/// <summary>
/// Create a communication channel to the SIMS application server.
/// Instead of relying on unweildy .config files full of WCF binding information, we will do this longhand as an example.
/// </summary>
/// <returns></returns>
private ChannelFactory <IDataEntityIO> GetApplicationServerChannelFactory()
{
// Manually set up the connection parameters to the application server using HTTPS to encrypt the message content and the HTTP stream.
WS2007FederationHttpBinding binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
// Quotas
binding.ReaderQuotas.MaxArrayLength = 2147483647;
binding.ReaderQuotas.MaxStringContentLength = 2147483647;
binding.ReaderQuotas.MaxDepth = int.MaxValue;
binding.MaxReceivedMessageSize = int.MaxValue;
binding.MaxBufferPoolSize = int.MaxValue;
// Notify the connection that we will be providing a security token.
binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Message.NegotiateServiceCredential = true;
binding.UseDefaultWebProxy = true;
binding.BypassProxyOnLocal = false;
// Create a communication channel factory to communicate with the iSIMS application server
ChannelFactory <IDataEntityIO> factory = new ChannelFactory <IDataEntityIO>(binding, new EndpointAddress(_applicationServerAddress));
return(factory);
}
private static Binding GetServiceBinding()
{
WS2007FederationHttpBinding binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.Message);
binding.Security.Message.IssuerMetadataAddress = new EndpointAddress("http://localhost:8081/STS/mex");
return(binding);
}
public ActionResult Webservice()
{
ViewBag.Message = "Your application description page.";
// Setup the channel factory for the call to the backend service
var binding = new WS2007FederationHttpBinding(
WSFederationHttpSecurityMode.TransportWithMessageCredential);
var factory = new ChannelFactory <WebService.IService>(binding, new EndpointAddress("https://[BackendService]/Service.svc"));
// turn off CardSpace
factory.Credentials.SupportInteractive = false;
// Get the token representing the logged in user
var actAsToken = GetActAsToken();
// Create the channel to the backend service using the acquired token
var channel = factory.CreateChannelWithIssuedToken(actAsToken);
// Call the service
var serviceClaims = channel.GetClaimsPrincipal();
// At this point, you can compare the claims the are available to the backend service with the ones available to the web app
// See for example that the backend service has knowledge of both the logged in user and the front end app through which the user is logged in
ViewBag.Message = "Web service call succeeded!";
return(View());
}
/// <summary>
/// Creates the binding based on the configurations.
/// </summary>
/// <returns>The binding configurations.</returns>
private Binding CreateBinding()
{
WS2007FederationHttpBinding fedBinding = new WS2007FederationHttpBinding("SamlBearerTokenBindingConfig");
fedBinding.Security.Message.IssuedTokenType = this.transactionServiceProfile.IssuedTokenType;
return(fedBinding);
}
/// <summary>
/// Returns the binding for the client. This method also modifies the security token request to include
/// the custom element.
