(GetClientBinding(), ServiceAddress); // // Make sure to call this prior to using the CreateChannelWith...() // extension methods on the channel factory that the Windows Identity Foundation // provides. // calcFactory.ConfigureChannelFactory(); ICommunicationObject channel = null; bool succeeded = false; try { // // Creates a channel that will use the provided issued token to // secure the messages sent to the calculator service. // Note that the configuration of this channel factory is identical // to the "fully automated" scenario except for the use of this // extension method to create the actual channel. // ICalculator calc = calcFactory.CreateChannelWithIssuedToken(token); channel = (ICommunicationObject)calc; double sum = calc.Add(40.0, 2.0); Console.WriteLine("The sum is {0}", sum); channel.Close(); succeeded = true; } catch (CommunicationException e) { Console.WriteLine("=== Communication exception caught ==="); Console.WriteLine(e.ToString()); channel.Abort(); } catch (TimeoutException) { Console.WriteLine("Timed out..."); channel.Abort(); } finally { if (!succeeded) { channel.Abort(); } } }
public void Save(DataEntityCollectionDTO entitys, SecurityToken sessionToken, string applicationServerURL, List <string> saveScope) { CallStatus callStatus = new CallStatus(); using (ChannelFactory <IDataEntityIO> factory = GetApplicationServerChannelFactory(applicationServerURL)) { DataEntityDTOChangeBatchCollection changes = new DataEntityDTOChangeBatchCollection { Batches = new List <DataEntityDTOChangeBatch>() }; DataEntityDTO.DataModelTypeDTO dataModelType = new DataEntityDTO.DataModelTypeDTO { SchemaName = "dbo", DataModelPurpose = "BusinessDataModel" }; changes.DataModelType = dataModelType; DataEntityDTOChangeBatch batch = new DataEntityDTOChangeBatch { EntitiesToSave = entitys }; DataEntitySaveContext batchSaveContext = new DataEntitySaveContext(); List <string> alternateKeys = new List <string>(); List <string> batchSaveScope = new List <string>(); if (_changedFields.Any()) { batchSaveScope = _changedFields; } else if (saveScope.Any()) { batchSaveScope = saveScope; } batchSaveContext.SaveScope = batchSaveScope; batchSaveContext.AlternateKeyFields = alternateKeys; batchSaveContext.CustomWorkflows = new List <WorkflowPackage>(); batchSaveContext.CustomDeleteWorkflows = new List <WorkflowPackage>(); batch.SaveContext = batchSaveContext; changes.Batches.Add(batch); factory.Credentials.UseIdentityConfiguration = true; IDataEntityIO secureConnection = factory.CreateChannelWithIssuedToken(sessionToken); secureConnection.SaveEntityCollection(changes, ref callStatus); if (callStatus.Result == CallStatusenumCallResult.Success) { return; } StringBuilder sb = new StringBuilder(); foreach (ValidationError error in callStatus.Messages) { sb.AppendLine(error.Message); } throw new Exception("Call did not complete successfully" + Environment.NewLine + sb); } }
internal void Save(DataEntityCollectionDTO entitys, SecurityToken sessionToken) { // Almost all iSIMS calls fill a callStatus response message in with status and error messages. CallStatus callStatus = new CallStatus(); // Create a communication channel factory to communicate with the iSIMS application server using (ChannelFactory <IDataEntityIO> factory = GetApplicationServerChannelFactory()) { // Because our communication now will be secured using our Identity Token we need to use some WIF extension methods to make sure the identity token // is sent as a Cookie on the SOAP call that WCF will be generating. factory.Credentials.UseIdentityConfiguration = true; IDataEntityIO secureConnection = factory.CreateChannelWithIssuedToken(sessionToken); DataEntityDTOChangeBatchCollection changes = new DataEntityDTOChangeBatchCollection { Batches = new List <DataEntityDTOChangeBatch>() }; DataEntityDTO.DataModelTypeDTO dataModelType = new DataEntityDTO.DataModelTypeDTO { SchemaName = "dbo", DataModelPurpose = "BusinessDataModel" }; changes.DataModelType = dataModelType; DataEntityDTOChangeBatch