public static void Main() { ServiceHost host = new ServiceHost(typeof(Foo)); WSHttpBinding binding = new WSHttpBinding(); //binding.Security.Message.EstablishSecurityContext = false; binding.Security.Message.NegotiateServiceCredential = false; binding.Security.Message.ClientCredentialType = MessageCredentialType.IssuedToken; binding.ReceiveTimeout = TimeSpan.FromSeconds(5); host.AddServiceEndpoint("IFoo", binding, new Uri("http://localhost:8080")); ServiceCredentials cred = new ServiceCredentials(); cred.ServiceCertificate.Certificate = new X509Certificate2("test.pfx", "mono"); cred.IssuedTokenAuthentication.AllowUntrustedRsaIssuers = true; cred.IssuedTokenAuthentication.CertificateValidationMode = X509CertificateValidationMode.None; host.Description.Behaviors.Add(cred); host.Description.Behaviors.Find <ServiceDebugBehavior> () .IncludeExceptionDetailInFaults = true; ServiceMetadataBehavior smb = new ServiceMetadataBehavior(); smb.HttpGetEnabled = true; smb.HttpGetUrl = new Uri("http://localhost:8080/wsdl"); host.Description.Behaviors.Add(smb); host.Open(); Console.WriteLine("Hit [CR] key to close ..."); Console.ReadLine(); host.Close(); }
public static void Main () { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement (); sbe.ProtectionTokenParameters = new SslSecurityTokenParameters (); ServiceHost host = new ServiceHost (typeof (Foo)); HttpTransportBindingElement hbe = new HttpTransportBindingElement (); CustomBinding binding = new CustomBinding (sbe, hbe); binding.ReceiveTimeout = TimeSpan.FromSeconds (5); host.AddServiceEndpoint ("IFoo", binding, new Uri ("http://localhost:8080")); ServiceCredentials cred = new ServiceCredentials (); cred.SecureConversationAuthentication.SecurityStateEncoder = new MyEncoder (); cred.ServiceCertificate.Certificate = new X509Certificate2 ("test.pfx", "mono"); cred.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; host.Description.Behaviors.Add (cred); host.Description.Behaviors.Find<ServiceDebugBehavior> () .IncludeExceptionDetailInFaults = true; // foreach (ServiceEndpoint se in host.Description.Endpoints) // se.Behaviors.Add (new StdErrInspectionBehavior ()); ServiceMetadataBehavior smb = new ServiceMetadataBehavior (); smb.HttpGetEnabled = true; smb.HttpGetUrl = new Uri ("http://localhost:8080/wsdl"); host.Description.Behaviors.Add (smb); host.Open (); Console.WriteLine ("Hit [CR] key to close ..."); Console.ReadLine (); host.Close (); }
protected override bool Unbind(ServiceCredentials credentials) { if (credentials == null) { return(false); } Logger.Debug(Strings.SqlNodeUnbindServiceDebugMessage, credentials.SerializeToJson()); string user = credentials.User; string databaseName = credentials.Name; using (SqlConnection databaseConnection = new SqlConnection(this.ConnectionString)) { databaseConnection.Open(); databaseConnection.ChangeDatabase(databaseName); using (SqlCommand cmdUserExists = new SqlCommand(string.Format(CultureInfo.InvariantCulture, "select count(*) from sys.sysusers where name=N'{0}'", user), databaseConnection)) { int userCount = (int)cmdUserExists.ExecuteScalar(); if (userCount != 1) { throw new MSSqlErrorException(MSSqlErrorException.MSSqlCredentialsNotFound, user); } } } this.DeleteDatabaseUser(user); return(true); }
public static SslStreamSecurityUpgradeProvider CreateServerProvider( SslStreamSecurityBindingElement bindingElement, BindingContext context) { SecurityCredentialsManager credentialProvider = context.BindingParameters.Find <SecurityCredentialsManager>(); if (credentialProvider == null) { credentialProvider = ServiceCredentials.CreateDefaultCredentials(); } Uri listenUri = TransportSecurityHelpers.GetListenUri(context.ListenUriBaseAddress, context.ListenUriRelativeAddress); SecurityTokenManager tokenManager = credentialProvider.CreateSecurityTokenManager(); RecipientServiceModelSecurityTokenRequirement serverCertRequirement = new RecipientServiceModelSecurityTokenRequirement(); serverCertRequirement.TokenType = SecurityTokenTypes.X509Certificate; serverCertRequirement.RequireCryptographicToken = true; serverCertRequirement.KeyUsage = SecurityKeyUsage.Exchange; serverCertRequirement.TransportScheme = context.Binding.Scheme; serverCertRequirement.ListenUri = listenUri; SecurityTokenProvider tokenProvider = tokenManager.CreateSecurityTokenProvider(serverCertRequirement); if (tokenProvider == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.Format(SR.ClientCredentialsUnableToCreateLocalTokenProvider, serverCertRequirement))); } SecurityTokenAuthenticator certificateAuthenticator = TransportSecurityHelpers.GetCertificateTokenAuthenticator(tokenManager, context.Binding.Scheme, listenUri); return(new SslStreamSecurityUpgradeProvider(context.Binding, tokenProvider, bindingElement.RequireClientCertificate, certificateAuthenticator, context.Binding.Scheme, bindingElement.IdentityVerifier, bindingElement.SslProtocols)); }
