public void DefaultValues () { SymmetricSecurityBindingElement be = new SymmetricSecurityBindingElement (); SecurityAssert.AssertSymmetricSecurityBindingElement ( SecurityAlgorithmSuite.Default, true, // IncludeTimestamp SecurityKeyEntropyMode.CombinedEntropy, MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature, MessageSecurityVersion.Default, false, // RequireSignatureConfirmation SecurityHeaderLayout.Strict, // EndpointSupportingTokenParameters: endorsing, signed, signedEncrypted, signedEndorsing (by count) 0, 0, 0, 0, // ProtectionTokenParameters false, default (SecurityTokenInclusionMode), default (SecurityTokenReferenceStyle), default (bool), // LocalClientSettings true, 60, true, be, ""); }
public UserNameCertificateBinding() { //add security // var securityElement = // SecurityBindingElement.CreateUserNameForCertificateBindingElement(); var securityElement = new SymmetricSecurityBindingElement(); var x509TokenParameters = new X509SecurityTokenParameters(); // how to find certificate // this will be used by securitymanager to find the certificate when create x509security tokens //x509TokenParameters.X509ReferenceStyle = X509KeyIdentifierClauseType.Thumbprint; //The token is never included in messages but is referenced. The token must be known to the recipient out of band x509TokenParameters.InclusionMode = SecurityTokenInclusionMode.Never; securityElement.ProtectionTokenParameters = x509TokenParameters; securityElement.EndpointSupportingTokenParameters. SignedEncrypted.Add(new UserNameSecurityTokenParameters()); securityElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11; securityElement.RequireSignatureConfirmation = true; Elements.Add(securityElement); // Message Encoding var textEncoding = new GZipMessageEncodingBindingElement(); textEncoding.MessageVersion = MessageVersion.Soap12WSAddressing10; Elements.Add(textEncoding); // Transport Elements.Add(new HttpTransportBindingElement()); }
public static void Main () { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement (); sbe.ProtectionTokenParameters = new SslSecurityTokenParameters (); ServiceHost host = new ServiceHost (typeof (Foo)); HttpTransportBindingElement hbe = new HttpTransportBindingElement (); CustomBinding binding = new CustomBinding (sbe, hbe); binding.ReceiveTimeout = TimeSpan.FromSeconds (5); host.AddServiceEndpoint ("IFoo", binding, new Uri ("http://localhost:8080")); ServiceCredentials cred = new ServiceCredentials (); cred.SecureConversationAuthentication.SecurityStateEncoder = new MyEncoder (); cred.ServiceCertificate.Certificate = new X509Certificate2 ("test.pfx", "mono"); cred.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; host.Description.Behaviors.Add (cred); host.Description.Behaviors.Find<ServiceDebugBehavior> () .IncludeExceptionDetailInFaults = true; // foreach (ServiceEndpoint se in host.Description.Endpoints) // se.Behaviors.Add (new StdErrInspectionBehavior ()); ServiceMetadataBehavior smb = new ServiceMetadataBehavior (); smb.HttpGetEnabled = true; smb.HttpGetUrl = new Uri ("http://localhost:8080/wsdl"); host.Description.Behaviors.Add (smb); host.Open (); Console.WriteLine ("Hit [CR] key to close ..."); Console.ReadLine (); host.Close (); }
public static Binding CreateCreditCardBinding() { HttpTransportBindingElement httpTransport = new HttpTransportBindingElement(); // the message security binding element will be configured to require a credit card // token that is encrypted with the service's certificate SymmetricSecurityBindingElement messageSecurity = new SymmetricSecurityBindingElement(); messageSecurity.EndpointSupportingTokenParameters.SignedEncrypted.Add(new CreditCardTokenParameters()); X509SecurityTokenParameters x509ProtectionParameters = new X509SecurityTokenParameters(); x509ProtectionParameters.InclusionMode = SecurityTokenInclusionMode.Never; messageSecurity.ProtectionTokenParameters = x509ProtectionParameters; return new CustomBinding(messageSecurity, httpTransport); }
public void NonEndorsibleParameterInEndorsingSupport() { SymmetricSecurityBindingElement be = new SymmetricSecurityBindingElement(); be.ProtectionTokenParameters = new X509SecurityTokenParameters(); be.EndpointSupportingTokenParameters.Endorsing.Add( new UserNameSecurityTokenParameters()); Binding b = new CustomBinding(be, new HttpTransportBindingElement()); X509Certificate2 cert = new X509Certificate2(TestResourceHelper.GetFullPathOfResource("Test/Resources/test.pfx"), "mono"); EndpointAddress ea = new EndpointAddress(new Uri("http://localhost:" + NetworkHelpers.FindFreePort()), new X509CertificateEndpointIdentity(cert)); CalcProxy client = new CalcProxy(b, ea); client.ClientCredentials.UserName.UserName = "******"; client.Sum(1, 2); }
private void ShowUse() { //<snippet17> // Create an instance of the binding to use. WSHttpBinding b = new WSHttpBinding(); // Get the binding element collection. BindingElementCollection bec = b.CreateBindingElements(); // Find the SymmetricSecurityBindingElement in the colllection. // Important: Cast to the SymmetricSecurityBindingElement when using the Find // method. SymmetricSecurityBindingElement sbe = (SymmetricSecurityBindingElement) bec.Find <SecurityBindingElement>(); // Get the LocalServiceSettings from the binding element. LocalServiceSecuritySettings lss = sbe.LocalServiceSettings; // Print out values. Console.WriteLine("DetectReplays: {0} days", lss.DetectReplays); Console.WriteLine("ReplayWindow: {0} minutes", lss.ReplayWindow.Minutes); Console.WriteLine("MaxClockSkew: {0} minutes", lss.MaxClockSkew.Minutes); Console.ReadLine(); Console.WriteLine("Press Enter to Continue"); // Change the MaxClockSkew to 3 minutes. lss.MaxClockSkew = new TimeSpan(0, 0, 3, 0); // Print the new value. Console.WriteLine("New MaxClockSkew: {0} minutes", lss.MaxClockSkew.Minutes); Console.WriteLine("Press Enter to End"); Console.ReadLine(); // Create a URI for the service. Uri httpUri = new Uri("http://localhost/calculator"); // Create a ServiceHost. The binding has the changed MaxClockSkew. ServiceHost sh = new ServiceHost(typeof(Calculator), httpUri); sh.AddServiceEndpoint(typeof(ICalculator), b, ""); // sh.Open(); // Console.WriteLine("Listening"); // Console.ReadLine(); // sh.Close(); //</snippet17> }
public void OtherParameterInEndorsingSupport() { SymmetricSecurityBindingElement be = new SymmetricSecurityBindingElement(); be.ProtectionTokenParameters = new X509SecurityTokenParameters(); be.EndpointSupportingTokenParameters.Endorsing.Add( new MyEndorsingTokenParameters()); Binding b = new CustomBinding(be, new HttpTransportBindingElement()); EndpointAddress ea = new EndpointAddress(new Uri("http://localhost:" + NetworkHelpers.FindFreePort()), new X509CertificateEndpointIdentity(cert)); CalcProxy client = new CalcProxy(b, ea); client.Endpoint.Behaviors.RemoveAll <ClientCredentials> (); client.Endpoint.Behaviors.Add(new MyClientCredentials()); client.Sum(1, 2); }
public Binding CreateHttpsBinding() { var httpTransport = new HttpsTransportBindingElement { MaxReceivedMessageSize = 10000000 }; var messageSecurity = new SymmetricSecurityBindingElement(); var x509ProtectionParameters = new X509SecurityTokenParameters { InclusionMode = SecurityTokenInclusionMode.Never }; messageSecurity.ProtectionTokenParameters = x509ProtectionParameters; return(new CustomBinding(messageSecurity, httpTransport)); }
public CustomBinding CreateCustomTokenBinding() { HttpTransportBindingElement httpTransport = new HttpTransportBindingElement(); // the message security binding element will be configured to require a credit card // token that is encrypted with the service's certificate SymmetricSecurityBindingElement messageSecurity = new SymmetricSecurityBindingElement(); messageSecurity.EndpointSupportingTokenParameters.SignedEncrypted.Add(new CustomTokenParameters()); X509SecurityTokenParameters x509ProtectionParameters = new X509SecurityTokenParameters(); x509ProtectionParameters.InclusionMode = SecurityTokenInclusionMode.Never; messageSecurity.ProtectionTokenParameters = x509ProtectionParameters; return(new CustomBinding(messageSecurity, httpTransport)); }
