public void OpenWithoutSerializer() { IssuedSecurityTokenProvider p = new IssuedSecurityTokenProvider(); p.Open(); }
public void GetTokenWithoutOpen() { IssuedSecurityTokenProvider p = new IssuedSecurityTokenProvider(); p.GetToken(TimeSpan.FromSeconds(10)); }
/// <summary> /// Constructor /// </summary> public CustomIssuedSecurityTokenProvider(IssuedSecurityTokenProvider innerProvider) : base() { this.innerProvider = innerProvider; this.CacheIssuedTokens = innerProvider.CacheIssuedTokens; this.IdentityVerifier = innerProvider.IdentityVerifier; this.IssuedTokenRenewalThresholdPercentage = innerProvider.IssuedTokenRenewalThresholdPercentage; this.IssuerAddress = innerProvider.IssuerAddress; this.IssuerBinding = innerProvider.IssuerBinding; foreach (IEndpointBehavior behavior in innerProvider.IssuerChannelBehaviors) { this.IssuerChannelBehaviors.Add(behavior); } this.KeyEntropyMode = innerProvider.KeyEntropyMode; this.MaxIssuedTokenCachingTime = innerProvider.MaxIssuedTokenCachingTime; this.MessageSecurityVersion = innerProvider.MessageSecurityVersion; this.SecurityAlgorithmSuite = innerProvider.SecurityAlgorithmSuite; this.SecurityTokenSerializer = innerProvider.SecurityTokenSerializer; this.TargetAddress = innerProvider.TargetAddress; foreach (XmlElement parameter in innerProvider.TokenRequestParameters) { this.TokenRequestParameters.Add(parameter); } this.innerProvider.Open(); }
IssuedSecurityTokenProvider CreateIssuedTokenProvider(SecurityTokenRequirement requirement) { IssuedSecurityTokenProvider p = new IssuedSecurityTokenProvider(); // FIXME: fill properties EndpointAddress address; if (requirement.TryGetProperty <EndpointAddress> (ReqType.IssuerAddressProperty, out address)) { p.IssuerAddress = address; } if (requirement.TryGetProperty <EndpointAddress> (ReqType.TargetAddressProperty, out address)) { p.TargetAddress = address; } Binding binding; if (requirement.TryGetProperty <Binding> (ReqType.IssuerBindingProperty, out binding)) { p.IssuerBinding = binding; } MessageSecurityVersion ver; if (requirement.TryGetProperty <MessageSecurityVersion> (ReqType.MessageSecurityVersionProperty, out ver)) { p.SecurityTokenSerializer = CreateSecurityTokenSerializer(ver.SecurityVersion); } SecurityAlgorithmSuite suite; if (requirement.TryGetProperty <SecurityAlgorithmSuite> (ReqType.SecurityAlgorithmSuiteProperty, out suite)) { p.SecurityAlgorithmSuite = suite; } return(p); }
public void OpenWithoutIssuerAddress() { IssuedSecurityTokenProvider p = new IssuedSecurityTokenProvider(); p.SecurityTokenSerializer = WSSecurityTokenSerializer.DefaultInstance; p.Open(); }
public void OpenWithoutBinding() { IssuedSecurityTokenProvider p = new IssuedSecurityTokenProvider(); p.SecurityTokenSerializer = WSSecurityTokenSerializer.DefaultInstance; p.IssuerAddress = new EndpointAddress("http://localhost:8080"); p.Open(); }
IssuedSecurityTokenProvider CreateIssuedProviderBase(SecurityTokenRequirement r) { IssuedSecurityTokenProvider p = new IssuedSecurityTokenProvider(); p.TargetAddress = r.GetProperty <EndpointAddress> (ReqType.TargetAddressProperty); // FIXME: use it somewhere, probably to build // IssuerBinding. However, there is also IssuerBinding // property. SecureConversationSecurityBindingElement // as well. SecurityBindingElement sbe = r.GetProperty <SecurityBindingElement> (ReqType.SecurityBindingElementProperty); // I doubt the binding is acquired this way ... Binding binding; if (!r.TryGetProperty <Binding> (ReqType.IssuerBindingProperty, out binding)) { binding = new CustomBinding(sbe, new TextMessageEncodingBindingElement(), new HttpTransportBindingElement()); } p.IssuerBinding = binding; // not sure if it is used only for this purpose though ... BindingContext ctx = r.GetProperty <BindingContext> (ReqType.IssuerBindingContextProperty); foreach (IEndpointBehavior b in ctx.BindingParameters.FindAll <IEndpointBehavior> ()) { p.IssuerChannelBehaviors.Add(b); } SecurityTokenVersion ver = r.GetProperty <SecurityTokenVersion> (ReqType.MessageSecurityVersionProperty); p.SecurityTokenSerializer = CreateSecurityTokenSerializer(ver); // seems like they are optional here ... (but possibly // used later) EndpointAddress address; if (!r.TryGetProperty <EndpointAddress> (ReqType.IssuerAddressProperty, out address)) { address = p.TargetAddress; } p.IssuerAddress = address; // It is somehow not checked as mandatory ... SecurityAlgorithmSuite suite = null; r.TryGetProperty <SecurityAlgorithmSuite> (ReqType.SecurityAlgorithmSuiteProperty, out suite); p.SecurityAlgorithmSuite = suite; return(p); }
// FIXME: it is far from done. SecurityTokenProvider CreateSecureConversationProvider(SecurityTokenRequirement r) { IssuedSecurityTokenProvider p = CreateIssuedProviderBase(r); // FIXME: use it somewhere. int keySize = r.KeySize; return(p); }
// FIXME: it is far from done. SecurityTokenProvider CreateSecureConversationProvider(SecurityTokenRequirement r) { IssuedSecurityTokenProvider p = new IssuedSecurityTokenProvider(); InitializeProviderCommunicationObject(p.Communication, r); // FIXME: use it somewhere. int keySize = r.KeySize; return(p); }
public override System.IdentityModel.Selectors.SecurityTokenProvider CreateSecurityTokenProvider(System.IdentityModel.Selectors.SecurityTokenRequirement tokenRequirement) { if (!this.IsIssuedSecurityTokenRequirement(tokenRequirement)) { return(base.CreateSecurityTokenProvider(tokenRequirement)); } IssuedSecurityTokenProvider provider = base.CreateSecurityTokenProvider(tokenRequirement) as IssuedSecurityTokenProvider; CachedIssuedSecurityTokenProvider cachedProvider = new CachedIssuedSecurityTokenProvider(provider.IssuerBinding, provider.IssuerAddress, provider.TargetAddress, (CachedClientCredentials)this.ClientCredentials); return(cachedProvider); }
private static SecurityTokenProvider CreateTokenProviderForNextLeg(SecurityTokenRequirement tokenRequirement, EndpointAddress target, EndpointAddress issuerAddress, Uri relyingPartyIssuer, ClientCredentialsSecurityTokenManager clientCredentialsTokenManager, InfoCardChannelParameter infocardChannelParameter) { if (((null == relyingPartyIssuer) && (null == issuerAddress)) || (issuerAddress.Uri == relyingPartyIssuer)) { return(new InternalInfoCardTokenProvider(infocardChannelParameter)); } IssuedSecurityTokenProvider provider = (IssuedSecurityTokenProvider)clientCredentialsTokenManager.CreateSecurityTokenProvider(tokenRequirement, true); provider.IssuerChannelBehaviors.Remove <SecurityCredentialsManager>(); provider.IssuerChannelBehaviors.Add(new InternalClientCredentials(clientCredentialsTokenManager.ClientCredentials, target, relyingPartyIssuer, infocardChannelParameter)); return(provider); }
/// <summary> /// Returns a custom token provider when a issued token is required /// </summary> public override System.IdentityModel.Selectors.SecurityTokenProvider CreateSecurityTokenProvider(System.IdentityModel.Selectors.SecurityTokenRequirement tokenRequirement) { if (this.IsIssuedSecurityTokenRequirement(tokenRequirement)) { IssuedSecurityTokenProvider baseProvider = (IssuedSecurityTokenProvider)base.CreateSecurityTokenProvider(tokenRequirement); CustomIssuedSecurityTokenProvider provider = new CustomIssuedSecurityTokenProvider(baseProvider); return(provider); } else { return(base.CreateSecurityTokenProvider(tokenRequirement)); } }
public void OpenWithoutTargetAddress() { IssuedSecurityTokenProvider p = new IssuedSecurityTokenProvider(); p.SecurityTokenSerializer = WSSecurityTokenSerializer.DefaultInstance; p.IssuerAddress = new EndpointAddress("http://localhost:8080"); p.IssuerBinding = new BasicHttpBinding(); // wiithout it indigo causes NRE p.SecurityAlgorithmSuite = SecurityAlgorithmSuite.Default; p.Open(); }
