private SecurityBindingElement CreateSecurityBindingElement()
{
// Create an issued token parameters object.
IssuedSecurityTokenParameters issuedSecTok =
new IssuedSecurityTokenParameters();
// Create a security binding element with the parameter object.
SymmetricSecurityBindingElement secBindingEle =
SecurityBindingElement.CreateIssuedTokenBindingElement(issuedSecTok);
// Create a Kerberos token parameter object and set the inclusion
// mode to AlwaysToRecipient. Add the object as an endorsing token for
// all operations of the endpoint.
KerberosSecurityTokenParameters kstp = new KerberosSecurityTokenParameters();
kstp.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
secBindingEle.EndpointSupportingTokenParameters.Endorsing.Add(kstp);
// Create a username token parameter object and set its
// RequireDerivedKeys to false.
UserNameSecurityTokenParameters userNameParams =
new UserNameSecurityTokenParameters();
userNameParams.RequireDerivedKeys = false;
// Create a collection object for supporting tokens.
SupportingTokenParameters stp = new SupportingTokenParameters();
// Add the previously created supporting tokens.
stp.Endorsing.Add(issuedSecTok);
stp.SignedEncrypted.Add(userNameParams);
// Create a generic dictionary item, a KeyValuePair object
// that includes all supporting token parameters. Then add
// it to the dictionary for operation-scope supporting tokens.
KeyValuePair <string, SupportingTokenParameters> x =
new KeyValuePair <string, SupportingTokenParameters>("1", stp);
secBindingEle.OperationSupportingTokenParameters.Add(x);
// See all dictionary items for the supporting tokens.
Console.WriteLine("Reading Kevalue pairs");
foreach (KeyValuePair <string, SupportingTokenParameters> kvp
in secBindingEle.OperationSupportingTokenParameters)
{
Console.WriteLine("{0}: {1}", kvp.Key, kvp.Value);
}
Console.ReadLine();
return(secBindingEle);
}
//<snippet1>
private Binding CreateBinding()
{
BindingElementCollection bindings = new BindingElementCollection();
KerberosSecurityTokenParameters tokens = new KerberosSecurityTokenParameters();
SymmetricSecurityBindingElement security =
new SymmetricSecurityBindingElement(tokens);
// Require that every request and return be correlated.
security.RequireSignatureConfirmation = true;
bindings.Add(security);
TextMessageEncodingBindingElement encoding = new TextMessageEncodingBindingElement();
bindings.Add(encoding);
HttpTransportBindingElement transport = new HttpTransportBindingElement();
bindings.Add(transport);
CustomBinding myBinding = new CustomBinding(bindings);
return(myBinding);
}
public void MessageSecurityNoSecureConversation()
{
WSHttpBinding b = new WSHttpBinding();
b.Security.Message.EstablishSecurityContext = false;
SymmetricSecurityBindingElement sbe = b.CreateBindingElements().Find <SymmetricSecurityBindingElement> ();
Assert.IsNotNull(sbe, "#0");
Assert.AreEqual(
typeof(SspiSecurityTokenParameters),
sbe.ProtectionTokenParameters.GetType(), "#1");
// no worthy to check SSPI security as we never support it.
b.Security.Message.ClientCredentialType = MessageCredentialType.None;
sbe = b.CreateBindingElements().Find <SymmetricSecurityBindingElement> ();
SslSecurityTokenParameters ssltp =
sbe.ProtectionTokenParameters
as SslSecurityTokenParameters;
Assert.IsNotNull(ssltp, "#2-1");
Assert.AreEqual(true, ssltp.RequireCancellation, "#2-2");
Assert.AreEqual(false, ssltp.RequireClientCertificate, "#2-3");
b.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
sbe = b.CreateBindingElements().Find <SymmetricSecurityBindingElement> ();
ssltp = sbe.ProtectionTokenParameters as SslSecurityTokenParameters;
Assert.IsNotNull(ssltp, "#3-1");
// No NegotiateServiceCredential modes ...
b.Security.Message.NegotiateServiceCredential = false;
b.Security.Message.ClientCredentialType = MessageCredentialType.Windows;
sbe = b.CreateBindingElements().Find <SymmetricSecurityBindingElement> ();
KerberosSecurityTokenParameters ktp =
sbe.ProtectionTokenParameters
as KerberosSecurityTokenParameters;
Assert.IsNotNull(ktp, "#4-1");
// no worthy of testing windows-only Kerberos stuff
b.Security.Message.ClientCredentialType = MessageCredentialType.None;
sbe = b.CreateBindingElements().Find <SymmetricSecurityBindingElement> ();
X509SecurityTokenParameters x509tp =
sbe.ProtectionTokenParameters
as X509SecurityTokenParameters;
Assert.IsNotNull(x509tp, "#5-1");
Assert.AreEqual(X509KeyIdentifierClauseType.Thumbprint, x509tp.X509ReferenceStyle, "#5-2");
Assert.AreEqual(SecurityTokenInclusionMode.Never, x509tp.InclusionMode, "#5-3");
b.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
sbe = b.CreateBindingElements().Find <SymmetricSecurityBindingElement> ();
Assert.AreEqual(1, sbe.EndpointSupportingTokenParameters.Endorsing.Count, "#6-0");
x509tp = sbe.EndpointSupportingTokenParameters.Endorsing [0] as X509SecurityTokenParameters;
Assert.IsNotNull(x509tp, "#6-1");
Assert.AreEqual(X509KeyIdentifierClauseType.Thumbprint, x509tp.X509ReferenceStyle, "#6-2");
Assert.AreEqual(SecurityTokenInclusionMode.AlwaysToRecipient, x509tp.InclusionMode, "#6-3");
Assert.AreEqual(false, x509tp.RequireDerivedKeys, "#6-4");
x509tp = sbe.ProtectionTokenParameters as X509SecurityTokenParameters;
Assert.IsNotNull(x509tp, "#7-1");
Assert.AreEqual(X509KeyIdentifierClauseType.Thumbprint, x509tp.X509ReferenceStyle, "#7-2");
Assert.AreEqual(SecurityTokenInclusionMode.Never, x509tp.InclusionMode, "#7-3");
Assert.AreEqual(true, x509tp.RequireDerivedKeys, "#7-4");
Assert.AreEqual(true, sbe.RequireSignatureConfirmation, "#8");
}