public void MessageSecuritySPNego() { WSHttpBinding binding = new WSHttpBinding(); SymmetricSecurityBindingElement sbe = binding.CreateBindingElements().Find <SymmetricSecurityBindingElement> (); Assert.IsNotNull(sbe, "#1"); Assert.AreEqual(false, sbe.RequireSignatureConfirmation, "#1-2"); SecureConversationSecurityTokenParameters sp = sbe.ProtectionTokenParameters as SecureConversationSecurityTokenParameters; Assert.IsNotNull(sp, "#2"); SymmetricSecurityBindingElement spbe = sp.BootstrapSecurityBindingElement as SymmetricSecurityBindingElement; Assert.IsNotNull(spbe, "#3"); SspiSecurityTokenParameters p = spbe.ProtectionTokenParameters as SspiSecurityTokenParameters; Assert.IsNotNull(p, "#4"); Assert.AreEqual(SecurityTokenReferenceStyle.Internal, p.ReferenceStyle, "#5"); Assert.AreEqual(SecurityTokenInclusionMode.AlwaysToRecipient, p.InclusionMode, "#6"); Assert.AreEqual(0, sbe.EndpointSupportingTokenParameters.Signed.Count, "#7"); Assert.AreEqual(0, sbe.EndpointSupportingTokenParameters.SignedEncrypted.Count, "#8"); Assert.AreEqual(0, sbe.EndpointSupportingTokenParameters.Endorsing.Count, "#9"); Assert.AreEqual(0, sbe.EndpointSupportingTokenParameters.SignedEndorsing.Count, "#10"); Assert.AreEqual(0, spbe.EndpointSupportingTokenParameters.Signed.Count, "#11"); Assert.AreEqual(0, spbe.EndpointSupportingTokenParameters.SignedEncrypted.Count, "#12"); Assert.AreEqual(0, spbe.EndpointSupportingTokenParameters.Endorsing.Count, "#13"); Assert.AreEqual(0, spbe.EndpointSupportingTokenParameters.SignedEndorsing.Count, "#14"); Assert.AreEqual(0, sbe.OptionalEndpointSupportingTokenParameters.Signed.Count, "#17"); Assert.AreEqual(0, sbe.OptionalEndpointSupportingTokenParameters.SignedEncrypted.Count, "#18"); Assert.AreEqual(0, sbe.OptionalEndpointSupportingTokenParameters.Endorsing.Count, "#19"); Assert.AreEqual(0, sbe.OptionalEndpointSupportingTokenParameters.SignedEndorsing.Count, "#110"); Assert.AreEqual(0, spbe.OptionalEndpointSupportingTokenParameters.Signed.Count, "#21"); Assert.AreEqual(0, spbe.OptionalEndpointSupportingTokenParameters.SignedEncrypted.Count, "#22"); Assert.AreEqual(0, spbe.OptionalEndpointSupportingTokenParameters.Endorsing.Count, "#23"); Assert.AreEqual(0, spbe.OptionalEndpointSupportingTokenParameters.SignedEndorsing.Count, "#24"); }
// not sure how "good" this test is ... if it fails at // service side, it just results in timeout error. // The assertion makes sure that it passes all the tests, but // in case it failed, there is almost no hint ... public void GetOrCreateSecureMessage() { bool passed = false; ServiceHost host = new ServiceHost(typeof(CalcService)); InterceptorRequestContextHandler handler = delegate(MessageBuffer src) { Message msg = src.CreateMessage(); GetOrCreateSecureMessageAtService(msg); passed = true; }; try { SymmetricSecurityBindingElement clisbe = new SymmetricSecurityBindingElement(); clisbe.ProtectionTokenParameters = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.Never); BindingElement transport = new HttpTransportBindingElement(); BindingElement sintercept = new InterceptorBindingElement(handler); CustomBinding b_res = new CustomBinding(clisbe, sintercept, transport); b_res.ReceiveTimeout = b_res.SendTimeout = TimeSpan.FromSeconds(5); host.AddServiceEndpoint(typeof(ICalc), b_res, "http://localhost:37564"); ServiceCredentials cred = new ServiceCredentials(); cred.ServiceCertificate.Certificate = cert; cred.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; host.Description.Behaviors.Add(cred); host.Open(); ProcessClient(); } finally { if (host.State == CommunicationState.Opened) { host.Close(); } } if (!passed) { Assert.Fail("Didn't pass the interceptor."); } }
private static SecurityBindingElement CreateSecurityBindingElement() { SymmetricSecurityBindingElement sbe = SecurityBindingElement.CreateUserNameForSslBindingElement(); //sbe.IncludeTimestamp = false; //sbe.LocalServiceSettings.DetectReplays = false; sbe.ProtectionTokenParameters = new X509SecurityTokenParameters(); // This "Never" is somehow mandatory (though I wonder why ...) sbe.ProtectionTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never; sbe.MessageSecurityVersion = MessageSecurityVersion.Default; //sbe.RequireSignatureConfirmation = true; //sbe.KeyEntropyMode = SecurityKeyEntropyMode.ServerEntropy; sbe.SetKeyDerivation(false); sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; return(sbe); }
public void SetKeyDerivation() { SymmetricSecurityBindingElement be; X509SecurityTokenParameters p; be = new SymmetricSecurityBindingElement(); p = new X509SecurityTokenParameters(); be.ProtectionTokenParameters = p; be.SetKeyDerivation(false); Assert.AreEqual(false, p.RequireDerivedKeys, "#1"); be = new SymmetricSecurityBindingElement(); p = new X509SecurityTokenParameters(); be.SetKeyDerivation(false); // set in prior - makes no sense be.ProtectionTokenParameters = p; Assert.AreEqual(true, p.RequireDerivedKeys, "#2"); }
public static void Main() { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement(); //sbe.IncludeTimestamp = false; //sbe.LocalServiceSettings.DetectReplays = false; sbe.ProtectionTokenParameters = new X509SecurityTokenParameters(); // This "Never" is somehow mandatory (though I wonder why ...) sbe.ProtectionTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never; sbe.SetKeyDerivation(false); sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; ServiceHost host = new ServiceHost(typeof(Foo)); HttpTransportBindingElement hbe = new HttpTransportBindingElement(); CustomBinding binding = new CustomBinding(sbe, hbe); binding.ReceiveTimeout = TimeSpan.FromSeconds(5); host.AddServiceEndpoint("IFoo", binding, new Uri("http://localhost:8080")); ServiceCredentials cred = new ServiceCredentials(); cred.ServiceCertificate.Certificate = new X509Certificate2("test.pfx", "mono"); cred.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; host.Description.Behaviors.Add(cred); host.Description.Behaviors.Find <ServiceDebugBehavior> () .IncludeExceptionDetailInFaults = true; foreach (ServiceEndpoint se in host.Description.Endpoints) { se.Behaviors.Add(new StdErrInspectionBehavior()); } ServiceMetadataBehavior smb = new ServiceMetadataBehavior(); smb.HttpGetEnabled = true; smb.HttpGetUrl = new Uri("http://localhost:8080/wsdl"); host.Description.Behaviors.Add(smb); host.Open(); Console.WriteLine("Hit [CR] key to close ..."); Console.ReadLine(); host.Close(); }
//<snippet1> // This method returns a custom binding created from a WSHttpBinding. Alter the method // to use the appropriate binding for your service, with the appropriate settings. public static Binding CreateCustomBinding(TimeSpan clockSkew) { WSHttpBinding standardBinding = new WSHttpBinding(SecurityMode.Message, true); CustomBinding myCustomBinding = new CustomBinding(standardBinding); SymmetricSecurityBindingElement security = myCustomBinding.Elements.Find<SymmetricSecurityBindingElement>(); security.LocalClientSettings.MaxClockSkew = clockSkew; security.LocalServiceSettings.MaxClockSkew = clockSkew; // Get the System.ServiceModel.Security.Tokens.SecureConversationSecurityTokenParameters SecureConversationSecurityTokenParameters secureTokenParams = (SecureConversationSecurityTokenParameters)security.ProtectionTokenParameters; // From the collection, get the bootstrap element. SecurityBindingElement bootstrap = secureTokenParams.BootstrapSecurityBindingElement; // Set the MaxClockSkew on the bootstrap element. bootstrap.LocalClientSettings.MaxClockSkew = clockSkew; bootstrap.LocalServiceSettings.MaxClockSkew = clockSkew; return myCustomBinding; }
void IServiceBehavior.ApplyDispatchBehavior(System.ServiceModel.Description.ServiceDescription service, ServiceHostBase serviceHostBase) { foreach (ServiceEndpoint endpoint in service.Endpoints) { foreach (BindingElement element in endpoint.Binding.CreateBindingElements()) { SymmetricSecurityBindingElement element2 = element as SymmetricSecurityBindingElement; if (element2 != null) { this.CheckForCookie(element2.ProtectionTokenParameters, endpoint); foreach (SecurityTokenParameters parameters in element2.EndpointSupportingTokenParameters.Endorsing) { this.CheckForCookie(parameters, endpoint); } break; } } } }
public Binding CreateBinding() { var httpTransport = new HttpTransportBindingElement { MaxReceivedMessageSize = 10000000 }; var messageSecurity = new SymmetricSecurityBindingElement(); messageSecurity.EndpointSupportingTokenParameters.SignedEncrypted.Add(new ConnectTokenParameters()); var x509ProtectionParameters = new X509SecurityTokenParameters { InclusionMode = SecurityTokenInclusionMode.Never }; messageSecurity.ProtectionTokenParameters = x509ProtectionParameters; return(new CustomBinding(messageSecurity, httpTransport)); }
