public static void Main ()
{
AsymmetricSecurityBindingElement sbe =
new AsymmetricSecurityBindingElement ();
//sbe.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
//sbe.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11;
//sbe.RequireSignatureConfirmation = true;
//sbe.LocalServiceSettings.DetectReplays = false;
//sbe.IncludeTimestamp = false;
sbe.RecipientTokenParameters =
new X509SecurityTokenParameters (X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.Never);
sbe.InitiatorTokenParameters =
new X509SecurityTokenParameters (X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.AlwaysToRecipient);
X509SecurityTokenParameters p =
new X509SecurityTokenParameters (X509KeyIdentifierClauseType.IssuerSerial, SecurityTokenInclusionMode.AlwaysToRecipient);
p.RequireDerivedKeys = false;
//sbe.EndpointSupportingTokenParameters.Endorsing.Add (p);
UserNameSecurityTokenParameters up =
new UserNameSecurityTokenParameters ();
sbe.EndpointSupportingTokenParameters.Signed.Add (up);
sbe.SetKeyDerivation (false);
sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
ServiceHost host = new ServiceHost (typeof (Foo));
HttpTransportBindingElement hbe =
new HttpTransportBindingElement ();
CustomBinding binding = new CustomBinding (sbe, hbe);
binding.ReceiveTimeout = TimeSpan.FromSeconds (5);
host.AddServiceEndpoint ("IFoo",
binding, new Uri ("http://localhost:8080"));
ServiceCredentials cred = new ServiceCredentials ();
cred.ServiceCertificate.Certificate =
new X509Certificate2 ("test.pfx", "mono");
cred.ClientCertificate.Authentication.CertificateValidationMode =
X509CertificateValidationMode.None;
cred.UserNameAuthentication.UserNamePasswordValidationMode =
UserNamePasswordValidationMode.Custom;
cred.UserNameAuthentication.CustomUserNamePasswordValidator =
UserNamePasswordValidator.None;
host.Description.Behaviors.Add (cred);
host.Description.Behaviors.Find<ServiceDebugBehavior> ()
.IncludeExceptionDetailInFaults = true;
foreach (ServiceEndpoint se in host.Description.Endpoints)
se.Behaviors.Add (new StdErrInspectionBehavior ());
ServiceMetadataBehavior smb = new ServiceMetadataBehavior ();
smb.HttpGetEnabled = true;
smb.HttpGetUrl = new Uri ("http://localhost:8080/wsdl");
host.Description.Behaviors.Add (smb);
host.Open ();
Console.WriteLine ("Hit [CR] key to close ...");
Console.ReadLine ();
host.Close ();
}
public virtual bool TryImportWsspUsernameTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters)
{
parameters = null;
SecurityTokenInclusionMode inclusionMode;
Collection<Collection<XmlElement>> alternatives;
if (IsWsspAssertion(assertion, UsernameTokenName)
&& TryGetIncludeTokenValue(assertion, out inclusionMode))
{
if (TryGetNestedPolicyAlternatives(importer, assertion, out alternatives))
{
foreach (Collection<XmlElement> alternative in alternatives)
{
if (TryImportWsspAssertion(alternative, WssUsernameToken10Name)
&& alternative.Count == 0)
{
parameters = new UserNameSecurityTokenParameters();
parameters.InclusionMode = inclusionMode;
break;
}
}
}
else
{
parameters = new UserNameSecurityTokenParameters();
parameters.InclusionMode = inclusionMode;
}
}
return parameters != null;
}
public virtual XmlElement CreateWsspUsernameTokenAssertion(MetadataExporter exporter, UserNameSecurityTokenParameters parameters)
{
XmlElement result = CreateWsspAssertion(UsernameTokenName);
SetIncludeTokenValue(result, parameters.InclusionMode);
result.AppendChild(
CreateWspPolicyWrapper(
exporter,
CreateWsspAssertion(WssUsernameToken10Name)
));
return result;
}
private SecurityBindingElement CreateSecurityBindingElement()
{
SymmetricSecurityBindingElement secBindingElement = new SymmetricSecurityBindingElement();
secBindingElement.SecurityHeaderLayout = SecurityHeaderLayout.Strict;
// TEST
//secBindingElement.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256Rsa15;
secBindingElement.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256;
secBindingElement.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
secBindingElement.IncludeTimestamp = true;
secBindingElement.SetKeyDerivation(false);
//secBindingElement.RequireSignatureConfirmation = true;
//secBindingElement.AllowInsecureTransport = true;
//////////////////////////////////////////////////////////
SecurityBindingElement ssbe = (SecurityBindingElement)secBindingElement;
// Set the Custom IdentityVerifier
//ssbe.LocalClientSettings.IdentityVerifier = new Common.CustomIdentityVerifier();
//////////////////////////////////////////////////////////
X509SecurityTokenParameters protectTokenParameters = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Thumbprint,