batch = new DataEntityDTOChangeBatch { EntitiesToSave = entitys }; DataEntitySaveContext batchSaveContext = new DataEntitySaveContext(); List <string> alternateKeys = new List <string>(); // Simplest thing to do is declare which field we believe we have changed List <string> batchSaveScope = new List <string> { "Learner.PreferredForename" }; List <WorkflowPackage> customWorkflows = new List <WorkflowPackage>(); batchSaveContext.SaveScope = batchSaveScope; batchSaveContext.AlternateKeyFields = alternateKeys; batchSaveContext.CustomWorkflows = customWorkflows; batchSaveContext.CustomDeleteWorkflows = new List <WorkflowPackage>(); batch.SaveContext = batchSaveContext; changes.Batches.Add(batch); secureConnection.SaveEntityCollection(changes, ref callStatus); // Handle an unsuccessful call. if (callStatus.Result != CallStatusenumCallResult.Success) { StringBuilder sb = new StringBuilder(); foreach (ValidationError error in callStatus.Messages) { sb.AppendLine(error.Message); } throw new Exception("Call did not complete successfully" + Environment.NewLine + sb); } } }
public static string CallCreate(ChannelFactory <Resource> resourceFactory, Uri thisUrl, string smlDomain, int assuranceLevel, CreateRequest request, IMessageMetadata messageMetadata) { STARTLibrary.accesspointService.Resource ws = null; try { var serviceMetadata = !string.IsNullOrEmpty(smlDomain) ? ServiceMetadata.FromSml(smlDomain, request) : ServiceMetadata.FromKnownEndpoint(resourceFactory); //NOTE: if you want to debug and send to "wrong" address, change below: //var test1 = ServiceMetadata.FromSml(smlDomain, request); //henter metadata fra SML //var test2 = ServiceMetadata.FromKnownEndpoint(resourceFactory); //var test3 = new ServiceMetadata() // { // Address = new Uri("https://ehf.fylkesmannen.no/oxalis"), //factory.Endpoint.Address.Uri, // Certificate = resourceFactory.Credentials.ServiceCertificate.DefaultCertificate // }; //serviceMetadata = test1; if (serviceMetadata.Certificate == null) { throw new ArgumentException("Certificate required (both for custom validation and for authenticationMode \"MutualCertificate\")."); } SetExpectedServiceCertificate(resourceFactory, serviceMetadata.Certificate); X509Certificate2 clientCertificate = resourceFactory.Credentials.ClientCertificate.Certificate; Saml2SecurityToken token = AccessPointToken.ClaimsToSaml2SenderVouchesToken( AccessPointToken.MakeClaims(request.SenderIdentifier.Value, assuranceLevel), thisUrl.AbsoluteUri, clientCertificate); //NOTE: changed when upgrading to .NET 4.5: //ws = resourceFactory.CreateChannelWithIssuedToken(new EndpointAddress(thisUrl, resourceFactory.Endpoint.Address.Identity), token); ws = resourceFactory.CreateChannelWithIssuedToken(token, new EndpointAddress(thisUrl, resourceFactory.Endpoint.Address.Identity)); var response = ws.Create(request); return("Document sent."); } catch (Exception exception) { throw exception; } finally { if (ws is IDisposable) { (ws as IDisposable).Dispose(); } }; }
private void CreateClient(EndpointAddress endpointAdress) { var rest = ClientFactory.Endpoint.Behaviors.Find <RestTokenHandler>(); if (rest != null) { var tokenManager = FindTokenManager(); RuntimeFactory.Current.GetStateStorageContainer().TryAddStorageItem(tokenManager); Client = ClientFactory.CreateChannel(endpointAdress); } else { if (ConfigurationManagerHelper.GetValueOnKey("stardust.RelayToken") == "true") { if (BootstrapContext != null) { Client = ClientFactory.CreateChannelWithIssuedToken(BootstrapContext.SecurityToken); return; } } if (!(ClientFactory.Endpoint.Binding is WS2007FederationHttpBinding)) { Client = ClientFactory.CreateChannel(endpointAdress); return; } if (BootstrapContext.IsInstance()) { Client = ClientFactory.CreateChannelWithIssuedToken(GetTokenOnBehalfOf(), endpointAdress); } else if (UseSecureChannel) { Client = ClientFactory.CreateChannelWithIssuedToken(GetToken(), endpointAdress); } else { Client = ClientFactory.CreateChannel(endpointAdress); } } }
