public override BindingElementCollection CreateBindingElements()
        {
            var bindingElements = new BindingElementCollection();

            // if passing credentials via message security, add a security element
            TransportSecurityBindingElement transportSecurityElement = null;

            if (this.SecurityMode == AssertEncryptionHttpSecurityMode.UserNameOverMessage)
            {
                transportSecurityElement = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
            }

            if (this.SecurityMode == AssertEncryptionHttpSecurityMode.UserNameOverTransport)
            {
                transportSecurityElement = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
            }

            if (transportSecurityElement != null)
            {
                bindingElements.Add(transportSecurityElement);
            }

            // add a message encoder element
            //if (this.MessageEncoding == WSMessageEncoding.Text)
            //    bindingElements.Add(this.TextEncoding);
            //else if (this.MessageEncoding == WSMessageEncoding.Mtom)
            //    bindingElements.Add(this.MtomEncoding);

            // add a transport element
            bindingElements.Add(this.GetTransport());

            return(bindingElements);
        }
Пример #2
0
        public static OmnitureWebServicePortTypeClient GetClient(string username, string secret, string endpoint)
        {
            var httpsTransportBindingElement = new HttpsTransportBindingElement
            {
                UseDefaultWebProxy     = false,
                MaxReceivedMessageSize = 2147483647
            };

            var transportSecurityBindingElement = new TransportSecurityBindingElement();

            transportSecurityBindingElement.EndpointSupportingTokenParameters.SignedEncrypted.Add(new SecurityTokenParameters());
            transportSecurityBindingElement.IncludeTimestamp = false;

            var customTextMessageBindingElement = new CustomTextMessageBindingElement {
                MessageVersion = MessageVersion.Soap11
            };

            var bindingElements = new List <BindingElement>
            {
                transportSecurityBindingElement,
                customTextMessageBindingElement,
                httpsTransportBindingElement
            };

            Binding customBinding    = new CustomBinding(bindingElements.ToArray());
            var     endpointAddress  = new EndpointAddress(endpoint);
            var     clientCredential = new ClientCredentials(new Info(username, secret));

            var omnitureWebServicePortTypeClient = new OmnitureWebServicePortTypeClient(customBinding, endpointAddress);

            omnitureWebServicePortTypeClient.Endpoint.Behaviors.Remove(typeof(System.ServiceModel.Description.ClientCredentials));
            omnitureWebServicePortTypeClient.Endpoint.Behaviors.Add(clientCredential);

            return(omnitureWebServicePortTypeClient);
        }
Пример #3
0
 public static SecurityBindingElement BuildMessageSecurity(MessageSecurityType securityType)
 {
     if (securityType == MessageSecurityType.CertificateOverTransport)
     {
         TransportSecurityBindingElement messageSecurity = SecurityBindingElement.CreateCertificateOverTransportBindingElement(
             MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11);
         messageSecurity.IncludeTimestamp = true;
         return(messageSecurity);
     }
     else if (securityType == MessageSecurityType.MutualCertificate)
     {
         SecurityBindingElement messageSecurity = SecurityBindingElement.CreateMutualCertificateBindingElement(
             MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10, true);
         messageSecurity.DefaultAlgorithmSuite = System.ServiceModel.Security.SecurityAlgorithmSuite.Basic128Rsa15;
         messageSecurity.IncludeTimestamp      = true;
         return(messageSecurity);
     }
     else if (securityType == MessageSecurityType.None)
     {
         return(null);
     }
     else if (securityType == MessageSecurityType.UserNameOverTransport)
     {
         TransportSecurityBindingElement messageSecurity = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
         messageSecurity.IncludeTimestamp        = false;
         messageSecurity.EnableUnsecuredResponse = true;
         messageSecurity.DefaultAlgorithmSuite   = System.ServiceModel.Security.Basic256SecurityAlgorithmSuite.Basic256;
         messageSecurity.SetKeyDerivation(false);
         messageSecurity.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
         return(messageSecurity);
     }
     return(SecurityBindingElement.CreateSslNegotiationBindingElement(false));
 }
Пример #4
0
        public override BindingElementCollection CreateBindingElements()
        {
            BindingElementCollection        bindingElements = new BindingElementCollection();
            TransportSecurityBindingElement security        = SecurityBindingElement.CreateUserNameOverTransportBindingElement();

            security.IncludeTimestamp = false;
            bindingElements.Add(security);
            TextMessageEncodingBindingElement messageEncoding = new TextMessageEncodingBindingElement();

            messageEncoding.MessageVersion = MessageVersion.Soap11;
            bindingElements.Add(messageEncoding);
            HttpsTransportBindingElement transport = new HttpsTransportBindingElement();

            transport.MaxReceivedMessageSize             = int.MaxValue;
            transport.ManualAddressing                   = false;
            transport.AllowCookies                       = false;
            transport.AuthenticationScheme               = AuthenticationSchemes.Anonymous;
            transport.BypassProxyOnLocal                 = false;
            transport.DecompressionEnabled               = true;
            transport.HostNameComparisonMode             = HostNameComparisonMode.StrongWildcard;
            transport.KeepAliveEnabled                   = true;
            transport.ProxyAuthenticationScheme          = AuthenticationSchemes.Anonymous;
            transport.TransferMode                       = TransferMode.Buffered;
            transport.UnsafeConnectionNtlmAuthentication = false;
            transport.UseDefaultWebProxy                 = true;
            bindingElements.Add(transport);
            return(bindingElements.Clone());
        }
Пример #5
0
        //<snippet2>
        // This method creates a CustomBinding based on a WSFederationHttpBinding which does not use secure conversation.
        public static CustomBinding CreateFederationBindingWithoutSecureSession(WSFederationHttpBinding inputBinding)
        {
            // This CustomBinding starts out identical to the specified WSFederationHttpBinding.
            CustomBinding outputBinding = new CustomBinding(inputBinding.CreateBindingElements());
            // Find the SecurityBindingElement for message security.
            SecurityBindingElement security = outputBinding.Elements.Find <SecurityBindingElement>();
            // If the security mode is message, then the secure session settings are the protection token parameters.
            SecureConversationSecurityTokenParameters secureConversation;