/// </summary>
/// <returns>The client's binding.</returns>
static Binding GetClientBinding()
{
WS2007FederationHttpBinding binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.Message);
binding.Security.Message.IssuerAddress = new EndpointAddress("http://localhost:8081/STS");
binding.Security.Message.IssuerBinding = GetSecurityTokenServiceBinding();
#region Make the client send out additional RST element
//
// The TokenRequestParameters is a place where you can send some custom element in the issue request
// Comment out this section will make the sample fail
//
XmlDocument doc = new XmlDocument();
XmlElement customElement = doc.CreateElement(CustomElementConstants.Prefix, CustomElementConstants.LocalName, CustomElementConstants.Namespace);
bool sendCorrectValue = true; // change this to false will make the sample fail
if (sendCorrectValue)
{
customElement.InnerText = CustomElementConstants.DefaultElementValue;
}
else
{
customElement.InnerText = "IncorrectValue";
}
binding.Security.Message.TokenRequestParameters.Add(customElement);
#endregion
return(binding);
}
public Binding Create(Endpoint serviceInterface)
{
System.Net.ServicePointManager.ServerCertificateValidationCallback =
((sender, certificate, chain, sslPolicyErrors) => true);
var secureBinding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential)
{
Name = "secure",
TransactionFlow = false,
HostNameComparisonMode = serviceInterface.HostNameComparisonMode.ParseAsEnum(HostNameComparisonMode.StrongWildcard),
MaxBufferPoolSize = serviceInterface.MaxBufferPoolSize,
MaxReceivedMessageSize = serviceInterface.MaxReceivedSize,
MessageEncoding = serviceInterface.MessageFormat.ParseAsEnum(WSMessageEncoding.Text),
TextEncoding = Encoding.UTF8,
ReaderQuotas = XmlDictionaryReaderQuotas.Max,
BypassProxyOnLocal = true,
UseDefaultWebProxy = false
};
if (ConfigurationManagerHelper.GetValueOnKey("stardust.UseDefaultProxy") == "true")
{
secureBinding.BypassProxyOnLocal = false;
secureBinding.UseDefaultWebProxy = true;
}
SetSecuritySettings(serviceInterface, secureBinding);
return(secureBinding);
}
public ChannelFactory <IDataEntityIO> GetApplicationServerChannelFactory(string _applicationServerAddress)
{
WS2007FederationHttpBinding binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential)
{
ReaderQuotas =
{
MaxArrayLength = 2147483647,
MaxStringContentLength = 2147483647,
MaxDepth = int.MaxValue
},
MaxReceivedMessageSize = int.MaxValue,
MaxBufferPoolSize = int.MaxValue
};
binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Message.NegotiateServiceCredential = true;
binding.UseDefaultWebProxy = true;
binding.BypassProxyOnLocal = false;
ChannelFactory <IDataEntityIO> factory = new ChannelFactory <IDataEntityIO>(binding, new EndpointAddress(_applicationServerAddress));
return(factory);
}
/// <summary>
/// Returns the service binding.
/// </summary>
/// <returns>A WS2007FederationHttpBinding object for the service.</returns>
static Binding GetServiceBinding()
{
WS2007FederationHttpBinding binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.Message);
binding.Security.Message.IssuerMetadataAddress = new EndpointAddress(securityTokenServiceAddress + "/mex");
return(binding);
}
public static Binding CreateBinding(string bindingName)
{
Binding result = null;
try
{
if (string.Compare(bindingName, typeof(WSHttpBinding).FullName, true) == 0)
{
result = new WSHttpBinding();
}
else if (string.Compare(bindingName, typeof(WS2007HttpBinding).FullName, true) == 0)
{
result = new WS2007HttpBinding();
}
else if (string.Compare(bindingName, typeof(BasicHttpBinding).FullName, true) == 0)
{
result = new BasicHttpBinding();
}
else if (string.Compare(bindingName, typeof(WSDualHttpBinding).FullName, true) == 0)
{
result = new WSDualHttpBinding();
}
else if (string.Compare(bindingName, typeof(WS2007FederationHttpBinding).FullName, true) == 0)
{
result = new WS2007FederationHttpBinding();
}
else if (string.Compare(bindingName, typeof(WSFederationHttpBinding).FullName, true) == 0)
{
result = new WSFederationHttpBinding();
}
else if (string.Compare(bindingName, typeof(NetNamedPipeBinding).FullName, true) == 0)
{
result = new NetNamedPipeBinding();
}
else if (string.Compare(bindingName, typeof(NetMsmqBinding).FullName, true) == 0)
{
result = new NetMsmqBinding();
}
else if (string.Compare(bindingName, typeof(MsmqIntegrationBinding).FullName, true) == 0)
{
result = new MsmqIntegrationBinding();
}
else if (string.Compare(bindingName, typeof(NetTcpBinding).FullName, true) == 0)
{
result = new NetTcpBinding();
}
else if (string.Compare(bindingName, typeof(NetPeerTcpBinding).FullName, true) == 0)
{
result = new NetPeerTcpBinding();
}
}
catch
{
result = new BasicHttpBinding(BasicHttpSecurityMode.None);
}
return(result);
}
/// <summary>
/// Configures the specified binding.
