public void CreateIssuedTokenBindingElement1() { IssuedSecurityTokenParameters tp = new IssuedSecurityTokenParameters(); SymmetricSecurityBindingElement be = SecurityBindingElement.CreateIssuedTokenBindingElement(tp); SecurityAssert.AssertSymmetricSecurityBindingElement( SecurityAlgorithmSuite.Default, true, // IncludeTimestamp SecurityKeyEntropyMode.CombinedEntropy, MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature, MessageSecurityVersion.Default, false, // RequireSignatureConfirmation SecurityHeaderLayout.Strict, // EndpointSupportingTokenParameters: endorsing, signed, signedEncrypted, signedEndorsing (by count) 0, 0, 0, 0, // ProtectionTokenParameters true, SecurityTokenInclusionMode.AlwaysToRecipient, SecurityTokenReferenceStyle.Internal, true, // LocalClientSettings true, 60, true, be, ""); // test ProtectionTokenParameters Assert.AreEqual(tp, be.ProtectionTokenParameters, "#2-1"); SecurityAssert.AssertSecurityTokenParameters( SecurityTokenInclusionMode.AlwaysToRecipient, SecurityTokenReferenceStyle.Internal, true, tp, "Protection"); }
public static Binding CreateIssuedTokenBinding() { BindingElementCollection bec = new BindingElementCollection(); bec.Add(SecurityBindingElement. CreateIssuedTokenBindingElement( new IssuedSecurityTokenParameters())); bec.Add(new TextMessageEncodingBindingElement()); bec.Add(new HttpTransportBindingElement()); return(new CustomBinding(bec)); }
private SecurityBindingElement CreateSecurityBindingElement() { // Create an issued token parameters object. IssuedSecurityTokenParameters issuedSecTok = new IssuedSecurityTokenParameters(); // Create a security binding element with the parameter object. SymmetricSecurityBindingElement secBindingEle = SecurityBindingElement.CreateIssuedTokenBindingElement(issuedSecTok); // Create a Kerberos token parameter object and set the inclusion // mode to AlwaysToRecipient. Add the object as an endorsing token for // all operations of the endpoint. KerberosSecurityTokenParameters kstp = new KerberosSecurityTokenParameters(); kstp.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient; secBindingEle.EndpointSupportingTokenParameters.Endorsing.Add(kstp); // Create a username token parameter object and set its // RequireDerivedKeys to false. UserNameSecurityTokenParameters userNameParams = new UserNameSecurityTokenParameters(); userNameParams.RequireDerivedKeys = false; // Create a collection object for supporting tokens. SupportingTokenParameters stp = new SupportingTokenParameters(); // Add the previously created supporting tokens. stp.Endorsing.Add(issuedSecTok); stp.SignedEncrypted.Add(userNameParams); // Create a generic dictionary item, a KeyValuePair object // that includes all supporting token parameters. Then add // it to the dictionary for operation-scope supporting tokens. KeyValuePair <string, SupportingTokenParameters> x = new KeyValuePair <string, SupportingTokenParameters>("1", stp); secBindingEle.OperationSupportingTokenParameters.Add(x); // See all dictionary items for the supporting tokens. Console.WriteLine("Reading Kevalue pairs"); foreach (KeyValuePair <string, SupportingTokenParameters> kvp in secBindingEle.OperationSupportingTokenParameters) { Console.WriteLine("{0}: {1}", kvp.Key, kvp.Value); } Console.ReadLine(); return(secBindingEle); }
protected internal virtual BindingElement CreateBindingElement(bool createTemplateOnly) { SecurityBindingElement result; switch (this.AuthenticationMode) { case AuthenticationMode.AnonymousForCertificate: result = SecurityBindingElement.CreateAnonymousForCertificateBindingElement(); break; case AuthenticationMode.AnonymousForSslNegotiated: result = SecurityBindingElement.CreateSslNegotiationBindingElement(false, this.RequireSecurityContextCancellation); break; case AuthenticationMode.CertificateOverTransport: result = SecurityBindingElement.CreateCertificateOverTransportBindingElement(this.MessageSecurityVersion); break; case