internal void InitializeFrom(NonDualMessageSecurityOverHttp security) { base.InitializeFrom(security); if (!security.EstablishSecurityContext) { this.EstablishSecurityContext = security.EstablishSecurityContext; } }
public IApiService Build() { var path = Uri.UnescapeDataString(new UriBuilder(Assembly.GetExecutingAssembly().CodeBase).Path); var rootPath = Path.GetDirectoryName(path); string certificateFilePath; switch (_transmittalEnvironment.TransmissionMode) { case ETransmissionMode.Test: certificateFilePath = $@"{rootPath}\Certificates\TestEnvironmentCertificate.CER"; break; case ETransmissionMode.Production: certificateFilePath = $@"{rootPath}\Certificates\ProductionEnvironmentCertificate.CER"; break; case ETransmissionMode.OnlyValidate: return(new ApiServiceClientMock(_transmittalEnvironment.SetupMockParameters)); default: throw new ArgumentOutOfRangeException(); } var binding = new WSHttpBinding(SecurityMode.Message); var message = new NonDualMessageSecurityOverHttp { ClientCredentialType = MessageCredentialType.UserName, NegotiateServiceCredential = false, EstablishSecurityContext = false }; binding.Security.Message = message; var certificate = new X509Certificate2(X509Certificate.CreateFromCertFile(certificateFilePath)); var uri = new Uri(_transmittalEnvironment.EndpointUrl); var endpointAddress = new EndpointAddress(uri, EndpointIdentity.CreateX509CertificateIdentity(certificate)); var service = new ApiServiceClient(binding, endpointAddress); if (service.ClientCredentials == null) { throw new ArgumentNullException(); } service.ClientCredentials.UserName.UserName = _transmittalEnvironment.Username; service.ClientCredentials.UserName.Password = Crypter.DecryptString(_transmittalEnvironment.Password); return(service); }
public void DefaultValues() { WSHttpBinding b = new WSHttpBinding(); // common tests DefaultValues(b, "http"); // WSHttpSecurity WSHttpSecurity sec = b.Security; Assert.IsNotNull(sec, "#2-1"); Assert.AreEqual(SecurityMode.Message, sec.Mode, "#2-2"); // Security.Message NonDualMessageSecurityOverHttp msg = sec.Message; Assert.IsNotNull(msg, "#2-3"); Assert.AreEqual(true, msg.EstablishSecurityContext, "#2-3-1"); Assert.AreEqual(SecurityAlgorithmSuite.Default, msg.AlgorithmSuite, "#2-3-2"); // it is not worthy of test, just for checking default value. Assert.AreEqual(MessageCredentialType.Windows, msg.ClientCredentialType, "#2-3-3"); Assert.AreEqual(true, msg.NegotiateServiceCredential, "#2-3-4"); // FIXME: test Security.Transport Assert.IsNotNull(sec.Transport, "#2-4"); // Binding elements BindingElementCollection bec = b.CreateBindingElements(); Assert.AreEqual(4, bec.Count, "#5-1"); Assert.AreEqual(typeof(TransactionFlowBindingElement), bec [0].GetType(), "#5-2"); Assert.AreEqual(typeof(SymmetricSecurityBindingElement), bec [1].GetType(), "#5-3"); Assert.AreEqual(typeof(TextMessageEncodingBindingElement), bec [2].GetType(), "#5-4"); Assert.AreEqual(typeof(HttpTransportBindingElement), bec [3].GetType(), "#5-5"); }
internal void ApplyConfiguration(NonDualMessageSecurityOverHttp security) { base.ApplyConfiguration(security); security.EstablishSecurityContext = EstablishSecurityContext; }
/// <summary> /// 创建MSHttpBindding /// </summary> /// <param name="serviceName"></param> /// <param name="serviceUrl"></param> /// <param name="securityMode"></param> /// <param name="servicespace"></param> /// <returns></returns> private static WSHttpBinding CreateBindding(string serviceName, SecurityMode securityMode, string servicespace) { string bindingName = servicespace + "," + securityMode.GetHashCode().ToString() + "," + serviceName.ToString(); if (HttpRuntime.Cache[bindingName] != null) { return((WSHttpBinding)HttpRuntime.Cache[bindingName]); } lock (lockObj) { if (HttpRuntime.Cache[bindingName] != null) { return((WSHttpBinding)HttpRuntime.Cache[bindingName]); } WSHttpBinding ws = new WSHttpBinding(); //基本配置 ws.Security.Mode = securityMode; ws.Namespace = servicespace; ws.TransactionFlow = false; ws.ReliableSession.Enabled = false; ws.AllowCookies = false; //使用代理 ws.BypassProxyOnLocal = false; ws.CloseTimeout = TimeSpan.FromMinutes(1); ws.OpenTimeout = TimeSpan.FromMinutes(1); ws.ReceiveTimeout = TimeSpan.FromMinutes(10); ws.SendTimeout = TimeSpan.FromMinutes(60); ws.HostNameComparisonMode = HostNameComparisonMode.StrongWildcard; ws.MaxBufferPoolSize = 10485760; ws.MaxReceivedMessageSize = 2048576000; ws.MessageEncoding = WSMessageEncoding.Text; ws.UseDefaultWebProxy = true; ws.TextEncoding = Encoding.UTF8; //XmlDictionaryReaderQuotas ,一定要引用 System.Runtime.Serialization,才有这些属性值 //抵御某种类型的拒绝服务 (DoS) 攻击 ws.ReaderQuotas.MaxStringContentLength = 2048576000; ws.ReaderQuotas.MaxArrayLength = 20485760; ws.ReaderQuotas.MaxDepth = 32; //传输级安全 HttpTransportSecurity hts = ws.Security.Transport; hts.ClientCredentialType = HttpClientCredentialType.Windows; hts.ProxyCredentialType = HttpProxyCredentialType.None; hts.Realm = ""; //消息级安全 NonDualMessageSecurityOverHttp ndms = ws.Security.Message; ndms.AlgorithmSuite = System.ServiceModel.Security.SecurityAlgorithmSuite.Default; ndms.ClientCredentialType = MessageCredentialType.Windows; ndms.EstablishSecurityContext = true; ndms.NegotiateServiceCredential = true; return(ws); } }
internal WSHttpSecurity(SecurityMode mode) { this.Mode = mode; message = new NonDualMessageSecurityOverHttp(); transport = new HttpTransportSecurity(); }
internal void InitializeFrom(NonDualMessageSecurityOverHttp security) { base.InitializeFrom(security); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.EstablishSecurityContext, security.EstablishSecurityContext); }
public static List <WSHttpBinding> GetWsHttpBindings(string exeConfigPath) { if (string.IsNullOrWhiteSpace(exeConfigPath)) { return(null); } var svcSection = Read.Config.ExeConfig.GetServiceModelSection(exeConfigPath); var configs = new List <WSHttpBinding>(); foreach ( var section in svcSection.Bindings.WSHttpBinding.ConfiguredBindings .Cast <WSHttpBindingElement>()) { var df = new WSHttpBinding(); var binding = new WSHttpBinding { Name = section.Name, MaxBufferPoolSize = section.MaxBufferPoolSize > 0 ? section.MaxBufferPoolSize : df.MaxBufferPoolSize, MaxReceivedMessageSize = section.MaxReceivedMessageSize > 0 ? section.MaxReceivedMessageSize : df.MaxReceivedMessageSize, CloseTimeout = section.CloseTimeout != TimeSpan.Zero ? section.CloseTimeout : df.CloseTimeout, OpenTimeout = section.OpenTimeout != TimeSpan.Zero ? section.OpenTimeout : df.OpenTimeout, SendTimeout = section.SendTimeout != TimeSpan.Zero ? section.SendTimeout : df.SendTimeout, ReceiveTimeout = section.ReceiveTimeout != TimeSpan.Zero ? section.ReceiveTimeout : df.ReceiveTimeout, TextEncoding = section.TextEncoding ?? df.TextEncoding, MessageEncoding = section.MessageEncoding, AllowCookies = section.AllowCookies, BypassProxyOnLocal = section.BypassProxyOnLocal, TransactionFlow = section.TransactionFlow, HostNameComparisonMode = section.HostNameComparisonMode, UseDefaultWebProxy = section.UseDefaultWebProxy, }; var readerQuotasSection = section.ReaderQuotas; var readerQuotas = new System.Xml.XmlDictionaryReaderQuotas(); if (readerQuotasSection != null && readerQuotasSection.MaxDepth > 0) { readerQuotas.MaxDepth = readerQuotasSection.MaxDepth; readerQuotas.MaxStringContentLength = readerQuotasSection.MaxStringContentLength; readerQuotas.MaxArrayLength = readerQuotasSection.MaxArrayLength; readerQuotas.MaxBytesPerRead = readerQuotasSection.MaxBytesPerRead; readerQuotas.MaxNameTableCharCount = readerQuotasSection.MaxNameTableCharCount; } else { readerQuotas = null; } var reliableSessionSection = section.ReliableSession; var dfRss = new OptionalReliableSession(); var reliableSession = new OptionalReliableSession { Enabled = reliableSessionSection.Enabled, Ordered = reliableSessionSection.Ordered, InactivityTimeout = reliableSessionSection.InactivityTimeout != TimeSpan.Zero ? reliableSessionSection.InactivityTimeout : dfRss.InactivityTimeout, }; var messageSection = section.Security.Message; var message = new NonDualMessageSecurityOverHttp { EstablishSecurityContext = messageSection.EstablishSecurityContext, ClientCredentialType = messageSection.ClientCredentialType, NegotiateServiceCredential = messageSection.NegotiateServiceCredential, AlgorithmSuite = messageSection.AlgorithmSuite }; var transportSection = section.Security.Transport; var transport = new HttpTransportSecurity { ClientCredentialType = transportSection.ClientCredentialType, ProxyCredentialType = transportSection.ProxyCredentialType }; var wsHttpSecuritySection = section.Security; var wsHttpSecurity = new WSHttpSecurity { Mode = wsHttpSecuritySection.Mode, Transport = transport, Message = message }; ; binding.Security = wsHttpSecurity; if (readerQuotas != null) { binding.ReaderQuotas = readerQuotas; } binding.ReliableSession = reliableSession; configs.Add(binding); } return(configs); }