public void Open() { IssuedSecurityTokenProvider p = SetupProvider(new BasicHttpBinding()); try { p.Open(); } finally { if (p.State == CommunicationState.Opened) { p.Close(); } } }
public void GetToken() { IssuedSecurityTokenProvider p = SetupProvider(CreateIssuerBinding(new RequestSender(OnGetToken), true)); try { p.Open(TimeSpan.FromSeconds(5)); p.GetToken(TimeSpan.FromSeconds(10)); } finally { if (p.State == CommunicationState.Opened) { p.Close(); } } }
public void GetTokenWithoutProtectionTokenParameters() { IssuedSecurityTokenProvider p = SetupProvider(CreateIssuerBinding(null, false)); try { p.Open(); p.GetToken(TimeSpan.FromSeconds(10)); } finally { if (p.State == CommunicationState.Opened) { p.Close(); } } }
public void GetTokenNoSecureBinding() { IssuedSecurityTokenProvider p = SetupProvider(new BasicHttpBinding()); try { p.Open(); p.GetToken(TimeSpan.FromSeconds(10)); } finally { if (p.State == CommunicationState.Opened) { p.Close(); } } }
IssuedSecurityTokenProvider SetupProvider(Binding binding) { IssuedSecurityTokenProvider p = new IssuedSecurityTokenProvider(); p.SecurityTokenSerializer = WSSecurityTokenSerializer.DefaultInstance; p.IssuerAddress = GetSecureEndpointAddress("stream:dummy"); p.IssuerBinding = binding; // wiithout it indigo causes NRE p.SecurityAlgorithmSuite = SecurityAlgorithmSuite.Default; p.TargetAddress = new EndpointAddress("http://localhost:9090"); return(p); }
public void GetTokenWithoutServiceCertificate() { IssuedSecurityTokenProvider p = SetupProvider(CreateIssuerBinding(null, true)); p.IssuerAddress = new EndpointAddress("stream:dummy"); try { p.Open(TimeSpan.FromSeconds(5)); p.GetToken(TimeSpan.FromSeconds(10)); } finally { if (p.State == CommunicationState.Opened) { p.Close(); } } }
static SecurityTokenProvider CreateTokenProviderForNextLeg(SecurityTokenRequirement tokenRequirement, EndpointAddress target, EndpointAddress issuerAddress, Uri relyingPartyIssuer, ClientCredentialsSecurityTokenManager clientCredentialsTokenManager, InfoCardChannelParameter infocardChannelParameter) { if (((null == relyingPartyIssuer && null == issuerAddress) || issuerAddress.Uri == relyingPartyIssuer)) { return(new InternalInfoCardTokenProvider(infocardChannelParameter)); } else { // create a federation token provider and add an internal client credentials shim that contains the chain IssuedSecurityTokenProvider federationTokenProvider = (IssuedSecurityTokenProvider)clientCredentialsTokenManager.CreateSecurityTokenProvider(tokenRequirement, true); federationTokenProvider.IssuerChannelBehaviors.Remove <SecurityCredentialsManager>(); federationTokenProvider.IssuerChannelBehaviors.Add(new InternalClientCredentials(clientCredentialsTokenManager.ClientCredentials, target, relyingPartyIssuer, infocardChannelParameter)); return(federationTokenProvider); } }
public DurableIssuedSecurityTokenProvider(IssuedSecurityTokenProvider innerTokenProvider, IssuedTokenCache cache) { if (cache == null) { throw new ArgumentNullException("cache"); } if (innerTokenProvider == null) { throw new ArgumentNullException("innerTokenProvider"); } this.innerTokenProvider = innerTokenProvider; this.cache = cache; this.target = innerTokenProvider.TargetAddress; this.issuer = innerTokenProvider.IssuerAddress; }
private void CopyIssuerChannelBehaviorsAndAddSecurityCredentials(IssuedSecurityTokenProvider federationTokenProvider, KeyedByTypeCollection <IEndpointBehavior> issuerChannelBehaviors, EndpointAddress issuerAddress) { if (issuerChannelBehaviors != null) { foreach (IEndpointBehavior behavior in issuerChannelBehaviors) { if (behavior is SecurityCredentialsManager) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("IssuerChannelBehaviorsCannotContainSecurityCredentialsManager", new object[] { issuerAddress, typeof(SecurityCredentialsManager) }))); } federationTokenProvider.IssuerChannelBehaviors.Add(behavior); } } federationTokenProvider.IssuerChannelBehaviors.Add(this.parent); }
