/// <summary> /// Initializes a new instance of the <see cref="StsService"/> class. /// </summary> public StsService() { WindowsSecurityTokenServiceConfiguration config = new WindowsSecurityTokenServiceConfiguration(); config.TrustEndpoints.Add(new ServiceHostEndpointConfiguration(typeof(IWSTrust13AsyncContract), new WS2007HttpBinding(), ConfigurationManager.AppSettings["IssuerName"])); Task.Factory.StartNew(() => { try { WSTrustServiceHost host = new WSTrustServiceHost(config); host.Opened += HostOpened; host.Faulted += HostFaulted; host.Closed += HostClosed; host.Open(); Console.WriteLine(@"Local STS started on port : {0}", ConfigurationManager.AppSettings["IssuerName"]); } catch (Exception ex) { Console.WriteLine( @"Error there is a isue with the host({0} : {1} ", ConfigurationManager.AppSettings["IssuerName"], ex); } }); }
/// <summary> /// Creates a System.ServiceModel.ServiceHost for a specified type of service with a specific base address. /// </summary> /// <param name="serviceType">Specifies the type of service to host.</param> /// <param name="baseAddresses">The System.Array of type System.Uri that contains the base addresses for the service hosted.</param> /// <returns></returns> protected override ServiceHost CreateServiceHost(Type serviceType, Uri[] baseAddresses) { IServiceProvider sp = DI.DefaultServiceProvider; Type stsc = typeof(SecurityTokenServiceConfiguration); if (stsc.IsAssignableFrom(serviceType)) { // try resolving concrete or base STS configuration first to enable DI for it SecurityTokenServiceConfiguration stsConfig = sp.GetService(serviceType) as SecurityTokenServiceConfiguration; if (stsConfig == null) { stsConfig = sp.GetService(stsc) as SecurityTokenServiceConfiguration; } if (stsConfig == null) { stsConfig = Activator.CreateInstance(serviceType) as SecurityTokenServiceConfiguration; } ServiceHost host = new WSTrustServiceHost(stsConfig, baseAddresses); if (stsConfig.ServiceCertificate != null) { host.Credentials.ServiceCertificate.Certificate = stsConfig.ServiceCertificate; } return(host); } return(new ServiceProviderHost(sp, serviceType, baseAddresses)); }
/// <summary> /// Creates a ServiceHost instance. To register a Security Token Service in IIS create /// a .svc file in the following format. /// <%@ServiceHost language=c# Debug="true" Factory="UserNameCardStsHostFactory" Service="<CustomSecurityTokenServiceConfiguration>" %> /// </summary> /// <param name="constructorString">The STSConfiguration name that is passed to the Service argument in the .svc file.</param> /// <param name="baseAddresses">The address under which the .svc file is registered.</param> /// <returns>Instance of Service Host.</returns> /// <exception cref="ArgumentNullException">One of the input arguments is either null or is an empty string.</exception> /// <exception cref="InvalidOperationException">The 'constructorString' parameter does not refer to a type 'SecurityTokenServiceConfiguration'.</exception> public override ServiceHostBase CreateServiceHost( string constructorString, Uri[] baseAddresses ) { if ( String.IsNullOrEmpty( constructorString ) ) { throw new ArgumentNullException( "constructorString" ); } if ( baseAddresses == null ) { throw new ArgumentNullException( "baseAddresses" ); } SecurityTokenServiceConfiguration securityTokenServiceConfiguration = CreateSecurityTokenServiceConfiguration( constructorString ); if ( securityTokenServiceConfiguration == null ) { throw new InvalidOperationException( "CreateSecurityTokenServiceConfiguration return a null SecurityTokenServiceConfiguration object" ); } WSTrustServiceHost serviceHost = new WSTrustServiceHost( securityTokenServiceConfiguration, baseAddresses ); // // Configure an EndpointIdentity for the service host. // If no EndpointIdentity is required, you may wish to set the SecurityTokenServiceConfiguration.TrustEndpoints property instead. // serviceHost.Description.Endpoints.Add( new ServiceEndpoint( ContractDescription.GetContract( typeof( IWSTrust13SyncContract ) ), new UserNameWSTrustBinding( SecurityMode.TransportWithMessageCredential ), new EndpointAddress( new Uri( StsAddress ), EndpointIdentity.CreateX509CertificateIdentity( SslCert ) ) ) ); serviceHost.Description.Behaviors.Find<ServiceMetadataBehavior>().HttpsGetUrl = new Uri( StsMexAddress ); return serviceHost; }