/// </summary>
/// <param name="binding">The binding.</param>
/// <returns>Binding.</returns>
public virtual Binding Configure(
WS2007FederationHttpBinding binding)
{
if (binding == null)
{
throw new ArgumentNullException(nameof(binding));
}
return(ConfigureDefault(binding));
}
static Binding GetClientBinding()
{
WS2007FederationHttpBinding binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.Message);
binding.Security.Message.IssuerAddress = new EndpointAddress("http://localhost:8081/STS");
binding.Security.Message.IssuerBinding = new WindowsWSTrustBinding();
return(binding);
}
public SecurityToken IssueOAuth2SecurityToken(SecurityToken foreignToken, string rpEndpoint, string appliesTo, string localTokenType, out RequestSecurityTokenResponse rstr, string keyType)
{
ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12;
// Authenticate with a SAML Bearer token
var wsHttpBinding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
wsHttpBinding.Security.Message.EstablishSecurityContext = false;
wsHttpBinding.Security.Message.NegotiateServiceCredential = false;
wsHttpBinding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
Binding binding = wsHttpBinding;
// Define the STS endpoint
var endpoint = new EndpointAddress(new Uri(rpEndpoint));
var factory = new WSTrustChannelFactory(binding, endpoint)
{
TrustVersion = TrustVersion.WSTrust13
};
if (factory.Credentials != null)
{
factory.Credentials.SupportInteractive = false; // avoid that Cardspace dialog
//http://stackoverflow.com/questions/11312314/cannot-serialize-saml2assertionkeyidentifierclause
factory.Credentials.UseIdentityConfiguration = true;
}
// Now we define the Request for Security Token (RST)
var rst = new RequestSecurityToken()
{
//identifiy which local token we want
AppliesTo = new EndpointReference(appliesTo),
//identify what type of request this is (Issue or Validate)
RequestType = RequestTypes.Issue,
//set what kind of token we want returned (appliesTo will override this)
TokenType = localTokenType,
//set the keytype (symmetric, asymmetric (pub key) or bearer - null = Sender Vouches)
KeyType = null
};
//create the channel (using the SAML token received from the WSC)
var channel = factory.CreateChannelWithIssuedToken(foreignToken);
//send the token issuance command
var token = channel.Issue(rst, out rstr);
return(token);
}
private Binding GetWS2007FederationHttpBinding(
SecurityKeyType securityKeyType)
{
var binding = new WS2007FederationHttpBinding(
WSFederationHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.NegotiateServiceCredential = false;
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Message.IssuedKeyType = securityKeyType;
return(binding);
}
private static string GetADFSMembershipTokenHelper(string adfsEndpoint, string authSiteEndPoint, string userName, string password)
{
var identityProviderEndpoint = new EndpointAddress(new Uri(authSiteEndPoint + "/wstrust/issue/usernamemixed"));
var federationEndpoint = new EndpointAddress(new Uri(adfsEndpoint + "/adfs/services/trust/13/issuedtokenmixedasymmetricbasic256sha256"));
var identityProviderBinding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential);
identityProviderBinding.Security.Message.EstablishSecurityContext = false;
identityProviderBinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
identityProviderBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
var xml = new XmlDocument();
