Exemplo n.º 1
0
        private static ServiceHost CreateWcfServiceHost()
        {
            string acsCertificateEndpoint = String.Format("https://{0}.{1}/v2/wstrust/13/certificate", SamplesConfiguration.ServiceNamespace, SamplesConfiguration.AcsHostUrl);

            ServiceHost rpHost = new ServiceHost(typeof(StringService));

            rpHost.Credentials.ServiceCertificate.Certificate = GetServiceCertificateWithPrivateKey();

            rpHost.AddServiceEndpoint(typeof(IStringService),
                                      Bindings.CreateServiceBinding(acsCertificateEndpoint),
                                      ServiceAddress);

            //
            // This must be called after all WCF settings are set on the service host so the
            // Windows Identity Foundation token handlers can pick up the relevant settings.
            //
            ServiceConfiguration serviceConfiguration = new ServiceConfiguration();

            // Disable certificate validation to work with sample certificates
            serviceConfiguration.CertificateValidationMode = X509CertificateValidationMode.None;

            // Accept ACS signing certificate as Issuer.
            serviceConfiguration.IssuerNameRegistry = new X509IssuerNameRegistry(GetAcsSigningCertificate().SubjectName.Name);

            // Add the SAML 2.0 token handler.
            serviceConfiguration.SecurityTokenHandlers.AddOrReplace(new Saml2SecurityTokenHandler());

            // Add the address of this service to the allowed audiences.
            serviceConfiguration.SecurityTokenHandlers.Configuration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(ServiceAddress));

            FederatedServiceCredentials.ConfigureServiceHost(rpHost, serviceConfiguration);

            return(rpHost);
        }
Exemplo n.º 2
0
        public override ServiceHostBase CreateServiceHost(string constructorString, Uri[] baseAddresses)
        {
            ServiceHost serviceHost = new BookStoreServiceHost(baseAddresses);

            FederatedServiceCredentials.ConfigureServiceHost(serviceHost);
            return(serviceHost);
        }
Exemplo n.º 3
0
 public OAuthWebServiceHost(Type serviceType, params Uri[] baseAddresses)
     : base(serviceType, false, baseAddresses)
 {
     PrincipalPermissionMode = PrincipalPermissionMode.Custom;
     FederatedServiceCredentials.ConfigureServiceHost(this);
     Interceptors.Add(new JwtRequestInterceptor(Credentials));
 }
Exemplo n.º 4
0
        public override ServiceHostBase CreateServiceHost
            (string service, Uri[] baseAddresses)
        {
            ServiceHost host = new ServiceHost(typeof(IssHosted.ServiceInterfaces.EchoService),
                                               baseAddresses);

            host.AddServiceEndpoint(typeof(IEchoService), new ServiceproviderBinding(true), "");
            host.AddServiceEndpoint(typeof(IEchoService), new ServiceproviderBinding(false), "");

            // Configure our certificate and issuer certificate validation settings on the service credentials
            host.Credentials.ServiceCertificate.SetCertificate(SigningCertificateNameGenevaService, StoreLocation.LocalMachine, StoreName.My);
            // Enable metadata generation via HTTP GET
            ServiceMetadataBehavior smb = new ServiceMetadataBehavior();

            smb.HttpsGetEnabled = true;
            smb.HttpGetEnabled  = true;
            host.Description.Behaviors.Add(smb);

            host.AddServiceEndpoint(typeof(IMetadataExchange), MetadataExchangeBindings.CreateMexHttpsBinding(), "mex");
            host.AddServiceEndpoint(typeof(IMetadataExchange), MetadataExchangeBindings.CreateMexHttpBinding(), "mex");