            if (WSFederationHttpSecurityMode.Message == inputBinding.Security.Mode)
            {
                SymmetricSecurityBindingElement symmetricSecurity = security as SymmetricSecurityBindingElement;
                secureConversation = symmetricSecurity.ProtectionTokenParameters as SecureConversationSecurityTokenParameters;
            }
            // If the security mode is message, then the secure session settings are the endorsing token parameters.
            else if (WSFederationHttpSecurityMode.TransportWithMessageCredential == inputBinding.Security.Mode)
            {
                TransportSecurityBindingElement transportSecurity = security as TransportSecurityBindingElement;
                secureConversation = transportSecurity.EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters;
            }
            else
            {
                throw new NotSupportedException(String.Format("Unhandled security mode {0}.", inputBinding.Security.Mode));
            }
            // Replace the secure session SecurityBindingElement with the bootstrap SecurityBindingElement.
            int securityIndex = outputBinding.Elements.IndexOf(security);

            outputBinding.Elements[securityIndex] = secureConversation.BootstrapSecurityBindingElement;
            // Return modified binding.
            return(outputBinding);
        }
Пример #6
0
 public static CustomBinding GetCustomBinding()
 {
     try
     {
         var customBinding = new CustomBinding();
         TransportSecurityBindingElement userNameOverTransportSecurityBindingElement = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
         userNameOverTransportSecurityBindingElement.MessageSecurityVersion = System.ServiceModel.MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
         userNameOverTransportSecurityBindingElement.IncludeTimestamp       = false;
         customBinding.Elements.Add(userNameOverTransportSecurityBindingElement);
         var textBindingElement = new TextMessageEncodingBindingElement();
         customBinding.Elements.Add(textBindingElement);
         var httpsBindingElement = new HttpsTransportBindingElement
         {
             AllowCookies           = true,
             MaxBufferSize          = int.MaxValue,
             MaxReceivedMessageSize = int.MaxValue
         };
         //httpsBindingElement.AuthenticationScheme = System.Net.AuthenticationSchemes.Basic;
         customBinding.Elements.Add(httpsBindingElement);
         //SecurityBindingElement securityBindingElement = SecurityBindingElement.
         //includeTimestamp
         //messageProtectionOrder =
         //customBinding.Elements.Find<SecurityBindingElement>().EnableUnsecuredResponse = true;
         return(customBinding);
     }
     catch (Exception e)
     {
         Log4net.Error(string.Format("{0}, {1}", e.Message, e.StackTrace), e);
     }
     return(null);
 }
Пример #7
0
      public static Binding CreateMultiFactorAuthenticationBinding()
      {
          HttpsTransportBindingElement httpTransport = new HttpsTransportBindingElement();

          httpTransport.MaxReceivedMessageSize = int.MaxValue;


          //AddressHeader addressHeader = AddressHeader.CreateAddressHeader("Security", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", security, xmlObjectSerializer);


          CustomBinding binding = new CustomBinding();

          binding.Name = "myCustomBinding";

          TransportSecurityBindingElement messageSecurity = TransportSecurityBindingElement.CreateUserNameOverTransportBindingElement();

          messageSecurity.IncludeTimestamp = false;

          messageSecurity.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12;
          messageSecurity.SecurityHeaderLayout   = SecurityHeaderLayout.Strict;
          messageSecurity.SetKeyDerivation(false);
          TextMessageEncodingBindingElement Quota = new TextMessageEncodingBindingElement(MessageVersion.Soap11, System.Text.Encoding.UTF8);

          Quota.ReaderQuotas.MaxDepth = 32;
          Quota.ReaderQuotas.MaxStringContentLength = Int32.MaxValue;
          Quota.ReaderQuotas.MaxArrayLength         = 16384;
          Quota.ReaderQuotas.MaxBytesPerRead        = 4096;
          Quota.ReaderQuotas.MaxNameTableCharCount  = 16384;


          binding.Elements.Add(Quota);
          binding.Elements.Add(messageSecurity);
          binding.Elements.Add(httpTransport);
          return(binding);
      }
        public SafeOnlineBinding()
        {
            HttpsTransportBindingElement      httpsTransport = new HttpsTransportBindingElement();
            TextMessageEncodingBindingElement encoding       = new TextMessageEncodingBindingElement();

            encoding.MessageVersion = MessageVersion.Soap11;

            TransportSecurityBindingElement securityBinding = new TransportSecurityBindingElement();

            securityBinding.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
            securityBinding.DefaultAlgorithmSuite  = SecurityAlgorithmSuite.Default;
            securityBinding.SetKeyDerivation(false);
            X509SecurityTokenParameters certToken = new X509SecurityTokenParameters();

            certToken.InclusionMode      = SecurityTokenInclusionMode.AlwaysToRecipient;
            certToken.ReferenceStyle     = SecurityTokenReferenceStyle.Internal;
            certToken.RequireDerivedKeys = false;
            certToken.X509ReferenceStyle = X509KeyIdentifierClauseType.Any;
            securityBinding.EndpointSupportingTokenParameters.SignedEndorsing.Add(certToken);
            securityBinding.LocalClientSettings.DetectReplays = false;

            this.bindingElements = new BindingElementCollection();
            this.bindingElements.Add(securityBinding);
            this.bindingElements.Add(encoding);
            this.bindingElements.Add(httpsTransport);
        }
Пример #9
0
        public static Binding UserNameBinding(MessageVersion messageVersion)
        {
            // NOTE: we use a non-secure transport here, which means the message will be visible to others.
            HttpTransportBindingElement httpTransport = new HttpTransportBindingElement();