xml.LoadXml(@"<wsp:AppliesTo xmlns:wsp=""http://schemas.xmlsoap.org/ws/2004/09/policy""><wsa:EndpointReference xmlns:wsa=""http://www.w3.org/2005/08/addressing""><wsa:Address>http://kc-adfs.katalcloud.com/adfs/services/trust</wsa:Address></wsa:EndpointReference></wsp:AppliesTo>");
var federationBinding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
federationBinding.Security.Message.EstablishSecurityContext = false;
federationBinding.Security.Message.IssuedKeyType = SecurityKeyType.AsymmetricKey;
federationBinding.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Basic256Sha256;
federationBinding.Security.Message.NegotiateServiceCredential = false;
federationBinding.Security.Message.TokenRequestParameters.Add(xml.DocumentElement);
federationBinding.Security.Message.IssuerAddress = identityProviderEndpoint;
federationBinding.Security.Message.IssuerBinding = identityProviderBinding;
federationBinding.Security.Message.IssuedTokenType = "urn:oasis:names:tc:SAML:2.0:assertion";
var trustChannelFactory = new WSTrustChannelFactory(federationBinding, federationEndpoint)
{
TrustVersion = TrustVersion.WSTrust13,
};
trustChannelFactory.Credentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication()
{
CertificateValidationMode = X509CertificateValidationMode.None
};
trustChannelFactory.Credentials.SupportInteractive = false;
trustChannelFactory.Credentials.UserName.UserName = userName;
trustChannelFactory.Credentials.UserName.Password = password;
var channel = trustChannelFactory.CreateChannel();
var rst = new RequestSecurityToken(RequestTypes.Issue)
{
AppliesTo = new EndpointReference("http://azureservices/TenantSite"),
TokenType = "urn:ietf:params:oauth:token-type:jwt",
KeyType = KeyTypes.Bearer,
};
RequestSecurityTokenResponse rstr = null;
var token = channel.Issue(rst, out rstr);
var tokenString = (token as GenericXmlSecurityToken).TokenXml.InnerText;
var jwtString = Encoding.UTF8.GetString(Convert.FromBase64String(tokenString));
return(jwtString);
}
static Binding CreateBinding()
{
var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
// only for testing on localhost
binding.HostNameComparisonMode = HostNameComparisonMode.Exact;
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
return(binding);
}
public static WS2007FederationHttpBinding WS2007FederationHttpBinding(long maxReceivedMessageSize)
{
var binding = new WS2007FederationHttpBinding();
binding.MaxReceivedMessageSize = maxReceivedMessageSize;
binding.ReaderQuotas.MaxStringContentLength = int.MaxValue;
binding.HostNameComparisonMode = HostNameComparisonMode.Exact;
binding.Security.Mode = WSFederationHttpSecurityMode.TransportWithMessageCredential;
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Message.IssuedKeyType = System.IdentityModel.Tokens.SecurityKeyType.BearerKey;
return(binding);
}
private static Binding GetServiceBinding()
{
//
// Use the standard WS2007FederationHttpBinding
//
WS2007FederationHttpBinding binding = new WS2007FederationHttpBinding();
binding.Security.Message.IssuerAddress = new EndpointAddress(STSAddress);
binding.Security.Message.IssuerBinding = GetSecurityTokenServiceBinding();
binding.Security.Message.IssuerMetadataAddress = new EndpointAddress(STSAddress + "/mex");
return(binding);
}
/// <summary>
/// Issues security token
/// </summary>
/// <param name="binding">
/// The binding.
/// </param>
/// <param name="serviceAddress">
/// The service address.
/// </param>
/// <param name="actAsToken">
/// The act as token.