BuildChannelListenerCore <TChannel> ( BindingContext context) { if (InitiatorTokenParameters == null) { throw new InvalidOperationException("InitiatorTokenParameters must be set before building channel factory."); } if (RecipientTokenParameters == null) { throw new InvalidOperationException("RecipientTokenParameters must be set before building channel factory."); } SetIssuerBindingContextIfRequired(InitiatorTokenParameters, context); SetIssuerBindingContextIfRequired(RecipientTokenParameters, context); ServiceCredentials cred = context.BindingParameters.Find <ServiceCredentials> (); if (cred == null) { // it happens when there is no ChannelFactory<T>. cred = new ServiceCredentials(); } ServiceCredentialsSecurityTokenManager manager = (ServiceCredentialsSecurityTokenManager)cred.CreateSecurityTokenManager(); ChannelProtectionRequirements requirements = context.BindingParameters.Find <ChannelProtectionRequirements> (); return(new SecurityChannelListener <TChannel> ( context.BuildInnerChannelListener <TChannel> (), new RecipientMessageSecurityBindingSupport(GetCapabilities(), manager, requirements))); }
/// <summary> /// Initializes a new instance of the DuplexFrontEnd class /// </summary> /// <param name="listenUri">uri the frontend listen to</param> /// <param name="binding">binding that the frontend uses</param> /// <param name="observer">indicating the broker observer</param> /// <param name="clientManager">indicating the client manager</param> /// <param name="brokerAuth">indicating the broker authorization</param> /// <param name="sharedData">indicating the shared data</param> public DuplexFrontEnd(Uri listenUri, Binding binding, BrokerObserver observer, BrokerClientManager clientManager, BrokerAuthorization brokerAuth, SharedData sharedData) : base(listenUri.AbsoluteUri, observer, clientManager, brokerAuth, sharedData) { this.binding = binding; if (sharedData.StartInfo.UseAad) { BindingParameterCollection bindingParms = new BindingParameterCollection(); var serviceCred = new ServiceCredentials(); serviceCred.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, new NonHARegistry().GetSSLThumbprint().GetAwaiter().GetResult()); bindingParms.Add(serviceCred); this.listener = binding.BuildChannelListener <IDuplexSessionChannel>(listenUri, bindingParms); } else if (sharedData.StartInfo.LocalUser.GetValueOrDefault()) { this.listener = binding.BuildChannelListener <IDuplexSessionChannel>(listenUri, new ServiceCredentials().UseInternalAuthenticationAsync(true).GetAwaiter().GetResult()); } else { this.listener = binding.BuildChannelListener <IDuplexSessionChannel>(listenUri); } this.acceptChannel = new BasicCallbackReferencedThreadHelper <IAsyncResult>(this.AcceptChannel, this).CallbackRoot; this.receiveRequest = new BasicCallbackReferencedThreadHelper <IAsyncResult>(this.ReceiveRequest, this).CallbackRoot; }
private void InitializeSecurityTokenAuthenticator() { ServiceCredentials credentialProvider = this.credentialProvider as ServiceCredentials; if (credentialProvider != null) { this.extractGroupsForWindowsAccounts = (this.AuthenticationScheme == AuthenticationSchemes.Basic) ? credentialProvider.UserNameAuthentication.IncludeWindowsGroups : credentialProvider.WindowsAuthentication.IncludeWindowsGroups; if (credentialProvider.UserNameAuthentication.UserNamePasswordValidationMode == UserNamePasswordValidationMode.Custom) { this.userNameTokenAuthenticator = new CustomUserNameSecurityTokenAuthenticator(credentialProvider.UserNameAuthentication.GetUserNamePasswordValidator()); } else if (credentialProvider.UserNameAuthentication.CacheLogonTokens) { this.userNameTokenAuthenticator = new WindowsUserNameCachingSecurityTokenAuthenticator(this.extractGroupsForWindowsAccounts, credentialProvider.UserNameAuthentication.MaxCachedLogonTokens, credentialProvider.UserNameAuthentication.CachedLogonTokenLifetime); } else { this.userNameTokenAuthenticator = new WindowsUserNameSecurityTokenAuthenticator(this.extractGroupsForWindowsAccounts); } } else { this.extractGroupsForWindowsAccounts = true; this.userNameTokenAuthenticator = new WindowsUserNameSecurityTokenAuthenticator(this.extractGroupsForWindowsAccounts); } this.windowsTokenAuthenticator = new WindowsSecurityTokenAuthenticator(this.extractGroupsForWindowsAccounts); }
public WindowsStreamSecurityUpgradeProvider(WindowsStreamSecurityBindingElement bindingElement, BindingContext context, bool isClient) : base(context.Binding) { this.extractGroupsForWindowsAccounts = TransportDefaults.ExtractGroupsForWindowsAccounts; this.protectionLevel = bindingElement.ProtectionLevel; this.scheme = context.Binding.Scheme; this.isClient = isClient; this.listenUri = TransportSecurityHelpers.GetListenUri(context.ListenUriBaseAddress, context.ListenUriRelativeAddress); SecurityCredentialsManager credentialProvider = context.BindingParameters.Find <SecurityCredentialsManager>(); if (credentialProvider == null) { if (isClient) { credentialProvider = ClientCredentials.CreateDefaultCredentials(); } else { credentialProvider = ServiceCredentials.CreateDefaultCredentials(); } } this.securityTokenManager = credentialProvider.CreateSecurityTokenManager(); }
public void HttpSelfHostConfiguration_UserNamePasswordValidator_PropagatesToBinding( string address, HttpBindingSecurityMode mode ) { // Arrange HttpBinding binding = new HttpBinding(); UserNamePasswordValidator validator = new Mock <UserNamePasswordValidator>().Object; HttpSelfHostConfiguration config = new HttpSelfHostConfiguration(address) { UserNamePasswordValidator = validator }; // Act BindingParameterCollection parameters = config.ConfigureBinding(binding); // Assert Assert.NotNull(parameters); ServiceCredentials serviceCredentials = parameters.Find <ServiceCredentials>(); Assert.NotNull(serviceCredentials); Assert.Equal( HttpClientCredentialType.Basic, binding.Security.Transport.ClientCredentialType ); Assert.Equal(mode, binding.Security.Mode); }