static void Main(string[] args) { // Create and setup the configuration for our STS SecurityTokenServiceConfiguration config = new SecurityTokenServiceConfiguration("STS"); // Add the STS endpoint information config.TrustEndpoints.Add( new ServiceHostEndpointConfiguration(typeof(IWSTrust13SyncContract), GetSTSBinding(), "http://localhost:6000/STS")); // Set the STS implementation class type config.SecurityTokenService = typeof(CustomSecurityTokenService); SecurityTokenHandlerCollection actAsHandlerCollection = config.SecurityTokenHandlerCollectionManager[SecurityTokenHandlerCollectionManager.Usage.ActAs]; actAsHandlerCollection.Configuration.IssuerNameRegistry = new ActAsIssuerNameRegistry(); // The token that we receive in the <RequestSecurityToken><ActAs> element was issued to the service proxies. // By adding the proxy audience URIs here we are enforcing the implicit contract that the STS will accept // only tokens issued to the proxy as an ActAs token. actAsHandlerCollection.Configuration.AudienceRestriction.AllowedAudienceUris.Add(new Uri("https://localhost/WFE/default.aspx")); actAsHandlerCollection.Configuration.AudienceRestriction.AllowedAudienceUris.Add(new Uri("http://localhost/Service1/Service1.svc")); // Create the WS-Trust service host with our STS configuration using (WSTrustServiceHost host = new WSTrustServiceHost(config, new Uri("http://localhost:6000/STS"))) { host.Open(); Console.WriteLine("STS started, press ENTER to stop ..."); Console.ReadLine(); host.Close(); } }
static void Main(string[] args) { SigningCredentials signingCreds = new X509SigningCredentials("CN=MySTS".ToCertificate()); SecurityTokenServiceConfiguration config = new SecurityTokenServiceConfiguration("http://MySTS", signingCreds); config.SecurityTokenHandlers.AddOrReplace(new CustomUsernameTokenHandler()); config.SecurityTokenService = typeof(MySecurityTokenService); // Create the WS-Trust service host with our STS configuration var host = new WSTrustServiceHost(config, new Uri("http://localhost:6000/MySTS")); try { host.Open(); Console.WriteLine("STS is ready to issue tokens… Press ENTER to shutdown"); Console.ReadLine(); host.Close(); } finally { if (host.State != CommunicationState.Faulted) { host.Close(); } else { host.Abort(); } } }
/// <summary> /// Creates and configures a <see cref="WSTrustServiceHost"/> with a specific base address. /// </summary> /// <param name="serviceType">Specifies the type of service to host (ignored).</param> /// <param name="baseAddresses">The <see cref="T:Uri"/> array that contains the base addresses for the service.</param> /// <returns>A <see cref="WSTrustServiceHost"/> with a specific base address.</returns> protected override ServiceHost CreateServiceHost(Type serviceType, Uri[] baseAddresses) { var config = new SOFASecurityTokenServiceConfiguration(); var host = new WSTrustServiceHost(config, baseAddresses); var serviceBehavior = host.Description.Behaviors.Find <ServiceBehaviorAttribute>(); serviceBehavior.AddressFilterMode = AddressFilterMode.Any; return(host); }
/// <summary> /// Creates and configures a <see cref="WSTrustServiceHost"/> with a specific base address. /// </summary> /// <param name="constructorString">The constructor string (ignored).</param> /// <param name="baseAddresses">The <see cref="T:Uri"/> array that contains the base addresses for the service.</param> /// <returns></returns> public override ServiceHostBase CreateServiceHost(string constructorString, Uri[] baseAddresses) { var config = new SOFASecurityTokenServiceConfiguration(); var host = new WSTrustServiceHost(config, baseAddresses); var serviceBehavior = host.Description.Behaviors.Find <ServiceBehaviorAttribute>(); serviceBehavior.AddressFilterMode = AddressFilterMode.Any; return(host); }