            // the transport security binding element will be configured to require a username token
            TransportSecurityBindingElement transportSecurity = new TransportSecurityBindingElement();

            transportSecurity.EndpointSupportingTokenParameters.SignedEncrypted.Add(new UsernameTokenParameters());

            // here you can require secure transport, in which case you'd probably replace HTTP with HTTPS as well
            transportSecurity.AllowInsecureTransport = true;
            transportSecurity.IncludeTimestamp       = false;

            //MtomMessageEncodingBindingElement mtom = new MtomMessageEncodingBindingElement
            //                                             {
            //                                                 WriteEncoding = System.Text.Encoding.UTF8,
            //                                                 MessageVersion = MessageVersion.Soap11WSAddressing10,
            //                                                 MaxBufferSize = 2147483647
            //                                             };
            //mtom.ReaderQuotas.MaxStringContentLength = 2147483647;

            TextMessageEncodingBindingElement me = new TextMessageEncodingBindingElement(messageVersion, Encoding.UTF8);

            return(new CustomBinding(transportSecurity, me, httpTransport));
        }
Пример #10
0
        public static OmnitureWebServicePortTypeClient GetClient( string username, string secret, string endpoint )
        {
            var httpsTransportBindingElement = new HttpsTransportBindingElement
                                                   {
                                                       UseDefaultWebProxy = false,
                                                       MaxReceivedMessageSize = 2147483647
                                                   };

            var transportSecurityBindingElement = new TransportSecurityBindingElement();
            transportSecurityBindingElement.EndpointSupportingTokenParameters.SignedEncrypted.Add( new SecurityTokenParameters() );
            transportSecurityBindingElement.IncludeTimestamp = false;

            var customTextMessageBindingElement = new CustomTextMessageBindingElement { MessageVersion = MessageVersion.Soap11 };

            var bindingElements = new List<BindingElement>
                                  {
                                      transportSecurityBindingElement,
                                      customTextMessageBindingElement,
                                      httpsTransportBindingElement
                                  };

            Binding customBinding = new CustomBinding( bindingElements.ToArray() );
            var endpointAddress = new EndpointAddress( endpoint );
            var clientCredential = new ClientCredentials( new Info( username, secret ) );

            var omnitureWebServicePortTypeClient = new OmnitureWebServicePortTypeClient( customBinding, endpointAddress );
            omnitureWebServicePortTypeClient.Endpoint.Behaviors.Remove( typeof( System.ServiceModel.Description.ClientCredentials ) );
            omnitureWebServicePortTypeClient.Endpoint.Behaviors.Add( clientCredential );

            return omnitureWebServicePortTypeClient;
        }
Пример #11
0
        protected void AddTransportSecurityBindingElement(BindingElementCollection bindingElements)
        {
            TransportSecurityBindingElement item = new TransportSecurityBindingElement {
                MessageSecurityVersion = MessagingVersionHelper.SecurityVersion(this.protocolVersion)
            };

            bindingElements.Add(item);
        }
Пример #12
0
        internal static bool IsSecurityBindingSuitableForChannelBinding(TransportSecurityBindingElement securityBindingElement)
        {
#if FEATURE_CORECLR
            throw new NotImplementedException("SupportingTokenParameters.Signed is not supported in .NET Core");
#else
            return(securityBindingElement != null && (SecurityUtils.AreSecurityTokenParametersSuitableForChannelBinding(securityBindingElement.EndpointSupportingTokenParameters.Endorsing) || SecurityUtils.AreSecurityTokenParametersSuitableForChannelBinding(securityBindingElement.EndpointSupportingTokenParameters.Signed) || (SecurityUtils.AreSecurityTokenParametersSuitableForChannelBinding(securityBindingElement.EndpointSupportingTokenParameters.SignedEncrypted) || SecurityUtils.AreSecurityTokenParametersSuitableForChannelBinding(securityBindingElement.EndpointSupportingTokenParameters.SignedEndorsing))));
#endif
        }
Пример #13
0
        public static FNCEWS40PortTypeClient ConfigureBinding(String user, String domain, String password, String uri)
        {
            BindingElementCollection bec = new BindingElementCollection();

            // Everything gets treated as if it is username credentials until
            //  right at the point of serialization.
            TransportSecurityBindingElement sbe = SecurityBindingElement.CreateUserNameOverTransportBindingElement();

            sbe.IncludeTimestamp = false;
            bec.Add(sbe);

            if (uri.IndexOf("SOAP") != -1)
            {
                // using the SOAP endpoint
                TextMessageEncodingBindingElement tme = new TextMessageEncodingBindingElement();
                tme.MessageVersion        = MessageVersion.Soap11;
                tme.ReaderQuotas.MaxDepth = 1024;
                tme.ReaderQuotas.MaxStringContentLength = 1024 * 1024;
                bec.Add(tme);
            }
            else
            {
                MtomMessageEncodingBindingElement mme = new MtomMessageEncodingBindingElement();
                mme.MessageVersion        = MessageVersion.Soap12;
                mme.ReaderQuotas.MaxDepth = 1024;
                mme.ReaderQuotas.MaxStringContentLength = 1024 * 1024;
                mme.MaxBufferSize = 2147483647;
                bec.Add(mme);
            }

            HttpsTransportBindingElement tbe = new HttpsTransportBindingElement();

            tbe.MaxReceivedMessageSize = 2147483647;
            tbe.MaxBufferSize          = 2147483647;
            bec.Add(tbe);