public static void Main() { var baseAddress = new Uri("https://localhost:8080/SelfHostedUsernamePasswordService"); using (var host = new ServiceHost(typeof(SelfHostedUsernamePasswordService), baseAddress)) { var binding = new BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential); binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate; binding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName; var endpoint = host.AddServiceEndpoint(typeof(ISelfHostedUsernamePasswordService), binding, baseAddress); var cf = new ChannelFactory <ISelfHostedUsernamePasswordService>(binding, endpoint.Address); cf.Credentials.ClientCertificate.SetCertificate( StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, "0000000000000000000000000000000000000000"); var credentialBehavior = new ServiceCredentials(); credentialBehavior.UserNameAuthentication.CustomUserNamePasswordValidator = new UsernamePasswordValidator(); credentialBehavior.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom; credentialBehavior.IssuedTokenAuthentication.AllowUntrustedRsaIssuers = true; host.Description.Behaviors.Add(credentialBehavior); var metadataBehavior = new ServiceMetadataBehavior(); metadataBehavior.HttpsGetEnabled = true; metadataBehavior.MetadataExporter.PolicyVersion = PolicyVersion.Policy15; host.Description.Behaviors.Add(metadataBehavior); host.Open(); Console.WriteLine("The service is ready at {0}", baseAddress); Console.WriteLine("Press <Enter> to stop the service."); Console.ReadLine(); host.Close(); } }
/// <summary> /// 授权方法添加 /// </summary> /// <param name="description"></param> private void AddAuthorizateBehaviors(ServiceDescription description) { var serviceCredentials = description.Behaviors.Find <ServiceCredentials>(); if (serviceCredentials == null) { serviceCredentials = new ServiceCredentials(); description.Behaviors.Add(serviceCredentials); } serviceCredentials.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom; serviceCredentials.UserNameAuthentication.CustomUserNamePasswordValidator = new UserNamePasswordCustomValidator(_authorizationService); /* * //使用测试实现安全验证 * var serviceAuthorization = description.Behaviors.Find<ServiceAuthorizationBehavior>(); * if (serviceAuthorization == null) * { * serviceAuthorization = new ServiceAuthorizationBehavior(); * description.Behaviors.Add(serviceAuthorization); * } * serviceAuthorization.PrincipalPermissionMode = PrincipalPermissionMode.Custom; * serviceAuthorization.ServiceAuthorizationManager = new AuthorizationManager(); * //添加策略 */ }
/// <summary> /// Override of the base class method. Substitues WCF IAuthorizationPolicy with /// <see cref="System.IdentityModel.Tokens.AuthorizationPolicy"/>. /// </summary> /// <param name="operationContext">Current OperationContext that contains all the IAuthorizationPolicies.</param> /// <returns>Read-Only collection of <see cref="IAuthorizationPolicy"/> </returns> protected override ReadOnlyCollection <IAuthorizationPolicy> GetAuthorizationPolicies(OperationContext operationContext) { // // Make sure we always return at least one claims identity, if there are no auth policies // that contain any identities, then return an anonymous identity wrapped in an authorization policy. // // If we do not, then Thread.CurrentPrincipal may end up being null inside service operations after the // authorization polices are evaluated since ServiceCredentials.ConfigureServiceHost will // turn the PrincipalPermissionMode knob to Custom. // ReadOnlyCollection <IAuthorizationPolicy> baseAuthorizationPolicies = base.GetAuthorizationPolicies(operationContext); if (baseAuthorizationPolicies == null) { return(AnonymousAuthorizationPolicy); } else { ServiceCredentials sc = GetServiceCredentials(); AuthorizationPolicy transformedPolicy = TransformAuthorizationPolicies(baseAuthorizationPolicies, sc.IdentityConfiguration.SecurityTokenHandlers, true); if (transformedPolicy == null || transformedPolicy.IdentityCollection.Count == 0) { return(AnonymousAuthorizationPolicy); } return((new List <IAuthorizationPolicy>() { transformedPolicy }).AsReadOnly()); } }
public static void Main() { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement(); sbe.ProtectionTokenParameters = new SspiSecurityTokenParameters(); ServiceHost host = new ServiceHost(typeof(Foo)); HttpTransportBindingElement hbe = new HttpTransportBindingElement(); CustomBinding binding = new CustomBinding(sbe, hbe); binding.ReceiveTimeout = TimeSpan.FromSeconds(5); host.AddServiceEndpoint("IFoo", binding, new Uri("http://localhost:8080")); ServiceCredentials cred = new ServiceCredentials(); cred.SecureConversationAuthentication.SecurityStateEncoder = new MyEncoder(); host.Description.Behaviors.Add(cred); host.Description.Behaviors.Find <ServiceDebugBehavior> () .IncludeExceptionDetailInFaults = true; /* * ServiceMetadataBehavior smb = new ServiceMetadataBehavior (); * smb.HttpGetEnabled = true; * smb.HttpGetUrl = new Uri ("http://localhost:8080/wsdl"); * host.Description.Behaviors.Add (smb); */ host.Open(); Console.WriteLine("Hit [CR] key to close ..."); Console.ReadLine(); host.Close(); }
