private SecurityBindingElement CreateSecurityBindingElement() { // Create an issued token parameters object. IssuedSecurityTokenParameters issuedSecTok = new IssuedSecurityTokenParameters(); // Create a security binding element with the parameter object. SymmetricSecurityBindingElement secBindingEle = SecurityBindingElement.CreateIssuedTokenBindingElement(issuedSecTok); // Create a Kerberos token parameter object and set the inclusion // mode to AlwaysToRecipient. Add the object as an endorsing token for // all operations of the endpoint. KerberosSecurityTokenParameters kstp = new KerberosSecurityTokenParameters(); kstp.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient; secBindingEle.EndpointSupportingTokenParameters.Endorsing.Add(kstp); // Create a username token parameter object and set its // RequireDerivedKeys to false. UserNameSecurityTokenParameters userNameParams = new UserNameSecurityTokenParameters(); userNameParams.RequireDerivedKeys = false; // Create a collection object for supporting tokens. SupportingTokenParameters stp = new SupportingTokenParameters(); // Add the previously created supporting tokens. stp.Endorsing.Add(issuedSecTok); stp.SignedEncrypted.Add(userNameParams); // Create a generic dictionary item, a KeyValuePair object // that includes all supporting token parameters. Then add // it to the dictionary for operation-scope supporting tokens. KeyValuePair <string, SupportingTokenParameters> x = new KeyValuePair <string, SupportingTokenParameters>("1", stp); secBindingEle.OperationSupportingTokenParameters.Add(x); // See all dictionary items for the supporting tokens. Console.WriteLine("Reading Kevalue pairs"); foreach (KeyValuePair <string, SupportingTokenParameters> kvp in secBindingEle.OperationSupportingTokenParameters) { Console.WriteLine("{0}: {1}", kvp.Key, kvp.Value); } Console.ReadLine(); return(secBindingEle); }
//<snippet1> private Binding CreateBinding() { BindingElementCollection bindings = new BindingElementCollection(); KerberosSecurityTokenParameters tokens = new KerberosSecurityTokenParameters(); SymmetricSecurityBindingElement security = new SymmetricSecurityBindingElement(tokens); // Require that every request and return be correlated. security.RequireSignatureConfirmation = true; bindings.Add(security); TextMessageEncodingBindingElement encoding = new TextMessageEncodingBindingElement(); bindings.Add(encoding); HttpTransportBindingElement transport = new HttpTransportBindingElement(); bindings.Add(transport); CustomBinding myBinding = new CustomBinding(bindings); return(myBinding); }
public void MessageSecurityNoSecureConversation() { WSHttpBinding b = new WSHttpBinding(); b.Security.Message.EstablishSecurityContext = false; SymmetricSecurityBindingElement sbe = b.CreateBindingElements().Find <SymmetricSecurityBindingElement> (); Assert.IsNotNull(sbe, "#0"); Assert.AreEqual( typeof(SspiSecurityTokenParameters), sbe.ProtectionTokenParameters.GetType(), "#1"); // no worthy to check SSPI security as we never support it. b.Security.Message.ClientCredentialType = MessageCredentialType.None; sbe = b.CreateBindingElements().Find <SymmetricSecurityBindingElement> (); SslSecurityTokenParameters ssltp = sbe.ProtectionTokenParameters as SslSecurityTokenParameters; Assert.IsNotNull(ssltp, "#2-1"); Assert.AreEqual(true, ssltp.RequireCancellation, "#2-2"); Assert.AreEqual(false, ssltp.RequireClientCertificate, "#2-3"); b.Security.Message.ClientCredentialType = MessageCredentialType.UserName; sbe = b.CreateBindingElements().Find <SymmetricSecurityBindingElement> (); ssltp = sbe.ProtectionTokenParameters as SslSecurityTokenParameters; Assert.IsNotNull(ssltp, "#3-1"); // No NegotiateServiceCredential modes ... b.Security.Message.NegotiateServiceCredential = false; b.Security.Message.ClientCredentialType = MessageCredentialType.Windows; sbe = b.CreateBindingElements().Find <SymmetricSecurityBindingElement> (); KerberosSecurityTokenParameters ktp = sbe.ProtectionTokenParameters as KerberosSecurityTokenParameters; Assert.IsNotNull(ktp, "#4-1"); // no worthy of testing windows-only Kerberos stuff b.Security.Message.ClientCredentialType = MessageCredentialType.None; sbe = b.CreateBindingElements().Find <SymmetricSecurityBindingElement> (); X509SecurityTokenParameters x509tp = sbe.ProtectionTokenParameters as X509SecurityTokenParameters; Assert.IsNotNull(x509tp, "#5-1"); Assert.AreEqual(X509KeyIdentifierClauseType.Thumbprint, x509tp.X509ReferenceStyle, "#5-2"); Assert.AreEqual(SecurityTokenInclusionMode.Never, x509tp.InclusionMode, "#5-3"); b.Security.Message.ClientCredentialType = MessageCredentialType.Certificate; sbe = b.CreateBindingElements().Find <SymmetricSecurityBindingElement> (); Assert.AreEqual(1, sbe.EndpointSupportingTokenParameters.Endorsing.Count, "#6-0"); x509tp = sbe.EndpointSupportingTokenParameters.Endorsing [0] as X509SecurityTokenParameters; Assert.IsNotNull(x509tp, "#6-1"); Assert.AreEqual(X509KeyIdentifierClauseType.Thumbprint, x509tp.X509ReferenceStyle, "#6-2"); Assert.AreEqual(SecurityTokenInclusionMode.AlwaysToRecipient, x509tp.InclusionMode, "#6-3"); Assert.AreEqual(false, x509tp.RequireDerivedKeys, "#6-4"); x509tp = sbe.ProtectionTokenParameters as X509SecurityTokenParameters; Assert.IsNotNull(x509tp, "#7-1"); Assert.AreEqual(X509KeyIdentifierClauseType.Thumbprint, x509tp.X509ReferenceStyle, "#7-2"); Assert.AreEqual(SecurityTokenInclusionMode.Never, x509tp.InclusionMode, "#7-3"); Assert.AreEqual(true, x509tp.RequireDerivedKeys, "#7-4"); Assert.AreEqual(true, sbe.RequireSignatureConfirmation, "#8"); }