            CustomBinding binding = new CustomBinding(bec);

            binding.ReceiveTimeout = new TimeSpan(TimeSpan.TicksPerDay);    // 100 nanonsecond units, make it 1 day
            binding.SendTimeout    = binding.ReceiveTimeout;

            EndpointAddress endpoint = new EndpointAddress(uri);

            port = new FNCEWS40PortTypeClient(binding, endpoint);

            port.ClientCredentials.UserName.UserName = user;
            port.ClientCredentials.UserName.Password = password;

            // set up the Localization header, minus the locale. We assume
            //  the timezone cannot change between calls, but that the locale
            //  may.
            localization          = new Localization();
            localization.Timezone = GetTimezone();

            return(port);
        }
Пример #14
0
        protected override SecurityBindingElement CreateSecurity()
        {
            TransportSecurityBindingElement security = new TransportSecurityBindingElement();
            security.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
            security.EnableUnsecuredResponse = true;
            security.IncludeTimestamp = true;
            security.EndpointSupportingTokenParameters.Signed.Add(new UserNameSecurityTokenParameters());

            return security;
        }
Пример #15
0
        private static void ValidateUserNamePasswordSecurityBindingElement(TransportSecurityBindingElement transportSecurityBindingElement)
        {
            bool singleSignedEncryptedParam = transportSecurityBindingElement.EndpointSupportingTokenParameters.SignedEncrypted.Count == 1;

            System.Diagnostics.Debug.Assert(singleSignedEncryptedParam, "Unexpected number of SignedEncrypted token parameters in transport security binding!");

            if (!singleSignedEncryptedParam)
            {
                return;
            }

            if (transportSecurityBindingElement.MessageSecurityVersion != MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10 &&
                transportSecurityBindingElement.MessageSecurityVersion != MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10 &&
                transportSecurityBindingElement.MessageSecurityVersion != MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11 &&
                transportSecurityBindingElement.MessageSecurityVersion != MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10)
            {
                string values = string.Format(CultureInfo.InvariantCulture, "'{0}', '{1}', '{2}'",
                                              MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10,
                                              MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10,
                                              MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11);

                s_bindingValidationErrors.Add(string.Format(SR.BindingTransportMessageSecurityVersionNotSupportedFormat, transportSecurityBindingElement.MessageSecurityVersion, values));
            }

            if (transportSecurityBindingElement.DefaultAlgorithmSuite != SecurityAlgorithmSuite.Default)
            {
                s_bindingValidationErrors.Add(string.Format(SR.BindingTransportSecurityDefaultAlgorithmSuiteNotSupportedFormat,
                                                            transportSecurityBindingElement.DefaultAlgorithmSuite.GetType().FullName, SecurityAlgorithmSuite.Default.GetType().FullName));
            }

            var userNameParams = transportSecurityBindingElement.EndpointSupportingTokenParameters.SignedEncrypted[0] as UserNameSecurityTokenParameters;

            if (userNameParams != null)
            {
                if (userNameParams.InclusionMode != SecurityTokenInclusionMode.AlwaysToRecipient)
                {
                    s_bindingValidationErrors.Add(string.Format(SR.BindingTransportSecurityTokenParamsInclusionModeValueNotSupportedFormat,
                                                                userNameParams.InclusionMode, SecurityTokenInclusionMode.AlwaysToRecipient));
                }
                if (userNameParams.ReferenceStyle != SecurityTokenReferenceStyle.Internal)
                {
                    s_bindingValidationErrors.Add(string.Format(SR.BindingTransportSecurityTokenParamsReferenceStyleNotSupportedFormat,
                                                                userNameParams.ReferenceStyle, SecurityTokenReferenceStyle.Internal));
                }
                if (userNameParams.RequireDerivedKeys != false)
                {
                    s_bindingValidationErrors.Add(SR.BindingTransportSecurityTokenParamsRequiringDerivedKeysNotSupported);
                }
            }
            else
            {
                s_bindingValidationErrors.Add(string.Format(SR.BindingTransportSecurityTokenParamsTypeNotSupportedFormat,
                                                            transportSecurityBindingElement.EndpointSupportingTokenParameters.SignedEncrypted[0].GetType().FullName, typeof(UserNameSecurityTokenParameters).FullName));
            }
        }
Пример #16
0
        protected override SecurityBindingElement CreateSecurity()
        {
            TransportSecurityBindingElement security = new TransportSecurityBindingElement();

            security.MessageSecurityVersion  = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
            security.EnableUnsecuredResponse = true;
            security.IncludeTimestamp        = true;
            security.EndpointSupportingTokenParameters.Signed.Add(new UserNameSecurityTokenParameters());

            return(security);
        }
    public static void Method_CreateIssuedTokenOverTransportBindingElement()
    {
        IssuedSecurityTokenParameters   tokenParameters        = new IssuedSecurityTokenParameters();
        TransportSecurityBindingElement securityBindingElement = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(tokenParameters);

        Assert.Contains(tokenParameters, securityBindingElement.EndpointSupportingTokenParameters.Endorsing);
        Assert.Equal(System.ServiceModel.MessageSecurityVersion.Default, securityBindingElement.MessageSecurityVersion);
        Assert.False(securityBindingElement.LocalClientSettings.DetectReplays);
        Assert.True(securityBindingElement.IncludeTimestamp);