            // Configure the service host to use the Geneva Framework
            ServiceConfiguration configuration = new ServiceConfiguration();

            configuration.IssuerNameRegistry = new TrustedIssuerNameRegistry();
            configuration.SecurityTokenHandlers.Configuration.AudienceRestriction.AllowedAudienceUris.Add(new Uri("http://localhost/Echo/service.svc/Echo"));
            configuration.SecurityTokenHandlers.Configuration.AudienceRestriction.AllowedAudienceUris.Add(new Uri("http://localhost:6020/Echo"));
            configuration.SecurityTokenHandlers.Configuration.AudienceRestriction.AllowedAudienceUris.Add(new Uri("https://172.30.161.162:8181/poc-provider/ProviderService"));
            configuration.SecurityTokenHandlers.Configuration.AudienceRestriction.AllowedAudienceUris.Add(new Uri("https://172.16.232.1:8181/poc-provider/ProviderService"));
            configuration.SecurityTokenHandlers.Configuration.AudienceRestriction.AllowedAudienceUris.Add(new Uri("http://csky-pc/test/Service1.svc"));
            FederatedServiceCredentials.ConfigureServiceHost(host, configuration);
            return(host);
        }
        public static ServiceHost InitServiceHost(ServiceHost serviceHost, Type contractType, X509Certificate2 serviceCertificate)
        {
            var ep = serviceHost.Description.Endpoints.Find(contractType);

            if (ep == null)
            {
                throw new ArgumentException("Endpoint with this contract type could not be found.", "contractType");
            }

            security_common.Utilities.ConfigBinding(ep.Binding);
            ep.Contract.ProtectionLevel = System.Net.Security.ProtectionLevel.Sign;

            FederatedServiceCredentials.ConfigureServiceHost(serviceHost,
                                                             new ServiceConfiguration
            {
                ServiceCertificate = serviceCertificate
            });

            // Allows to use custom StartSaml2Adapter and Saml2SecurityTokenHandler:
            StartServiceCredentials.WrapStandardCredentials(serviceHost);

            /* Change according to your IP or Server:                            */
            /* Remove this when using server.                                    */
            /* (This method is used when trying to change the host of wsdl to IP */
            HttpToHttpsWsdlBehavior.AdjustWsdlOutput(serviceHost,
                                                     "https://pc-net00/start-ap/accessPointService.svc",
                                                     "https://192.168.1.40:443/start-ap/accessPointService.svc");
            return(serviceHost);
        }
Exemplo n.º 6
0
        private static ServiceHost CreateServiceHost()
        {
            ServiceHost serviceHost = new ServiceHost(typeof(CalculatorService));

            serviceHost.Credentials.ServiceCertificate.SetCertificate(LocalhostCertificateSubjectName,
                                                                      StoreLocation.LocalMachine,
                                                                      StoreName.My);

            ServiceEndpoint serviceEndpoint = serviceHost.AddServiceEndpoint(typeof(ICalculator),
                                                                             GetServiceBinding(),
                                                                             ServiceAddress);
            ServiceMetadataBehavior metadataBehavior = new ServiceMetadataBehavior();

            metadataBehavior.HttpGetEnabled = true;
            metadataBehavior.HttpGetUrl     = new Uri(ServiceAddress);
            serviceHost.Description.Behaviors.Add(metadataBehavior);
            serviceHost.AddServiceEndpoint(typeof(IMetadataExchange), MetadataExchangeBindings.CreateMexHttpBinding(), ServiceAddress + "/mex");
            //
            // This must be called after all WCF settings are set on the service host so the
            // Windows Identity Foundation token handlers can pick up the relevant settings.
            //
            ServiceConfiguration serviceConfiguration = new ServiceConfiguration();

            serviceConfiguration.SecurityTokenHandlers.Configuration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(ServiceAddress));
            serviceConfiguration.IssuerNameRegistry = new X509IssuerNameRegistry(STSCertificateSubjectName);
            FederatedServiceCredentials.ConfigureServiceHost(serviceHost, serviceConfiguration);

            return(serviceHost);
        }
Exemplo n.º 7
0
        /// <summary>
        /// Overrides the base class method.
        /// </summary>
        /// <param name="constructorString">Custom parameter specified in the 'Service' attribute of the .svc files.</param>
        /// <param name="baseAddresses">Collection of base address of the service obtained from the hosting layer (IIS).</param>
        /// <returns>Instance of ServiceHostBase.</returns>
        public override ServiceHostBase CreateServiceHost(string constructorString, Uri[] baseAddresses)
        {
            ServiceHostBase host = base.CreateServiceHost(constructorString, baseAddresses);