/// </param>
/// <returns>
/// The security token
/// </returns>
/// <exception cref="ApplicationException">
/// </exception>
public virtual SecurityToken IssueToken(WS2007FederationHttpBinding binding, string serviceAddress, SecurityToken actAsToken)
{
var issuerEndpointAddress = binding.Security.Message.IssuerAddress;
var issuerBinding = binding.Security.Message.IssuerBinding as WS2007HttpBinding;
if (issuerBinding == null)
{
throw new ApplicationException("Unable to get WS2007HttpBinding");
}
var token = this.IssueToken(issuerBinding, issuerEndpointAddress, serviceAddress, actAsToken);
return(token);
}
protected override Binding GetBinding()
{
var authorityBinding = new WSHttpBinding(SecurityMode.Transport);
var serviceBinding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
serviceBinding.Security.Message.IssuedTokenType = Saml20TokenType;
var serverBasePathUri = BaseAddresses[0];
var issuerUri = new Uri(serverBasePathUri, FederationSTSServiceHost.BasePath + "/" + FederationSTSServiceHost.RelativePath);
serviceBinding.Security.Message.IssuerAddress = new EndpointAddress(issuerUri);
serviceBinding.Security.Message.IssuerBinding = authorityBinding;
serviceBinding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
return(serviceBinding);
}
private Binding CreateWs2007FederationHttpBinding(bool secureSessionOff)
{
Binding binding = new WS2007FederationHttpBinding("WS2007FederationHttpBinding_IServices");
((WSFederationHttpBinding)binding).Security.Message.IssuerBinding = CreateKerberosOverTransportBinding();
if (secureSessionOff)
{
((WSFederationHttpBinding)binding).Security.Message.NegotiateServiceCredential = false;
var revisedBinding = CreateFederationBindingWithoutSecureSession(binding as WSFederationHttpBinding);
return(revisedBinding);
}
return(binding);
}
/// <summary>
/// Gets the service binding.
/// </summary>
/// <returns>A WS2007FederationHttpBinding object for the service.</returns>
static Binding GetServiceBinding()
{
//This has to be "None" if you want this to work without creating your own Certificate Authority for localhost...
//Oops, can't set this to "none" or nothing interesting in the sample even happens... dammit...
WS2007FederationHttpBinding binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.Message);
binding.Security.Message.IssuerAddress = new EndpointAddress(securityTokenServiceAddress);
binding.Security.Message.IssuerBinding = GetSecurityTokenServiceBinding();
binding.Security.Message.IssuerMetadataAddress = new EndpointAddress(securityTokenServiceAddress + "/mex");
//
// We need to set up the service binding so that it is expecting a custom token
//
binding.Security.Message.IssuedTokenType = CustomTokenHandler.DecisionTokenType;
return(binding);
}
private void ConnectToWcfService()
{
if (connected)
{
return;
}
if (token == null)
{
if (useActAs)
{
token = AdfsHelper.GetActAsToken(idpEndpoint, realm, serviceUserName, servicePassword);
}
else
{
token = AdfsHelper.GetSecurityToken(idpEndpoint, realm, serviceUserName, servicePassword);
}
}
binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
binding.Security.Message.EstablishSecurityContext = false;
// create factory and enable WIF plumbing
factory = new ChannelFactory <T>(binding, serviceAddress);
InvokeConfigureChannel();
try
{
factory.Credentials.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;
factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
//TODO Upgrade 4.5 - http://social.msdn.microsoft.com/Forums/vstudio/en-US/9cffe4ea-5a0d-4729-9eb1-b56629b175dc/configurechannelfactory-in-net-45?forum=Geneva
//factory.ConfigureChannelFactory();
factory.Credentials.SupportInteractive = false;
channel = factory.CreateChannelWithIssuedToken(token);
SetupWcfHeader();
connected = true;
}
catch (Exception)
{
factory.Abort();
throw;
}
}
static void Main(string[] args)
{
var jwt = GetJwt();
var xmlToken = WrapJwt(jwt);
var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
binding.HostNameComparisonMode = HostNameComparisonMode.Exact;
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
var factory = new ChannelFactory <IService>(
binding,
new EndpointAddress("https://localhost:44335/token"));