        Assert.Throws <System.ArgumentNullException>(() => SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(null));
    }
Пример #18
0
        protected override System.ServiceModel.Channels.SecurityBindingElement CreateSecurity()
        {
            TransportSecurityBindingElement security = new TransportSecurityBindingElement();

            security.EnableUnsecuredResponse = true; //to allow faults.
            security.MessageSecurityVersion  = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;


            security.EndpointSupportingTokenParameters.Endorsing.Add(new ScDsspSecurityTokenParameter());

            return(security);
        }
Пример #19
0
        protected override SecurityBindingElement CreateMessageSecurity()
        {
            if (this.Security.Mode == WSFederationHttpSecurityMode.None)
            {
                throw new InvalidOperationException("Only message and  security is supported");
            }
            if (this.Security.Message.IssuedKeyType != SecurityKeyType.AsymmetricKey)
            {
                throw new InvalidOperationException("Only Asymmectric Keys are supported");
            }
            if (this.Security.Message.NegotiateServiceCredential)
            {
                throw new InvalidOperationException("Negocatiation of service credentials not supported");
            }
            if (this.Security.Message.EstablishSecurityContext)
            {
                throw new InvalidOperationException("Secure conversation not supported");
            }

            SecurityBindingElement security;

            if (this.Security.Mode == WSFederationHttpSecurityMode.Message)
            {
                SymmetricSecurityBindingElement  baseSecurity = (SymmetricSecurityBindingElement)base.CreateMessageSecurity();
                AsymmetricSecurityBindingElement asecurity    = new AsymmetricSecurityBindingElement();
                asecurity.InitiatorTokenParameters = baseSecurity.EndpointSupportingTokenParameters.Endorsing[0];

                X509SecurityTokenParameters serverToken = new X509SecurityTokenParameters();
                serverToken.X509ReferenceStyle     = X509KeyIdentifierClauseType.Any;
                serverToken.InclusionMode          = SecurityTokenInclusionMode.Never;
                serverToken.RequireDerivedKeys     = false;
                asecurity.RecipientTokenParameters = serverToken;
                security = asecurity;
            }
            else
            {
                TransportSecurityBindingElement baseSecurity = (TransportSecurityBindingElement)base.CreateMessageSecurity();
                TransportSecurityBindingElement tsecurity    = new TransportSecurityBindingElement();

                tsecurity.EndpointSupportingTokenParameters.Endorsing.Add(baseSecurity.EndpointSupportingTokenParameters.Endorsing[0]);

                security = tsecurity;
            }

            security.EnableUnsecuredResponse = true;
            security.IncludeTimestamp        = true;
            security.SecurityHeaderLayout    = SecurityHeaderLayout.Lax;
            security.DefaultAlgorithmSuite   = SecurityAlgorithmSuite.Basic256;
            security.MessageSecurityVersion  = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
            security.SetKeyDerivation(false);

            return(security);
        }
Пример #20
0
        /// <summary>
        /// Creates the custom binding.
        /// </summary>
        /// <param name="isCertificate">If set to true certificate security will be used.</param>
        /// <returns></returns>
        /// <remarks></remarks>
        public static Binding CreateCustomBinding(bool isCertificate, bool isHttps)
        {
            BindingElement securityBinding = null;

            BindingElement transport = null;

            if (isHttps)
            {
                HttpsTransportBindingElement httpsTransport = new HttpsTransportBindingElement();
                transport = httpsTransport;
            }
            else
            {
                HttpTransportBindingElement httpTransport = new HttpTransportBindingElement();
                transport = httpTransport;
            }

            TextMessageEncodingBindingElement messageEncoding = new TextMessageEncodingBindingElement();

            if (!isCertificate)
            {
                TransportSecurityBindingElement messageSecurity = SecurityBindingElement.CreateUserNameOverTransportBindingElement();

                messageSecurity.IncludeTimestamp = false;

                securityBinding = messageSecurity;

                messageSecurity.AllowInsecureTransport = !isHttps;
            }
            else
            {
                AsymmetricSecurityBindingElement messageSecurity =
                    (AsymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateDuplexBindingElement
                    (
                        MessageSecurityVersion
                        .WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10
                    );

                messageSecurity.MessageProtectionOrder = MessageProtectionOrder.EncryptBeforeSign;
                messageSecurity.AllowInsecureTransport = !isHttps;

                securityBinding = messageSecurity;
                messageEncoding.MessageVersion = MessageVersion.Soap11;
            }

            CustomBinding result = new CustomBinding(securityBinding,
                                                     messageEncoding,
                                                     transport);

            return(result);
        }
Пример #21
0
        private static void ValidateTransportSecurityBindingElement(TransportSecurityBindingElement transportSecurityBindingElement)
        {
            if (transportSecurityBindingElement.EndpointSupportingTokenParameters.Signed.Count != 0 ||
                transportSecurityBindingElement.EndpointSupportingTokenParameters.SignedEndorsing.Count != 0)
            {
                s_bindingValidationErrors.Add(SR.BindingTransportSecurityTokenSignedOrSignedEndorsingNotSupported);
            }
            else if (transportSecurityBindingElement.EndpointSupportingTokenParameters.SignedEncrypted.Count == 1)
            {
                ValidateUserNamePasswordSecurityBindingElement(transportSecurityBindingElement);
            }
            else if (transportSecurityBindingElement.EndpointSupportingTokenParameters.Endorsing.Count == 1)
            {
                SecureConversationSecurityTokenParameters endorsingTokenParams = transportSecurityBindingElement.EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters;

                if (endorsingTokenParams != null)
                {
                    if (endorsingTokenParams.RequireDerivedKeys)
                    {
                        s_bindingValidationErrors.Add(SR.BindingTransportSecurityTokenParamsRequiringDerivedKeysNotSupported);
                    }