public static void Main () { ServiceHost host = new ServiceHost (typeof (Foo)); WSHttpBinding binding = new WSHttpBinding (); binding.Security.Message.EstablishSecurityContext = false; binding.Security.Message.NegotiateServiceCredential = false; binding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate; binding.ReceiveTimeout = TimeSpan.FromSeconds (5); host.AddServiceEndpoint ("IFoo", binding, new Uri ("http://localhost:8080")); ServiceCredentials cred = new ServiceCredentials (); cred.ServiceCertificate.Certificate = new X509Certificate2 ("test.pfx", "mono"); cred.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; host.Description.Behaviors.Add (cred); host.Description.Behaviors.Find<ServiceDebugBehavior> () .IncludeExceptionDetailInFaults = true; foreach (ServiceEndpoint se in host.Description.Endpoints) se.Behaviors.Add (new StdErrInspectionBehavior ()); ServiceMetadataBehavior smb = new ServiceMetadataBehavior (); smb.HttpGetEnabled = true; smb.HttpGetUrl = new Uri ("http://localhost:8080/wsdl"); host.Description.Behaviors.Add (smb); host.Open (); Console.WriteLine ("Hit [CR] key to close ..."); Console.ReadLine (); host.Close (); }
protected override void OnOpened() { if (this.Description != null) { ServiceCredentials credentials = this.description.Behaviors.Find <ServiceCredentials>(); if (credentials != null) { ServiceCredentials credentials2 = credentials.Clone(); credentials2.MakeReadOnly(); this.readOnlyCredentials = credentials2; } ServiceAuthorizationBehavior behavior = this.description.Behaviors.Find <ServiceAuthorizationBehavior>(); if (behavior != null) { ServiceAuthorizationBehavior behavior2 = behavior.Clone(); behavior2.MakeReadOnly(); this.readOnlyAuthorization = behavior2; } ServiceAuthenticationBehavior behavior3 = this.description.Behaviors.Find <ServiceAuthenticationBehavior>(); if (behavior3 != null) { ServiceAuthenticationBehavior behavior4 = behavior3.Clone(); behavior3.MakeReadOnly(); this.readOnlyAuthentication = behavior4; } if (ManagementExtension.IsEnabled) { ManagementExtension.OnServiceOpened(this); } } base.OnOpened(); }
public HttpsChannelListener(HttpsTransportBindingElement httpsBindingElement, BindingContext context) : base(httpsBindingElement, context) { this.requireClientCertificate = httpsBindingElement.RequireClientCertificate; SecurityCredentialsManager manager = context.BindingParameters.Find <SecurityCredentialsManager>(); if (manager == null) { manager = ServiceCredentials.CreateDefaultCredentials(); } SecurityTokenManager tokenManager = manager.CreateSecurityTokenManager(); this.certificateAuthenticator = TransportSecurityHelpers.GetCertificateTokenAuthenticator(tokenManager, context.Binding.Scheme, TransportSecurityHelpers.GetListenUri(context.ListenUriBaseAddress, context.ListenUriRelativeAddress)); ServiceCredentials credentials = manager as ServiceCredentials; if ((credentials != null) && (credentials.ClientCertificate.Authentication.CertificateValidationMode == X509CertificateValidationMode.Custom)) { this.useCustomClientCertificateVerification = true; } else { this.useCustomClientCertificateVerification = false; X509SecurityTokenAuthenticator certificateAuthenticator = this.certificateAuthenticator as X509SecurityTokenAuthenticator; if (certificateAuthenticator != null) { this.certificateAuthenticator = new X509SecurityTokenAuthenticator(X509CertificateValidator.None, certificateAuthenticator.MapCertificateToWindowsAccount, base.ExtractGroupsForWindowsAccounts, false); } } if (this.RequireClientCertificate && (base.AuthenticationScheme != AuthenticationSchemes.Anonymous)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new InvalidOperationException(System.ServiceModel.SR.GetString("HttpAuthSchemeAndClientCert", new object[] { base.AuthenticationScheme })), TraceEventType.Error); } this.channelBindingProvider = new ChannelBindingProviderHelper(); }
override protected void InitializeRuntime() { // Extract the ServiceCredentials behavior or create one. ServiceCredentials serviceCredentials = this.Description.Behaviors.Find <ServiceCredentials>(); if (serviceCredentials == null) { serviceCredentials = new ServiceCredentials(); this.Description.Behaviors.Add(serviceCredentials); } // Set the service certificate. serviceCredentials.ServiceCertificate.SetCertificate("CN=localhost"); /* * Setting the CertificateValidationMode to PeerOrChainTrust means that if the certificate * is in the Trusted People store, then it is trusted without performing a * validation of the certificate's issuer chain. This setting is used here for convenience so that the * sample can be run without having to have certificates issued by a certificate authority (CA). * This setting is less secure than the default, ChainTrust. The security implications of this * setting should be carefully considered before using PeerOrChainTrust in production code. */ serviceCredentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.PeerOrChainTrust; // Create the custom binding and add an endpoint to the service. Binding multipleTokensBinding = BindingHelper.CreateMultiFactorAuthenticationBinding(); this.AddServiceEndpoint(typeof(IEchoService), multipleTokensBinding, string.Empty); base.InitializeRuntime(); }