/// <summary> /// Example of retrieving some data from the application server. In this case we will use the ReadEnity call to retrieve data for a single Learner entity. /// /// This illustrates the method of constructing a single entity query, and handling the results that are returned. It also illustrates the use of the CallStatus /// structure to retrieve information about the call, and any failures that occured. /// </summary> /// <param name="learnerid"></param> /// <param name="sessionToken"></param> internal DataEntityCollectionDTO RetrieveSingleLearnerById(string learnerid, SecurityToken sessionToken) { // The security summary will be filled with any notifications of data fields which were removed by the security protocols prior to being sent to the recipient. This // enables you to see whether your data has been redacted before you got to see it. SecuritySummary securitySummary = new SecuritySummary(); // Almost all iSIMS calls fill a callStatus response message in with status and error messages. CallStatus callStatus = new CallStatus(); // Create a communication channel factory to communicate with the iSIMS application server using (ChannelFactory <IDataEntityIO> factory = GetApplicationServerChannelFactory()) { // Because our communication now will be secured using our Identity Token we need to use some WIF extension methods to make sure the identity token // is sent as a Cookie on the SOAP call that WCF will be generating. factory.Credentials.UseIdentityConfiguration = true; IDataEntityIO secureConnection = factory.CreateChannelWithIssuedToken(sessionToken); Guid studentId = new Guid(learnerid); // Construct a query to read a specific entity from SIMS8 DataEntityCollectionDTO entities = secureConnection.ReadEntity( // Tell it which specific unique entity we want to fetch studentId, // Tell it what type of entity this is "Learner", // Tell it what scope of data we want to get back from the call. new List <string>(new[] { // The surname and forename "Learner.LegalSurname", "Learner.LegalForename", "Learner.PreferredForename", // The Unique Pupil Number "Learner.UPN", // The Learners Addresses, start date. Note that there are many Addresses attached to a single Learner "Learner.LearnerAddresses.StartDate", // The Learners Addresses, Post Code "Learner.LearnerAddresses.Address.PostCode" }), ref securitySummary, ref callStatus); // Handle an unsuccessful call. if (callStatus.Result != CallStatusenumCallResult.Success) { StringBuilder sb = new StringBuilder(); foreach (ValidationError error in callStatus.Messages) { sb.AppendLine(error.Message); } throw new Exception("Call did not complete successfully" + Environment.NewLine + sb); } return(entities); } }
private void ConnectToWcfService() { if (connected) { return; } if (token == null) { if (useActAs) { token = AdfsHelper.GetActAsToken(idpEndpoint, realm, serviceUserName, servicePassword); } else { token = AdfsHelper.GetSecurityToken(idpEndpoint, realm, serviceUserName, servicePassword); } } binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey; binding.Security.Message.EstablishSecurityContext = false; // create factory and enable WIF plumbing factory = new ChannelFactory <T>(binding, serviceAddress); InvokeConfigureChannel(); try { factory.Credentials.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck; factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; //TODO Upgrade 4.5 - http://social.msdn.microsoft.com/Forums/vstudio/en-US/9cffe4ea-5a0d-4729-9eb1-b56629b175dc/configurechannelfactory-in-net-45?forum=Geneva //factory.ConfigureChannelFactory(); factory.Credentials.SupportInteractive = false; channel = factory.CreateChannelWithIssuedToken(token); SetupWcfHeader(); connected = true; } catch (Exception) { factory.Abort(); throw; } }