SecurityTokenInclusionMode.Never);
protectTokenParameters.X509ReferenceStyle = X509KeyIdentifierClauseType.Thumbprint;
//X509SecurityTokenParameters protectTokenParameters = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.IssuerSerial,
// SecurityTokenInclusionMode.Never);
protectTokenParameters.RequireDerivedKeys = false;
//protectTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never;
//protectTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
secBindingElement.ProtectionTokenParameters = protectTokenParameters;
UserNameSecurityTokenParameters userNameToken = new UserNameSecurityTokenParameters();
userNameToken.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
secBindingElement.EndpointSupportingTokenParameters.SignedEncrypted.Add(userNameToken);
//secBindingElement.EndpointSupportingTokenParameters.Signed.Add(userNameToken);
//secBindingElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12;
secBindingElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
return secBindingElement;
}
protected UserNameSecurityTokenParameters(UserNameSecurityTokenParameters other)
: base(other)
{
base.RequireDerivedKeys = false;
}
protected UserNameSecurityTokenParameters(UserNameSecurityTokenParameters other)
: base(other)
{
}
public void GetPropertySecurityCapabilities ()
{
ISecurityCapabilities c;
RsaSecurityTokenParameters rsa =
new RsaSecurityTokenParameters ();
UserNameSecurityTokenParameters user =
new UserNameSecurityTokenParameters ();
X509SecurityTokenParameters x509 =
new X509SecurityTokenParameters ();
SecureConversationSecurityTokenParameters sc1 =
new SecureConversationSecurityTokenParameters ();
sc1.BootstrapSecurityBindingElement =
new SymmetricSecurityBindingElement (); // empty
SecureConversationSecurityTokenParameters sc2 =
new SecureConversationSecurityTokenParameters ();
sc2.BootstrapSecurityBindingElement =
new SymmetricSecurityBindingElement (x509);
SecureConversationSecurityTokenParameters sc3 =
new SecureConversationSecurityTokenParameters ();
sc3.BootstrapSecurityBindingElement =
new AsymmetricSecurityBindingElement (null, x509);
SecureConversationSecurityTokenParameters sc4 =
new SecureConversationSecurityTokenParameters ();
sc4.BootstrapSecurityBindingElement =
new AsymmetricSecurityBindingElement (x509, null);
// no parameters
c = GetSecurityCapabilities (
new SymmetricSecurityBindingElement ());
AssertSecurityCapabilities (
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
false, false, false, c, "#1");
// x509 parameters for both
c = GetSecurityCapabilities (
new SymmetricSecurityBindingElement (x509));
AssertSecurityCapabilities (
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
true, true, true, c, "#2");
// no initiator parameters
c = GetSecurityCapabilities (
new AsymmetricSecurityBindingElement (x509, null));
AssertSecurityCapabilities (
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
false, false, true, c, "#3");
// no recipient parameters
c = GetSecurityCapabilities (
new AsymmetricSecurityBindingElement (null, x509));
AssertSecurityCapabilities (
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
true, true, false, c, "#4");
// initiator does not support identity
c = GetSecurityCapabilities (
new AsymmetricSecurityBindingElement (x509, rsa));
AssertSecurityCapabilities (
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
true, false, true, c, "#5");
// recipient does not support server auth
c = GetSecurityCapabilities (
new AsymmetricSecurityBindingElement (user, x509));
AssertSecurityCapabilities (
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
true, true, false, c, "#6");
// secureconv with no symm. bootstrap params
c = GetSecurityCapabilities (
new SymmetricSecurityBindingElement (sc1));
AssertSecurityCapabilities (
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
false, false, false, c, "#7");
// secureconv with x509 symm. bootstrap params
c = GetSecurityCapabilities (
new SymmetricSecurityBindingElement (sc2));
AssertSecurityCapabilities (
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
true, true, true, c, "#8");
// secureconv with x509 initiator bootstrap params
c = GetSecurityCapabilities (
new SymmetricSecurityBindingElement (sc3));
AssertSecurityCapabilities (
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
true, true, false, c, "#9");
// secureconv with x509 recipient bootstrap params
c = GetSecurityCapabilities (
new SymmetricSecurityBindingElement (sc4));
AssertSecurityCapabilities (
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
false, false, true, c, "#10");
// FIXME: find out such cases that returns other ProtectionLevel values.