protected override IChannelListener <TChannel> BuildChannelListenerCore <TChannel>(BindingContext context) { bool requireDemuxer = RequiresChannelDemuxer(); ChannelBuilder channelBuilder = new ChannelBuilder(context, requireDemuxer); if (requireDemuxer) { ApplyPropertiesOnDemuxer(channelBuilder, context); } BindingContext issuerBindingContext = context.Clone(); SecurityChannelListener <TChannel> channelListener = new SecurityChannelListener <TChannel>(this, context); SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>(); if (credentialsManager == null) { credentialsManager = ServiceCredentials.CreateDefaultCredentials(); } SecurityProtocolFactory protocolFactory = this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, true, issuerBindingContext); channelListener.SecurityProtocolFactory = protocolFactory; channelListener.InitializeListener(channelBuilder); return(channelListener); }
protected internal override object CreateBehavior() { var sb = new ServiceCredentials(); ApplyConfiguration(sb); return(sb); }
static PeerSecurityCredentialsManager GetCredentialsManager(PeerAuthenticationMode mode, bool signing, BindingContext context) { if (mode == PeerAuthenticationMode.None && !signing) { return(null); } ClientCredentials clientCredentials = context.BindingParameters.Find <ClientCredentials>(); if (clientCredentials != null) { return(new PeerSecurityCredentialsManager(clientCredentials.Peer, mode, signing)); } ServiceCredentials serviceCredentials = context.BindingParameters.Find <ServiceCredentials>(); if (serviceCredentials != null) { return(new PeerSecurityCredentialsManager(serviceCredentials.Peer, mode, signing)); } SecurityCredentialsManager credman = context.BindingParameters.Find <SecurityCredentialsManager>(); if (credman == null) { PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.Credentials); } return(new PeerSecurityCredentialsManager(credman.CreateSecurityTokenManager(), mode, signing)); }
public static void Main() { ServiceHost host = new ServiceHost(typeof(Foo)); WSHttpBinding binding = new WSHttpBinding(); binding.Security.Message.EstablishSecurityContext = false; binding.Security.Message.NegotiateServiceCredential = false; binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName; binding.ReceiveTimeout = TimeSpan.FromSeconds(5); host.AddServiceEndpoint("IFoo", binding, new Uri("http://localhost:8080")); host.Description.Behaviors.Find <ServiceDebugBehavior> ().IncludeExceptionDetailInFaults = true; ServiceCredentials cred = new ServiceCredentials(); cred.ServiceCertificate.Certificate = new X509Certificate2("test.pfx", "mono"); cred.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom; cred.UserNameAuthentication.CustomUserNamePasswordValidator = new GodUserNamePasswordValidator(); host.Description.Behaviors.Add(cred); foreach (ServiceEndpoint se in host.Description.Endpoints) { se.Behaviors.Add(new StdErrInspectionBehavior()); } host.Open(); Console.WriteLine("Hit [CR] key to close ..."); Console.ReadLine(); host.Close(); }
/// <summary> /// Creates the service host. /// </summary> /// <param name="t">The t.</param> /// <param name="baseAddresses">The base addresses.</param> /// <returns>ServiceHost.</returns> protected override ServiceHost CreateServiceHost(Type t, Uri[] baseAddresses) { var serviceHost = new ServiceHost(t, baseAddresses); serviceHost.PrintHostInfo(); var bnd = BindingFactory.CreateBindingFromKey(BindingFactory.Key.CustomValidationBasicHttpBindingTransportAndMessage); serviceHost.AddServiceEndpoint(typeof(IAuthentication), bnd, ""); var scb = new ServiceCredentials(); scb.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom; scb.UserNameAuthentication.CustomUserNamePasswordValidator = new Authentications(); scb.ServiceCertificate.SetCertificate(CertificateHelper.GetStoreLocation(), CertificateHelper.GetStoreName(), X509FindType.FindBySubjectName, CertificateHelper.GetCertificateSubject()); serviceHost.Description.Behaviors.Add(scb); serviceHost.MakeAnnouncingService(); serviceHost.PrintListeningEndpoints(); return(serviceHost); }
public void Start() { // auth var serviceCredentials = new ServiceCredentials(); serviceCredentials.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom; serviceCredentials.UserNameAuthentication.CustomUserNamePasswordValidator = new ServiceAuthenticator(); servidor.Description.Behaviors.Add(serviceCredentials); // bind var binding = new BasicHttpBinding(); binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic; binding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly; servidor.AddServiceEndpoint( typeof(IProdutoService), binding, "Produto.svc" ); // mex servidor.Description.Behaviors.Add(new ServiceMetadataBehavior()); servidor.AddServiceEndpoint( typeof(IMetadataExchange), MetadataExchangeBindings.CreateMexHttpBinding(), "mex" ); servidor.Open(); }
private void Snippet6And7() { //<snippet6> ServiceHost myServiceHost = new ServiceHost(typeof(CalculatorService)); // Specify client credentials validation on the service. ServiceCredentials myServiceCredentials = myServiceHost.Description.Behaviors.Find <ServiceCredentials>(); // The CurrentUser property of the StoreLocation class is a static method. myServiceCredentials.ClientCertificate.Authentication.TrustedStoreLocation = StoreLocation.CurrentUser; //</snippet6> //<snippet7> WSHttpBinding binding = new WSHttpBinding(); binding.Security.Mode = SecurityMode.Message; binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName; binding.Security.Message.NegotiateServiceCredential = false; CalculatorClient CalculatorClient = new CalculatorClient("myBinding"); CalculatorClient.ClientCredentials.ServiceCertificate. SetDefaultCertificate("Al", StoreLocation.CurrentUser, StoreName.My); //</snippet7> }