public static IUSIService OpenWithM2M() { SecurityToken token = GetStsToken(tokenLifeTimeMinutes: 60); var clientSection = (ClientSection)ConfigurationManager.GetSection("system.serviceModel/client"); var endpointElement = clientSection.Endpoints.Cast <ChannelEndpointElement>().First(endpoint => "UsiCreateServiceReference.IUSIService".Equals(endpoint.Contract, StringComparison.InvariantCultureIgnoreCase)); if (endpointElement == null) { throw new Exception("No endpoint matching service contract was found"); } var channelFactory = new ChannelFactory <IUSIService>(endpointElement.Name); channelFactory.Open(); return(channelFactory.CreateChannelWithIssuedToken(token)); }
/// <summary> /// /// </summary> /// <typeparam name="T">T is the interface the service provider exposes.</typeparam> /// <param name="token">GenericXmlSecurityToken containing a saml2SecurityToken</param> /// <param name="clientCertificate"></param> /// <param name="serviceCertificate"></param> /// <param name="serviceEndpointAddress"></param> /// <returns></returns> public static T CreateChannelWithIssuedToken <T>(SecurityToken token, X509Certificate2 clientCertificate, X509Certificate2 serviceCertificate, EndpointAddress serviceEndpointAddress) { bool sslEnabled = serviceEndpointAddress.Uri.Scheme.ToLowerInvariant() == "https"; ChannelFactory <T> echoServiceFactory = new ChannelFactory <T>(new ServiceproviderBinding(sslEnabled), serviceEndpointAddress); echoServiceFactory.Credentials.ClientCertificate.Certificate = clientCertificate; //Issuedtoken binding information needs to be set, even though it aint used. echoServiceFactory.Credentials.IssuedToken.LocalIssuerBinding = new SecurityTokenServiceBinding(); echoServiceFactory.Credentials.IssuedToken.LocalIssuerAddress = new EndpointAddress(new Uri("http://NotAnUrlAndNotToBeUsed")); echoServiceFactory.Credentials.ServiceCertificate.DefaultCertificate = serviceCertificate; FederatedClientCredentials.ConfigureChannelFactory(echoServiceFactory); return(echoServiceFactory.CreateChannelWithIssuedToken(token)); }
private static IClaimsService GetServiceProxy(SecurityToken token) { var serviceAddress = FederatedAuthentication.FederationConfiguration.WsFederationConfiguration.Reply + "service.svc"; var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); binding.Security.Message.EstablishSecurityContext = false; binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey; var factory = new ChannelFactory <IClaimsService>( binding, new EndpointAddress(serviceAddress)); factory.Credentials.SupportInteractive = false; var channel = factory.CreateChannelWithIssuedToken(token); return(channel); }
private static void CallService(SecurityToken token) { "Calling Service".ConsoleYellow(); var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); binding.Security.Message.EstablishSecurityContext = false; binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey; var factory = new ChannelFactory <IClaimsService>(binding, new EndpointAddress(_serviceAddress)); factory.Credentials.SupportInteractive = false; factory.Credentials.UseIdentityConfiguration = true; var proxy = factory.CreateChannelWithIssuedToken(token); var id = proxy.GetIdentity(); Helper.ShowIdentity(id); }
static void Main(string[] args) { var jwt = GetJwt(); var xmlToken = WrapJwt(jwt); var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); binding.HostNameComparisonMode = HostNameComparisonMode.Exact; binding.Security.Message.EstablishSecurityContext = false; binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey; var factory = new ChannelFactory <IService>( binding, new EndpointAddress("https://localhost:44335/token")); var channel = factory.CreateChannelWithIssuedToken(xmlToken); Console.WriteLine(channel.Ping()); }