public override ServiceHostBase CreateServiceHost(string constructorString, Uri[] baseAddresses) { string issuerName = WebConfigurationManager.AppSettings[Common.IssuerName]; string signingCertificateThumprint = WebConfigurationManager.AppSettings[Common.SigningCertificateThumbprint]; string issuerCertificateThumprint = WebConfigurationManager.AppSettings[Common.IssuerCertificateThumprint]; var config = new STSConfiguration(issuerName, signingCertificateThumprint, issuerCertificateThumprint); Uri baseUri = baseAddresses.FirstOrDefault(a => a.Scheme == Uri.UriSchemeHttps); if (baseUri == null) { throw new InvalidOperationException("The STS should be hosted under https."); } WSTrustServiceHost host = new WSTrustServiceHost(config, baseAddresses); host.AddServiceEndpoint(typeof(IWSTrust13SyncContract), STSBinding, baseUri.AbsoluteUri); return(host); }
private static WSTrustServiceHost CreateSecurityTokenServiceHost() { var signingCredentials = new X509SigningCredentials(STSCertificate); var stsConfig = new SecurityTokenServiceConfiguration(STSAddress, signingCredentials); stsConfig.SecurityTokenService = typeof(CustomSecurityTokenService); // Add the STS endpoint information stsConfig.TrustEndpoints.Add( new ServiceHostEndpointConfiguration(typeof(IWSTrust13SyncContract), GetSecurityTokenServiceBinding(), STSAddress)); // Setting the certificate will automatically populate the token resolver // that is used to decrypt the client entropy in the RST. stsConfig.ServiceCertificate = STSCertificate; WSTrustServiceHost stsHost = new WSTrustServiceHost(stsConfig, new Uri(STSAddress)); return(stsHost); }
static void Main(string[] args) { SecurityTokenServiceConfiguration config = new PetShopSTSConfiguration(); using (WSTrustServiceHost host = new WSTrustServiceHost(config)) { #if DEBUG Console.WriteLine("Including exception details in faults"); var serviceDebugBehavior = host.Description.Behaviors.Find <ServiceDebugBehavior>(); serviceDebugBehavior.IncludeExceptionDetailInFaults = true; #endif host.Open(); Console.Title = host.Description.Endpoints[0].Address.Uri.ToString(); Console.WriteLine("PetShopSTS started, press ENTER to stop ..."); Console.ReadLine(); } }
public override ServiceHostBase CreateServiceHost(string constructorString, Uri[] baseAddresses) { StreamWriter file = new StreamWriter("c:\\temp\\IdentityProviderSts.OnBehalfOfSecurityTokenServiceFactory - CreateServiceHost.txt", true); file.WriteLine("_________________________________________"); file.WriteLine("DateTime: " + DateTime.Now.ToString()); file.WriteLine("constructorString:" + constructorString); file.Close(); SecurityTokenServiceConfiguration config = new SecurityTokenServiceConfiguration("https://ha50idp:8544/IDP-STS/Issue.svc"); //Uri baseUri = baseAddresses.FirstOrDefault(a => a.Scheme == "https"); //if (baseUri == null) // throw new InvalidOperationException("The STS should be hosted under https"); //config.TrustEndpoints.Add(new ServiceHostEndpointConfiguration(typeof(IWSTrust13SyncContract), GetCertificateCredentialsBinding(), baseUri + "")); // Set the STS implementation class type config.SecurityTokenService = typeof(CustomSecurityTokenService); // Create a security token handler collection and then provide with a SAML11 security token // handler and set the Audience restriction to Never SecurityTokenHandlerCollection onBehalfOfHandlers = new SecurityTokenHandlerCollection(); Saml2SecurityTokenHandler onBehalfOfTokenHandler = new