public void CreateIssuedTokenBindingElement1()
{
IssuedSecurityTokenParameters tp =
new IssuedSecurityTokenParameters();
SymmetricSecurityBindingElement be =
SecurityBindingElement.CreateIssuedTokenBindingElement(tp);
SecurityAssert.AssertSymmetricSecurityBindingElement(
SecurityAlgorithmSuite.Default,
true, // IncludeTimestamp
SecurityKeyEntropyMode.CombinedEntropy,
MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature,
MessageSecurityVersion.Default,
false, // RequireSignatureConfirmation
SecurityHeaderLayout.Strict,
// EndpointSupportingTokenParameters: endorsing, signed, signedEncrypted, signedEndorsing (by count)
0, 0, 0, 0,
// ProtectionTokenParameters
true, SecurityTokenInclusionMode.AlwaysToRecipient, SecurityTokenReferenceStyle.Internal, true,
// LocalClientSettings
true, 60, true,
be, "");
// test ProtectionTokenParameters
Assert.AreEqual(tp, be.ProtectionTokenParameters, "#2-1");
SecurityAssert.AssertSecurityTokenParameters(
SecurityTokenInclusionMode.AlwaysToRecipient,
SecurityTokenReferenceStyle.Internal,
true, tp, "Protection");
}
public static Binding CreateIssuedTokenBinding()
{
BindingElementCollection bec = new BindingElementCollection();
bec.Add(SecurityBindingElement.
CreateIssuedTokenBindingElement(
new IssuedSecurityTokenParameters()));
bec.Add(new TextMessageEncodingBindingElement());
bec.Add(new HttpTransportBindingElement());
return(new CustomBinding(bec));
}
private SecurityBindingElement CreateSecurityBindingElement()
{
// Create an issued token parameters object.
IssuedSecurityTokenParameters issuedSecTok =
new IssuedSecurityTokenParameters();
// Create a security binding element with the parameter object.
SymmetricSecurityBindingElement secBindingEle =
SecurityBindingElement.CreateIssuedTokenBindingElement(issuedSecTok);
// Create a Kerberos token parameter object and set the inclusion
// mode to AlwaysToRecipient. Add the object as an endorsing token for
// all operations of the endpoint.
KerberosSecurityTokenParameters kstp = new KerberosSecurityTokenParameters();
kstp.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
secBindingEle.EndpointSupportingTokenParameters.Endorsing.Add(kstp);
// Create a username token parameter object and set its
// RequireDerivedKeys to false.
UserNameSecurityTokenParameters userNameParams =
new UserNameSecurityTokenParameters();
userNameParams.RequireDerivedKeys = false;
// Create a collection object for supporting tokens.
SupportingTokenParameters stp = new SupportingTokenParameters();
// Add the previously created supporting tokens.
stp.Endorsing.Add(issuedSecTok);
stp.SignedEncrypted.Add(userNameParams);
// Create a generic dictionary item, a KeyValuePair object
// that includes all supporting token parameters. Then add
// it to the dictionary for operation-scope supporting tokens.
KeyValuePair <string, SupportingTokenParameters> x =
new KeyValuePair <string, SupportingTokenParameters>("1", stp);
secBindingEle.OperationSupportingTokenParameters.Add(x);
// See all dictionary items for the supporting tokens.