public static string CallCreate(ChannelFactory <STARTLibrary.accesspointService.Resource> resourceFactory, Uri thisUrl, string smlDomain, int assuranceLevel, CreateRequest request) { STARTLibrary.accesspointService.Resource ws = null; Helper help = new Helper(); try { ServiceMetadata metadata = !string.IsNullOrEmpty(smlDomain) ? ServiceMetadata.FromSml(smlDomain, request) : ServiceMetadata.FromKnownEndpoint(resourceFactory); if (metadata.Certificate == null) { throw new ArgumentException("Certificate required (both for custom validation and for authenticationMode \"MutualCertificate\")."); } SetExpectedServiceCertificateNew(resourceFactory, metadata.Certificate); X509Certificate2 clientCertificate = resourceFactory.Credentials.ClientCertificate.Certificate; Saml2SecurityToken token = AccessPointToken.ClaimsToSaml2SenderVouchesToken( AccessPointToken.MakeClaims(request.SenderIdentifier.Value, assuranceLevel), thisUrl.AbsoluteUri, clientCertificate); ws = resourceFactory.CreateChannelWithIssuedToken(new EndpointAddress(thisUrl, resourceFactory.Endpoint.Address.Identity), token); ws.Create(request); return("Document sent."); } catch (Exception) { throw help.MakePeppolException("bden:ServerError", "ServerError"); } finally { if (ws is IDisposable) { (ws as IDisposable).Dispose(); } }; }
private static string CallService_IssuedToken(SecurityToken token) { // Creating the channel and calling it var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey; var serviceEpAddress = ConfigurationManager.AppSettings["serviceEpAddress"].ToString(); var factory = new ChannelFactory <IService1>(binding, new EndpointAddress(serviceEpAddress)); // Create a channel IService1 client = factory.CreateChannelWithIssuedToken(token); // Invoke the service operation var response = client.GetData(12); ((IClientChannel)client).Close(); return(response); }
private static void CallMessage(SamlSecurityToken token) { var factory = new ChannelFactory <IServiceClientChannel>( new ClientSamlHttpBinding(SecurityMode.Message), new EndpointAddress( new Uri("http://roadie:9000/Services/ClientSaml/Message"), EndpointIdentity.CreateDnsIdentity("Service"))); factory.Credentials.ServiceCertificate.SetDefaultCertificate( StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectDistinguishedName, "CN=Service"); factory.ConfigureChannelFactory <IServiceClientChannel>(); var proxy = factory.CreateChannelWithIssuedToken <IServiceClientChannel>(token); proxy.Ping("foo"); proxy.Close(); }
private static void CallService(SecurityToken token) { var serviceEndpoint = "https://" + "adfs.leastprivilege.vm" + "/rp/service.svc"; var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); binding.Security.Message.EstablishSecurityContext = false; binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey; var factory = new ChannelFactory <IClaimsService>( binding, new EndpointAddress(serviceEndpoint)); factory.Credentials.SupportInteractive = false; var channel = factory.CreateChannelWithIssuedToken(token); var claims = channel.GetClaims(); claims.ForEach(c => Console.WriteLine("{0}\n {1}\n\n", c.Type, c.Value)); }
public static T GetClaimAppService <T>(SecurityToken securityToken, string serviceAddress) where T : class { try { var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); binding.Security.Message.EstablishSecurityContext = false; binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey; var factory = new ChannelFactory <T>( binding, new EndpointAddress(new Uri(serviceAddress), EndpointIdentity.CreateDnsIdentity("IdentifyDefaultSigning"))); factory.Credentials.SupportInteractive = false; var channel = factory.CreateChannelWithIssuedToken(securityToken); return(channel); } catch (Exception ex) { Logging.Instance.Error(ex, "Error while execute remote operation"); throw; } }
// GET: Home public ActionResult Index() { string response = String.Empty; string exception = String.Empty; try { //creating the channel and calling it WS2007FederationHttpBinding federationBinding = new WS2007FederationHttpBinding(); federationBinding.Security.Mode = WSFederationHttpSecurityMode.TransportWithMessageCredential; federationBinding.Security.Message.EstablishSecurityContext = false; EndpointAddress wcfServiceEndpoint = new EndpointAddress(Program.WCFAddress); ChannelFactory <ITestService> factory = new ChannelFactory <ITestService>(federationBinding, wcfServiceEndpoint); factory.Credentials.SupportInteractive = false; factory.Credentials.UseIdentityConfiguration = true; var token = GetSecurityToken(); // Create a channel. ITestService client = factory.CreateChannelWithIssuedToken(token); response = client.SayHello(); ((IClientChannel)client).Close(); } catch (Exception ex) { response = ex.Message; exception = ex.StackTrace; } ViewBag.ServiceResult = response; ViewBag.Exception = exception; return(View()); }