Saml2SecurityTokenHandler(); onBehalfOfHandlers.Add(onBehalfOfTokenHandler); //onBehalfOfHandlers.Add(userNameTokenHandler); onBehalfOfHandlers.Configuration.AudienceRestriction.AudienceMode = AudienceUriMode.Never; // Set the appropriate issuer name registry //onBehalfOfHandlers.Configuration.IssuerNameRegistry = new IdentityProviderIssuerNameRegistry(); // Set the token handlers collection config.SecurityTokenHandlerCollectionManager[SecurityTokenHandlerCollectionManager.Usage.OnBehalfOf] = onBehalfOfHandlers; // WindowsUserNameSecurityTokenHandler userNameTokenHandler = new WindowsUserNameSecurityTokenHandler(); // config.SecurityTokenHandlerCollectionManager[SecurityTokenHandlerCollectionManager.Usage.Default].Add(userNameTokenHandler); WSTrustServiceHost host = new WSTrustServiceHost(config, baseAddresses); return host; }
static void Main(string[] args) { WSTrustServiceHost stsHost = null; try { SecurityTokenServiceConfiguration stsConfiguration = new SecurityTokenServiceConfiguration(Address.StsAddress, new X509SigningCredentials( CertificateUtil.GetCertificate(StoreName.My, StoreLocation.LocalMachine, "CN=localhost"))); stsConfiguration.SecurityTokenService = typeof(CustomSecurityTokenService); // Add the STS endpoint information stsConfiguration.TrustEndpoints.Add( new ServiceHostEndpointConfiguration(typeof(IWSTrust13SyncContract), new WindowsWSTrustBinding(), Address.StsAddress)); stsHost = new WSTrustServiceHost(stsConfiguration, new Uri(Address.StsAddress)); stsHost.Open(); Console.WriteLine("The security token service has started at {0}.\n", Address.StsAddress); Console.WriteLine("Press [Enter] to stop.\n"); Console.ReadLine(); } finally { try { if (stsHost != null) { stsHost.Close(); } } catch (CommunicationException) { } catch (TimeoutException) { } } }
static void Main(string[] args) { // Create and setup the configuration for our STS SigningCredentials signingCreds = new X509SigningCredentials(CertificateUtil.GetCertificate(StoreName.My, StoreLocation.LocalMachine, SigningCertificateName)); SecurityTokenServiceConfiguration config = new SecurityTokenServiceConfiguration("http://SecurityTokenService", signingCreds); // Add the STS endoint information config.TrustEndpoints.Add( new ServiceHostEndpointConfiguration(typeof(IWSTrust13SyncContract), new WindowsWSTrustBinding(), "http://localhost:6000/SecurityTokenService")); // Set the STS implementation class type config.SecurityTokenService = typeof(MySecurityTokenService); // Create the WS-Trust service host with our STS configuration using (WSTrustServiceHost host = new WSTrustServiceHost(config, new Uri("http://localhost:6000/SecurityTokenService"))) { host.Open(); Console.WriteLine("SecurityTokenService started, press ENTER to stop ..."); Console.ReadLine(); host.Close(); } }
public override ServiceHostBase CreateServiceHost(string constructorString, Uri[] baseAddresses) { var config = CreateSecurityTokenServiceConfiguration(constructorString); var host = new WSTrustServiceHost(config, baseAddresses); // add behavior for load balancing support host.Description.Behaviors.Add(new UseRequestHeadersForMetadataAddressBehavior()); // modify address filter mode for load balancing var serviceBehavior = host.Description.Behaviors.Find<ServiceBehaviorAttribute>(); serviceBehavior.AddressFilterMode = AddressFilterMode.Any; var credential = new ServiceCredentials(); credential.ServiceCertificate.Certificate = Configuration.TokenSigningCertificate; host.Description.Behaviors.Add(credential); host.AddServiceEndpoint( typeof(IWSTrust13SyncContract), new WindowsWSTrustBinding(SecurityMode.Message), "/Message/Windows"); return host; }