public static void Main() { IssuedSecurityTokenProvider p = new IssuedSecurityTokenProvider(); p.SecurityTokenSerializer = WSSecurityTokenSerializer.DefaultInstance; p.IssuerAddress = new EndpointAddress("http://localhost:8080"); WSHttpBinding binding = new WSHttpBinding(); //binding.Security.Mode = SecurityMode.Message; p.IssuerBinding = binding; p.SecurityAlgorithmSuite = SecurityAlgorithmSuite.Default; p.TargetAddress = new EndpointAddress("http://localhost:8080"); p.Open(); p.GetToken(TimeSpan.FromSeconds(10)); p.Close(); }
public void DefaultValues() { IssuedSecurityTokenProvider p = new IssuedSecurityTokenProvider(); Assert.AreEqual(true, p.CacheIssuedTokens, "#1"); Assert.AreEqual(TimeSpan.FromMinutes(1), p.DefaultOpenTimeout, "#2"); Assert.AreEqual(TimeSpan.FromMinutes(1), p.DefaultCloseTimeout, "#3"); Assert.IsNotNull(p.IdentityVerifier, "#4"); Assert.AreEqual(60, p.IssuedTokenRenewalThresholdPercentage, "#5"); Assert.IsNull(p.IssuerAddress, "#6"); Assert.AreEqual(0, p.IssuerChannelBehaviors.Count, "#7"); Assert.AreEqual(SecurityKeyEntropyMode.CombinedEntropy, p.KeyEntropyMode, "#8"); Assert.AreEqual(TimeSpan.MaxValue, p.MaxIssuedTokenCachingTime, "#9"); Assert.AreEqual(MessageSecurityVersion.Default, p.MessageSecurityVersion, "#10"); Assert.IsNull(p.SecurityAlgorithmSuite, "#11"); Assert.IsNull(p.SecurityTokenSerializer, "#12"); Assert.IsNull(p.TargetAddress, "#13"); Assert.AreEqual(true, p.SupportsTokenCancellation, "#14"); Assert.AreEqual(0, p.TokenRequestParameters.Count, "#15"); Assert.IsNull(p.IssuerBinding, "#16"); }
public static eHtalkMessage GetResponseSync(eHtalkMessage msg, X509Certificate2 extInterfaCertificate, string esbEndpoint, string relyingParty, string identityProviderURL, X509Certificate2 userCertificate, string wsaddressingTo, Stopwatch stopw) { #if !CC IssuedSecurityTokenProvider provider = new IssuedSecurityTokenProvider(); provider.SecurityTokenSerializer = new WSSecurityTokenSerializer(); provider.TargetAddress = new EndpointAddress(new Uri(relyingParty), new AddressHeader[0]); provider.IssuerAddress = new EndpointAddress(new Uri(identityProviderURL), new AddressHeader[0]); provider.SecurityAlgorithmSuite = SecurityAlgorithmSuite.Basic256; provider.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10; ClientCredentials credentials = new ClientCredentials { ClientCertificate = { Certificate = userCertificate } }; provider.IssuerChannelBehaviors.Add(credentials); HttpsTransportBindingElement tbe = new HttpsTransportBindingElement { AuthenticationScheme = AuthenticationSchemes.Digest, RequireClientCertificate = true, KeepAliveEnabled = false }; CustomBinding stsBinding = new CustomBinding(new BindingElement[] { tbe }); provider.IssuerBinding = stsBinding; provider.Open(); var token = provider.GetToken(TimeSpan.FromSeconds(30.0)) as GenericXmlSecurityToken; #endif #if CC var cc = new EhealthCryptoController(); var token = cc.GetSamlTokenForHealthProfessional(relyingParty); #endif if (token == null) { throw new ApplicationException("No AT token received"); } Console.WriteLine(string.Format("Ziskany AT token in {0}", stopw.ElapsedMilliseconds)); CustomBinding binding = new CustomBinding(); SecurityBindingElement sbe = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(new IssuedSecurityTokenParameters() { RequireDerivedKeys = true, KeyType = SecurityKeyType.SymmetricKey }); sbe.