public void AddBindingParameters(ServiceEndpoint endpoint,
BindingParameterCollection bindingParameters)
{
// This is done in order to have the liberty framework header included in the SOAP signaure. This is required by [OIO IDWS SOAP 1.1].
Logger.Instance.Trace("Specifying that the liberty framework header must be signed in the request to WSP.");
var requirements = bindingParameters.Find <ChannelProtectionRequirements>();
// Setting signature requirements for WSC request to WSP
requirements.IncomingSignatureParts.AddParts(MessagePartSpecificationWsc());
// Setting signature requirements for WSP repsonse to WSC
// This is done in order to validate the response. This is required by [OIO IDWS SOAP 1.1].
requirements.OutgoingSignatureParts.AddParts(SoapServiceBehavior.MessagePartSpecificationWsp());
var clientCredentials = bindingParameters.Find <ClientCredentials>();
clientCredentials.UseIdentityConfiguration = true; // Use WIF instead of WCF
Logger.Instance.Trace("Adding custom SAML token handlers.");
var securityTokenHandlerCollectionManager = clientCredentials.SecurityTokenHandlerCollectionManager[
SecurityTokenHandlerCollectionManager.Usage.Default];
// This is done in order to have correct STR's (Security Token Reference)
securityTokenHandlerCollectionManager.AddOrReplace(
new StrReferenceSaml2SecurityTokenHandler());
}
public void AddBindingParameters(ServiceEndpoint endpoint, BindingParameterCollection parameters)
{
// get Contract info security needs, and put in BindingParameterCollection
ISecurityCapabilities isc = null;
BindingElementCollection elements = endpoint.Binding.CreateBindingElements();
if (isc != null)
{
// ensure existence of binding parameter
ChannelProtectionRequirements requirements = parameters.Find <ChannelProtectionRequirements>();
if (requirements == null)
{
requirements = new ChannelProtectionRequirements();
parameters.Add(requirements);
}
MessageEncodingBindingElement encoding = elements.Find <MessageEncodingBindingElement>();
// use endpoint.Binding.Version
if (encoding != null && encoding.MessageVersion.Addressing == AddressingVersion.None)
{
// This binding does not support response actions, so...
requirements.Add(ChannelProtectionRequirements.CreateFromContractAndUnionResponseProtectionRequirements(endpoint.Contract, isc, _isForClient));
}
else
{
requirements.Add(ChannelProtectionRequirements.CreateFromContract(endpoint.Contract, isc, _isForClient));
}
}
}
public void AddBindingParameters(ServiceEndpoint endpoint, BindingParameterCollection bindingParameters)
{
ChannelProtectionRequirements requirements = bindingParameters.Find <ChannelProtectionRequirements>();
MessagePartSpecification part = new MessagePartSpecification(true);
requirements.OutgoingSignatureParts.AddParts(part);
}
public void AddBindingParameters(ContractDescription contractDescription, ServiceEndpoint endpoint, BindingParameterCollection bindingParameters)
{
var requirements = bindingParameters.Find <ChannelProtectionRequirements>();
requirements.IncomingSignatureParts.ChannelParts.HeaderTypes.Add(new XmlQualifiedName(_name, _ns));
requirements.IncomingEncryptionParts.ChannelParts.HeaderTypes.Add(new XmlQualifiedName(_name, _ns));
}
public void AddBindingParameters(OperationDescription description, BindingParameterCollection parameters)
{
//see if ChunkingBindingParameter already exists
ChunkingBindingParameter param =
parameters.Find <ChunkingBindingParameter>();
if (param == null)
{
param = new ChunkingBindingParameter();