            FederatedServiceCredentials.ConfigureServiceHost(host);

            return(host);
        }
        public static void Setup(ServiceHost serviceHost)
        {
            FederatedServiceCredentials.ConfigureServiceHost(serviceHost);

            var federatedCredentials = (FederatedServiceCredentials)serviceHost.Credentials;

            // Remove the default ServiceCredentials behavior.
            serviceHost.Description.Behaviors.Remove <ServiceCredentials>();

            serviceHost.Description.Behaviors.Add(new OIOFederatedServiceCredentials(federatedCredentials));
        }
Exemplo n.º 9
0
        static void Main(string[] args)
        {
            // Configure the issued token parameters with the correct settings
            IssuedSecurityTokenParameters itp = new IssuedSecurityTokenParameters("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");

            itp.IssuerMetadataAddress = new EndpointAddress("http://localhost:6000/STS/mex");
            itp.IssuerAddress         = new EndpointAddress("http://localhost:6000/STS");

            // Create the security binding element
            SecurityBindingElement sbe = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(itp);

            sbe.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;

            // Create the HTTP transport binding element
            HttpTransportBindingElement httpBE = new HttpTransportBindingElement();

            // Create the custom binding using the prepared binding elements
            CustomBinding binding = new CustomBinding(sbe, httpBE);

            Uri serviceUri = new Uri("http://localhost:6002/Service2");

            using (ServiceHost host = new ServiceHost(typeof(Service2), serviceUri))
            {
                host.AddServiceEndpoint(typeof(IService2), binding, "");
                host.Credentials.ServiceCertificate.SetCertificate("CN=localhost", StoreLocation.LocalMachine, StoreName.My);

                // Enable metadata generation via HTTP GET
                ServiceMetadataBehavior smb = new ServiceMetadataBehavior();
                smb.HttpGetEnabled = true;
                host.Description.Behaviors.Add(smb);
                host.AddServiceEndpoint(typeof(IMetadataExchange), MetadataExchangeBindings.CreateMexHttpBinding(), "mex");

                // Configure the service host to use the Windows Identity Foundation
                ServiceConfiguration configuration = new ServiceConfiguration();
                configuration.IssuerNameRegistry = new TrustedIssuerNameRegistry();
                configuration.SecurityTokenHandlers.Configuration.AudienceRestriction.AllowedAudienceUris.Add(serviceUri);

                FederatedServiceCredentials.ConfigureServiceHost(host, configuration);

                host.Open();

                Console.WriteLine("Service2 started, press ENTER to stop ...");
                Console.ReadLine();

                host.Close();
            }
        }
Exemplo n.º 10
0
        private static void StartHost()
        {
            Console.WriteLine("setting up host...");
            ServiceHost host = new ServiceHost(typeof(ClaimsService));

            var wifConfiguration = FederatedAuthentication.ServiceConfiguration;

            wifConfiguration.SecurityTokenHandlers.AddOrReplace(
                new GenericUserNameSecurityTokenHandler((username, password) => username == password));

            FederatedServiceCredentials.ConfigureServiceHost(host, FederatedAuthentication.ServiceConfiguration);
            host.Open();

