public void MessageSecurityIssuedToken()
{
WSHttpBinding binding = new WSHttpBinding();
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Message.ClientCredentialType =
MessageCredentialType.IssuedToken;
SymmetricSecurityBindingElement sbe =
binding.CreateBindingElements().Find <SymmetricSecurityBindingElement> ();
Assert.IsNotNull(sbe, "#1");
Assert.AreEqual(0, sbe.EndpointSupportingTokenParameters.Signed.Count, "#1-1");
Assert.AreEqual(1, sbe.EndpointSupportingTokenParameters.Endorsing.Count, "#1-2");
Assert.AreEqual(0, sbe.EndpointSupportingTokenParameters.SignedEndorsing.Count, "#1-3");
Assert.AreEqual(0, sbe.EndpointSupportingTokenParameters.SignedEncrypted.Count, "#1-4");
IssuedSecurityTokenParameters p =
sbe.EndpointSupportingTokenParameters.Endorsing [0]
as IssuedSecurityTokenParameters;
Assert.IsNotNull(p, "#2");
Assert.IsNotNull(p.ClaimTypeRequirements, "#2-1");
Assert.AreEqual(1, p.ClaimTypeRequirements.Count, "#2-2");
ClaimTypeRequirement r = p.ClaimTypeRequirements [0];
Assert.AreEqual(ClaimTypes.PPID, r.ClaimType, "#3-1");
Assert.IsFalse(r.IsOptional, "#3-2");
}
static void Main()
{
// Create a channel.
EndpointAddress address = new EndpointAddress("http://localhost/servicemodelsamples/service.svc");
// <Snippet2>
// <Snippet1>
WSFederationHttpBinding binding = new WSFederationHttpBinding();
binding.Security.Message.ClaimTypeRequirements.Add
(new ClaimTypeRequirement
("http://schemas.microsoft.com/ws/2005/05/identity/claims/EmailAddress"));
binding.Security.Message.ClaimTypeRequirements.Add
(new ClaimTypeRequirement
("http://schemas.microsoft.com/ws/2005/05/identity/claims/UserName", true));
// </Snippet1>
ClaimTypeRequirement cr = new ClaimTypeRequirement
("http://schemas.microsoft.com/ws/2005/05/identity/claims/UserName", true);
Console.WriteLine(cr.ClaimType);
Console.WriteLine(cr.IsOptional);
// </Snippet2>
ChannelFactory <ICalculator> factory = new ChannelFactory <ICalculator>(binding, address);
ICalculator channel = factory.CreateChannel();
// Call the Add service operation.
double value1 = 100.00D;
double value2 = 15.99D;
double result = channel.Add(value1, value2);
Console.WriteLine("Add({0},{1}) = {2}", value1, value2, result);
// Call the Subtract service operation.
value1 = 145.00D;
value2 = 76.54D;
result = channel.Subtract(value1, value2);
Console.WriteLine("Subtract({0},{1}) = {2}", value1, value2, result);
// Call the Multiply service operation.
value1 = 9.00D;
value2 = 81.25D;
result = channel.Multiply(value1, value2);
Console.WriteLine("Multiply({0},{1}) = {2}", value1, value2, result);
// Call the Divide service operation.
value1 = 22.00D;
value2 = 7.00D;
result = channel.Divide(value1, value2);
Console.WriteLine("Divide({0},{1}) = {2}", value1, value2, result);
Console.WriteLine();
Console.WriteLine("Press <ENTER> to terminate client.");
Console.ReadLine();
((IChannel)channel).Close();
}
//<snippet4>
// This method creates a WSFederationHttpBinding.