/// <summary> /// Creates a service host to process WS-Trust 1.3 requests /// </summary> /// <param name="constructorString">The constructor string.</param> /// <param name="baseAddresses">The base addresses.</param> /// <returns>A WS-Trust ServiceHost</returns> public override ServiceHostBase CreateServiceHost(string constructorString, Uri[] baseAddresses) { var globalConfiguration = ConfigurationRepository.Configuration; var config = CreateSecurityTokenServiceConfiguration(constructorString); var host = new WSTrustServiceHost(config, baseAddresses); // add behavior for load balancing support host.Description.Behaviors.Add(new UseRequestHeadersForMetadataAddressBehavior()); // modify address filter mode for load balancing var serviceBehavior = host.Description.Behaviors.Find<ServiceBehaviorAttribute>(); serviceBehavior.AddressFilterMode = AddressFilterMode.Any; // add and configure a mixed mode security endpoint if (ConfigurationRepository.Endpoints.WSTrustMixed) { EndpointIdentity epi = null; if (ConfigurationRepository.Configuration.EnableStrongEpiForSsl) { if (ConfigurationRepository.SslCertificate.Certificate == null) { throw new ServiceActivationException("No SSL certificate configured for strong endpoint identity."); } epi = EndpointIdentity.CreateX509CertificateIdentity(ConfigurationRepository.SslCertificate.Certificate); } if (globalConfiguration.EnableClientCertificates) { var sep2 = host.AddServiceEndpoint( typeof(IWSTrust13SyncContract), new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential), Endpoints.Paths.WSTrustMixedCertificate); if (epi != null) { sep2.Address = new EndpointAddress(sep2.Address.Uri, epi); } } var sep = host.AddServiceEndpoint( typeof(IWSTrust13SyncContract), new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), Endpoints.Paths.WSTrustMixedUserName); if (epi != null) { sep.Address = new EndpointAddress(sep.Address.Uri, epi); } } // add and configure a message security endpoint if (ConfigurationRepository.Endpoints.WSTrustMessage) { var credential = new ServiceCredentials(); credential.ServiceCertificate.Certificate = ConfigurationRepository.SigningCertificate.Certificate; host.Description.Behaviors.Add(credential); if (globalConfiguration.EnableClientCertificates) { host.AddServiceEndpoint( typeof(IWSTrust13SyncContract), new CertificateWSTrustBinding(SecurityMode.Message), Endpoints.Paths.WSTrustMessageCertificate); } host.AddServiceEndpoint( typeof(IWSTrust13SyncContract), new UserNameWSTrustBinding(SecurityMode.Message), Endpoints.Paths.WSTrustMessageUserName); } return host; }
static void Main(string[] args) { ServiceHost serviceHost = null; WSTrustServiceHost securityTokenServiceHost = null; try { // // Open the calculator service host. // serviceHost = CreateServiceHost(); serviceHost.Open(); Console.WriteLine("Started the calculator service."); WriteEndpoints(serviceHost); // // Start the STS // securityTokenServiceHost = CreateSecurityTokenServiceHost(); securityTokenServiceHost.Open(); Console.WriteLine("Started the STS."); WriteEndpoints(securityTokenServiceHost); // // Call the service and let the framework request the // token from the STS automatically. // Console.WriteLine("Calling the service with an issued token implicitly acquired using WCF..."); CallService(); // // Use the WSTrustChannel component to manually acquire // the issued token and use it to secure a request to // the web service. // Console.WriteLine("Calling the service with an issued token explicitly acquired using the WSTrustChannel..."); CallServiceWithExplicitToken(GetIssuedToken()); serviceHost.Close(); serviceHost = null; securityTokenServiceHost.Close(); securityTokenServiceHost = null; } catch (Exception ex) { Console.WriteLine("=== Unexpected exception caught ==="); Console.WriteLine(ex.ToString()); } finally { if (serviceHost != null) { serviceHost.Abort(); } if (securityTokenServiceHost != null) { securityTokenServiceHost.Abort(); } } Console.WriteLine("Press <ENTER> to continue."); Console.ReadLine(); }