            Console.WriteLine("host running...\n");
            host.Description.Endpoints.ToList().ForEach(ep => Console.WriteLine(ep.Address));
            Console.WriteLine();

            if (wifConfiguration.ClaimsAuthenticationManager != null)
            {
                Console.WriteLine("ClaimsAuthenticationManager: {0}", wifConfiguration.ClaimsAuthenticationManager.GetType().Name);
            }

            if (wifConfiguration.ClaimsAuthorizationManager != null)
            {
                Console.WriteLine("ClaimsAuthorizationManager : {0}", wifConfiguration.ClaimsAuthorizationManager.GetType().Name);
            }

            var auth = host.Description.Behaviors.Find <ServiceAuthorizationBehavior>();

            if (auth != null && auth.ServiceAuthorizationManager != null)
            {
                Console.WriteLine("ServiceAuthorizationManager: {0}", auth.ServiceAuthorizationManager.GetType().Name);
            }

            if (wifConfiguration.IssuerNameRegistry != null)
            {
                Console.WriteLine("IssuerNameRegistry         : {0}", wifConfiguration.IssuerNameRegistry.GetType().Name);
            }


            Console.WriteLine("\nSecurityTokenHandlers:");
            foreach (var handler in wifConfiguration.SecurityTokenHandlers)
            {
                Console.WriteLine("  " + handler);
            }
        }
Exemplo n.º 11
0
        static void Main()
        {
            using (ServiceHost host = new ServiceHost(typeof(PetShop)))
            {
                FederatedServiceCredentials.ConfigureServiceHost(host);

#if DEBUG
                Console.WriteLine("Including exception details in faults");
                var serviceDebugBehavior = host.Description.Behaviors.Find <ServiceDebugBehavior>();
                serviceDebugBehavior.IncludeExceptionDetailInFaults = true;
#endif

                host.Open();
                Console.Title = host.Description.Endpoints[0].Address.Uri.ToString();
                Console.WriteLine("PetShopService started, press ENTER to stop ...");
                Console.ReadLine();
            }
        }
        private static void StartHost()
        {
            ServiceHost host = new ServiceHost(typeof(Service));

            // add message security endpoint via code
            host.AddServiceEndpoint(
                typeof(IService),
                new ClientSamlHttpBinding(SecurityMode.Message),
                "Message");

            var config = new ServiceConfiguration();

            config.SecurityTokenHandlers.AddOrReplace(new ClientSaml11SecurityTokenHandler());

            FederatedServiceCredentials.ConfigureServiceHost(host, config);
            host.Open();

            host.Description.Endpoints.ToList().ForEach(ep => Console.WriteLine(ep.Address));
        }
Exemplo n.º 13
0
        static void Main(string[] args)
        {
            ServiceHost serviceHost = null;

            try
            {
                serviceHost = new ServiceHost(typeof(AccessService2), new Uri(Address.ServiceAddress2));
                serviceHost.AddServiceEndpoint(typeof(IAccess), GetServiceBinding(), String.Empty);
                ServiceMetadataBehavior serviceMetadataBehavior = new ServiceMetadataBehavior();
                serviceMetadataBehavior.HttpGetEnabled = true;
                serviceHost.Description.Behaviors.Add(serviceMetadataBehavior);
                serviceHost.AddServiceEndpoint(typeof(IMetadataExchange), MetadataExchangeBindings.CreateMexHttpBinding(), Address.ServiceAddress2 + "/mex");
                serviceHost.Credentials.ServiceCertificate.SetCertificate("CN=localhost", StoreLocation.LocalMachine, StoreName.My);

                ServiceConfiguration configuration = new ServiceConfiguration();
                configuration.IssuerNameRegistry = new TrustedIssuerNameRegistry();
                configuration.SecurityTokenHandlers.Configuration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Address.ServiceAddress2));

                FederatedServiceCredentials.ConfigureServiceHost(serviceHost, configuration);
                serviceHost.Open();