                    TransportSecurityBindingElement bootstrapElement = endorsingTokenParams.BootstrapSecurityBindingElement as TransportSecurityBindingElement;

                    if (bootstrapElement == null)
                    {
                        s_bindingValidationErrors.Add(string.Format(SR.BindingTransportSecurityElementTypeNotSupportedFormat,
                                                                    endorsingTokenParams.BootstrapSecurityBindingElement.GetType().FullName, typeof(TransportSecurityBindingElement).FullName));
                    }
                    else
                    {
                        ValidateTransportSecurityBindingElement(bootstrapElement);
                    }
                }
            }

            if (!transportSecurityBindingElement.IncludeTimestamp)
            {
                s_bindingValidationErrors.Add(SR.BindingTransportSecurityMustIncludeTimestamp);
            }

            if (transportSecurityBindingElement.DefaultAlgorithmSuite != SecurityAlgorithmSuite.Default)
            {
                s_bindingValidationErrors.Add(string.Format(SR.BindingTransportSecurityDefaultAlgorithmSuiteNotSupportedFormat,
                                                            transportSecurityBindingElement.DefaultAlgorithmSuite.GetType().FullName, SecurityAlgorithmSuite.Default.GetType().FullName));
            }
        }
Пример #22
0
        /// <summary>
        /// Initializes the binding.
        /// </summary>
        /// <param name="namespaceUris">The namespace uris.</param>
        /// <param name="factory">The factory.</param>
        /// <param name="configuration">The configuration.</param>
        /// <param name="description">The description.</param>
        public UaHttpsSoapBinding(
            NamespaceTable namespaceUris,
            EncodeableFactory factory,
            EndpointConfiguration configuration,
            EndpointDescription description)
            :
            base(namespaceUris, factory, configuration)
        {
            if (description != null && description.SecurityMode != MessageSecurityMode.None)
            {
                TransportSecurityBindingElement bootstrap = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
                bootstrap.IncludeTimestamp       = true;
                bootstrap.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
                bootstrap.SecurityHeaderLayout   = SecurityHeaderLayout.Strict;

                m_security = SecurityBindingElement.CreateSecureConversationBindingElement(bootstrap);
                m_security.IncludeTimestamp       = true;
                m_security.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
                m_security.SecurityHeaderLayout   = SecurityHeaderLayout.Strict;
            }

            m_encoding = new TextMessageEncodingBindingElement(MessageVersion.Soap12WSAddressing10, Encoding.UTF8);

            // WCF does not distinguish between arrays and byte string.
            int maxArrayLength = configuration.MaxArrayLength;

            if (configuration.MaxArrayLength < configuration.MaxByteStringLength)
            {
                maxArrayLength = configuration.MaxByteStringLength;
            }

            m_encoding.ReaderQuotas.MaxArrayLength         = maxArrayLength;
            m_encoding.ReaderQuotas.MaxStringContentLength = configuration.MaxStringLength;
            m_encoding.ReaderQuotas.MaxBytesPerRead        = Int32.MaxValue;
            m_encoding.ReaderQuotas.MaxDepth = Int32.MaxValue;
            m_encoding.ReaderQuotas.MaxNameTableCharCount = Int32.MaxValue;

            m_transport = new HttpsTransportBindingElement();

            m_transport.AllowCookies           = false;
            m_transport.AuthenticationScheme   = System.Net.AuthenticationSchemes.Anonymous;
            m_transport.ManualAddressing       = false;
            m_transport.MaxBufferSize          = configuration.MaxMessageSize;
            m_transport.MaxReceivedMessageSize = configuration.MaxMessageSize;
            m_transport.TransferMode           = TransferMode.Buffered;
        }
Пример #23
0
        public static CollateralRegistrationSearchService2016Client CreatePPSRClient(string url,
                                                                                     string username,
                                                                                     string password, UrlType urlType)
        {
            CustomBinding binding = new CustomBinding();

            var security = TransportSecurityBindingElement.CreateUserNameOverTransportBindingElement();

            security.IncludeTimestamp       = false;
            security.DefaultAlgorithmSuite  = SecurityAlgorithmSuite.Basic256;
            security.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
            MessageEncodingBindingElement encoding = null;

            if (urlType == UrlType.MTOM)
            {
                encoding = new MtomMessageEncodingBindingElement();
                encoding.MessageVersion = MessageVersion.Soap11;
            }
            else
            {
                encoding = new TextMessageEncodingBindingElement();
                encoding.MessageVersion = MessageVersion.Soap11;
            }

            var transport = new HttpsTransportBindingElement();

            transport.MaxReceivedMessageSize = 20000000; // 20 megs

            binding.Elements.Add(security);
            binding.Elements.Add(encoding);
            binding.Elements.Add(transport);

            CollateralRegistrationSearchService2016Client client = new CollateralRegistrationSearchService2016Client(binding,
                                                                                                                     new EndpointAddress(url));

            // to use full client credential with Nonce uncomment this code:
            // it looks like this might not be required - the service seems to work without it
            // client.ChannelFactory.Endpoint.Behaviors.Add(new InspectorBehavior());
            client.ChannelFactory.Endpoint.Behaviors.Remove <System.ServiceModel.Description.ClientCredentials>();
            client.ChannelFactory.Endpoint.Behaviors.Add(new CustomCredentials());

            client.ClientCredentials.UserName.UserName = username;
            client.ClientCredentials.UserName.Password = password;

            return(client);
        }
    public static void Method_CreateUserNameOverTransportBindingElement()
    {
        TransportSecurityBindingElement securityBindingElement = SecurityBindingElement.CreateUserNameOverTransportBindingElement();

        Assert.True(securityBindingElement != null, "The created TransportSecurityBindingElement should not be null.");
        Assert.True(securityBindingElement.IncludeTimestamp);
        Assert.False(securityBindingElement.LocalClientSettings.DetectReplays);
        Assert.True(securityBindingElement.EndpointSupportingTokenParameters.SignedEncrypted[0] is UserNameSecurityTokenParameters);

        securityBindingElement.IncludeTimestamp     = false;
        securityBindingElement.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
        var binding = new CustomBinding();

        binding.Elements.Add(securityBindingElement);
        SecurityBindingElement element = binding.Elements.Find <SecurityBindingElement>();