parameters.Add(param);
}
if ((appliesTo & ChunkingAppliesTo.InMessage)
== ChunkingAppliesTo.InMessage)
{
//add input message's action to ChunkingBindingParameter
param.AddAction(description.Messages[0].Action);
}
if (!description.IsOneWay &&
((appliesTo & ChunkingAppliesTo.OutMessage)
== ChunkingAppliesTo.OutMessage))
{
//add output message's action to ChunkingBindingParameter
param.AddAction(description.Messages[1].Action);
}
}
public void HttpSelfHostConfiguration_UserNamePasswordValidator_PropagatesToBinding(
string address,
HttpBindingSecurityMode mode
)
{
// Arrange
HttpBinding binding = new HttpBinding();
UserNamePasswordValidator validator = new Mock <UserNamePasswordValidator>().Object;
HttpSelfHostConfiguration config = new HttpSelfHostConfiguration(address)
{
UserNamePasswordValidator = validator
};
// Act
BindingParameterCollection parameters = config.ConfigureBinding(binding);
// Assert
Assert.NotNull(parameters);
ServiceCredentials serviceCredentials = parameters.Find <ServiceCredentials>();
Assert.NotNull(serviceCredentials);
Assert.Equal(
HttpClientCredentialType.Basic,
binding.Security.Transport.ClientCredentialType
);
Assert.Equal(mode, binding.Security.Mode);
}
public void AddBindingParameters(ContractDescription contractDescription,
ServiceEndpoint endpoint,
BindingParameterCollection bindingParameters)
{
Console.WriteLine("add outgoing signature parts");
ChannelProtectionRequirements requirements = bindingParameters.Find <ChannelProtectionRequirements>();
MessagePartSpecification part = new MessagePartSpecification(true);
requirements.OutgoingSignatureParts.AddParts(part);
}
public void AddBindingParameters(ServiceEndpoint endpoint, BindingParameterCollection bindingParameters)
{
//Find the old requirements and remove
var requirements = bindingParameters.Find <ChannelProtectionRequirements>();
bindingParameters.Remove(requirements);
//Setting the ProtectionLevel at the Service Contract
if (ProtectionSetting == "None")
{
endpoint.Contract.ProtectionLevel = ProtectionLevel.None;
}
if (ProtectionSetting == "Sign")
{
endpoint.Contract.ProtectionLevel = ProtectionLevel.Sign;
}
if (ProtectionSetting == "EncryptAndSign")
{
endpoint.Contract.ProtectionLevel = ProtectionLevel.EncryptAndSign;
}
//create a new set of requirements
requirements = new ChannelProtectionRequirements();
bindingParameters.Add(requirements);
var unprotectedBody = new MessagePartSpecification();
var protectedBody = new MessagePartSpecification(true);
switch (endpoint.Contract.ProtectionLevel)
{
case ProtectionLevel.None:
requirements.OutgoingSignatureParts.AddParts(unprotectedBody, "*");
requirements.IncomingSignatureParts.AddParts(unprotectedBody, "*");
requirements.OutgoingEncryptionParts.AddParts(unprotectedBody, "*");
requirements.IncomingEncryptionParts.AddParts(unprotectedBody, "*");
break;
case ProtectionLevel.Sign:
requirements.OutgoingSignatureParts.AddParts(protectedBody, "*");
requirements.IncomingSignatureParts.AddParts(protectedBody, "*");
requirements.OutgoingEncryptionParts.AddParts(unprotectedBody, "*");
requirements.IncomingEncryptionParts.AddParts(unprotectedBody, "*");
break;
case ProtectionLevel.EncryptAndSign:
requirements.OutgoingSignatureParts.AddParts(protectedBody, "*");
requirements.IncomingSignatureParts.AddParts(protectedBody, "*");
requirements.OutgoingEncryptionParts.AddParts(protectedBody, "*");
requirements.IncomingEncryptionParts.AddParts(protectedBody, "*");
break;
}
}
/// <summary>
/// Adds the binding parameters.