public bool SaveFileToDocumentStore(string documentUrl, byte[] content) { var callStatus = new CallStatus(); using (ChannelFactory <IDataEntityIO> factory = GetApplicationServerChannelFactory(_applicationServerAddress)) { factory.Credentials.UseIdentityConfiguration = true; IDataEntityIO secureConnection = factory.CreateChannelWithIssuedToken(_sessionToken); secureConnection.SaveFileToDocumentStore(documentUrl, content, ref callStatus); if (callStatus.Result == CallStatusenumCallResult.Success) { return(true); } var sb = new StringBuilder(); foreach (var error in callStatus.Messages) { sb.AppendLine(error.Message); } throw new Exception("Upload Document Failed !!!" + Environment.NewLine + sb); } }
public string GetDocumentStoreUrl(string propertyName, Guid storeId) { var callStatus = new CallStatus(); using (ChannelFactory <IDataEntityIO> factory = GetApplicationServerChannelFactory(_applicationServerAddress)) { factory.Credentials.UseIdentityConfiguration = true; IDataEntityIO secureConnection = factory.CreateChannelWithIssuedToken(_sessionToken); string documentUrl = secureConnection.GetDocumentStoreURL(propertyName, storeId, ref callStatus); if (callStatus.Result == CallStatusenumCallResult.Success) { return(documentUrl); } var sb = new StringBuilder(); foreach (var error in callStatus.Messages) { sb.AppendLine(error.Message); } throw new Exception("Document Store Directory Does not exists !!!" + Environment.NewLine + sb); } }
private static void CallMyService(string jwtToken) { var xmlToken = WrapJwt(jwtToken); var factory = new ChannelFactory <IMyService>(ServiceBinding.CreateBinding(), new EndpointAddress(Config.ServiceEndpoint)); var myService = factory.CreateChannelWithIssuedToken(xmlToken); // Call MyService string dataId = "001"; WriteLine($"Create data: {dataId}", ConsoleColor.White); try { // Call MyService.CreateData string result = myService.CreateData(dataId); WriteLine($" {result}", ConsoleColor.Green); } catch (Exception ex) { WriteLine($" Error: {ex.Message}", ConsoleColor.Red); } Console.WriteLine(); // Read WriteLine($"Read data: {dataId}", ConsoleColor.White); try { // Call MyService.ReadData string result = myService.ReadData(dataId); WriteLine($" {result}", ConsoleColor.Green); } catch (Exception ex) { WriteLine($" Error: {ex.Message}", ConsoleColor.Red); } Console.WriteLine(); // Update WriteLine($"Update data: {dataId}", ConsoleColor.White); try { // Call MyService.UpdateData string result = myService.UpdateData(dataId); WriteLine($" {result}", ConsoleColor.Green); } catch (Exception ex) { WriteLine($" Error: {ex.Message}", ConsoleColor.Red); } Console.WriteLine(); // Delete WriteLine($"Delete data: {dataId}", ConsoleColor.White); try { // Call MyService.DeleteData string result = myService.DeleteData(dataId); WriteLine($" {result}", ConsoleColor.Green); } catch (Exception ex) { WriteLine($" Error: {ex.Message}", ConsoleColor.Red); } Console.WriteLine(); }
/// <summary> /// Creates a federated channel. /// Security tokens are cached, to eliminate the need for contacting the STS every time. /// </summary> /// <param name="channelFactory"> /// The channel factory. /// </param> /// <typeparam name="T"> /// The service interface /// </typeparam> /// <returns> /// A new federated channel /// </returns> protected virtual T CreateFederatedChannel <T>(ChannelFactory <T> channelFactory) { var token = GetSecurityToken(channelFactory); return(channelFactory.CreateChannelWithIssuedToken(token)); }