        Assert.True(element != null, "SecurityBindingElement added to binding elements should not be null.");
        Assert.Equal(element, securityBindingElement);
    }
        static void Main(string[] args)
        {
            try
            {
                //for invalid ssl server certificate
                System.Net.ServicePointManager.ServerCertificateValidationCallback +=
                    (se, cert, chain, sslerror) =>
                {
                    return(true);
                };

                CustomBinding binding  = new CustomBinding();
                var           security = TransportSecurityBindingElement.CreateUserNameOverTransportBindingElement();
                security.IncludeTimestamp        = true;
                security.DefaultAlgorithmSuite   = SecurityAlgorithmSuite.Basic256;
                security.MessageSecurityVersion  = MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
                security.EnableUnsecuredResponse = true;
                var encoding = new TextMessageEncodingBindingElement();
                encoding.MessageVersion = MessageVersion.Soap11;
                var transport = new HttpsTransportBindingElement();
                transport.MaxReceivedMessageSize = 2000000;
                binding.Elements.Add(security);
                binding.Elements.Add(encoding);
                binding.Elements.Add(transport);
                WSClient.Proxy.TargetWS client = new Proxy.TargetWS(binding,
                                                                    new EndpointAddress(Properties.Settings.Default.Url));
                //change credential for the custom credentials instance
                client.ChannelFactory.Endpoint.Behaviors.Remove <System.ServiceModel.Description.ClientCredentials>();
                client.ChannelFactory.Endpoint.Behaviors.Add(new CustomCredentials());
                client.ClientCredentials.UserName.UserName = Properties.Settings.Default.username;
                client.ClientCredentials.UserName.Password = Properties.Settings.Default.password;
                Proxy.Message message = new WSClient.Proxy.Message();
                message.id = "whatever";
                client.foo(message);
                System.Console.Write("Success");
            }
            catch (Exception ex)
            {
                System.Console.Write(ex.Message);
            }
        }
Пример #26
0
        /// <summary>
        /// Builds the <see cref="SecurityBindingElement"/> for the RelyingParty channel.
        /// </summary>
        /// <returns>a <see cref="SecurityBindingElement"/> for the RelyingParty channel.</returns>
        /// <remarks>Creates a new <see cref="TransportBindingElement"/> and adds <see cref="WSTrustTokenParameters"/> to the appropriate EndpointSupportingTokenParameters (Endorsing or Signed).
        /// <para>Sets: <see cref="MessageSecurityVersion"/> == <see cref="WSTrustTokenParameters.MessageSecurityVersion"/>.</para></para>
        /// <para>Sets: <see cref="IncludeTimestamp"/> == true.</para></remarks>
        protected override SecurityBindingElement CreateMessageSecurity()
        {
            WSTrustTokenParameters.RequireDerivedKeys = false;
            var result = new TransportSecurityBindingElement
            {
                IncludeTimestamp       = true,
                MessageSecurityVersion = WSTrustTokenParameters.MessageSecurityVersion
            };

            if (WSTrustTokenParameters.KeyType == SecurityKeyType.BearerKey)
            {
                result.EndpointSupportingTokenParameters.Signed.Add(WSTrustTokenParameters);
            }
            else
            {
                result.EndpointSupportingTokenParameters.Endorsing.Add(WSTrustTokenParameters);
            }

            if (Security.Message.EstablishSecurityContext)
            {
                var securityContextWrappingElement = new TransportSecurityBindingElement
                {
                    IncludeTimestamp       = true,
                    MessageSecurityVersion = WSTrustTokenParameters.MessageSecurityVersion
                };
                securityContextWrappingElement.LocalClientSettings.DetectReplays = false;

                var scParameters = new SecureConversationSecurityTokenParameters(result)
                {
                    RequireCancellation = true,
                    RequireDerivedKeys  = false
                };
                securityContextWrappingElement.EndpointSupportingTokenParameters.Endorsing.Add(scParameters);

                result = securityContextWrappingElement;
            }

            SecurityBindingElement = result;
            return(result);
        }
Пример #27
0
        /// <summary>
        /// Cria um binding para comunicação.
        /// </summary>
        /// <param name="securityMode">Modo de segurança.</param>
        /// <param name="requireClientCertificates"></param>
        /// <returns></returns>
        public static Binding CreateBinding(SecurityMode securityMode, bool requireClientCertificates)
        {
            WSHttpBinding binding = new WSHttpBinding(securityMode);

            binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
            binding.ReaderQuotas           = System.Xml.XmlDictionaryReaderQuotas.Max;
            binding.MaxReceivedMessageSize = System.Xml.XmlDictionaryReaderQuotas.Max.MaxStringContentLength;
            Binding binding2 = binding;

            if ((securityMode == SecurityMode.Transport) && requireClientCertificates)
            {
                binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
                BindingElementCollection        bindingElementsInTopDownChannelStackOrder = binding.CreateBindingElements();
                TransportSecurityBindingElement item = new TransportSecurityBindingElement();
                System.ServiceModel.Security.Tokens.X509SecurityTokenParameters parameters = new System.ServiceModel.Security.Tokens.X509SecurityTokenParameters();
                parameters.InclusionMode = System.ServiceModel.Security.Tokens.SecurityTokenInclusionMode.AlwaysToRecipient;
                item.EndpointSupportingTokenParameters.Endorsing.Add(parameters);
                bindingElementsInTopDownChannelStackOrder.Insert(bindingElementsInTopDownChannelStackOrder.Count - 1, item);
                binding2 = new CustomBinding(bindingElementsInTopDownChannelStackOrder);
            }
            return(binding2);
        }
Пример #28
0
    public static Binding ConfigureCrmOnlineBinding <TChannel>(this ClientBase <TChannel> client, Uri issuerUri)
        where TChannel : class
    {
        if (null == client)
        {
            throw new ArgumentNullException("client");
        }