Console.WriteLine("Reading Kevalue pairs");
foreach (KeyValuePair <string, SupportingTokenParameters> kvp
in secBindingEle.OperationSupportingTokenParameters)
{
Console.WriteLine("{0}: {1}", kvp.Key, kvp.Value);
}
Console.ReadLine();
return(secBindingEle);
}
protected internal virtual BindingElement CreateBindingElement(bool createTemplateOnly)
{
SecurityBindingElement result;
switch (this.AuthenticationMode)
{
case AuthenticationMode.AnonymousForCertificate:
result = SecurityBindingElement.CreateAnonymousForCertificateBindingElement();
break;
case AuthenticationMode.AnonymousForSslNegotiated:
result = SecurityBindingElement.CreateSslNegotiationBindingElement(false, this.RequireSecurityContextCancellation);
break;
case AuthenticationMode.CertificateOverTransport:
result = SecurityBindingElement.CreateCertificateOverTransportBindingElement(this.MessageSecurityVersion);
break;
case AuthenticationMode.IssuedToken:
result = SecurityBindingElement.CreateIssuedTokenBindingElement(this.IssuedTokenParameters.Create(createTemplateOnly, this.templateKeyType));
break;
case AuthenticationMode.IssuedTokenForCertificate:
result = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(this.IssuedTokenParameters.Create(createTemplateOnly, this.templateKeyType));
break;
case AuthenticationMode.IssuedTokenForSslNegotiated:
result = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(this.IssuedTokenParameters.Create(createTemplateOnly, this.templateKeyType), this.RequireSecurityContextCancellation);
break;
case AuthenticationMode.IssuedTokenOverTransport:
result = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(this.IssuedTokenParameters.Create(createTemplateOnly, this.templateKeyType));
break;
case AuthenticationMode.Kerberos:
result = SecurityBindingElement.CreateKerberosBindingElement();
break;
case AuthenticationMode.KerberosOverTransport:
result = SecurityBindingElement.CreateKerberosOverTransportBindingElement();
break;
case AuthenticationMode.MutualCertificateDuplex:
result = SecurityBindingElement.CreateMutualCertificateDuplexBindingElement(this.MessageSecurityVersion);
break;
case AuthenticationMode.MutualCertificate:
result = SecurityBindingElement.CreateMutualCertificateBindingElement(this.MessageSecurityVersion);
break;
case AuthenticationMode.MutualSslNegotiated:
result = SecurityBindingElement.CreateSslNegotiationBindingElement(true, this.RequireSecurityContextCancellation);
break;
case AuthenticationMode.SspiNegotiated:
result = SecurityBindingElement.CreateSspiNegotiationBindingElement(this.RequireSecurityContextCancellation);
break;
case AuthenticationMode.UserNameForCertificate:
result = SecurityBindingElement.CreateUserNameForCertificateBindingElement();
break;
case AuthenticationMode.UserNameForSslNegotiated:
result = SecurityBindingElement.CreateUserNameForSslBindingElement(this.RequireSecurityContextCancellation);
break;
case AuthenticationMode.UserNameOverTransport:
result = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
break;
case AuthenticationMode.SspiNegotiatedOverTransport:
result = SecurityBindingElement.CreateSspiNegotiationOverTransportBindingElement(this.RequireSecurityContextCancellation);
break;
default:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidEnumArgumentException("AuthenticationMode", (int)this.AuthenticationMode, typeof(AuthenticationMode)));
}
this.ApplyConfiguration(result);
return(result);
}
/// <summary>
/// Creates a custom binding based on an example generated from svcutil.exe
/// </summary>
/// <param name="exeConfigPath"></param>
/// <returns></returns>
/// <remarks>
/// https://msdn.microsoft.com/en-us/library/ms731690(v=vs.110).aspx
/// </remarks>
public static List <CustomBinding> GetCustomBindings(string exeConfigPath)
{
if (string.IsNullOrWhiteSpace(exeConfigPath))
{
return(null);
}
var svcSection = Read.Config.ExeConfig.GetServiceModelSection(exeConfigPath);
var configs = new List <CustomBinding>();
foreach (var section in svcSection.Bindings.CustomBinding.ConfiguredBindings.Cast <CustomBindingElement>())
{
var binding = new CustomBinding
{
Name = section.Name,
};
var cfgSecurity = section[0] as SecurityElement;
if (cfgSecurity == null)
{
configs.Add(binding);
continue;
}
var mode = cfgSecurity.AuthenticationMode;
var msgSecurityVersion = cfgSecurity.MessageSecurityVersion;