                Console.WriteLine("The access service 2 has started at {0}.\n", Address.ServiceAddress2);
                Console.WriteLine("Press [Enter] to stop.\n");
                Console.ReadLine();
            }
            finally
            {
                try
                {
                    if (serviceHost != null)
                    {
                        serviceHost.Close();
                    }
                }
                catch (CommunicationException)
                {
                }
                catch (TimeoutException)
                {
                }
            }
        }
Exemplo n.º 14
0
        /// <summary>
        /// Overrides the base class method. Configures the appropriate IssuerNameRegistry on
        /// the ServiceHost created by the base class.
        /// </summary>
        /// <param name="constructorString">Custom parameter specified in the 'Service' attribute of the .svc files.</param>
        /// <param name="baseAddresses">Collection of base address of the service obtained from the hosting layer (IIS).</param>
        /// <returns>Instance of ServiceHostBase.</returns>
        public override ServiceHostBase CreateServiceHost(string constructorString, Uri[] baseAddresses)
        {
            ServiceHostBase host = base.CreateServiceHost(constructorString, baseAddresses);

            // setup a trusted issuer name registry
            ServiceConfiguration configuration = new ServiceConfiguration();

            configuration.IssuerNameRegistry = new TrustedIssuerNameRegistry();

            // The default audience restriction's AudienceMode is set to Always, so we must
            // specify the precise audiences we will accept on issued tokens.
            configuration.SecurityTokenHandlers.Configuration.AudienceRestriction.AllowedAudienceUris.Add(new Uri("http://localhost/Service1/Service1.svc"));

            // Save any bootstrap tokens in session state.
            configuration.SaveBootstrapTokens = true;

            FederatedServiceCredentials.ConfigureServiceHost(host, configuration);

            return(host);
        }
Exemplo n.º 15
0
        static void Main(string[] args)
        {
            WS2007FederationHttpBinding binding = new WS2007FederationHttpBinding();

            binding.Security.Message.IssuerAddress         = new EndpointAddress("http://localhost:6000/SecurityTokenService");
            binding.Security.Message.IssuerMetadataAddress = new EndpointAddress("http://localhost:6000/SecurityTokenService/mex");

            Uri serviceUri = new Uri("http://localhost:6020/ClaimsAwareWebService");

            using (ServiceHost host = new ServiceHost(typeof(ClaimsAwareWebService), serviceUri))
            {
                host.AddServiceEndpoint(typeof(IClaimsAwareWebService), binding, "");

                // Configure our certificate and issuer certificate validation settings on the service credentials
                host.Credentials.ServiceCertificate.SetCertificate("CN=localhost", StoreLocation.LocalMachine, StoreName.My);

                // Enable metadata generation via HTTP GET
                ServiceMetadataBehavior smb = new ServiceMetadataBehavior();
                smb.HttpGetEnabled = true;
                host.Description.Behaviors.Add(smb);

                host.AddServiceEndpoint(typeof(IMetadataExchange), MetadataExchangeBindings.CreateMexHttpBinding(), "mex");


                // Configure the service host to use the Windows Identity Foundation
                ServiceConfiguration configuration = new ServiceConfiguration();
                configuration.IssuerNameRegistry = new TrustedIssuerNameRegistry();
                configuration.SecurityTokenHandlers.Configuration.AudienceRestriction.AllowedAudienceUris.Add(serviceUri);

                FederatedServiceCredentials.ConfigureServiceHost(host, configuration);

                host.Open();

                Console.WriteLine("ClaimsAwareWebService started, press ENTER to stop ...");
                Console.ReadLine();

                host.Close();
            }
        }
Exemplo n.º 16
0
        static void Main()
        {
            ServiceHost            serviceHost        = null;
            ChannelFactory <IEcho> echoChannelFactory = null;
            WSTrustServiceHost     trustServiceHost   = null;

            try
            {
                CustomTokenHandler handler = new CustomTokenHandler();

                //
                // Start the service
                //
                serviceHost = new ServiceHost(typeof(EchoService));
                string serviceAddress = "http://" + Environment.MachineName + ":8080/EchoService";