static void Run() { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement(); sbe.ProtectionTokenParameters = new SspiSecurityTokenParameters(); HttpTransportBindingElement hbe = new HttpTransportBindingElement(); CustomBinding binding = new CustomBinding(sbe, hbe); X509Certificate2 cert = new X509Certificate2("test.cer"); FooProxy proxy = new FooProxy(binding, //new EndpointAddress (new Uri ("http://localhost:8080"))); new EndpointAddress(new Uri("http://localhost:8080"), new UpnEndpointIdentity("PC\\atsushi"))); //new EndpointAddress (new Uri ("http://localhost:8080"), new SpnEndpointIdentity ("PC/atsushi"))); proxy.Open(); Console.WriteLine(proxy.Echo("TEST FOR ECHO")); }
//Create a custom binding using a WsHttpBinding public static Binding CreateCustomSecurityBinding() { WSHttpBinding binding = new WSHttpBinding(SecurityMode.Message); //Clients are anonymous to the service binding.Security.Message.ClientCredentialType = MessageCredentialType.None; //Secure conversation is turned off for simplification. If secure conversation is turned on then //you also need to set the IdentityVerifier on the secureconversation bootstrap binding. binding.Security.Message.EstablishSecurityContext = false; //Get the SecurityBindingElement and cast to a SymmetricSecurityBindingElement to set the IdentityVerifier BindingElementCollection outputBec = binding.CreateBindingElements(); SymmetricSecurityBindingElement ssbe = (SymmetricSecurityBindingElement)outputBec.Find <SecurityBindingElement>(); //Set the Custom IdentityVerifier ssbe.LocalClientSettings.IdentityVerifier = new CustomIdentityVerifier(); return(new CustomBinding(outputBec)); }
public static void Main(string [] args) { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement(); IssuedSecurityTokenParameters ip = new IssuedSecurityTokenParameters(); sbe.ProtectionTokenParameters = ip; ip.ClaimTypeRequirements.Add(new ClaimTypeRequirement( ClaimTypes.Email)); if (args.Length > 0) { ip.IssuerAddress = new EndpointAddress(new Uri(args [0]), new X509CertificateEndpointIdentity(new X509Certificate2(args [1]))); } ServiceHost host = new ServiceHost(typeof(Foo)); HttpTransportBindingElement hbe = new HttpTransportBindingElement(); CustomBinding binding = new CustomBinding(sbe, hbe); binding.ReceiveTimeout = TimeSpan.FromSeconds(5); host.AddServiceEndpoint("IFoo", binding, new Uri("http://localhost:8080")); ServiceCredentials cred = new ServiceCredentials(); cred.ServiceCertificate.Certificate = new X509Certificate2("test.pfx", "mono"); cred.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; cred.IssuedTokenAuthentication.AllowUntrustedRsaIssuers = true; host.Description.Behaviors.Add(cred); host.Description.Behaviors.Find <ServiceDebugBehavior> () .IncludeExceptionDetailInFaults = true; ServiceMetadataBehavior smb = new ServiceMetadataBehavior(); smb.HttpGetEnabled = true; smb.HttpGetUrl = new Uri("http://localhost:8080/wsdl"); host.Description.Behaviors.Add(smb); host.Open(); Console.WriteLine("Hit [CR] key to close ..."); Console.ReadLine(); host.Close(); }
public static void Main () { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement (); sbe.SecurityHeaderLayout = SecurityHeaderLayout.Lax; sbe.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11; sbe.RequireSignatureConfirmation = true; sbe.LocalServiceSettings.DetectReplays = false; sbe.IncludeTimestamp = false; sbe.ProtectionTokenParameters = new X509SecurityTokenParameters (X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.Never); X509SecurityTokenParameters p = new X509SecurityTokenParameters (X509KeyIdentifierClauseType.IssuerSerial, SecurityTokenInclusionMode.AlwaysToRecipient); p.RequireDerivedKeys = false; //sbe.EndpointSupportingTokenParameters.Endorsing.Add (p); sbe.SetKeyDerivation (false); sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; ServiceHost host = new ServiceHost (typeof (Foo)); HttpTransportBindingElement hbe = new HttpTransportBindingElement (); CustomBinding binding = new CustomBinding (sbe, hbe); binding.ReceiveTimeout = TimeSpan.FromSeconds (5); host.AddServiceEndpoint ("IFoo", binding, new Uri ("http://localhost:8080")); ServiceCredentials cred = new ServiceCredentials (); cred.ServiceCertificate.Certificate = new X509Certificate2 ("test.pfx", "mono"); host.Description.Behaviors.Add (cred); host.Description.Behaviors.Find<ServiceDebugBehavior> () .IncludeExceptionDetailInFaults = true; foreach (ServiceEndpoint se in host.Description.Endpoints) se.Behaviors.Add (new StdErrInspectionBehavior ()); ServiceMetadataBehavior smb = new ServiceMetadataBehavior (); smb.HttpGetEnabled = true; smb.HttpGetUrl = new Uri ("http://localhost:8080/wsdl"); host.Description.Behaviors.Add (smb); host.Open (); Console.WriteLine ("Hit [CR] key to close ..."); Console.ReadLine (); host.Close (); }
public static void Main () { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement (); //sbe.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10; //sbe.RequireSignatureConfirmation = true; sbe.ProtectionTokenParameters = new X509SecurityTokenParameters (X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.Never); UserNameSecurityTokenParameters p = new UserNameSecurityTokenParameters (); p.RequireDerivedKeys = false; sbe.EndpointSupportingTokenParameters.SignedEncrypted.Add (p); //sbe.EndpointSupportingTokenParameters.Signed.Add (p); ServiceHost host = new ServiceHost (typeof (Foo)); HttpTransportBindingElement hbe = new HttpTransportBindingElement (); CustomBinding binding = new CustomBinding (sbe, hbe); binding.ReceiveTimeout = TimeSpan.FromSeconds (5); host.AddServiceEndpoint ("IFoo", binding, new Uri ("http://localhost:8080")); ServiceCredentials cred = new ServiceCredentials (); cred.ServiceCertificate.Certificate = new X509Certificate2 ("test.pfx", "mono"); cred.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom; cred.UserNameAuthentication.CustomUserNamePasswordValidator = new GodUserNamePasswordValidator (); host.Description.Behaviors.Add (cred); host.Description.Behaviors.Find<ServiceDebugBehavior> () .IncludeExceptionDetailInFaults = true; foreach (ServiceEndpoint se in host.Description.Endpoints) se.Behaviors.Add (new StdErrInspectionBehavior ()); ServiceMetadataBehavior smb = new ServiceMetadataBehavior (); smb.HttpGetEnabled = true; smb.HttpGetUrl = new Uri ("http://localhost:8080/wsdl"); host.Description.Behaviors.Add (smb); host.Open (); Console.WriteLine ("Hit [CR] key to close ..."); Console.ReadLine (); host.Close (); }
public static void Main () { Console.WriteLine ("WARNING!! This test is not configured enought to work fine on .NET either."); SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement (); sbe.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10; sbe.RequireSignatureConfirmation = true; //sbe.IncludeTimestamp = false; sbe.ProtectionTokenParameters = new X509SecurityTokenParameters (X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.Never); X509SecurityTokenParameters p = new X509SecurityTokenParameters (X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.AlwaysToRecipient); p.RequireDerivedKeys = false; sbe.EndpointSupportingTokenParameters.Endorsing.Add (p); //sbe.SetKeyDerivation (false); //sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; ServiceHost host = new ServiceHost (typeof (Foo)); var mbe = new BinaryMessageEncodingBindingElement (); var tbe = new TcpTransportBindingElement (); CustomBinding binding = new CustomBinding (sbe, mbe, tbe); binding.ReceiveTimeout = TimeSpan.FromSeconds (5); host.AddServiceEndpoint ("IFoo", binding, new Uri ("http://localhost:8080")); ServiceCredentials cred = new ServiceCredentials (); cred.ServiceCertificate.Certificate = new X509Certificate2 ("test.pfx", "mono"); cred.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; host.Description.Behaviors.Add (cred); host.Description.Behaviors.Find<ServiceDebugBehavior> () .IncludeExceptionDetailInFaults = true; ServiceMetadataBehavior smb = new ServiceMetadataBehavior (); smb.HttpGetEnabled = true; smb.HttpGetUrl = new Uri ("http://localhost:8080/wsdl"); host.Description.Behaviors.Add (smb); host.Open (); Console.WriteLine ("Hit [CR] key to close ..."); Console.ReadLine (); host.Close (); }