public static eHtalkMessage GetResponseSync(eHtalkMessage msg, X509Certificate2 extInterfaCertificate, string esbEndpoint, string relyingParty, string identityProviderURL, X509Certificate2 userCertificate, string wsaddressingTo, Stopwatch stopw) { #if !CC IssuedSecurityTokenProvider provider = new IssuedSecurityTokenProvider(); provider.SecurityTokenSerializer = new WSSecurityTokenSerializer(); provider.TargetAddress = new EndpointAddress(new Uri(relyingParty), new AddressHeader[0]); provider.IssuerAddress = new EndpointAddress(new Uri(identityProviderURL), new AddressHeader[0]); provider.SecurityAlgorithmSuite = SecurityAlgorithmSuite.Basic256; provider.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10; ClientCredentials credentials = new ClientCredentials { ClientCertificate = { Certificate = userCertificate } }; provider.IssuerChannelBehaviors.Add(credentials); HttpsTransportBindingElement tbe = new HttpsTransportBindingElement { AuthenticationScheme = AuthenticationSchemes.Digest, RequireClientCertificate = true, KeepAliveEnabled = false }; CustomBinding stsBinding = new CustomBinding(new BindingElement[] { tbe }); provider.IssuerBinding = stsBinding; provider.Open(); var token = provider.GetToken(TimeSpan.FromSeconds(30.0)) as GenericXmlSecurityToken; #endif #if CC var cc = new EhealthCryptoController(); var token = cc.GetSamlTokenForHealthProfessional(relyingParty); #endif if (token == null) { throw new ApplicationException("No AT token received"); } Console.WriteLine(string.Format("Ziskany AT token in {0}", stopw.ElapsedMilliseconds)); CustomBinding binding = new CustomBinding(); SecurityBindingElement sbe = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(new IssuedSecurityTokenParameters() { RequireDerivedKeys = true, KeyType = SecurityKeyType.SymmetricKey }); sbe.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10; sbe.SecurityHeaderLayout = SecurityHeaderLayout.Strict; sbe.IncludeTimestamp = true; //sbe.AllowInsecureTransport = true; sbe.SetKeyDerivation(true); sbe.KeyEntropyMode = SecurityKeyEntropyMode.ClientEntropy; binding.Elements.Add(sbe); binding.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap12WSAddressing10, System.Text.Encoding.UTF8)); binding.Elements.Add(new HttpsTransportBindingElement() { RequireClientCertificate = true, KeepAliveEnabled = true }); var regEx = new Regex(@"https?://([^/]+)"); var dnsIdentity = regEx.Match(wsaddressingTo).Groups[1].Captures[0].Value; var channelFactory = new ChannelFactory <IeHealthSyncService>(binding, new EndpointAddress( new Uri(wsaddressingTo), new DnsEndpointIdentity(dnsIdentity), new AddressHeader[] { })); channelFactory.Credentials.SupportInteractive = false; channelFactory.Credentials.ClientCertificate.Certificate = userCertificate; channelFactory.Credentials.ServiceCertificate.DefaultCertificate = extInterfaCertificate; channelFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; channelFactory.ConfigureChannelFactory <IeHealthSyncService>(); channelFactory.Endpoint.Behaviors.Add(new ClientViaBehavior(new Uri(esbEndpoint))); var channel = channelFactory.CreateChannelWithIssuedToken(token); Console.WriteLine(string.Format("vytvoreny kanal: {0}", stopw.ElapsedMilliseconds)); var stopw1 = new Stopwatch(); eHtalkMessage data = null; int wait = 1; for (int i = 0; i < 20; i++) { stopw1.Reset(); stopw1.Start(); msg.Header.MessageInfo.MessageID = Guid.NewGuid().ToString("D"); Debug.WriteLine("Start calling", "MyCustom"); try { data = channel.GetData(msg); } catch (CommunicationException ex) { data = channel.GetData(msg); } Console.WriteLine(string.Format("po {1} sekundach: {0}", stopw1.ElapsedMilliseconds, wait)); Thread.Sleep(wait * 1000); wait = wait * 2; } return(data); }