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10; sbe.SecurityHeaderLayout = SecurityHeaderLayout.Strict; sbe.IncludeTimestamp = true; //sbe.AllowInsecureTransport = true; sbe.SetKeyDerivation(true); sbe.KeyEntropyMode = SecurityKeyEntropyMode.ClientEntropy; binding.Elements.Add(sbe); binding.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap12WSAddressing10, System.Text.Encoding.UTF8)); binding.Elements.Add(new HttpsTransportBindingElement() { RequireClientCertificate = true, KeepAliveEnabled = true }); var regEx = new Regex(@"https?://([^/]+)"); var dnsIdentity = regEx.Match(wsaddressingTo).Groups[1].Captures[0].Value; var channelFactory = new ChannelFactory <IeHealthSyncService>(binding, new EndpointAddress( new Uri(wsaddressingTo), new DnsEndpointIdentity(dnsIdentity), new AddressHeader[] { })); channelFactory.Credentials.SupportInteractive = false; channelFactory.Credentials.ClientCertificate.Certificate = userCertificate; channelFactory.Credentials.ServiceCertificate.DefaultCertificate = extInterfaCertificate; channelFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; channelFactory.ConfigureChannelFactory <IeHealthSyncService>(); channelFactory.Endpoint.Behaviors.Add(new ClientViaBehavior(new Uri(esbEndpoint))); var channel = channelFactory.CreateChannelWithIssuedToken(token); Console.WriteLine(string.Format("vytvoreny kanal: {0}", stopw.ElapsedMilliseconds)); var stopw1 = new Stopwatch(); eHtalkMessage data = null; int wait = 1; for (int i = 0; i < 20; i++) { stopw1.Reset(); stopw1.Start(); msg.Header.MessageInfo.MessageID = Guid.NewGuid().ToString("D"); Debug.WriteLine("Start calling", "MyCustom"); try { data = channel.GetData(msg); } catch (CommunicationException ex) { data = channel.GetData(msg); } Console.WriteLine(string.Format("po {1} sekundach: {0}", stopw1.ElapsedMilliseconds, wait)); Thread.Sleep(wait * 1000); wait = wait * 2; } return(data); }
/// <summary> /// CacheSecurityTokenProvider /// </summary> public CacheSecurityTokenProvider(SecurityTokenRequirement requirement, IssuedSecurityTokenProvider federatedSecurityTokenProvider) : base( ) { innerProvider = federatedSecurityTokenProvider; innerProvider.Open(); }
private IssuedSecurityTokenProvider CreateIssuedSecurityTokenProvider(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement) { KeyedByTypeCollection <IEndpointBehavior> localIssuerChannelBehaviors; MessageSecurityVersion version; SecurityTokenSerializer serializer; ChannelParameterCollection parameters2; if (initiatorRequirement.TargetAddress == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenRequirementDoesNotSpecifyTargetAddress", new object[] { initiatorRequirement })); } SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement; if (securityBindingElement == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenProviderRequiresSecurityBindingElement", new object[] { initiatorRequirement })); } EndpointAddress issuerAddress = initiatorRequirement.IssuerAddress; Binding issuerBinding = initiatorRequirement.IssuerBinding; bool flag = (issuerAddress == null) || issuerAddress.Equals(EndpointAddress.AnonymousAddress); if (flag) { issuerAddress = this.parent.IssuedToken.LocalIssuerAddress; issuerBinding = this.parent.IssuedToken.LocalIssuerBinding; } if (issuerAddress == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("StsAddressNotSet", new object[] { initiatorRequirement.TargetAddress }))); } if (issuerBinding == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("StsBindingNotSet", new object[] { issuerAddress }))); } Uri uri = issuerAddress.Uri; if (!this.parent.IssuedToken.IssuerChannelBehaviors.TryGetValue(issuerAddress.Uri, out localIssuerChannelBehaviors) && flag) { localIssuerChannelBehaviors = this.parent.IssuedToken.LocalIssuerChannelBehaviors; } IssuedSecurityTokenProvider federationTokenProvider = new IssuedSecurityTokenProvider(this.GetCredentialsHandle(initiatorRequirement)) { TargetAddress = initiatorRequirement.TargetAddress }; this.CopyIssuerChannelBehaviorsAndAddSecurityCredentials(federationTokenProvider, localIssuerChannelBehaviors, issuerAddress); federationTokenProvider.CacheIssuedTokens = this.parent.IssuedToken.CacheIssuedTokens; federationTokenProvider.IdentityVerifier = securityBindingElement.LocalClientSettings.IdentityVerifier; federationTokenProvider.IssuerAddress = issuerAddress; federationTokenProvider.IssuerBinding = issuerBinding; federationTokenProvider.KeyEntropyMode = this.GetIssuerBindingKeyEntropyModeOrDefault(issuerBinding); federationTokenProvider.MaxIssuedTokenCachingTime = this.parent.IssuedToken.MaxIssuedTokenCachingTime; federationTokenProvider.SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite; IssuedSecurityTokenParameters property = initiatorRequirement.GetProperty <IssuedSecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty); this.GetIssuerBindingSecurityVersion(issuerBinding, property.DefaultMessageSecurityVersion, initiatorRequirement.SecurityBindingElement, out version, out serializer); federationTokenProvider.MessageSecurityVersion = version; federationTokenProvider.SecurityTokenSerializer = serializer; federationTokenProvider.IssuedTokenRenewalThresholdPercentage = this.parent.IssuedToken.IssuedTokenRenewalThresholdPercentage; IEnumerable <XmlElement> enumerable = property.CreateRequestParameters(version, serializer); if (enumerable != null) { foreach (XmlElement element2 in enumerable) { federationTokenProvider.TokenRequestParameters.Add(element2); } } if (initiatorRequirement.TryGetProperty <ChannelParameterCollection>(ServiceModelSecurityTokenRequirement.ChannelParametersCollectionProperty, out parameters2)) { federationTokenProvider.ChannelParameters = parameters2; } return(federationTokenProvider); }
IssuedSecurityTokenProvider CreateIssuedSecurityTokenProvider(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement, FederatedClientCredentialsParameters actAsOnBehalfOfParameters) { if (initiatorRequirement.TargetAddress == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenRequirementDoesNotSpecifyTargetAddress, initiatorRequirement)); } SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement; if (securityBindingElement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenProviderRequiresSecurityBindingElement, initiatorRequirement)); } EndpointAddress issuerAddress = initiatorRequirement.IssuerAddress; Binding issuerBinding = initiatorRequirement.IssuerBinding; // // If the issuer address is indeed anonymous or null, we will try the local issuer // bool isLocalIssuer = (issuerAddress == null || issuerAddress.Equals(EndpointAddress.AnonymousAddress)); if (isLocalIssuer) { issuerAddress = parent.IssuedToken.LocalIssuerAddress; issuerBinding = parent.IssuedToken.LocalIssuerBinding; } if (issuerAddress == null) { // if issuer address is still null then the user forgot to specify the local issuer throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.StsAddressNotSet, initiatorRequirement.TargetAddress))); } if (issuerBinding == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.StsBindingNotSet, issuerAddress))); } Uri issuerUri = issuerAddress.Uri; KeyedByTypeCollection <IEndpointBehavior> issuerChannelBehaviors; if (!parent.IssuedToken.IssuerChannelBehaviors.TryGetValue(issuerAddress.Uri, out issuerChannelBehaviors) && isLocalIssuer) { issuerChannelBehaviors = parent.IssuedToken.LocalIssuerChannelBehaviors; } IssuedSecurityTokenProvider federationTokenProvider = new IssuedSecurityTokenProvider(GetCredentialsHandle(initiatorRequirement)); federationTokenProvider.TokenHandlerCollectionManager = this.parent.SecurityTokenHandlerCollectionManager; federationTokenProvider.TargetAddress = initiatorRequirement.TargetAddress; CopyIssuerChannelBehaviorsAndAddSecurityCredentials(federationTokenProvider, issuerChannelBehaviors, issuerAddress); federationTokenProvider.CacheIssuedTokens = parent.IssuedToken.CacheIssuedTokens; federationTokenProvider.IdentityVerifier = securityBindingElement.LocalClientSettings.IdentityVerifier; federationTokenProvider.IssuerAddress = issuerAddress; federationTokenProvider.IssuerBinding = issuerBinding; federationTokenProvider.KeyEntropyMode = GetIssuerBindingKeyEntropyModeOrDefault(issuerBinding); federationTokenProvider.MaxIssuedTokenCachingTime = parent.IssuedToken.MaxIssuedTokenCachingTime; federationTokenProvider.SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite; MessageSecurityVersion issuerSecurityVersion; SecurityTokenSerializer issuerSecurityTokenSerializer; IssuedSecurityTokenParameters issuedTokenParameters = initiatorRequirement.GetProperty <IssuedSecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty); GetIssuerBindingSecurityVersion(issuerBinding, issuedTokenParameters.DefaultMessageSecurityVersion, initiatorRequirement.SecurityBindingElement, out issuerSecurityVersion, out issuerSecurityTokenSerializer); federationTokenProvider.MessageSecurityVersion = issuerSecurityVersion; federationTokenProvider.SecurityTokenSerializer = issuerSecurityTokenSerializer; federationTokenProvider.IssuedTokenRenewalThresholdPercentage = parent.IssuedToken.IssuedTokenRenewalThresholdPercentage; IEnumerable <XmlElement> tokenRequestParameters = issuedTokenParameters.CreateRequestParameters(issuerSecurityVersion, issuerSecurityTokenSerializer); if (tokenRequestParameters != null) { foreach (XmlElement requestParameter in tokenRequestParameters) { federationTokenProvider.TokenRequestParameters.Add(requestParameter); } } ChannelParameterCollection channelParameters; if (initiatorRequirement.TryGetProperty <ChannelParameterCollection>(ServiceModelSecurityTokenRequirement.ChannelParametersCollectionProperty, out channelParameters)) { federationTokenProvider.ChannelParameters = channelParameters; } federationTokenProvider.SetupActAsOnBehalfOfParameters(actAsOnBehalfOfParameters); return(federationTokenProvider); }
public static void Main(string [] args) { bool no_nego = false, no_sc = false; foreach (string arg in args) { if (arg == "--no-nego") { no_nego = true; } else if (arg == "--no-sc") { no_sc = true; } else { Console.WriteLine("Unrecognized option '{0}'", arg); return; } } X509Certificate2 cert = new X509Certificate2("test.pfx", "mono"); IssuedSecurityTokenProvider p = new IssuedSecurityTokenProvider(); p.IssuerAddress = new EndpointAddress(new Uri("http://localhost:8080"), new X509CertificateEndpointIdentity(cert)); p.TargetAddress = new EndpointAddress("http://localhost:8080"); WSHttpBinding binding = new WSHttpBinding(); // the following lines are required to not depend on // MessageCredentialType.Windows (which uses SSPI). binding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate; ClientCredentials cred = new ClientCredentials(); cred.ClientCertificate.Certificate = cert; cred.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; p.IssuerChannelBehaviors.Add(cred); if (no_sc) { binding.Security.Message.EstablishSecurityContext = false; } if (no_nego) { binding.Security.Message.NegotiateServiceCredential = false; } p.IssuerBinding = binding; p.SecurityTokenSerializer = new WSSecurityTokenSerializer(); p.SecurityAlgorithmSuite = SecurityAlgorithmSuite.Default; p.KeyEntropyMode = SecurityKeyEntropyMode.ClientEntropy; p.Open(); SecurityToken token = p.GetToken(TimeSpan.FromSeconds(10)); p.Close(); XmlWriter writer = XmlWriter.Create(Console.Out); new ClientCredentialsSecurityTokenManager(cred).CreateSecurityTokenSerializer(MessageSecurityVersion.Default.SecurityTokenVersion).WriteToken(writer, token); writer.Close(); }