private Guid CreateService(string url, string username, string password) { Guid sessionId; SymmetricSecurityBindingElement sbe = SecurityBindingElement.CreateUserNameForCertificateBindingElement(); //sbe.IncludeTimestamp = false; //sbe.LocalClientSettings.DetectReplays = false; sbe.ProtectionTokenParameters = new X509SecurityTokenParameters(); sbe.ProtectionTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never; sbe.SetKeyDerivation(false); sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; HttpTransportBindingElement hbe = new HttpTransportBindingElement(); CustomBinding binding = new CustomBinding(sbe, hbe); X509Certificate2 cert = new X509Certificate2("powershell.pfx", "mono"); if (url.IndexOf("://") == -1) { //Default to http connection url = "http://" + url; } UriBuilder builder = new UriBuilder(url); if (builder.Port == 80 || builder.Port == 443) { builder.Port = 5985; } WSManHttpServiceProxy proxy = new WSManHttpServiceProxy(binding, new EndpointAddress(builder.Uri, new X509CertificateEndpointIdentity(cert))); proxy.ClientCredentials.UserName.UserName = username; proxy.ClientCredentials.UserName.Password = password; proxy.Open(); sessionId = proxy.CreateSession(); proxy.SessionId = sessionId; _services.Add(sessionId, proxy); return(sessionId); }
private void LocalClient() { //<snippet15> // Create an instance of the binding to use. WSHttpBinding b = new WSHttpBinding(); // Get the binding element collection. BindingElementCollection bec = b.CreateBindingElements(); // Find the SymmetricSecurityBindingElement in the collection. // Important: Cast to the SymmetricSecurityBindingElement when using the Find // method. SymmetricSecurityBindingElement sbe = (SymmetricSecurityBindingElement) bec.Find <SecurityBindingElement>(); // Get the LocalSecuritySettings from the binding element. LocalClientSecuritySettings lc = sbe.LocalClientSettings; // Print out values. Console.WriteLine("Maximum cookie caching time: {0} days", lc.MaxCookieCachingTime.Days); Console.WriteLine("Replay Cache Size: {0}", lc.ReplayCacheSize); Console.WriteLine("ReplayWindow: {0} minutes", lc.ReplayWindow.Minutes); Console.WriteLine("MaxClockSkew: {0} minutes", lc.MaxClockSkew.Minutes); Console.ReadLine(); // Change the MaxClockSkew to 3 minutes. lc.MaxClockSkew = new TimeSpan(0, 0, 3, 0); // Print the new value. Console.WriteLine("New MaxClockSkew: {0} minutes", lc.MaxClockSkew.Minutes); Console.ReadLine(); // Create an EndpointAddress for the service. EndpointAddress ea = new EndpointAddress("http://localhost/calculator"); // Create a client. The binding has the changed MaxClockSkew. // CalculatorClient cc = new CalculatorClient(b, ea); // Use the new client. (Not shown.) // cc.Close(); //</snippet15> }
static void Run() { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement(); sbe.ProtectionTokenParameters = new SslSecurityTokenParameters(); HttpTransportBindingElement hbe = new HttpTransportBindingElement(); CustomBinding binding = new CustomBinding(sbe, hbe); X509Certificate2 cert = new X509Certificate2("test.cer"); FooProxy proxy = new FooProxy(binding, new EndpointAddress(new Uri("http://localhost:8080"), new X509CertificateEndpointIdentity(cert))); proxy.ClientCredentials.ServiceCertificate.Authentication .CertificateValidationMode = X509CertificateValidationMode.None; // proxy.Endpoint.Behaviors.Add (new StdErrInspectionBehavior ()); proxy.Open(); Console.WriteLine(proxy.Echo("TEST FOR ECHO")); }
CustomBinding CreateBinding(RequestSender sender, SecurityTokenParameters protectionTokenParameters, bool isOneWay) { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement(); sbe.ProtectionTokenParameters = protectionTokenParameters; List <BindingElement> l = new List <BindingElement> (); l.Add(sbe); l.Add(new TextMessageEncodingBindingElement()); if (isOneWay) { l.Add(new OneWayBindingElement()); } l.Add(new HandlerTransportBindingElement(sender)); CustomBinding b = new CustomBinding(l); return(b); }
//<snippet1> private Binding CreateBinding() { BindingElementCollection bindings = new BindingElementCollection(); KerberosSecurityTokenParameters tokens = new KerberosSecurityTokenParameters(); SymmetricSecurityBindingElement security = new SymmetricSecurityBindingElement(tokens); // Require that every request and return be correlated. security.RequireSignatureConfirmation = true; bindings.Add(security); TextMessageEncodingBindingElement encoding = new TextMessageEncodingBindingElement(); bindings.Add(encoding); HttpTransportBindingElement transport = new HttpTransportBindingElement(); bindings.Add(transport); CustomBinding myBinding = new CustomBinding(bindings); return(myBinding); }
public void DefaultMessageSecurity() { WSHttpBinding b = new WSHttpBinding(); SymmetricSecurityBindingElement sbe = b.CreateBindingElements().Find <SymmetricSecurityBindingElement> (); Assert.IsNotNull(sbe, "#0"); SecureConversationSecurityTokenParameters p = sbe.ProtectionTokenParameters as SecureConversationSecurityTokenParameters; Assert.IsNotNull(p, "#1"); SymmetricSecurityBindingElement scbe = p.BootstrapSecurityBindingElement as SymmetricSecurityBindingElement; Assert.IsNotNull(scbe, "#1.1"); // since the default w/o SecureConv is SSPI ... Assert.IsTrue(scbe.ProtectionTokenParameters is SspiSecurityTokenParameters, "#1.2"); Assert.AreEqual(SecurityAlgorithmSuite.Default, sbe.DefaultAlgorithmSuite, "#2"); SupportingTokenParameters s = sbe.EndpointSupportingTokenParameters; Assert.IsNotNull(s, "#3"); Assert.AreEqual(0, s.Endorsing.Count, "#3-1"); Assert.AreEqual(0, s.Signed.Count, "#3-2"); Assert.AreEqual(0, s.SignedEndorsing.Count, "#3-3"); Assert.AreEqual(0, s.SignedEncrypted.Count, "#3-4"); Assert.AreEqual(0, sbe.OperationSupportingTokenParameters.Count, "#4"); s = sbe.OptionalEndpointSupportingTokenParameters; Assert.IsNotNull(s, "#5"); Assert.AreEqual(0, s.Endorsing.Count, "#5-1"); Assert.AreEqual(0, s.Signed.Count, "#5-2"); Assert.AreEqual(0, s.SignedEndorsing.Count, "#5-3"); Assert.AreEqual(0, s.SignedEncrypted.Count, "#5-4"); Assert.AreEqual(0, sbe.OptionalOperationSupportingTokenParameters.Count, "#6"); }
public static void Main () { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement (); //sbe.IncludeTimestamp = false; //sbe.LocalServiceSettings.DetectReplays = false; sbe.ProtectionTokenParameters = new X509SecurityTokenParameters (); // This "Never" is somehow mandatory (though I wonder why ...) sbe.ProtectionTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never; sbe.SetKeyDerivation (false); sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; ServiceHost host = new ServiceHost (typeof (Foo)); HttpTransportBindingElement hbe = new HttpTransportBindingElement (); CustomBinding binding = new CustomBinding (sbe, hbe); binding.ReceiveTimeout = TimeSpan.FromSeconds (5); host.AddServiceEndpoint ("IFoo", binding, new Uri ("http://localhost:8080")); ServiceCredentials cred = new ServiceCredentials (); cred.ServiceCertificate.Certificate = new X509Certificate2 ("test.pfx", "mono"); cred.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; host.Description.Behaviors.Add (cred); host.Description.Behaviors.Find<ServiceDebugBehavior> () .IncludeExceptionDetailInFaults = true; foreach (ServiceEndpoint se in host.Description.Endpoints) se.Behaviors.Add (new StdErrInspectionBehavior ()); ServiceMetadataBehavior smb = new ServiceMetadataBehavior (); smb.HttpGetEnabled = true; smb.HttpGetUrl = new Uri ("http://localhost:8080/wsdl"); host.Description.Behaviors.Add (smb); host.Open (); Console.WriteLine ("Hit [CR] key to close ..."); Console.ReadLine (); host.Close (); }