public static SslStreamSecurityUpgradeProvider CreateServerProvider(SslStreamSecurityBindingElement bindingElement, BindingContext context) { SecurityCredentialsManager manager = context.BindingParameters.Find <SecurityCredentialsManager>(); if (manager == null) { manager = ServiceCredentials.CreateDefaultCredentials(); } Uri listenUri = TransportSecurityHelpers.GetListenUri(context.ListenUriBaseAddress, context.ListenUriRelativeAddress); SecurityTokenManager tokenManager = manager.CreateSecurityTokenManager(); RecipientServiceModelSecurityTokenRequirement tokenRequirement = new RecipientServiceModelSecurityTokenRequirement { TokenType = SecurityTokenTypes.X509Certificate, RequireCryptographicToken = true, KeyUsage = SecurityKeyUsage.Exchange, TransportScheme = context.Binding.Scheme, ListenUri = listenUri }; SecurityTokenProvider serverTokenProvider = tokenManager.CreateSecurityTokenProvider(tokenRequirement); if (serverTokenProvider == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("ClientCredentialsUnableToCreateLocalTokenProvider", new object[] { tokenRequirement }))); } return(new SslStreamSecurityUpgradeProvider(context.Binding, serverTokenProvider, bindingElement.RequireClientCertificate, TransportSecurityHelpers.GetCertificateTokenAuthenticator(tokenManager, context.Binding.Scheme, listenUri), context.Binding.Scheme, bindingElement.IdentityVerifier)); }
public void SecureConversationAuthentication() { SecureConversationServiceCredential sc = new ServiceCredentials().SecureConversationAuthentication; Assert.AreEqual(5, sc.SecurityContextClaimTypes.Count, "#1"); Collection <Type> types = new Collection <Type> (new Type [] { typeof(SamlAuthorizationDecisionClaimResource), typeof(SamlAuthenticationClaimResource), typeof(SamlAccessDecision), typeof(SamlAuthorityBinding), typeof(SamlNameIdentifierClaimResource) }); foreach (Type type in sc.SecurityContextClaimTypes) { if (!types.Contains(type)) { Assert.Fail(type.ToString()); } } DataProtectionSecurityStateEncoder sse = sc.SecurityStateEncoder as DataProtectionSecurityStateEncoder; Assert.IsNotNull(sse, "#2-1"); Assert.IsTrue(sse.UseCurrentUserProtectionScope, "#2-2"); }
public void CheckDuplicateAuthenticatorTypesService() { SymmetricSecurityBindingElement be = new SymmetricSecurityBindingElement(); be.ProtectionTokenParameters = new X509SecurityTokenParameters(); be.EndpointSupportingTokenParameters.Endorsing.Add( new X509SecurityTokenParameters()); // This causes multiple supporting token authenticator // of the same type. be.OptionalEndpointSupportingTokenParameters.Endorsing.Add( new X509SecurityTokenParameters()); Binding b = new CustomBinding(be, new HttpTransportBindingElement()); ServiceCredentials cred = new ServiceCredentials(); cred.ServiceCertificate.Certificate = new X509Certificate2(TestResourceHelper.GetFullPathOfResource("Test/Resources/test.pfx"), "mono"); IChannelListener <IReplyChannel> ch = b.BuildChannelListener <IReplyChannel> (new Uri("http://localhost:" + NetworkHelpers.FindFreePort()), cred); try { ch.Open(); } finally { if (ch.State == CommunicationState.Closed) { ch.Close(); } } }
public void ClientAcceptUpgrade() { ServiceCredentials cred = new ServiceCredentials(); X509Certificate2 cert = new X509Certificate2("Test/Resources/test.cer"); cred.ServiceCertificate.Certificate = cert; X509CertificateEndpointIdentity ident = new X509CertificateEndpointIdentity(cert); StreamSecurityUpgradeProvider p = CreateClientProvider(cred, ident); p.Open(); try { StreamSecurityUpgradeAcceptor a = p.CreateUpgradeAcceptor() as StreamSecurityUpgradeAcceptor; Assert.IsNotNull(a, "#1"); SecurityMessageProperty prop = a.GetRemoteSecurity(); Assert.IsNull(prop, "#2"); // hmm Stream s = a.AcceptUpgrade(new MemoryStream(new byte [] { 1, 2, 3, 4, 5 })); } finally { p.Close(); } }
static void DemanAspNetProvidersPermissions(ServiceHost host) { bool demand = false; foreach (IServiceBehavior behavior in host.Description.Behaviors) { if (behavior is ServiceCredentials) { ServiceCredentials credentialsBehavior = behavior as ServiceCredentials; if (credentialsBehavior.UserNameAuthentication.UserNamePasswordValidationMode == UserNamePasswordValidationMode.MembershipProvider) { demand = true; break; } } if (behavior is ServiceAuthorizationBehavior) { ServiceAuthorizationBehavior serviceAuthorization = behavior as ServiceAuthorizationBehavior; if (serviceAuthorization.PrincipalPermissionMode == PrincipalPermissionMode.UseAspNetRoles && Roles.Enabled) { demand = true; break; } } } if (demand) { IPermission permission = new AspNetHostingPermission(AspNetHostingPermissionLevel.Minimal); permission.Demand(); } }
public void RejectInclusionModeNever() { AsymmetricSecurityBindingElement sbe = new AsymmetricSecurityBindingElement(); sbe.InitiatorTokenParameters = sbe.RecipientTokenParameters = new X509SecurityTokenParameters( X509KeyIdentifierClauseType.Thumbprint, // this leads to the failure. SecurityTokenInclusionMode.Never); ServiceHost host = new ServiceHost(typeof(Foo)); HttpTransportBindingElement hbe = new HttpTransportBindingElement(); CustomBinding binding = new CustomBinding(sbe, hbe); host.AddServiceEndpoint(typeof(IFoo), binding, new Uri("http://localhost:37564")); ServiceCredentials cred = new ServiceCredentials(); cred.ServiceCertificate.Certificate = new X509Certificate2("Test/Resources/test.pfx", "mono"); cred.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; host.Description.Behaviors.Add(cred); try { host.Open(); } finally { if (host.State == CommunicationState.Opened) { host.Close(); } } }