AuthenticationMode.IssuedToken: result = SecurityBindingElement.CreateIssuedTokenBindingElement(this.IssuedTokenParameters.Create(createTemplateOnly, this.templateKeyType)); break; case AuthenticationMode.IssuedTokenForCertificate: result = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(this.IssuedTokenParameters.Create(createTemplateOnly, this.templateKeyType)); break; case AuthenticationMode.IssuedTokenForSslNegotiated: result = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(this.IssuedTokenParameters.Create(createTemplateOnly, this.templateKeyType), this.RequireSecurityContextCancellation); break; case AuthenticationMode.IssuedTokenOverTransport: result = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(this.IssuedTokenParameters.Create(createTemplateOnly, this.templateKeyType)); break; case AuthenticationMode.Kerberos: result = SecurityBindingElement.CreateKerberosBindingElement(); break; case AuthenticationMode.KerberosOverTransport: result = SecurityBindingElement.CreateKerberosOverTransportBindingElement(); break; case AuthenticationMode.MutualCertificateDuplex: result = SecurityBindingElement.CreateMutualCertificateDuplexBindingElement(this.MessageSecurityVersion); break; case AuthenticationMode.MutualCertificate: result = SecurityBindingElement.CreateMutualCertificateBindingElement(this.MessageSecurityVersion); break; case AuthenticationMode.MutualSslNegotiated: result = SecurityBindingElement.CreateSslNegotiationBindingElement(true, this.RequireSecurityContextCancellation); break; case AuthenticationMode.SspiNegotiated: result = SecurityBindingElement.CreateSspiNegotiationBindingElement(this.RequireSecurityContextCancellation); break; case AuthenticationMode.UserNameForCertificate: result = SecurityBindingElement.CreateUserNameForCertificateBindingElement(); break; case AuthenticationMode.UserNameForSslNegotiated: result = SecurityBindingElement.CreateUserNameForSslBindingElement(this.RequireSecurityContextCancellation); break; case AuthenticationMode.UserNameOverTransport: result = SecurityBindingElement.CreateUserNameOverTransportBindingElement(); break; case AuthenticationMode.SspiNegotiatedOverTransport: result = SecurityBindingElement.CreateSspiNegotiationOverTransportBindingElement(this.RequireSecurityContextCancellation); break; default: throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidEnumArgumentException("AuthenticationMode", (int)this.AuthenticationMode, typeof(AuthenticationMode))); } this.ApplyConfiguration(result); return(result); }
/// <summary> /// Creates a custom binding based on an example generated from svcutil.exe /// </summary> /// <param name="exeConfigPath"></param> /// <returns></returns> /// <remarks> /// https://msdn.microsoft.com/en-us/library/ms731690(v=vs.110).aspx /// </remarks> public static List <CustomBinding> GetCustomBindings(string exeConfigPath) { if (string.IsNullOrWhiteSpace(exeConfigPath)) { return(null); } var svcSection = Read.Config.ExeConfig.GetServiceModelSection(exeConfigPath); var configs = new List <CustomBinding>(); foreach (var section in svcSection.Bindings.CustomBinding.ConfiguredBindings.Cast <CustomBindingElement>()) { var binding = new CustomBinding { Name = section.Name, }; var cfgSecurity = section[0] as SecurityElement; if (cfgSecurity == null) { configs.Add(binding); continue; } var mode = cfgSecurity.AuthenticationMode; var msgSecurityVersion = cfgSecurity.MessageSecurityVersion; var issuedTokenParameter = new IssuedSecurityTokenParameters(); if (cfgSecurity.IssuedTokenParameters.AdditionalRequestParameters != null) { foreach (var arp in cfgSecurity.IssuedTokenParameters.AdditionalRequestParameters.Cast <XmlElementElement>()) { issuedTokenParameter.AdditionalRequestParameters.Add(arp.XmlElement); } } if (cfgSecurity.IssuedTokenParameters.Issuer?.Address != null) { var address = cfgSecurity.IssuedTokenParameters.Issuer.Address; var idElem = cfgSecurity.IssuedTokenParameters.Issuer.Identity; issuedTokenParameter.IssuerAddress = GetEnpointAddressWithIdentity(address, idElem); } if (cfgSecurity.IssuedTokenParameters.Issuer?.Binding != null) { issuedTokenParameter.IssuerBinding = GetBindingByName(cfgSecurity.IssuedTokenParameters.Issuer.Binding); } if (cfgSecurity.IssuedTokenParameters.IssuerMetadata?.Address != null) { var address = cfgSecurity.IssuedTokenParameters.IssuerMetadata.Address; var idElem = cfgSecurity.IssuedTokenParameters.IssuerMetadata.Identity; issuedTokenParameter.IssuerMetadataAddress = GetEnpointAddressWithIdentity(address, idElem); } SecurityBindingElement securityElemnt; switch (mode) { case AuthenticationMode.IssuedTokenOverTransport: securityElemnt = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(issuedTokenParameter); break; case AuthenticationMode.AnonymousForCertificate: securityElemnt = SecurityBindingElement.CreateAnonymousForCertificateBindingElement(); break; case AuthenticationMode.AnonymousForSslNegotiated: securityElemnt = SecurityBindingElement.CreateSslNegotiationBindingElement(false); break; case AuthenticationMode.CertificateOverTransport: securityElemnt = SecurityBindingElement.CreateCertificateOverTransportBindingElement(msgSecurityVersion); break; case AuthenticationMode.IssuedToken: securityElemnt = SecurityBindingElement.CreateIssuedTokenBindingElement(issuedTokenParameter); break; case AuthenticationMode.IssuedTokenForCertificate: securityElemnt = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(issuedTokenParameter); break; case AuthenticationMode.IssuedTokenForSslNegotiated: securityElemnt = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(issuedTokenParameter); break; case AuthenticationMode.Kerberos: securityElemnt = SecurityBindingElement.CreateKerberosBindingElement(); break; case AuthenticationMode.KerberosOverTransport: securityElemnt = SecurityBindingElement.CreateKerberosOverTransportBindingElement(); break; case AuthenticationMode.MutualCertificate: securityElemnt = SecurityBindingElement.CreateMutualCertificateBindingElement(msgSecurityVersion); break; case AuthenticationMode.MutualCertificateDuplex: securityElemnt = SecurityBindingElement.CreateMutualCertificateDuplexBindingElement(msgSecurityVersion); break; case AuthenticationMode.MutualSslNegotiated: securityElemnt = SecurityBindingElement.CreateSslNegotiationBindingElement(false); break; case AuthenticationMode.SspiNegotiated: securityElemnt = SecurityBindingElement.CreateSspiNegotiationBindingElement(); break; case AuthenticationMode.SspiNegotiatedOverTransport: securityElemnt = SecurityBindingElement.CreateSspiNegotiationOverTransportBindingElement(); break; case AuthenticationMode.UserNameForCertificate: securityElemnt = SecurityBindingElement.CreateUserNameForCertificateBindingElement(); break; case AuthenticationMode.UserNameForSslNegotiated: securityElemnt = SecurityBindingElement.CreateUserNameForSslBindingElement(); break; case AuthenticationMode.UserNameOverTransport: securityElemnt = SecurityBindingElement.CreateUserNameOverTransportBindingElement(); break; default: throw new NotImplementedException(); } securityElemnt.AllowInsecureTransport = cfgSecurity.AllowInsecureTransport; securityElemnt.DefaultAlgorithmSuite = cfgSecurity.DefaultAlgorithmSuite; securityElemnt.EnableUnsecuredResponse = cfgSecurity.EnableUnsecuredResponse; securityElemnt.IncludeTimestamp = cfgSecurity.IncludeTimestamp; securityElemnt.MessageSecurityVersion = cfgSecurity.MessageSecurityVersion; securityElemnt.KeyEntropyMode = cfgSecurity.KeyEntropyMode; securityElemnt.ProtectTokens = cfgSecurity.ProtectTokens; securityElemnt.SecurityHeaderLayout = cfgSecurity.SecurityHeaderLayout; securityElemnt.SetKeyDerivation(cfgSecurity.RequireDerivedKeys); binding.Elements.Add(securityElemnt); configs.Add(binding); } return(configs); }