public WSManServiceHost() { try { //localhost:5985/wsman SymmetricSecurityBindingElement sbe = SecurityBindingElement.CreateUserNameForSslBindingElement(); //sbe.IncludeTimestamp = false; //sbe.LocalServiceSettings.DetectReplays = false; sbe.ProtectionTokenParameters = new X509SecurityTokenParameters(); // This "Never" is somehow mandatory (though I wonder why ...) sbe.ProtectionTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never; sbe.SetKeyDerivation(false); sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; _host = new ServiceHost(typeof(WSManHttpService)); HttpTransportBindingElement hbe = new HttpTransportBindingElement(); CustomBinding binding = new CustomBinding(sbe, hbe); binding.ReceiveTimeout = TimeSpan.FromSeconds(5); _host.AddServiceEndpoint(typeof(IWSManHttpService), binding, new Uri("http://localhost:5985/wsman")); ServiceCredentials cred = new ServiceCredentials(); cred.ServiceCertificate.Certificate = new X509Certificate2("powershell.pfx", "mono"); cred.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; cred.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom; cred.UserNameAuthentication.CustomUserNamePasswordValidator = new WSManUserNamePasswordValidator(); _host.Description.Behaviors.Add(cred); _host.Description.Behaviors.Find <ServiceDebugBehavior> () .IncludeExceptionDetailInFaults = false; ServiceMetadataBehavior smb = new ServiceMetadataBehavior(); smb.HttpGetEnabled = true; smb.HttpGetUrl = new Uri("http://localhost:5985/wsman/wsdl"); _host.Description.Behaviors.Add(smb); } catch (Exception ex) { Console.WriteLine("Could not create service..."); Console.WriteLine(ex.Message); } }
static void Run(string issuerUri, string issuerCertFile) { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement(); IssuedSecurityTokenParameters ip = new IssuedSecurityTokenParameters(); ip.ClaimTypeRequirements.Add(new ClaimTypeRequirement( ClaimTypes.PPID)); //ClaimTypes.Email)); if (issuerUri != null) { // if exists, then a managed card is required. ip.IssuerAddress = new EndpointAddress(new Uri(issuerUri), new X509CertificateEndpointIdentity(new X509Certificate2(issuerCertFile))); } X509Certificate2 cert2 = new X509Certificate2("test.cer"); EndpointAddress target = new EndpointAddress(new Uri("http://localhost:8080"), new X509CertificateEndpointIdentity(cert2)); sbe.ProtectionTokenParameters = ip; sbe.LocalClientSettings.IdentityVerifier = new MyVerifier(); HttpTransportBindingElement hbe = new HttpTransportBindingElement(); CustomBinding binding = new CustomBinding(sbe, hbe); // DefaultCertificate does not work here... FooProxy proxy = new FooProxy(binding, target); proxy.ClientCredentials.ServiceCertificate.Authentication .CertificateValidationMode = X509CertificateValidationMode.None; proxy.ClientCredentials.ServiceCertificate.Authentication .RevocationMode = X509RevocationMode.NoCheck; //proxy.ClientCredentials.IssuedToken.LocalIssuerAddress = ip.IssuerAddress; //proxy.ClientCredentials.IssuedToken.LocalIssuerBinding = ip.IssuerBinding; Console.WriteLine(proxy.Echo("TEST FOR ECHO")); }
public static void Main (string [] args) { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement (); IssuedSecurityTokenParameters ip = new IssuedSecurityTokenParameters (); sbe.ProtectionTokenParameters = ip; ip.ClaimTypeRequirements.Add (new ClaimTypeRequirement ( ClaimTypes.Email)); if (args.Length > 0) { ip.IssuerAddress = new EndpointAddress (new Uri (args [0]), new X509CertificateEndpointIdentity (new X509Certificate2 (args [1]))); } ServiceHost host = new ServiceHost (typeof (Foo)); HttpTransportBindingElement hbe = new HttpTransportBindingElement (); CustomBinding binding = new CustomBinding (sbe, hbe); binding.ReceiveTimeout = TimeSpan.FromSeconds (5); host.AddServiceEndpoint ("IFoo", binding, new Uri ("http://localhost:8080")); ServiceCredentials cred = new ServiceCredentials (); cred.ServiceCertificate.Certificate = new X509Certificate2 ("test.pfx", "mono"); cred.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; cred.IssuedTokenAuthentication.AllowUntrustedRsaIssuers = true; host.Description.Behaviors.Add (cred); host.Description.Behaviors.Find<ServiceDebugBehavior> () .IncludeExceptionDetailInFaults = true; ServiceMetadataBehavior smb = new ServiceMetadataBehavior (); smb.HttpGetEnabled = true; smb.HttpGetUrl = new Uri ("http://localhost:8080/wsdl"); host.Description.Behaviors.Add (smb); host.Open (); Console.WriteLine ("Hit [CR] key to close ..."); Console.ReadLine (); host.Close (); }
public void CreateIssuedTokenForCertificateBindingElement1() { IssuedSecurityTokenParameters tp = new IssuedSecurityTokenParameters(); SymmetricSecurityBindingElement be = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(tp); SecurityAssert.AssertSymmetricSecurityBindingElement( SecurityAlgorithmSuite.Default, true, // IncludeTimestamp SecurityKeyEntropyMode.CombinedEntropy, MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature, MessageSecurityVersion.Default, true, // RequireSignatureConfirmation SecurityHeaderLayout.Strict, // EndpointSupportingTokenParameters: endorsing, signed, signedEncrypted, signedEndorsing (by count) 1, 0, 0, 0, // ProtectionTokenParameters true, SecurityTokenInclusionMode.Never, SecurityTokenReferenceStyle.Internal, true, // LocalClientSettings true, 60, true, be, ""); // test ProtectionTokenParameters X509SecurityTokenParameters ptp = be.ProtectionTokenParameters as X509SecurityTokenParameters; Assert.IsNotNull(ptp, "#2-1"); SecurityAssert.AssertSecurityTokenParameters( SecurityTokenInclusionMode.Never, SecurityTokenReferenceStyle.Internal, true, ptp, "Protection"); Assert.AreEqual(X509KeyIdentifierClauseType.Thumbprint, ptp.X509ReferenceStyle, "#2-2"); Assert.AreEqual(tp, be.EndpointSupportingTokenParameters.Endorsing [0], "EndpointParams.Endorsing[0]"); }
public static void Main() { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement(); sbe.ProtectionTokenParameters = new SslSecurityTokenParameters(); ServiceHost host = new ServiceHost(typeof(Foo)); HttpTransportBindingElement hbe = new HttpTransportBindingElement(); CustomBinding binding = new CustomBinding(sbe, hbe); binding.ReceiveTimeout = TimeSpan.FromSeconds(5); host.AddServiceEndpoint("IFoo", binding, new Uri("http://localhost:8080")); ServiceCredentials cred = new ServiceCredentials(); cred.SecureConversationAuthentication.SecurityStateEncoder = new MyEncoder(); cred.ServiceCertificate.Certificate = new X509Certificate2("test.pfx", "mono"); cred.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; host.Description.Behaviors.Add(cred); host.Description.Behaviors.Find <ServiceDebugBehavior> () .IncludeExceptionDetailInFaults = true; // foreach (ServiceEndpoint se in host.Description.Endpoints) // se.Behaviors.Add (new StdErrInspectionBehavior ()); ServiceMetadataBehavior smb = new ServiceMetadataBehavior(); smb.HttpGetEnabled = true; smb.HttpGetUrl = new Uri("http://localhost:8080/wsdl"); host.Description.Behaviors.Add(smb); host.Open(); Console.WriteLine("Hit [CR] key to close ..."); Console.ReadLine(); host.Close(); }
static void Run() { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement(); //sbe.IncludeTimestamp = false; //sbe.LocalClientSettings.DetectReplays = false; sbe.ProtectionTokenParameters = new X509SecurityTokenParameters(); sbe.ProtectionTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never; sbe.SetKeyDerivation(false); sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; HttpTransportBindingElement hbe = new HttpTransportBindingElement(); CustomBinding binding = new CustomBinding(new XBE(), sbe, hbe); X509Certificate2 cert = new X509Certificate2("test.cer"); FooProxy proxy = new FooProxy(binding, new EndpointAddress(new Uri("http://localhost:8080"), new X509CertificateEndpointIdentity(cert))); proxy.Endpoint.Behaviors.Add(new StdErrInspectionBehavior()); proxy.Open(); Console.WriteLine(proxy.Echo("TEST FOR ECHO")); }
Binding CreateIssuerBinding(RequestSender handler, bool tokenParams) { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement(); if (tokenParams) { sbe.ProtectionTokenParameters = new X509SecurityTokenParameters(); } sbe.LocalServiceSettings.NegotiationTimeout = TimeSpan.FromSeconds(5); sbe.KeyEntropyMode = SecurityKeyEntropyMode.ClientEntropy; //sbe.IncludeTimestamp = false; //sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; // for ease of decryption, let's remove DerivedKeyToken. sbe.SetKeyDerivation(false); return(new CustomBinding( // new DebugBindingElement (), sbe, new TextMessageEncodingBindingElement(), new HandlerTransportBindingElement(handler))); }