/// </summary>
/// <param name="serviceEndpoint">The service endpoint.</param>
/// <param name="parameters">The parameters.</param>
void IEndpointBehavior.AddBindingParameters(ServiceEndpoint serviceEndpoint, BindingParameterCollection parameters)
{
if (parameters == null)
{
throw new ArgumentNullException("parameters");
}
ServiceDebugBehavior debugBehavior = parameters.Find <ServiceDebugBehavior>();
if (debugBehavior == null && this.serviceDebugBehavior != null)
{
parameters.Add(this.serviceDebugBehavior);
}
DispatcherSynchronizationBehavior synchronizationBehavior = parameters.Find <DispatcherSynchronizationBehavior>();
if (synchronizationBehavior == null && this.dispatcherSynchronizationBehavior != null)
{
parameters.Add(this.dispatcherSynchronizationBehavior);
}
}
private static Dictionary <DirectionalAction, TransactionFlowOption> EnsureDictionary(BindingParameterCollection parameters)
{
Dictionary <DirectionalAction, TransactionFlowOption> dictionary =
parameters.Find <Dictionary <DirectionalAction, TransactionFlowOption> >();
if (dictionary == null)
{
dictionary = new Dictionary <DirectionalAction, TransactionFlowOption>();
parameters.Add(dictionary);
}
return(dictionary);
}
public void AddBindingParameters(ServiceEndpoint endpoint, BindingParameterCollection bindingParameters)
{
// This is done in order to have the liberty framework header included in the SOAP signaure. This is required by [LIB-BAS].
Logger.Instance.Trace("Specifying that the liberty framework header must be signed in the response to WSC.");
var requirements = bindingParameters.Find <ChannelProtectionRequirements>();
// Setting signature requirements for WSP response to WSC
requirements.OutgoingSignatureParts.AddParts(MessagePartSpecificationWsp());
// Setting signature requirements for WSC request to WSP
// This is done in order to validate the request. This is required by [LIB-BAS].
requirements.IncomingSignatureParts.AddParts(LibBasClientBehavior.MessagePartSpecificationWsc());
}
void IServiceBehavior.AddBindingParameters(ServiceDescription description, ServiceHostBase serviceHostBase, Collection <ServiceEndpoint> endpoints, BindingParameterCollection parameters)
{
if (parameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("parameters");
}
ServiceDebugBehavior param = parameters.Find <ServiceDebugBehavior>();
if (param == null)
{
parameters.Add(this);
}
}
void IServiceBehavior.AddBindingParameters(System.ServiceModel.Description.ServiceDescription description, ServiceHostBase serviceHostBase, Collection <ServiceEndpoint> endpoints, BindingParameterCollection parameters)
{
if (parameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("parameters");
}
SecurityCredentialsManager manager = parameters.Find <SecurityCredentialsManager>();
if (manager != null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("MultipleSecurityCredentialsManagersInServiceBindingParameters", new object[] { manager })));
}
parameters.Add(this);
}
void IEndpointBehavior.AddBindingParameters(ServiceEndpoint serviceEndpoint, BindingParameterCollection bindingParameters)
{
if (bindingParameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("bindingParameters");
}
SecurityCredentialsManager manager = bindingParameters.Find <SecurityCredentialsManager>();
if (manager != null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("MultipleSecurityCredentialsManagersInChannelBindingParameters", new object[] { manager })));
}
bindingParameters.Add(this);
}
void IEndpointBehavior.AddBindingParameters(ServiceEndpoint serviceEndpoint, BindingParameterCollection bindingParameters)
{
if (bindingParameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("bindingParameters");
}
// throw if bindingParameters already has a SecurityCredentialsManager
SecurityCredentialsManager otherCredentialsManager = bindingParameters.Find <SecurityCredentialsManager>();
if (otherCredentialsManager != null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.Format(SR.MultipleSecurityCredentialsManagersInChannelBindingParameters, otherCredentialsManager)));
