private Message Verify(Message message) { if (message != null) { var wss = WSS.Create(MessageSecurityVersion); int i = message.Headers.FindHeader("Security", wss.SecExtNs); if (i >= 0) { MessageHeaderInfo sec = message.Headers[i]; XmlDictionaryReader headerReader = message.Headers.GetReaderAtHeader(i); var doc = new XmlDocument(); var header = (XmlElement)doc.ReadNode(headerReader); wss.VerifyResponse(header); message.Headers.UnderstoodHeaders.Add(sec); } else { //TODO::OK to have unsecure responses? } } return(message); }
private void Start_Click(object sender, EventArgs e) { int portNum = 1111; //1111 is purely for example. It just needs to match what you setup in your web page. WSS.MessageHandler mh = new WSS.MessageHandler(HandleMessage); WSS server = new WSS("iceWSTest", portNum, mh); server.Start(); Start.Hide(); }
/// <summary> /// Called to write the message to the writer. This implementation add the security headers. /// </summary> /// <remarks> /// It writes the message to memory (of temp file) in order to do so. /// </remarks> /// <param name="writer">The xml writer to write the message too</param> protected override void OnWriteMessage(XmlDictionaryWriter writer) { using (var memStream = new MemoryStream()) { var wss = WSS.Create(MessageSecurityVersion); //Write the document without security headers in memory using (var memWriter = XmlDictionaryWriter.CreateTextWriter(memStream, Encoding.UTF8, false)) { _innerMessage.WriteMessage(memWriter); } memStream.Position = 0; if (_logger != null && _logger.IsEnabled(LogLevel.Trace)) { String org = new StreamReader(memStream).ReadToEnd(); _logger.LogTrace(org); memStream.Position = 0; } //parse the document to add the security headers var env = new XmlDocument { PreserveWhitespace = true }; env.Load(memStream); //Make preperations to do some xpath string soapPrefix = env.DocumentElement.Prefix; string soapNs = env.DocumentElement.NamespaceURI; XmlNamespaceManager nsmgr = new XmlNamespaceManager(env.NameTable); nsmgr.AddNamespace("s", soapNs); //Find the body, add an id if needed. XmlElement body = (XmlElement)env.DocumentElement.SelectSingleNode("./s:Body", nsmgr); string bodyIdValue = body.GetAttribute("Id", wss.UtilityNs); if (bodyIdValue == string.Empty) { bodyIdValue = "uuid-" + Guid.NewGuid().ToString("D"); var bodyId = env.CreateAttribute(wss.UtilityPrefix, "Id", wss.UtilityNs); bodyId.Value = bodyIdValue; body.SetAttributeNode(bodyId); } //Find the soap header, create if needed. XmlElement header = (XmlElement)env.DocumentElement.SelectSingleNode("./s:Header", nsmgr); if (header == null) { header = env.CreateElement(soapPrefix, "Header", soapNs); env.DocumentElement.InsertBefore(header, env.DocumentElement.FirstChild); } //Apply the security //see github\dotnet\wcf\src\System.Private.ServiceModel\src\System\IdentityModel\Tokens\SecurityTokenTypes.cs SecurityTokenRequirement requirement = new SecurityTokenRequirement() { TokenType = "http://schemas.microsoft.com/ws/2006/05/identitymodel/tokens/X509Certificate" }; //SecurityTokenResolver resolver; //var tokenManager = ClientCredentials.CreateSecurityTokenManager(); //var authenticator = tokenManager.CreateSecurityTokenAuthenticator(requirement, out resolver); //var provider = tokenManager.CreateSecurityTokenProvider(requirement); wss.ApplyOnRequest(ref header, bodyIdValue, ClientCredentials.ClientCertificate.Certificate, SignParts); //Write the modified version with security header to the original streams. env.Save(writer); } }