                ServiceMetadataBehavior metadataBehavior = new ServiceMetadataBehavior();
                metadataBehavior.HttpGetEnabled = true;
                metadataBehavior.HttpGetUrl     = new Uri(serviceAddress);
                serviceHost.Description.Behaviors.Add(metadataBehavior);
                serviceHost.AddServiceEndpoint(typeof(IEcho), GetServiceBinding(), serviceAddress);
                serviceHost.AddServiceEndpoint(typeof(IMetadataExchange), MetadataExchangeBindings.CreateMexHttpBinding(), serviceAddress + "/mex");
                serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.Root, X509FindType.FindByThumbprint, thumbprint);

                FederatedServiceCredentials.ConfigureServiceHost(serviceHost);
                //
                // Update the service credentials so that it can deserialize the custom token
                //
                (( FederatedServiceCredentials )serviceHost.Credentials).SecurityTokenHandlers.Add(handler);
                serviceHost.Open();
                Console.WriteLine("The echo service has started at {0}.\n", serviceAddress);

                //
                // Start the SecurityTokenService
                //
                X509Certificate2   certificate = CertificateUtil.GetCertificate(StoreName.Root, StoreLocation.LocalMachine, thumbprint);
                SigningCredentials credentials = new X509SigningCredentials(certificate);
                SecurityTokenServiceConfiguration securityTokenServiceConfiguration = new SecurityTokenServiceConfiguration(securityTokenServiceAddress, credentials);
                securityTokenServiceConfiguration.SecurityTokenService = typeof(SampleTokenService);

                // register a handler to the SecurityTokenService here so that it can issue the custom token
                securityTokenServiceConfiguration.SecurityTokenHandlers.Add(handler);

                // Add the STS endpoint information
                securityTokenServiceConfiguration.TrustEndpoints.Add(
                    new ServiceHostEndpointConfiguration(typeof(IWSTrust13SyncContract), GetSecurityTokenServiceBinding(), securityTokenServiceAddress));

                securityTokenServiceConfiguration.ServiceCertificate = certificate;

                trustServiceHost = new WSTrustServiceHost(securityTokenServiceConfiguration, new Uri(securityTokenServiceAddress));
                trustServiceHost.Open();
                Console.WriteLine("The security token service has started at {0}.\n", securityTokenServiceAddress);

                //
                // Invoke the client
                //



                echoChannelFactory = new ChannelFactory <IEcho>(GetClientBinding(),
                                                                new EndpointAddress(new Uri(serviceAddress),
                                                                                    EndpointIdentity.CreateDnsIdentity("localhost")));

                IEcho client = echoChannelFactory.CreateChannel();
                ((IClientChannel)client).OperationTimeout = TimeSpan.MaxValue;


                string echoedString = client.Echo("Hello");
                Console.WriteLine("The echo service returns '{0}'. \n", echoedString);


                Console.WriteLine("Press [Enter] to close service.");
                Console.ReadLine();

                echoChannelFactory.Close();

                Console.WriteLine("Press [Enter] to continue.");
                Console.ReadLine();
            }
            catch (CommunicationException e)
            {
                Console.WriteLine(e.Message);
                if (echoChannelFactory != null)
                {
                    echoChannelFactory.Abort();
                }
            }
            catch (TimeoutException e)
            {
                Console.WriteLine(e.Message);
                if (echoChannelFactory != null)
                {
                    echoChannelFactory.Abort();
                }
            }
            catch (Exception e)
            {
                Console.Out.WriteLine(e.InnerException.Message);
            }
            finally
            {
                if (serviceHost != null && serviceHost.State != CommunicationState.Faulted)
                {
                    serviceHost.Close();
                }

                if (trustServiceHost != null && trustServiceHost.State != CommunicationState.Faulted)
                {
                    trustServiceHost.Close();
                }
            }
        }