}
bindingParameters.Add(this);
}
void IServiceBehavior.AddBindingParameters(ServiceDescription description, ServiceHostBase serviceHostBase, Collection <ServiceEndpoint> endpoints, BindingParameterCollection parameters)
{
if (parameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(parameters));
}
// throw if bindingParameters already has a SecurityCredentialsManager
SecurityCredentialsManager otherCredentialsManager = parameters.Find <SecurityCredentialsManager>();
if (otherCredentialsManager != null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.Format(SR.MultipleSecurityCredentialsManagersInServiceBindingParameters, otherCredentialsManager)));
}
parameters.Add(this);
}
internal override void AddMetadataBindingParameters(Uri listenUri, KeyedByTypeCollection <IServiceBehavior> serviceBehaviors, BindingParameterCollection bindingParameters)
{
if (serviceBehaviors.Find <HostedBindingBehavior>() != null)
{
bindingParameters.Add(new HostedMetadataBindingParameter());
}
VirtualPathExtension virtualPathExtension = bindingParameters.Find <VirtualPathExtension>();
if (virtualPathExtension != null)
{
AuthenticationSchemes hostSupportedAuthenticationSchemes = AspNetEnvironment.Current.GetAuthenticationSchemes(listenUri);
if (hostSupportedAuthenticationSchemes != AuthenticationSchemes.None)
{
if (bindingParameters.Find <AuthenticationSchemesBindingParameter>() == null)
{
bindingParameters.Add(new AuthenticationSchemesBindingParameter(hostSupportedAuthenticationSchemes));
}
}
}
base.AddMetadataBindingParameters(listenUri, serviceBehaviors, bindingParameters);
}
public void AddBindingParameters(OperationDescription description, BindingParameterCollection parameters)
{
ChunkingBindingParameter chunkingBindingParameter = parameters.Find <ChunkingBindingParameter>();
if (chunkingBindingParameter == null)
{
chunkingBindingParameter = new ChunkingBindingParameter();
parameters.Add(chunkingBindingParameter);
}
if ((this.appliesTo & ChunkingAppliesTo.InMessage) == ChunkingAppliesTo.InMessage)
{
chunkingBindingParameter.AddAction(description.Messages[0].Action);
}
if (!description.IsOneWay && (this.appliesTo & ChunkingAppliesTo.OutMessage) == ChunkingAppliesTo.OutMessage)
{
chunkingBindingParameter.AddAction(description.Messages[1].Action);
}
}
public void HttpSelfHostConfiguration_UseWindowsAuth_PropagatesToHttpBinding(string address, HttpBindingSecurityMode mode)
{
// Arrange
HttpBinding binding = new HttpBinding();
HttpSelfHostConfiguration config = new HttpSelfHostConfiguration(address)
{
UseWindowsAuthentication = true
};
// Act
BindingParameterCollection parameters = config.ConfigureBinding(binding);
// Assert
Assert.NotNull(parameters);
ServiceCredentials serviceCredentials = parameters.Find <ServiceCredentials>();
Assert.NotNull(serviceCredentials);
Assert.Equal(HttpClientCredentialType.Windows, binding.Security.Transport.ClientCredentialType);
Assert.Equal(mode, binding.Security.Mode);
}
public static void AddBindingParametersForSecurityContractInformation(ServiceEndpoint endpoint, BindingParameterCollection parameters)
{
// get Contract info security needs, and put in BindingParameterCollection
ISecurityCapabilities isc = null;
BindingElementCollection elements = endpoint.Binding.CreateBindingElements();
for (int i = 0; i < elements.Count; ++i)
{
if (!(elements[i] is ITransportTokenAssertionProvider))
{
ISecurityCapabilities tmp = elements[i].GetIndividualProperty <ISecurityCapabilities>();
if (tmp != null)
{
isc = tmp;
break;
}
}
}
if (isc != null)
{
// ensure existence of binding parameter
ChannelProtectionRequirements requirements = parameters.Find <ChannelProtectionRequirements>();
if (requirements == null)
{
requirements = new ChannelProtectionRequirements();
parameters.Add(requirements);
}
MessageEncodingBindingElement encoding = elements.Find <MessageEncodingBindingElement>();
// use endpoint.Binding.Version
if (encoding != null && encoding.MessageVersion.Addressing == AddressingVersion.None)
{
// This binding does not support response actions, so...