/// <summary> /// Creates a service host to process WS-Trust 1.3 requests /// </summary> /// <param name="constructorString">The constructor string.</param> /// <param name="baseAddresses">The base addresses.</param> /// <returns>A WS-Trust ServiceHost</returns> public override ServiceHostBase CreateServiceHost(string constructorString, Uri[] baseAddresses) { var globalConfiguration = ConfigurationRepository.Global; var config = CreateSecurityTokenServiceConfiguration(constructorString); var host = new WSTrustServiceHost(config, baseAddresses); // add behavior for load balancing support host.Description.Behaviors.Add(new UseRequestHeadersForMetadataAddressBehavior()); // modify address filter mode for load balancing var serviceBehavior = host.Description.Behaviors.Find <ServiceBehaviorAttribute>(); serviceBehavior.AddressFilterMode = AddressFilterMode.Any; // add and configure a mixed mode security endpoint if (ConfigurationRepository.WSTrust.Enabled && ConfigurationRepository.WSTrust.EnableMixedModeSecurity && !ConfigurationRepository.Global.DisableSSL) { EndpointIdentity epi = null; if (ConfigurationRepository.WSTrust.EnableClientCertificateAuthentication) { var sep2 = host.AddServiceEndpoint( typeof(IWSTrust13SyncContract), new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential), Endpoints.Paths.WSTrustMixedCertificate); if (epi != null) { sep2.Address = new EndpointAddress(sep2.Address.Uri, epi); } } var sep = host.AddServiceEndpoint( typeof(IWSTrust13SyncContract), new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), Endpoints.Paths.WSTrustMixedUserName); if (epi != null) { sep.Address = new EndpointAddress(sep.Address.Uri, epi); } } // add and configure a message security endpoint if (ConfigurationRepository.WSTrust.Enabled && ConfigurationRepository.WSTrust.EnableMessageSecurity) { var credential = new ServiceCredentials(); credential.ServiceCertificate.Certificate = ConfigurationRepository.Keys.SigningCertificate; host.Description.Behaviors.Add(credential); if (ConfigurationRepository.WSTrust.EnableClientCertificateAuthentication) { host.AddServiceEndpoint( typeof(IWSTrust13SyncContract), new CertificateWSTrustBinding(SecurityMode.Message), Endpoints.Paths.WSTrustMessageCertificate); } host.AddServiceEndpoint( typeof(IWSTrust13SyncContract), new UserNameWSTrustBinding(SecurityMode.Message), Endpoints.Paths.WSTrustMessageUserName); } ServiceMetadataBehavior metad = host.Description.Behaviors.Find <ServiceMetadataBehavior>(); if (metad == null) { metad = new ServiceMetadataBehavior(); } for (int i = 0; i < baseAddresses.Length; i++) { // there will be two bindings: one for http and one secure switch (baseAddresses[i].Scheme) { case "http": metad.HttpGetEnabled = true; metad.HttpGetUrl = new Uri(baseAddresses[i], "/issue/wstrust/mex"); break; case "https": metad.HttpsGetEnabled = true; metad.HttpsGetUrl = new Uri(baseAddresses[i], "/issue/wstrust/mex"); break; } } return(host); }
/// <summary> /// Creates a service host to process WS-Trust 1.3 requests /// </summary> /// <param name="constructorString">The constructor string.</param> /// <param name="baseAddresses">The base addresses.</param> /// <returns>A WS-Trust ServiceHost</returns> public override ServiceHostBase CreateServiceHost(string constructorString, Uri[] baseAddresses) { var globalConfiguration = ConfigurationRepository.Global; var config = CreateSecurityTokenServiceConfiguration(constructorString); var host = new WSTrustServiceHost(config, baseAddresses); // add behavior for load balancing support host.Description.Behaviors.Add(new UseRequestHeadersForMetadataAddressBehavior()); // modify address filter mode for load balancing var serviceBehavior = host.Description.Behaviors.Find <ServiceBehaviorAttribute>(); serviceBehavior.AddressFilterMode = AddressFilterMode.Any; // add and configure a mixed mode security endpoint if (ConfigurationRepository.WSTrust.Enabled && ConfigurationRepository.WSTrust.EnableMixedModeSecurity && !ConfigurationRepository.Global.DisableSSL) { EndpointIdentity epi = null; if (ConfigurationRepository.WSTrust.EnableClientCertificateAuthentication) { var sep2 = host.AddServiceEndpoint( typeof(IWSTrust13SyncContract), new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential), Endpoints.Paths.WSTrustMixedCertificate); if (epi != null) { sep2.Address = new EndpointAddress(sep2.Address.Uri, epi); } } var sep = host.AddServiceEndpoint( typeof(IWSTrust13SyncContract), new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), Endpoints.Paths.WSTrustMixedUserName); if (epi != null) { sep.Address = new EndpointAddress(sep.Address.Uri, epi); } } // add and configure a message security endpoint if (ConfigurationRepository.WSTrust.Enabled && ConfigurationRepository.WSTrust.EnableMessageSecurity) { var credential = new ServiceCredentials(); credential.ServiceCertificate.Certificate = ConfigurationRepository.Keys.SigningCertificate; host.Description.Behaviors.Add(credential); if (ConfigurationRepository.WSTrust.EnableClientCertificateAuthentication) { host.AddServiceEndpoint( typeof(IWSTrust13SyncContract), new CertificateWSTrustBinding(SecurityMode.Message), Endpoints.Paths.WSTrustMessageCertificate); } host.AddServiceEndpoint( typeof(IWSTrust13SyncContract), new UserNameWSTrustBinding(SecurityMode.Message), Endpoints.Paths.WSTrustMessageUserName); } return(host); }
static void Main() { ServiceHost serviceHost = null; ChannelFactory <IEcho> echoChannelFactory = null; WSTrustServiceHost securityTokenServiceHost = null; try { // // Start the service // serviceHost = new ServiceHost(typeof(EchoService)); string serviceAddress = "http://localhost:8080/EchoService"; serviceHost.AddServiceEndpoint(typeof(IEcho), GetServiceBinding(), serviceAddress); ServiceMetadataBehavior metadataBehavior = new ServiceMetadataBehavior(); metadataBehavior.HttpGetEnabled = true; metadataBehavior.HttpGetUrl = new Uri(serviceAddress); serviceHost.Description.Behaviors.Add(metadataBehavior); serviceHost.AddServiceEndpoint(typeof(IMetadataExchange), MetadataExchangeBindings.CreateMexHttpBinding(), serviceAddress + "/mex"); serviceHost.Credentials.ServiceCertificate.SetCertificate("CN=localhost", StoreLocation.LocalMachine, StoreName.My); serviceHost.Open(); Console.WriteLine("The echo service has started at {0}.\n", serviceAddress); // // Start the STS // SecurityTokenServiceConfiguration securityTokenServiceConfiguration = new SecurityTokenServiceConfiguration(securityTokenServiceAddress, new X509SigningCredentials(serviceHost.Credentials.ServiceCertificate.Certificate)); securityTokenServiceConfiguration.WSTrust13RequestSerializer = new CustomWSTrust13RequestSerializer(); securityTokenServiceConfiguration.SecurityTokenService = typeof(CustomSecurityTokenService); // Add the STS endpoint information securityTokenServiceConfiguration.TrustEndpoints.Add( new ServiceHostEndpointConfiguration(typeof(IWSTrust13SyncContract), GetSecurityTokenServiceBinding(), securityTokenServiceAddress)); securityTokenServiceHost = new WSTrustServiceHost(securityTokenServiceConfiguration, new Uri(securityTokenServiceAddress)); securityTokenServiceHost.Open(); Console.WriteLine("The security token service has started at {0}.\n", securityTokenServiceAddress); // // Invoke the client // echoChannelFactory = new ChannelFactory <IEcho>(GetClientBinding(), new EndpointAddress(new Uri(serviceAddress), EndpointIdentity.CreateDnsIdentity("localhost"))); IEcho client = echoChannelFactory.CreateChannel(); ((IClientChannel)client).OperationTimeout = TimeSpan.MaxValue; Console.WriteLine("The client sent a request to the STS to retrieve a SAML token and then sent the hello request to the echo service.\n"); Console.WriteLine("The echo service finally returned '{0}'.\n", client.Echo("Hello")); Console.WriteLine("Press [Enter] to continue."); Console.ReadLine(); } catch (Exception ex) { Console.WriteLine(ex.ToString()); } finally { try { if (echoChannelFactory != null) { echoChannelFactory.Close(); } if (serviceHost != null) { serviceHost.Close(); } if (securityTokenServiceHost != null) { securityTokenServiceHost.Close(); } } catch (CommunicationException) { } } }