void ProcessClient() { SymmetricSecurityBindingElement svcsbe = new SymmetricSecurityBindingElement(); svcsbe.ProtectionTokenParameters = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.Never); BindingElement cintercept = new InterceptorBindingElement(null); CustomBinding b_req = new CustomBinding(svcsbe, cintercept, new HttpTransportBindingElement()); b_req.ReceiveTimeout = b_req.SendTimeout = TimeSpan.FromSeconds(5); EndpointAddress remaddr = new EndpointAddress( new Uri("http://localhost:" + NetworkHelpers.FindFreePort()), new X509CertificateEndpointIdentity(cert)); CalcProxy proxy = new CalcProxy(b_req, remaddr); proxy.ClientCredentials.ClientCertificate.Certificate = cert2; proxy.Sum(1, 2); proxy.Close(); }
public void CreateKerberosBindingElement() { SymmetricSecurityBindingElement be = SecurityBindingElement.CreateKerberosBindingElement(); SecurityAssert.AssertSymmetricSecurityBindingElement( SecurityAlgorithmSuite.Basic128, true, // IncludeTimestamp SecurityKeyEntropyMode.CombinedEntropy, MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature, MessageSecurityVersion.Default, false, // RequireSignatureConfirmation SecurityHeaderLayout.Strict, // EndpointSupportingTokenParameters: endorsing, signed, signedEncrypted, signedEndorsing (by count) 0, 0, 0, 0, // ProtectionTokenParameters true, SecurityTokenInclusionMode.Once, SecurityTokenReferenceStyle.Internal, true, // LocalClientSettings true, 60, true, be, ""); // FIXME: test ProtectionTokenParameters }
Binding CreateIssuerBinding (RequestSender handler, bool tokenParams) { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement (); if (tokenParams) sbe.ProtectionTokenParameters = new X509SecurityTokenParameters (); sbe.LocalServiceSettings.NegotiationTimeout = TimeSpan.FromSeconds (5); sbe.KeyEntropyMode = SecurityKeyEntropyMode.ClientEntropy; //sbe.IncludeTimestamp = false; //sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; // for ease of decryption, let's remove DerivedKeyToken. sbe.SetKeyDerivation (false); return new CustomBinding ( // new DebugBindingElement (), sbe, new TextMessageEncodingBindingElement (), new HandlerTransportBindingElement (handler)); }
public virtual bool TryImportWsspProtectionTokenAssertion(MetadataImporter importer, PolicyConversionContext policyContext, ICollection<XmlElement> assertions, SymmetricSecurityBindingElement binding) { XmlElement element; Collection<Collection<XmlElement>> collection; bool flag = false; if (this.TryImportWsspAssertion(assertions, "ProtectionToken", out element) && this.TryGetNestedPolicyAlternatives(importer, element, out collection)) { foreach (Collection<XmlElement> collection2 in collection) { SecurityTokenParameters parameters; bool flag2; if (this.TryImportTokenAssertion(importer, policyContext, collection2, out parameters, out flag2) && (collection2.Count == 0)) { flag = true; binding.ProtectionTokenParameters = parameters; return flag; } } } return flag; }
public void SetKeyDerivation () { SymmetricSecurityBindingElement be; X509SecurityTokenParameters p; be = new SymmetricSecurityBindingElement (); p = new X509SecurityTokenParameters (); be.ProtectionTokenParameters = p; be.SetKeyDerivation (false); Assert.AreEqual (false, p.RequireDerivedKeys, "#1"); be = new SymmetricSecurityBindingElement (); p = new X509SecurityTokenParameters (); be.SetKeyDerivation (false); // set in prior - makes no sense be.ProtectionTokenParameters = p; Assert.AreEqual (true, p.RequireDerivedKeys, "#2"); }
public virtual bool TryImportWsspSymmetricBindingAssertion(MetadataImporter importer, PolicyConversionContext policyContext, ICollection<XmlElement> assertions, out SymmetricSecurityBindingElement binding, out XmlElement assertion) { binding = null; Collection<Collection<XmlElement>> alternatives; if (TryImportWsspAssertion(assertions, SymmetricBindingName, out assertion) && TryGetNestedPolicyAlternatives(importer, assertion, out alternatives)) { foreach (Collection<XmlElement> alternative in alternatives) { MessageProtectionOrder order; bool protectTokens; binding = new SymmetricSecurityBindingElement(); if (TryImportWsspProtectionTokenAssertion(importer, policyContext, alternative, binding) && TryImportWsspAlgorithmSuiteAssertion(importer, alternative, binding) && TryImportWsspLayoutAssertion(importer, alternative, binding) && TryImportWsspIncludeTimestampAssertion(alternative, binding) && TryImportMessageProtectionOrderAssertions(alternative, out order) && TryImportWsspProtectTokensAssertion(alternative, out protectTokens) && TryImportWsspAssertion(alternative, OnlySignEntireHeadersAndBodyName, true) && alternative.Count == 0) { binding.MessageProtectionOrder = order; binding.ProtectTokens = protectTokens; break; } else { binding = null; } } } return binding != null; }
public virtual bool TryImportWsspProtectionTokenAssertion(MetadataImporter importer, PolicyConversionContext policyContext, ICollection<XmlElement> assertions, SymmetricSecurityBindingElement binding) { bool result = false; XmlElement assertion; Collection<Collection<XmlElement>> alternatives; if (TryImportWsspAssertion(assertions, ProtectionTokenName, out assertion) && TryGetNestedPolicyAlternatives(importer, assertion, out alternatives)) { foreach (Collection<XmlElement> alternative in alternatives) { SecurityTokenParameters tokenParameters; bool isOptional; if (TryImportTokenAssertion(importer, policyContext, alternative, out tokenParameters, out isOptional) && alternative.Count == 0) { result = true; binding.ProtectionTokenParameters = tokenParameters; break; } } } return result; }
public void MessageSecurityManualProtection () { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement (); sbe.ProtectionTokenParameters = new X509SecurityTokenParameters (); RequestSender sender = delegate (Message input) { MessageBuffer buf = input.CreateBufferedCopy (0x10000); using (XmlWriter w = XmlWriter.Create (Console.Error)) { buf.CreateMessage ().WriteMessage (w); } return buf.CreateMessage (); }; CustomBinding binding = new CustomBinding ( sbe, new TextMessageEncodingBindingElement (), new HandlerTransportBindingElement (sender)); EndpointAddress address = new EndpointAddress ( new Uri ("http://localhost:8080"), new X509CertificateEndpointIdentity (new X509Certificate2 ("Test/Resources/test.pfx", "mono"))); ChannelProtectionRequirements reqs = new ChannelProtectionRequirements (); reqs.OutgoingSignatureParts.AddParts ( new MessagePartSpecification (new XmlQualifiedName ("SampleValue", "urn:foo")), "urn:myaction"); BindingParameterCollection parameters = new BindingParameterCollection (); parameters.Add (reqs); /* SymmetricSecurityBindingElement innersbe = new SymmetricSecurityBindingElement (); innersbe.ProtectionTokenParameters = new X509SecurityTokenParameters (); sbe.ProtectionTokenParameters = new SecureConversationSecurityTokenParameters ( innersbe, false, reqs); */ IChannelFactory<IRequestChannel> cf = binding.BuildChannelFactory<IRequestChannel> (parameters); cf.Open (); IRequestChannel ch = cf.CreateChannel (address); ch.Open (); try { ch.Request (Message.CreateMessage (MessageVersion.None, "urn:myaction", new SampleValue ())); } finally { ch.Close (); } }
public void NonEndorsibleParameterInEndorsingSupport () { SymmetricSecurityBindingElement be = new SymmetricSecurityBindingElement (); be.ProtectionTokenParameters = new X509SecurityTokenParameters (); be.EndpointSupportingTokenParameters.Endorsing.Add ( new UserNameSecurityTokenParameters ()); Binding b = new CustomBinding (be, new HttpTransportBindingElement ()); X509Certificate2 cert = new X509Certificate2 ("Test/Resources/test.pfx", "mono"); EndpointAddress ea = new EndpointAddress (new Uri ("http://localhost:" + NetworkHelpers.FindFreePort ()), new X509CertificateEndpointIdentity (cert)); CalcProxy client = new CalcProxy (b, ea); client.ClientCredentials.UserName.UserName = "******"; client.Sum (1, 2); }
public void CheckDuplicateAuthenticatorTypesService () { SymmetricSecurityBindingElement be = new SymmetricSecurityBindingElement (); be.ProtectionTokenParameters = new X509SecurityTokenParameters (); be.EndpointSupportingTokenParameters.Endorsing.Add ( new X509SecurityTokenParameters ()); // This causes multiple supporting token authenticator // of the same type. be.OptionalEndpointSupportingTokenParameters.Endorsing.Add ( new X509SecurityTokenParameters ()); Binding b = new CustomBinding (be, new HttpTransportBindingElement ()); ServiceCredentials cred = new ServiceCredentials (); cred.ServiceCertificate.Certificate = new X509Certificate2 ("Test/Resources/test.pfx", "mono"); IChannelListener<IReplyChannel> ch = b.BuildChannelListener<IReplyChannel> (new Uri ("http://localhost:" + NetworkHelpers.FindFreePort ()), cred); try { ch.Open (); } finally { if (ch.State == CommunicationState.Closed) ch.Close (); } }