}
/// <summary>
///
/// </summary>
/// <param name="accountCredentials"></param>
/// <returns>A disposable object you should wrap in using() statement</returns>
public static DocuSignWeb.APIServiceSoap CreateApiProxy(AccountCredentials accountCredentials)
{
#if true
// the envelope is finally constructed we are ready to send it in
DocuSignWeb.APIServiceSoapClient apiService = new DocuSignWeb.APIServiceSoapClient("APIServiceSoap", accountCredentials.ApiUrl);
apiService.ClientCredentials.UserName.UserName = accountCredentials.UserName;
apiService.ClientCredentials.UserName.Password = accountCredentials.Password;
return apiService;
#else // this is a security token configuration
// this is required for certain calls like RequestRecipientToken
// you need to get a certificate from Thawte or VeriSign first and install it
DocuSignWeb.APIServiceSoapClient apiService = new DocuSignWeb.APIServiceSoapClient("APIServiceSoap1", accountCredentials.ApiUrl);
apiService.ClientCredentials.UserName.UserName = "******"+ConfigurationManager.AppSettings["IntegratorsKey"]+"]"+ConfigurationManager.AppSettings["APIUserEmail"];
apiService.ClientCredentials.UserName.Password = ConfigurationManager.AppSettings["Password"];
//
// need to add the supporting token since DocuSign uses dual authentication for
// for critical calls
CustomBinding binding = (CustomBinding)apiService.Endpoint.Binding;
BindingElementCollection elements = binding.CreateBindingElements();
SecurityBindingElement security = elements.Find<SecurityBindingElement>();
UserNameSecurityTokenParameters tokenParameters = new UserNameSecurityTokenParameters();
tokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
tokenParameters.RequireDerivedKeys = false;
security.EndpointSupportingTokenParameters.SignedEncrypted.Add(
tokenParameters);
apiService.Endpoint.Binding = new CustomBinding(elements.ToArray()); ;
return apiService;
#endif
}
public virtual XmlElement CreateWsspUsernameTokenAssertion(MetadataExporter exporter, UserNameSecurityTokenParameters parameters)
{
XmlElement tokenAssertion = this.CreateWsspAssertion("UsernameToken");
this.SetIncludeTokenValue(tokenAssertion, parameters.InclusionMode);
tokenAssertion.AppendChild(this.CreateWspPolicyWrapper(exporter, new XmlElement[] { this.CreateWsspAssertion("WssUsernameToken10") }));
return tokenAssertion;
}
public virtual bool TryImportWsspUsernameTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters)
{
SecurityTokenInclusionMode mode;
parameters = null;
if (this.IsWsspAssertion(assertion, "UsernameToken") && this.TryGetIncludeTokenValue(assertion, out mode))
{
Collection<Collection<XmlElement>> collection;
if (this.TryGetNestedPolicyAlternatives(importer, assertion, out collection))
{
foreach (Collection<XmlElement> collection2 in collection)
{
if (this.TryImportWsspAssertion(collection2, "WssUsernameToken10") && (collection2.Count == 0))
{
parameters = new UserNameSecurityTokenParameters();
parameters.InclusionMode = mode;
break;
}
}
}
else
{
parameters = new UserNameSecurityTokenParameters();
parameters.InclusionMode = mode;
}
}
return (parameters != null);
}
protected UserNameSecurityTokenParameters(UserNameSecurityTokenParameters other)
{
Contract.Ensures(!this.RequireDerivedKeys);
}
protected UserNameSecurityTokenParameters(UserNameSecurityTokenParameters other)
: base(other)
{
base.RequireDerivedKeys = false;
}
protected UserNameSecurityTokenParameters(UserNameSecurityTokenParameters other)
{
Contract.Ensures(!this.RequireDerivedKeys);
}
protected UserNameSecurityTokenParameters (UserNameSecurityTokenParameters source)
: base (source)
{
}
protected UserNameSecurityTokenParameters(UserNameSecurityTokenParameters source)
: base(source)
{
}