/// <summary> /// Use this method if you want to send to a custom access-point (debug) /// </summary> /// <param name="createRequest">SOAP-request to send to accesspoint</param> /// <param name="sender">sender-id, sample:9908:974763907</param> /// <param name="receiver">receiver-id, sample:9908:974763907</param> /// <param name="serviceMetadata">Servicemetadata containing endpoint and certificates</param> /// <returns></returns> public SendResult SendDocument(CreateRequest createRequest, string sender, string receiver, ServiceMetadata serviceMetadata) { var start = DateTime.Now; try { Log.Info("Start SendInvoice..."); if (serviceMetadata == null) { throw new ArgumentNullException("serviceMetadata", "serviceMetadata cannot be null"); } if (serviceMetadata.Certificate == null) { throw new ArgumentException("Certificate required (both for custom validation and for authenticationMode \"MutualCertificate\")."); } if (string.IsNullOrEmpty(sender)) { throw new ArgumentNullException("sender", "sender cannot be null. samlpevalue: 9908:974763907"); } if (string.IsNullOrEmpty(receiver)) { throw new ArgumentNullException("receiver", "receiver cannot be null. samlpevalue: 9908:974763907"); } //Recreating channelfactory... this is resource-intensive, and should be cached. recreating since certificate is readonly after channel is open. Log.InfoFormat("Recreating channelfactory for ep {0} using certificate {1}", serviceMetadata.Address.AbsoluteUri, serviceMetadata.Certificate.FriendlyName); _channelFactory = Utilities.CreateResourceChannelFactory <Resource>(_peppolEndpointName, _clientCertificate, _serviceCertificate); //1. Her angir vi at vi forventer at servicen vi kontakter har følgande sertifikat (f.eks. EVRY sitt) if (_channelFactory.Credentials == null) { throw new Exception("_channelFactory.Credentials was null.."); } //Her setter vi channelfactory sitt sertifikat til sertfikatet vi henta fra AP (f.eks. EVRY sitt): _channelFactory.Credentials.ServiceCertificate.DefaultCertificate = new X509Certificate2(serviceMetadata.Certificate); //Slår på custom validator for sertifikatet fra eksternt aksesspunkt: _channelFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.Custom; _channelFactory.Credentials.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck; _channelFactory.Credentials.ServiceCertificate.Authentication.CustomCertificateValidator = new CertificateValidator { ExpectedCertificate = serviceMetadata.Certificate, ExpectedIssuer = CertificateIssuer.AccessPointCA, RevocationMode = X509RevocationMode.NoCheck }; //2. set identity til SERVER. gjær nokon endringar på channelfactory sitt endpoint (createDnsIdentity basert på dns i sertifikat) var dnsName = serviceMetadata.Certificate.GetNameInfo(X509NameType.SimpleName, false); if (string.IsNullOrEmpty(dnsName)) { throw new Exception("Could not resolve dnsName for certificate.."); } //Her endrer vi adressen til channelfactory til å gå mot gitt aksesspunkt: _channelFactory.Endpoint.Address = new EndpointAddress(_channelFactory.Endpoint.Address.Uri, EndpointIdentity.CreateDnsIdentity(dnsName), _channelFactory.Endpoint.Address.Headers); //set identity til CLIENT (oss), og create token: Log.Info("Creating token.."); var thisUrl = serviceMetadata.Address; //_channelFactory.Endpoint.Address.Uri; X509Certificate2 clientCertificate = _channelFactory.Credentials.ClientCertificate.Certificate; ClaimsIdentity myOwnClaims = AccessPointToken.MakeClaims(createRequest.SenderIdentifier.Value, AssuranceLevel); Saml2SecurityToken token = AccessPointToken.ClaimsToSaml2SenderVouchesToken(myOwnClaims, thisUrl.AbsoluteUri, clientCertificate); //åpner proxy: Log.Info("Creating proxy on channelFactory with issuedToken..."); var proxy = _channelFactory.CreateChannelWithIssuedToken(token, new EndpointAddress(thisUrl, _channelFactory.Endpoint.Address.Identity)); Log.Info("Proxy created ok."); //kaller service: Log.Info("Calling service"); var response = proxy.Create(createRequest); var sendResult = new SendResult() { MessageId = createRequest.MessageIdentifier, Response = response, TimeSpent = DateTime.Now.Subtract(start) }; Log.InfoFormat("response OK. Message {0} sent OK!", sendResult.MessageId); return(sendResult); } catch (Exception exception) { Log.Error("Error when sending invoice.."); Log.Error(exception); throw; } }