public static void AssertSymmetricSecurityBindingElement ( SecurityAlgorithmSuite algorithm, bool includeTimestamp, SecurityKeyEntropyMode keyEntropyMode, MessageProtectionOrder messageProtectionOrder, MessageSecurityVersion messageSecurityVersion, bool requireSignatureConfirmation, SecurityHeaderLayout securityHeaderLayout, // EndpointSupportingTokenParameters int endorsing, int signed, int signedEncrypted, int signedEndorsing, // ProtectionTokenParameters bool hasProtectionTokenParameters, SecurityTokenInclusionMode protectionTokenInclusionMode, SecurityTokenReferenceStyle protectionTokenReferenceStyle, bool protectionTokenRequireDerivedKeys, // LocalClientSettings bool cacheCookies, int renewalThresholdPercentage, bool detectReplays, SymmetricSecurityBindingElement be, string label) { AssertSecurityBindingElement ( algorithm, includeTimestamp, keyEntropyMode, messageSecurityVersion, securityHeaderLayout, // EndpointSupportingTokenParameters endorsing, signed, signedEncrypted, signedEndorsing, // LocalClientSettings cacheCookies, renewalThresholdPercentage, detectReplays, be, label); Assert.AreEqual (messageProtectionOrder, be.MessageProtectionOrder, label + ".MessageProtectionOrder"); Assert.AreEqual (requireSignatureConfirmation, be.RequireSignatureConfirmation, label + ".RequireSignatureConfirmation"); if (!hasProtectionTokenParameters) Assert.IsNull (be.ProtectionTokenParameters, label + ".ProtectionTokenParameters (null)"); else AssertSecurityTokenParameters ( protectionTokenInclusionMode, protectionTokenReferenceStyle, protectionTokenRequireDerivedKeys, be.ProtectionTokenParameters, label + ".ProtectionTokenParameters"); }
CustomBinding CreateBinding (RequestSender sender, SecurityTokenParameters protectionTokenParameters, bool isOneWay) { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement (); sbe.ProtectionTokenParameters = protectionTokenParameters; List<BindingElement> l = new List<BindingElement> (); l.Add (sbe); l.Add (new TextMessageEncodingBindingElement ()); if (isOneWay) l.Add (new OneWayBindingElement ()); l.Add (new HandlerTransportBindingElement (sender)); CustomBinding b = new CustomBinding (l); return b; }
public void OpenRequestNonAuthenticatable () { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement (); sbe.ProtectionTokenParameters = new UserNameSecurityTokenParameters (); Binding binding = new CustomBinding (sbe, new HandlerTransportBindingElement (null)); BindingParameterCollection pl = new BindingParameterCollection (); ClientCredentials cred = new ClientCredentials (); cred.UserName.UserName = "******"; pl.Add (cred); IChannelFactory<IRequestChannel> f = binding.BuildChannelFactory<IRequestChannel> (pl); f.Open (); IRequestChannel ch = f.CreateChannel (new EndpointAddress ("stream:dummy")); try { ch.Open (); Assert.Fail ("NotSupportedException is expected."); } catch (NotSupportedException) { } }
protected override SecurityBindingElement CreateMessageSecurity () { if (Security.Mode == SecurityMode.Transport || Security.Mode == SecurityMode.None) return null; SymmetricSecurityBindingElement element = new SymmetricSecurityBindingElement (); element.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10; element.RequireSignatureConfirmation = true; switch (Security.Message.ClientCredentialType) { case MessageCredentialType.Certificate: X509SecurityTokenParameters p = new X509SecurityTokenParameters (X509KeyIdentifierClauseType.Thumbprint); p.RequireDerivedKeys = false; element.EndpointSupportingTokenParameters.Endorsing.Add (p); goto default; case MessageCredentialType.IssuedToken: IssuedSecurityTokenParameters istp = new IssuedSecurityTokenParameters (); // FIXME: issuer binding must be secure. istp.IssuerBinding = new CustomBinding ( new TextMessageEncodingBindingElement (), GetTransport ()); element.EndpointSupportingTokenParameters.Endorsing.Add (istp); goto default; case MessageCredentialType.UserName: element.EndpointSupportingTokenParameters.SignedEncrypted.Add ( new UserNameSecurityTokenParameters ()); element.RequireSignatureConfirmation = false; goto default; case MessageCredentialType.Windows: if (Security.Message.NegotiateServiceCredential) { // No SSPI on Linux though... element.ProtectionTokenParameters = // FIXME: fill proper parameters new SspiSecurityTokenParameters (); } else { // and no Kerberos ... element.ProtectionTokenParameters = new KerberosSecurityTokenParameters (); } break; default: // including .None if (Security.Message.NegotiateServiceCredential) { element.ProtectionTokenParameters = // FIXME: fill proper parameters new SslSecurityTokenParameters (false, true); } else { element.ProtectionTokenParameters = new X509SecurityTokenParameters (X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.Never); element.ProtectionTokenParameters.RequireDerivedKeys = true; } break; } if (!Security.Message.EstablishSecurityContext) return element; // SecureConversation enabled ChannelProtectionRequirements reqs = new ChannelProtectionRequirements (); // FIXME: fill the reqs return SecurityBindingElement.CreateSecureConversationBindingElement ( // FIXME: requireCancellation element, true, reqs); }
public void OtherParameterInEndorsingSupport () { SymmetricSecurityBindingElement be = new SymmetricSecurityBindingElement (); be.ProtectionTokenParameters = new X509SecurityTokenParameters (); be.EndpointSupportingTokenParameters.Endorsing.Add ( new MyEndorsingTokenParameters ()); Binding b = new CustomBinding (be, new HttpTransportBindingElement ()); EndpointAddress ea = new EndpointAddress (new Uri ("http://localhost:37564"), new X509CertificateEndpointIdentity (cert)); CalcProxy client = new CalcProxy (b, ea); client.Endpoint.Behaviors.RemoveAll<ClientCredentials> (); client.Endpoint.Behaviors.Add (new MyClientCredentials ()); client.Sum (1, 2); }
private SecurityBindingElement CreateSecurityBindingElement() { SymmetricSecurityBindingElement secBindingElement = new SymmetricSecurityBindingElement(); secBindingElement.SecurityHeaderLayout = SecurityHeaderLayout.Strict; // TEST //secBindingElement.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256Rsa15; secBindingElement.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256; secBindingElement.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; secBindingElement.IncludeTimestamp = true; secBindingElement.SetKeyDerivation(false); //secBindingElement.RequireSignatureConfirmation = true; //secBindingElement.AllowInsecureTransport = true; ////////////////////////////////////////////////////////// SecurityBindingElement ssbe = (SecurityBindingElement)secBindingElement; // Set the Custom IdentityVerifier //ssbe.LocalClientSettings.IdentityVerifier = new Common.CustomIdentityVerifier(); ////////////////////////////////////////////////////////// X509SecurityTokenParameters protectTokenParameters = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.Never); protectTokenParameters.X509ReferenceStyle = X509KeyIdentifierClauseType.Thumbprint; //X509SecurityTokenParameters protectTokenParameters = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.IssuerSerial, // SecurityTokenInclusionMode.Never); protectTokenParameters.RequireDerivedKeys = false; //protectTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never; //protectTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient; secBindingElement.ProtectionTokenParameters = protectTokenParameters; UserNameSecurityTokenParameters userNameToken = new UserNameSecurityTokenParameters(); userNameToken.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient; secBindingElement.EndpointSupportingTokenParameters.SignedEncrypted.Add(userNameToken); //secBindingElement.EndpointSupportingTokenParameters.Signed.Add(userNameToken); //secBindingElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12; secBindingElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10; return secBindingElement; }