var channel = factory.CreateChannelWithIssuedToken(xmlToken);
Console.WriteLine(channel.Ping());
}
private static IClaimsService GetServiceProxy(SecurityToken token)
{
var serviceAddress = FederatedAuthentication.FederationConfiguration.WsFederationConfiguration.Reply + "service.svc";
var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
var factory = new ChannelFactory <IClaimsService>(
binding,
new EndpointAddress(serviceAddress));
factory.Credentials.SupportInteractive = false;
var channel = factory.CreateChannelWithIssuedToken(token);
return(channel);
}
private static void CallService(SecurityToken token)
{
"Calling Service".ConsoleYellow();
var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
var factory = new ChannelFactory <IClaimsService>(binding, new EndpointAddress(_serviceAddress));
factory.Credentials.SupportInteractive = false;
factory.Credentials.UseIdentityConfiguration = true;
var proxy = factory.CreateChannelWithIssuedToken(token);
var id = proxy.GetIdentity();
Helper.ShowIdentity(id);
}
private static void CallService(SecurityToken token)
{
var serviceEndpoint = "https://" + "adfs.leastprivilege.vm" + "/rp/service.svc";
var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
var factory = new ChannelFactory <IClaimsService>(
binding,
new EndpointAddress(serviceEndpoint));
factory.Credentials.SupportInteractive = false;
var channel = factory.CreateChannelWithIssuedToken(token);
var claims = channel.GetClaims();
claims.ForEach(c => Console.WriteLine("{0}\n {1}\n\n", c.Type, c.Value));
}
private static string CallService_IssuedToken(SecurityToken token)
{
// Creating the channel and calling it
var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
var serviceEpAddress = ConfigurationManager.AppSettings["serviceEpAddress"].ToString();
var factory = new ChannelFactory <IService1>(binding, new EndpointAddress(serviceEpAddress));
// Create a channel
IService1 client = factory.CreateChannelWithIssuedToken(token);
// Invoke the service operation
var response = client.GetData(12);
((IClientChannel)client).Close();
return(response);
}
/// <summary>
/// Creates a new channel factory for the type using WS-Federation.
/// </summary>
/// <typeparam name="T"></typeparam>
/// <param name="endpointName"></param>
/// <returns></returns>
private static ChannelFactory <T> CreateChannelFactory <T>(string endpointName)
{
var binding = new WS2007FederationHttpBinding(
WSFederationHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
var factory = new ChannelFactory <T>(
binding,
new EndpointAddress(BuildAddress(endpointName)));
if (factory.Credentials == null)
{
throw new Exception(ErrBadFactory);
}
factory.Credentials.SupportInteractive = false;
return(factory);
}
public static WS2007FederationHttpBinding GetServiceBinding(WS2007HttpBinding stsBinding, EndpointAddress usernameEndpoint, bool negotiateServiceCertificate)
{
var serviceBinding = new WS2007FederationHttpBinding(
WSFederationHttpSecurityMode.Message,
false);
var messageSecurity = serviceBinding.Security.Message;
// Saml 1.1 tokens
messageSecurity.IssuedTokenType = SecurityTokenTypes.Saml11TokenProfile11;
// Adresse til STS
messageSecurity.IssuerAddress = usernameEndpoint;
// Negotiation slået fra
messageSecurity.NegotiateServiceCredential = negotiateServiceCertificate;
// Symmetric keys
messageSecurity.IssuedKeyType = SecurityKeyType.SymmetricKey;
// Binding til STS
messageSecurity.IssuerBinding = stsBinding;
return(serviceBinding);
}
private WSFederationHttpBinding GetFederatedBindingFromIssuerContract(Type contractType)
{
WSFederationHttpBinding binding;
// If STS endpoint is using WSTrustFeb2005, then need to use WSFederationHttpBinding
if (contractType == typeof(IWSTrustFeb2005SyncContract))
{
binding = new WSFederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
}
// If STS endpoint is using WSTrust1.3, then need to use WS2007FederationHttpBinding
else if (contractType == typeof(IWSTrust13SyncContract))
{
binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
}
else
{
throw new ArgumentException("Unknown contract type", "contractType");
}
return(binding);
}