public WindowsStreamSecurityUpgradeProvider(WindowsStreamSecurityBindingElement bindingElement, BindingContext context, bool isClient) : base(context.Binding) { ExtractGroupsForWindowsAccounts = TransportDefaults.ExtractGroupsForWindowsAccounts; ProtectionLevel = bindingElement.ProtectionLevel; Scheme = context.Binding.Scheme; _isClient = isClient; _listenUri = TransportSecurityHelpers.GetListenUri(context.ListenUriBaseAddress, context.ListenUriRelativeAddress); SecurityCredentialsManager credentialProvider = context.BindingParameters.Find <SecurityCredentialsManager>(); if (credentialProvider == null) { //if (isClient) //{ // credentialProvider = ClientCredentials.CreateDefaultCredentials(); //} //else //{ credentialProvider = new ServiceCredentials(); //ServiceCredentials.CreateDefaultCredentials(); //} } if (credentialProvider is ServiceCredentials) { ServiceCredentials serviceCred = (ServiceCredentials)credentialProvider; LdapSettings = serviceCred.WindowsAuthentication.LdapSetting; } _securityTokenManager = credentialProvider.CreateSecurityTokenManager(); }
public ServiceCredentialsSecurityTokenManager(ServiceCredentials parent) { if (parent == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(parent)); } this.parent = parent; }
public static void Main () { AsymmetricSecurityBindingElement sbe = new AsymmetricSecurityBindingElement (); //sbe.SecurityHeaderLayout = SecurityHeaderLayout.Lax; //sbe.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11; //sbe.RequireSignatureConfirmation = true; //sbe.LocalServiceSettings.DetectReplays = false; //sbe.IncludeTimestamp = false; sbe.RecipientTokenParameters = new X509SecurityTokenParameters (X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.Never); sbe.InitiatorTokenParameters = new X509SecurityTokenParameters (X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.AlwaysToRecipient); X509SecurityTokenParameters p = new X509SecurityTokenParameters (X509KeyIdentifierClauseType.IssuerSerial, SecurityTokenInclusionMode.AlwaysToRecipient); p.RequireDerivedKeys = false; //sbe.EndpointSupportingTokenParameters.Endorsing.Add (p); UserNameSecurityTokenParameters up = new UserNameSecurityTokenParameters (); sbe.EndpointSupportingTokenParameters.Signed.Add (up); sbe.SetKeyDerivation (false); sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; ServiceHost host = new ServiceHost (typeof (Foo)); HttpTransportBindingElement hbe = new HttpTransportBindingElement (); CustomBinding binding = new CustomBinding (sbe, hbe); binding.ReceiveTimeout = TimeSpan.FromSeconds (5); host.AddServiceEndpoint ("IFoo", binding, new Uri ("http://localhost:8080")); ServiceCredentials cred = new ServiceCredentials (); cred.ServiceCertificate.Certificate = new X509Certificate2 ("test.pfx", "mono"); cred.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; cred.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom; cred.UserNameAuthentication.CustomUserNamePasswordValidator = UserNamePasswordValidator.None; host.Description.Behaviors.Add (cred); host.Description.Behaviors.Find<ServiceDebugBehavior> () .IncludeExceptionDetailInFaults = true; foreach (ServiceEndpoint se in host.Description.Endpoints) se.Behaviors.Add (new StdErrInspectionBehavior ()); ServiceMetadataBehavior smb = new ServiceMetadataBehavior (); smb.HttpGetEnabled = true; smb.HttpGetUrl = new Uri ("http://localhost:8080/wsdl"); host.Description.Behaviors.Add (smb); host.Open (); Console.WriteLine ("Hit [CR] key to close ..."); Console.ReadLine (); host.Close (); }
public static void Main () { ServiceHost host = new MyHost (typeof (Foo)); var sc = new ServiceCredentials (); sc.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom; sc.UserNameAuthentication.CustomUserNamePasswordValidator = UserNamePasswordValidator.None; host.Description.Behaviors.Add (sc); var binding = new BasicHttpBinding (); binding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly; binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic; binding.ReceiveTimeout = TimeSpan.FromSeconds (5); host.AddServiceEndpoint ("IFoo", binding, new Uri ("http://localhost:8080")); host.Open (); Console.WriteLine ("Hit [CR] key to close ..."); Console.ReadLine (); host.Close (); }
public static void Main () { Console.WriteLine ("WARNING!! This test is not configured enought to work fine on .NET either."); SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement (); sbe.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10; sbe.RequireSignatureConfirmation = true; //sbe.IncludeTimestamp = false; sbe.ProtectionTokenParameters = new X509SecurityTokenParameters (X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.Never); X509SecurityTokenParameters p = new X509SecurityTokenParameters (X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.AlwaysToRecipient); p.RequireDerivedKeys = false; sbe.EndpointSupportingTokenParameters.Endorsing.Add (p); //sbe.SetKeyDerivation (false); //sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; ServiceHost host = new ServiceHost (typeof (Foo)); var mbe = new BinaryMessageEncodingBindingElement (); var tbe = new TcpTransportBindingElement (); CustomBinding binding = new CustomBinding (sbe, mbe, tbe); binding.ReceiveTimeout = TimeSpan.FromSeconds (5); host.AddServiceEndpoint ("IFoo", binding, new Uri ("http://localhost:8080")); ServiceCredentials cred = new ServiceCredentials (); cred.ServiceCertificate.Certificate = new X509Certificate2 ("test.pfx", "mono"); cred.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; host.Description.Behaviors.Add (cred); host.Description.Behaviors.Find<ServiceDebugBehavior> () .IncludeExceptionDetailInFaults = true; ServiceMetadataBehavior smb = new ServiceMetadataBehavior (); smb.HttpGetEnabled = true; smb.HttpGetUrl = new Uri ("http://localhost:8080/wsdl"); host.Description.Behaviors.Add (smb); host.Open (); Console.WriteLine ("Hit [CR] key to close ..."); Console.ReadLine (); host.Close (); }