public static WSFederationHttpBinding CreateWSFederationHttpBinding()
{
// Create an instance of the WSFederationHttpBinding
WSFederationHttpBinding b = new WSFederationHttpBinding();
// Set the security mode to Message
b.Security.Mode = WSFederationHttpSecurityMode.Message;
// Set the Algorithm Suite to Basic256Rsa15
b.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Basic256Rsa15;
// Set NegotiateServiceCredential to true
b.Security.Message.NegotiateServiceCredential = true;
// Set IssuedKeyType to Symmetric
b.Security.Message.IssuedKeyType = SecurityKeyType.SymmetricKey;
// Set IssuedTokenType to SAML 1.1
b.Security.Message.IssuedTokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#samlv1.1";
// Extract the STS certificate from the certificate store
X509Store store = new X509Store(StoreName.TrustedPeople, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindByThumbprint, "cd 54 88 85 0d 63 db ac 92 59 05 af ce b8 b1 de c3 67 9e 3f", false);
store.Close();
// Create an EndpointIdentity from the STS certificate
EndpointIdentity identity = EndpointIdentity.CreateX509CertificateIdentity(certs[0]);
// Set the IssuerAddress using the address of the STS and the previously created EndpointIdentity
b.Security.Message.IssuerAddress = new EndpointAddress(new Uri("http://localhost:8000/sts/x509"), identity);
// <Snippet5>
// Set the IssuerBinding to a WSHttpBinding loaded from config
b.Security.Message.IssuerBinding = new WSHttpBinding("Issuer");
// </Snippet5>
// Set the IssuerMetadataAddress using the metadata address of the STS and the previously created EndpointIdentity
b.Security.Message.IssuerMetadataAddress = new EndpointAddress(new Uri("http://localhost:8001/sts/mex"), identity);
// Create a ClaimTypeRequirement
ClaimTypeRequirement ctr = new ClaimTypeRequirement("http://example.org/claim/c1", false);
// Add the ClaimTypeRequirement to ClaimTypeRequirements
b.Security.Message.ClaimTypeRequirements.Add(ctr);
// Return the created binding
return(b);
}
public void federation()
{
//var stsEp = new EndpointAddress("https://services-int.ehealth.fgov.be/IAM/SingleSignOnService/v1");
var stsEp = new EndpointAddress("https://localhost:8080/services/echo/soap12wss10");
var stsBinding = new WSHttpBinding(SecurityMode.TransportWithMessageCredential);
stsBinding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
stsBinding.Security.Message.NegotiateServiceCredential = false;
stsBinding.Security.Message.EstablishSecurityContext = false;
WSFederationHttpBinding binding;
#if NETFRAMEWORK
binding = new WSFederationHttpBinding();
binding.Security.Mode = WSFederationHttpSecurityMode.TransportWithMessageCredential;
binding.Security.Message.IssuedKeyType = SecurityKeyType.AsymmetricKey;
binding.Security.Message.IssuerAddress = stsEp;
binding.Security.Message.IssuerBinding = stsBinding;
binding.Security.Message.IssuedTokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1";
ClaimTypeRequirement ctr = new ClaimTypeRequirement("http://example.org/claim/c1", false);
binding.Security.Message.ClaimTypeRequirements.Add(ctr);
#else
var parameters = WSTrustTokenParameters.CreateWSFederationTokenParameters(stsBinding, stsEp);
parameters.KeyType = SecurityKeyType.AsymmetricKey;
parameters.TokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1";
binding = new WSFederationHttpBinding(parameters);
#endif
var ep = new EndpointAddress("https://localhost:8080/services/echo/soap12");
ChannelFactory <IEchoService> channelFactory = new ChannelFactory <IEchoService>(binding, ep);
channelFactory.Credentials.ClientCertificate.Certificate = rsa;
IEchoService client = channelFactory.CreateChannel();
String pong = client.Echo("boe");
Assert.Equal("boe", pong);
}
CreateWSFederationHttpBinding(bool isClient)
{
// Create an instance of the WSFederationHttpBinding.
WSFederationHttpBinding b = new WSFederationHttpBinding();
// Set the security mode to Message.
b.Security.Mode = WSFederationHttpSecurityMode.Message;
//</snippet3>
// Set the Algorithm Suite to Basic256Rsa15.
b.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Basic256Rsa15;
//</snippet5>
// Set NegotiateServiceCredential to true.
b.Security.Message.NegotiateServiceCredential = true;
//</snippet6>
// Set IssuedKeyType to Symmetric.
b.Security.Message.IssuedKeyType = SecurityKeyType.SymmetricKey;
//</snippet7>
// Set IssuedTokenType to SAML 1.1
b.Security.Message.IssuedTokenType =
"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#samlv1.1";
//</snippet4>
//<snippet12>
// Extract the STS certificate from the certificate store.
X509Store store = new X509Store(StoreName.TrustedPeople, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certs = store.Certificates.Find(
X509FindType.FindByThumbprint, "0000000000000000000000000000000000000000", false);
store.Close();
// Create an EndpointIdentity from the STS certificate.
EndpointIdentity identity = EndpointIdentity.CreateX509CertificateIdentity(certs[0]);
//</snippet12>
// Set the IssuerAddress using the address of the STS and the previously created
// EndpointIdentity.
b.Security.Message.IssuerAddress =
new EndpointAddress(new Uri("http://localhost:8000/sts/x509"), identity);
//</snippet8>
// Set the IssuerBinding to a WSHttpBinding loaded from configuration.
// The IssuerBinding is only used on federated clients.
if (isClient)
{
b.Security.Message.IssuerBinding = new WSHttpBinding("Issuer");
}
//</snippet9>
// Set the IssuerMetadataAddress using the metadata address of the STS and the
// previously created EndpointIdentity. The IssuerMetadataAddress is only used
// on federated services.
else
{
b.Security.Message.IssuerMetadataAddress =
new EndpointAddress(new Uri("http://localhost:8001/sts/mex"), identity);
}
//</snippet10>
// Create a ClaimTypeRequirement.
ClaimTypeRequirement ctr = new ClaimTypeRequirement
("http://example.org/claim/c1", false);
// Add the ClaimTypeRequirement to ClaimTypeRequirements
b.Security.Message.ClaimTypeRequirements.Add(ctr);
//</snippet11>
// Return the created binding
return(b);
}