static void Main() { ServiceHost serviceHost = null; ChannelFactory <IEcho> echoChannelFactory = null; WSTrustServiceHost trustServiceHost = null; try { CustomTokenHandler handler = new CustomTokenHandler(); // // Start the service // serviceHost = new ServiceHost(typeof(EchoService)); string serviceAddress = "http://" + Environment.MachineName + ":8080/EchoService"; ServiceMetadataBehavior metadataBehavior = new ServiceMetadataBehavior(); metadataBehavior.HttpGetEnabled = true; metadataBehavior.HttpGetUrl = new Uri(serviceAddress); serviceHost.Description.Behaviors.Add(metadataBehavior); serviceHost.AddServiceEndpoint(typeof(IEcho), GetServiceBinding(), serviceAddress); serviceHost.AddServiceEndpoint(typeof(IMetadataExchange), MetadataExchangeBindings.CreateMexHttpBinding(), serviceAddress + "/mex"); serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.Root, X509FindType.FindByThumbprint, thumbprint); FederatedServiceCredentials.ConfigureServiceHost(serviceHost); // // Update the service credentials so that it can deserialize the custom token // (( FederatedServiceCredentials )serviceHost.Credentials).SecurityTokenHandlers.Add(handler); serviceHost.Open(); Console.WriteLine("The echo service has started at {0}.\n", serviceAddress); // // Start the SecurityTokenService // X509Certificate2 certificate = CertificateUtil.GetCertificate(StoreName.Root, StoreLocation.LocalMachine, thumbprint); SigningCredentials credentials = new X509SigningCredentials(certificate); SecurityTokenServiceConfiguration securityTokenServiceConfiguration = new SecurityTokenServiceConfiguration(securityTokenServiceAddress, credentials); securityTokenServiceConfiguration.SecurityTokenService = typeof(SampleTokenService); // register a handler to the SecurityTokenService here so that it can issue the custom token securityTokenServiceConfiguration.SecurityTokenHandlers.Add(handler); // Add the STS endpoint information securityTokenServiceConfiguration.TrustEndpoints.Add( new ServiceHostEndpointConfiguration(typeof(IWSTrust13SyncContract), GetSecurityTokenServiceBinding(), securityTokenServiceAddress)); securityTokenServiceConfiguration.ServiceCertificate = certificate; trustServiceHost = new WSTrustServiceHost(securityTokenServiceConfiguration, new Uri(securityTokenServiceAddress)); trustServiceHost.Open(); Console.WriteLine("The security token service has started at {0}.\n", securityTokenServiceAddress); // // Invoke the client // echoChannelFactory = new ChannelFactory <IEcho>(GetClientBinding(), new EndpointAddress(new Uri(serviceAddress), EndpointIdentity.CreateDnsIdentity("localhost"))); IEcho client = echoChannelFactory.CreateChannel(); ((IClientChannel)client).OperationTimeout = TimeSpan.MaxValue; string echoedString = client.Echo("Hello"); Console.WriteLine("The echo service returns '{0}'. \n", echoedString); Console.WriteLine("Press [Enter] to close service."); Console.ReadLine(); echoChannelFactory.Close(); Console.WriteLine("Press [Enter] to continue."); Console.ReadLine(); } catch (CommunicationException e) { Console.WriteLine(e.Message); if (echoChannelFactory != null) { echoChannelFactory.Abort(); } } catch (TimeoutException e) { Console.WriteLine(e.Message); if (echoChannelFactory != null) { echoChannelFactory.Abort(); } } catch (Exception e) { Console.Out.WriteLine(e.InnerException.Message); } finally { if (serviceHost != null && serviceHost.State != CommunicationState.Faulted) { serviceHost.Close(); } if (trustServiceHost != null && trustServiceHost.State != CommunicationState.Faulted) { trustServiceHost.Close(); } } }