public static void Main () { ServiceHost host = new ServiceHost (typeof (Foo)); var binding = new NetTcpBinding (); binding.Security.Mode = SecurityMode.Message; binding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate; binding.ReceiveTimeout = TimeSpan.FromSeconds (5); host.AddServiceEndpoint ("IFoo", binding, new Uri ("net.tcp://localhost:8080")); ServiceCredentials cred = new ServiceCredentials (); cred.ServiceCertificate.Certificate = new X509Certificate2 ("test.pfx", "mono"); cred.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; host.Description.Behaviors.Add (cred); host.Description.Behaviors.Find<ServiceDebugBehavior> () .IncludeExceptionDetailInFaults = true; host.Open (); Console.WriteLine ("Hit [CR] key to close ..."); Console.ReadLine (); host.Close (); }
public static void Main () { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement (); //sbe.IncludeTimestamp = false; //sbe.LocalServiceSettings.DetectReplays = false; sbe.ProtectionTokenParameters = new X509SecurityTokenParameters (); // This "Never" is somehow mandatory (though I wonder why ...) sbe.ProtectionTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never; sbe.SetKeyDerivation (false); sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; ServiceHost host = new ServiceHost (typeof (Foo)); HttpTransportBindingElement hbe = new HttpTransportBindingElement (); CustomBinding binding = new CustomBinding (sbe, hbe); binding.ReceiveTimeout = TimeSpan.FromSeconds (5); host.AddServiceEndpoint ("IFoo", binding, new Uri ("http://localhost:8080")); ServiceCredentials cred = new ServiceCredentials (); cred.ServiceCertificate.Certificate = new X509Certificate2 ("test.pfx", "mono"); cred.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; host.Description.Behaviors.Add (cred); host.Description.Behaviors.Find<ServiceDebugBehavior> () .IncludeExceptionDetailInFaults = true; foreach (ServiceEndpoint se in host.Description.Endpoints) se.Behaviors.Add (new StdErrInspectionBehavior ()); ServiceMetadataBehavior smb = new ServiceMetadataBehavior (); smb.HttpGetEnabled = true; smb.HttpGetUrl = new Uri ("http://localhost:8080/wsdl"); host.Description.Behaviors.Add (smb); host.Open (); Console.WriteLine ("Hit [CR] key to close ..."); Console.ReadLine (); host.Close (); }
public static void Main (string [] args) { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement (); IssuedSecurityTokenParameters ip = new IssuedSecurityTokenParameters (); sbe.ProtectionTokenParameters = ip; ip.ClaimTypeRequirements.Add (new ClaimTypeRequirement ( ClaimTypes.Email)); if (args.Length > 0) { ip.IssuerAddress = new EndpointAddress (new Uri (args [0]), new X509CertificateEndpointIdentity (new X509Certificate2 (args [1]))); } ServiceHost host = new ServiceHost (typeof (Foo)); HttpTransportBindingElement hbe = new HttpTransportBindingElement (); CustomBinding binding = new CustomBinding (sbe, hbe); binding.ReceiveTimeout = TimeSpan.FromSeconds (5); host.AddServiceEndpoint ("IFoo", binding, new Uri ("http://localhost:8080")); ServiceCredentials cred = new ServiceCredentials (); cred.ServiceCertificate.Certificate = new X509Certificate2 ("test.pfx", "mono"); cred.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; cred.IssuedTokenAuthentication.AllowUntrustedRsaIssuers = true; host.Description.Behaviors.Add (cred); host.Description.Behaviors.Find<ServiceDebugBehavior> () .IncludeExceptionDetailInFaults = true; ServiceMetadataBehavior smb = new ServiceMetadataBehavior (); smb.HttpGetEnabled = true; smb.HttpGetUrl = new Uri ("http://localhost:8080/wsdl"); host.Description.Behaviors.Add (smb); host.Open (); Console.WriteLine ("Hit [CR] key to close ..."); Console.ReadLine (); host.Close (); }
/// <summary> /// Constructs MNSClient with Aliyun Service Credentials. /// </summary> /// <param name="credentials">Aliyun Service Credentials</param> /// <param name="regionEndpoint">The region endpoint to connect.</param> public MNSClient(ServiceCredentials credentials, String regionEndpoint) : this(credentials, new MNSConfig { RegionEndpoint = new Uri(regionEndpoint) }) { }
/// <summary> /// Constructs MNSClient with Aliyun Service Credentials and an /// MNSClient Configuration object. /// </summary> /// <param name="credentials">Aliyun Service Credentials</param> /// <param name="clientConfig">The MNSClient Configuration Object</param> public MNSClient(ServiceCredentials credentials, MNSConfig clientConfig) : base(credentials, clientConfig) { }
/// <summary> /// The constructor for CredentialsRetriever. /// </summary> /// <param name="credentials">An Service Credentials instance.</param> public CredentialsRetriever(ServiceCredentials credentials) { this.Credentials = credentials; }