// based on WSHttpBinding.CreateMessageSecurity() SecurityBindingElement CreateMessageSecurity () { if (Security.Mode == SecurityMode.Transport || Security.Mode == SecurityMode.None) return null; SymmetricSecurityBindingElement element = new SymmetricSecurityBindingElement (); element.MessageSecurityVersion = MessageSecurityVersion.Default; element.SetKeyDerivation (false); switch (Security.Message.ClientCredentialType) { case MessageCredentialType.Certificate: element.EndpointSupportingTokenParameters.Endorsing.Add ( new X509SecurityTokenParameters ()); goto default; case MessageCredentialType.IssuedToken: IssuedSecurityTokenParameters istp = new IssuedSecurityTokenParameters (); // FIXME: issuer binding must be secure. istp.IssuerBinding = new CustomBinding ( new TextMessageEncodingBindingElement (), GetTransport ()); element.EndpointSupportingTokenParameters.Endorsing.Add (istp); goto default; case MessageCredentialType.UserName: element.EndpointSupportingTokenParameters.SignedEncrypted.Add ( new UserNameSecurityTokenParameters ()); goto default; case MessageCredentialType.Windows: element.ProtectionTokenParameters = new KerberosSecurityTokenParameters (); break; default: // including .None X509SecurityTokenParameters p = new X509SecurityTokenParameters (); p.X509ReferenceStyle = X509KeyIdentifierClauseType.Thumbprint; element.ProtectionTokenParameters = p; break; } return element; }
// Envelope Version 'EnvelopeNone (http://schemas.microsoft.com/ws/2005/05/envelope/none)' // does not support adding Message Headers. public void MessageSecurityPOX () { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement (); sbe.ProtectionTokenParameters = new X509SecurityTokenParameters (); RequestSender sender = delegate (Message input) { MessageBuffer buf = input.CreateBufferedCopy (0x10000); using (XmlWriter w = XmlWriter.Create (Console.Error)) { buf.CreateMessage ().WriteMessage (w); } return buf.CreateMessage (); }; CustomBinding binding = new CustomBinding ( sbe, new TextMessageEncodingBindingElement ( MessageVersion.None, Encoding.UTF8), new HandlerTransportBindingElement (sender)); EndpointAddress address = new EndpointAddress ( new Uri ("http://localhost:8080"), new X509CertificateEndpointIdentity (new X509Certificate2 ("Test/Resources/test.pfx", "mono"))); ChannelFactory<IRequestChannel> cf = new ChannelFactory<IRequestChannel> (binding, address); IRequestChannel ch = cf.CreateChannel (); /* // neither of Endpoint, Contract nor its Operation seems // to have applicable behaviors (except for // ClientCredentials) Assert.AreEqual (1, cf.Endpoint.Behaviors.Count, "EndpointBehavior"); Assert.AreEqual (0, cf.Endpoint.Contract.Behaviors.Count, "ContractBehavior"); Assert.AreEqual (1, cf.Endpoint.Contract.Operations.Count, "Operations"); OperationDescription od = cf.Endpoint.Contract.Operations [0]; Assert.AreEqual (0, od.Behaviors.Count, "OperationBehavior"); */ ch.Open (); try { ch.Request (Message.CreateMessage (MessageVersion.None, "urn:myaction")); } finally { ch.Close (); } }
protected override SecurityBindingElement CreateMessageSecurity () { SymmetricSecurityBindingElement element = new SymmetricSecurityBindingElement (); element.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10; // if (!Security.Message.EstablishSecurityContext) // element.SetKeyDerivation (false); IssuedSecurityTokenParameters istp = new IssuedSecurityTokenParameters (); // FIXME: issuer binding must be secure. istp.IssuerBinding = new CustomBinding ( new TextMessageEncodingBindingElement (), GetTransport ()); element.EndpointSupportingTokenParameters.Endorsing.Add (istp); if (Security.Message.NegotiateServiceCredential) { element.ProtectionTokenParameters = // FIXME: fill proper parameters new SslSecurityTokenParameters (false, true); } else { element.ProtectionTokenParameters = new X509SecurityTokenParameters (); } // if (!Security.Message.EstablishSecurityContext) // return element; // SecureConversation enabled ChannelProtectionRequirements reqs = new ChannelProtectionRequirements (); // FIXME: fill the reqs // FIXME: for TransportWithMessageCredential mode, // return TransportSecurityBindingElement. return SecurityBindingElement.CreateSecureConversationBindingElement ( // FIXME: requireCancellation element, true, reqs); }
public virtual XmlElement CreateWsspSymmetricBindingAssertion(MetadataExporter exporter, PolicyConversionContext policyContext, SymmetricSecurityBindingElement binding) { if (binding == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("binding"); } XmlElement result = CreateWsspAssertion(SymmetricBindingName); result.AppendChild( CreateWspPolicyWrapper( exporter, CreateWsspProtectionTokenAssertion(exporter, binding.ProtectionTokenParameters), CreateWsspAlgorithmSuiteAssertion(exporter, binding.DefaultAlgorithmSuite), CreateWsspLayoutAssertion(exporter, binding.SecurityHeaderLayout), CreateWsspIncludeTimestampAssertion(binding.IncludeTimestamp), CreateWsspEncryptBeforeSigningAssertion(binding.MessageProtectionOrder), CreateWsspEncryptSignatureAssertion(policyContext, binding), CreateWsspProtectTokensAssertion(binding), CreateWsspAssertion(OnlySignEntireHeadersAndBodyName) )); return result; }
public virtual bool TryImportWsspSymmetricBindingAssertion(MetadataImporter importer, PolicyConversionContext policyContext, ICollection<XmlElement> assertions, out SymmetricSecurityBindingElement binding, out XmlElement assertion) { Collection<Collection<XmlElement>> collection; binding = null; if (this.TryImportWsspAssertion(assertions, "SymmetricBinding", out assertion) && this.TryGetNestedPolicyAlternatives(importer, assertion, out collection)) { foreach (Collection<XmlElement> collection2 in collection) { MessageProtectionOrder order; binding = new SymmetricSecurityBindingElement(); if (((this.TryImportWsspProtectionTokenAssertion(importer, policyContext, collection2, binding) && this.TryImportWsspAlgorithmSuiteAssertion(importer, collection2, binding)) && (this.TryImportWsspLayoutAssertion(importer, collection2, binding) && this.TryImportWsspIncludeTimestampAssertion(collection2, binding))) && ((this.TryImportMessageProtectionOrderAssertions(collection2, out order) && this.TryImportWsspAssertion(collection2, "OnlySignEntireHeadersAndBody", true)) && (collection2.Count == 0))) { binding.MessageProtectionOrder = order; break; } binding = null; } } return (binding != null); }
CustomBinding CreateBinding (ReplyHandler replier, RequestReceiver receiver) { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement (); sbe.ProtectionTokenParameters = new X509SecurityTokenParameters (); CustomBinding b = new CustomBinding ( sbe, new TextMessageEncodingBindingElement (), new HandlerTransportBindingElement (replier, receiver)); return b; }
// It is problematic, but there is no option to disable establishing security context in this binding unlike WSHttpBinding... SecurityBindingElement CreateMessageSecurity () { if (Security.Mode == SecurityMode.Transport || Security.Mode == SecurityMode.None) return null; // FIXME: this is wrong. Could be Asymmetric, depends on Security.Message.AlgorithmSuite value. SymmetricSecurityBindingElement element = new SymmetricSecurityBindingElement (); element.MessageSecurityVersion = MessageSecurityVersion.Default; element.SetKeyDerivation (false); switch (Security.Message.ClientCredentialType) { case MessageCredentialType.Certificate: element.EndpointSupportingTokenParameters.Endorsing.Add ( new X509SecurityTokenParameters ()); goto default; case MessageCredentialType.IssuedToken: IssuedSecurityTokenParameters istp = new IssuedSecurityTokenParameters (); // FIXME: issuer binding must be secure. istp.IssuerBinding = new CustomBinding ( new TextMessageEncodingBindingElement (), GetTransport ()); element.EndpointSupportingTokenParameters.Endorsing.Add (istp); goto default; case MessageCredentialType.UserName: element.EndpointSupportingTokenParameters.SignedEncrypted.Add ( new UserNameSecurityTokenParameters ()); goto default; case MessageCredentialType.Windows: element.ProtectionTokenParameters = new KerberosSecurityTokenParameters (); break; default: // including .None X509SecurityTokenParameters p = new X509SecurityTokenParameters (); p.X509ReferenceStyle = X509KeyIdentifierClauseType.Thumbprint; element.ProtectionTokenParameters = p; break; } // SecureConversation enabled ChannelProtectionRequirements reqs = new ChannelProtectionRequirements (); // FIXME: fill the reqs return SecurityBindingElement.CreateSecureConversationBindingElement ( // FIXME: requireCancellation element, true, reqs); }