var issuedTokenParameter = new IssuedSecurityTokenParameters();
if (cfgSecurity.IssuedTokenParameters.AdditionalRequestParameters != null)
{
foreach (var arp in cfgSecurity.IssuedTokenParameters.AdditionalRequestParameters.Cast <XmlElementElement>())
{
issuedTokenParameter.AdditionalRequestParameters.Add(arp.XmlElement);
}
}
if (cfgSecurity.IssuedTokenParameters.Issuer?.Address != null)
{
var address = cfgSecurity.IssuedTokenParameters.Issuer.Address;
var idElem = cfgSecurity.IssuedTokenParameters.Issuer.Identity;
issuedTokenParameter.IssuerAddress = GetEnpointAddressWithIdentity(address, idElem);
}
if (cfgSecurity.IssuedTokenParameters.Issuer?.Binding != null)
{
issuedTokenParameter.IssuerBinding = GetBindingByName(cfgSecurity.IssuedTokenParameters.Issuer.Binding);
}
if (cfgSecurity.IssuedTokenParameters.IssuerMetadata?.Address != null)
{
var address = cfgSecurity.IssuedTokenParameters.IssuerMetadata.Address;
var idElem = cfgSecurity.IssuedTokenParameters.IssuerMetadata.Identity;
issuedTokenParameter.IssuerMetadataAddress = GetEnpointAddressWithIdentity(address, idElem);
}
SecurityBindingElement securityElemnt;
switch (mode)
{
case AuthenticationMode.IssuedTokenOverTransport:
securityElemnt =
SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(issuedTokenParameter);
break;
case AuthenticationMode.AnonymousForCertificate:
securityElemnt = SecurityBindingElement.CreateAnonymousForCertificateBindingElement();
break;
case AuthenticationMode.AnonymousForSslNegotiated:
securityElemnt = SecurityBindingElement.CreateSslNegotiationBindingElement(false);
break;
case AuthenticationMode.CertificateOverTransport:
securityElemnt =
SecurityBindingElement.CreateCertificateOverTransportBindingElement(msgSecurityVersion);
break;
case AuthenticationMode.IssuedToken:
securityElemnt = SecurityBindingElement.CreateIssuedTokenBindingElement(issuedTokenParameter);
break;
case AuthenticationMode.IssuedTokenForCertificate:
securityElemnt = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(issuedTokenParameter);
break;
case AuthenticationMode.IssuedTokenForSslNegotiated:
securityElemnt = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(issuedTokenParameter);
break;
case AuthenticationMode.Kerberos:
securityElemnt = SecurityBindingElement.CreateKerberosBindingElement();
break;
case AuthenticationMode.KerberosOverTransport:
securityElemnt = SecurityBindingElement.CreateKerberosOverTransportBindingElement();
break;
case AuthenticationMode.MutualCertificate:
securityElemnt = SecurityBindingElement.CreateMutualCertificateBindingElement(msgSecurityVersion);
break;
case AuthenticationMode.MutualCertificateDuplex:
securityElemnt = SecurityBindingElement.CreateMutualCertificateDuplexBindingElement(msgSecurityVersion);
break;
case AuthenticationMode.MutualSslNegotiated:
securityElemnt = SecurityBindingElement.CreateSslNegotiationBindingElement(false);
break;
case AuthenticationMode.SspiNegotiated:
securityElemnt = SecurityBindingElement.CreateSspiNegotiationBindingElement();
break;
case AuthenticationMode.SspiNegotiatedOverTransport:
securityElemnt = SecurityBindingElement.CreateSspiNegotiationOverTransportBindingElement();
break;
case AuthenticationMode.UserNameForCertificate:
securityElemnt = SecurityBindingElement.CreateUserNameForCertificateBindingElement();
break;
case AuthenticationMode.UserNameForSslNegotiated:
securityElemnt = SecurityBindingElement.CreateUserNameForSslBindingElement();
break;
case AuthenticationMode.UserNameOverTransport:
securityElemnt = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
break;
default:
throw new NotImplementedException();
}
securityElemnt.AllowInsecureTransport = cfgSecurity.AllowInsecureTransport;
securityElemnt.DefaultAlgorithmSuite = cfgSecurity.DefaultAlgorithmSuite;
securityElemnt.EnableUnsecuredResponse = cfgSecurity.EnableUnsecuredResponse;
securityElemnt.IncludeTimestamp = cfgSecurity.IncludeTimestamp;
securityElemnt.MessageSecurityVersion = cfgSecurity.MessageSecurityVersion;
securityElemnt.KeyEntropyMode = cfgSecurity.KeyEntropyMode;
securityElemnt.ProtectTokens = cfgSecurity.ProtectTokens;
securityElemnt.SecurityHeaderLayout = cfgSecurity.SecurityHeaderLayout;
securityElemnt.SetKeyDerivation(cfgSecurity.RequireDerivedKeys);
binding.Elements.Add(securityElemnt);
configs.Add(binding);
}
return(configs);
}