requirements.Add(ChannelProtectionRequirements.CreateFromContractAndUnionResponseProtectionRequirements(endpoint.Contract, isc));
}
else
{
requirements.Add(ChannelProtectionRequirements.CreateFromContract(endpoint.Contract, isc));
}
}
}
/// <summary>
/// Adds the requirement telling WCF to encrypt the body of RM messages
/// </summary>
private void AddProtectionRequirements(BindingParameterCollection bindingParameters)
{
logging.WCFLogger.Write(System.Diagnostics.TraceEventType.Start, "Custom header signing behavior adding protection requirements");
// Get the protection requirements for the binding
ChannelProtectionRequirements cpr = bindingParameters.Find <ChannelProtectionRequirements>();
// If there were no requirements since before, create them
if (cpr == null)
{
cpr = new ChannelProtectionRequirements();
bindingParameters.Add(cpr);
}
// Select the headers to be affected by this behavior
MessagePartSpecification headerMessagePart = new MessagePartSpecification(_headers.ToArray());
headerMessagePart.MakeReadOnly();
ChannelProtectionRequirements newCpr = new ChannelProtectionRequirements();
// Specify each header to be signed
foreach (string action in actionsToWhichThisBehaviorApplies)
{
newCpr.IncomingSignatureParts.AddParts(headerMessagePart, action);
newCpr.OutgoingSignatureParts.AddParts(headerMessagePart, action);
}
newCpr.MakeReadOnly();
cpr.Add(newCpr);
// Tracing
foreach (XmlQualifiedName name in _headers)
{
logging.WCFLogger.Write(System.Diagnostics.TraceEventType.Information, "Header '" + name + "' added for signing");
}
logging.WCFLogger.Write(System.Diagnostics.TraceEventType.Stop, "Custom header signing behavior finished adding protection requirements");
}
public void SignProtectionLevelEntailsMessageSignedAndEncrypted()
{
var behavior = new ServiceContractProtectionBehavior(ProtectionLevel.EncryptAndSign);
var serviceEndPoint = new ServiceEndpoint(new("contract"));
var bindingParameters = new BindingParameterCollection();
behavior.AddBindingParameters(serviceEndPoint, bindingParameters);
serviceEndPoint.Contract.ProtectionLevel.Should().Be(ProtectionLevel.EncryptAndSign);
var actualRequirements = bindingParameters.Find <ChannelProtectionRequirements>();
actualRequirements.Should().NotBeNull();
actualRequirements.IncomingSignatureParts.Actions.Should().BeEquivalentTo("*");
actualRequirements.IncomingSignatureParts.TryGetParts("*", true, out var messagePartSpecification).Should().BeTrue();
messagePartSpecification.IsBodyIncluded.Should().BeTrue();
actualRequirements.OutgoingSignatureParts.Should().BeEquivalentTo(actualRequirements.IncomingSignatureParts);
actualRequirements.IncomingEncryptionParts.Should().BeEquivalentTo(actualRequirements.IncomingSignatureParts);
actualRequirements.OutgoingEncryptionParts.Should().BeEquivalentTo(actualRequirements.IncomingSignatureParts);
}
void IServiceBehavior.AddBindingParameters(ServiceDescription description, ServiceHostBase serviceHostBase, Collection <ServiceEndpoint> endpoints, BindingParameterCollection parameters)
{
if (parameters == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("parameters");
}
if (this.serviceAuthenticationManager != null)
{
// throw if bindingParameters already has a AuthenticationManager
ServiceAuthenticationManager otherAuthenticationManager = parameters.Find <ServiceAuthenticationManager>();
if (otherAuthenticationManager != null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.MultipleAuthenticationManagersInServiceBindingParameters, otherAuthenticationManager)));
}
parameters.Add(this.serviceAuthenticationManager);
}
if (this.authenticationSchemes != AuthenticationSchemes.None)
{
// throw if bindingParameters already has an AuthenticationSchemes
AuthenticationSchemesBindingParameter otherAuthenticationSchemesBindingParameter = parameters.Find <AuthenticationSchemesBindingParameter>();
if (otherAuthenticationSchemesBindingParameter != null)
{
if (otherAuthenticationSchemesBindingParameter.AuthenticationSchemes != authenticationSchemes)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.MultipleAuthenticationSchemesInServiceBindingParameters, otherAuthenticationSchemesBindingParameter.AuthenticationSchemes)));
}
}
else
{
parameters.Add(new AuthenticationSchemesBindingParameter(this.authenticationSchemes));
}
}
}
internal virtual bool IsMetadataListener(BindingParameterCollection bindingParameters)
{
return(bindingParameters.Find <ServiceMetadataExtension.MetadataBindingParameter>() != null);
}
internal override bool IsMetadataListener(BindingParameterCollection bindingParameters)
{
return(base.IsMetadataListener(bindingParameters) || bindingParameters.Find <HostedMetadataBindingParameter>() != null);
}