        //When this is represented in the configuration file, it attempts to show the CardSpace dialog.
        //As a workaround, the binding is being setup manually using code.
        TransportSecurityBindingElement securityElement = new TransportSecurityBindingElement();

        securityElement.DefaultAlgorithmSuite  = SecurityAlgorithmSuite.TripleDes;
        securityElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
        securityElement.EndpointSupportingTokenParameters.Signed.Add(
            new System.ServiceModel.Security.Tokens.IssuedSecurityTokenParameters()
        {
            RequireDerivedKeys = false,
            KeySize            = 192,
            IssuerAddress      = new EndpointAddress(issuerUri),
        });

        //Create a new list of the binding elements
        List <BindingElement> elementList = new List <BindingElement>();

        elementList.Add(securityElement);
        elementList.AddRange(client.Endpoint.Binding.CreateBindingElements());

        Binding binding = new CustomBinding(elementList);

        client.ChannelFactory.Endpoint.Binding = binding;

        //Configure the channel factory for use with federation
        client.ChannelFactory.ConfigureChannelFactory();
        return(client.Endpoint.Binding);
    }
 public virtual bool TryImportWsspTransportBindingAssertion(MetadataImporter importer, ICollection<XmlElement> assertions, out TransportSecurityBindingElement binding, out XmlElement assertion)
 {
     Collection<Collection<XmlElement>> collection;
     binding = null;
     if (this.TryImportWsspAssertion(assertions, "TransportBinding", out assertion) && this.TryGetNestedPolicyAlternatives(importer, assertion, out collection))
     {
         foreach (Collection<XmlElement> collection2 in collection)
         {
             XmlElement element;
             binding = new TransportSecurityBindingElement();
             if (((this.TryImportWsspTransportTokenAssertion(importer, collection2, out element) && this.TryImportWsspAlgorithmSuiteAssertion(importer, collection2, binding)) && (this.TryImportWsspLayoutAssertion(importer, collection2, binding) && this.TryImportWsspIncludeTimestampAssertion(collection2, binding))) && (collection2.Count == 0))
             {
                 if (!importer.State.ContainsKey("InSecureConversationBootstrapBindingImportMode"))
                 {
                     assertions.Add(element);
                 }
                 break;
             }
             binding = null;
         }
     }
     return (binding != null);
 }
        public virtual bool TryImportWsspTransportBindingAssertion(MetadataImporter importer, ICollection<XmlElement> assertions, out TransportSecurityBindingElement binding, out XmlElement assertion)
        {
            binding = null;

            Collection<Collection<XmlElement>> alternatives;

            if (TryImportWsspAssertion(assertions, TransportBindingName, out assertion)
                && TryGetNestedPolicyAlternatives(importer, assertion, out alternatives))
            {
                foreach (Collection<XmlElement> alternative in alternatives)
                {
                    XmlElement transportTokenAssertion;
                    binding = new TransportSecurityBindingElement();
                    if (TryImportWsspTransportTokenAssertion(importer, alternative, out transportTokenAssertion)
                        && TryImportWsspAlgorithmSuiteAssertion(importer, alternative, binding)
                        && TryImportWsspLayoutAssertion(importer, alternative, binding)
                        && TryImportWsspIncludeTimestampAssertion(alternative, binding)
                        && alternative.Count == 0)
                    {
                        if (false == importer.State.ContainsKey(SecurityBindingElementImporter.InSecureConversationBootstrapBindingImportMode))
                        {
                            // The transportTokenAssertion should be consumed by the transport binding importer
                            // for all primary bindings. However, for secure conversation bootstrap bindings
                            // the bootstrap policy does not contain any transport assertions, so adding the
                            // transport token assertion to the collection of unimported assertions would
                            // increase the likelihood of policy import failure due to unrecognized assertions. 
                            assertions.Add(transportTokenAssertion);
                        }
                        break;
                    }
                    else
                    {
                        binding = null;
                    }
                }
            }

            return binding != null;
        }
        public virtual XmlElement CreateWsspTransportBindingAssertion(MetadataExporter exporter, TransportSecurityBindingElement binding, XmlElement transportTokenAssertion)
        {
            XmlElement result = CreateWsspAssertion(TransportBindingName);
            result.AppendChild(
                CreateWspPolicyWrapper(
                    exporter,
                    CreateWsspTransportTokenAssertion(exporter, transportTokenAssertion),
                    CreateWsspAlgorithmSuiteAssertion(exporter, binding.DefaultAlgorithmSuite),
                    CreateWsspLayoutAssertion(exporter, binding.SecurityHeaderLayout),
                    CreateWsspIncludeTimestampAssertion(binding.IncludeTimestamp)
            ));

            return result;
        }
Пример #32
0
        private static ServiceHost CreateServiceHost(Type component)
        {
            ServiceHost sh = new ServiceHost(component);

            sh.Open();

            Console.WriteLine("Endpoint Listeners:");
            Console.WriteLine("----------------");
            foreach (ChannelDispatcher cd in sh.ChannelDispatchers)
            {
                foreach (EndpointDispatcher epd in cd.Endpoints)
                {
                    Console.Write(epd.EndpointAddress.Uri.AbsoluteUri);

                    ConsoleColor origCol = Console.ForegroundColor;

                    ServiceEndpoint servend = sh.Description.Endpoints.Find(epd.EndpointAddress.Uri);
                    if (servend != null)
                    {
                        Console.WriteLine("\tPhysical listeningURI: " + servend.ListenUri.AbsoluteUri);

                        Console.ForegroundColor = ConsoleColor.DarkYellow;

                        BindingElementCollection bec = servend.Binding.CreateBindingElements();
                        foreach (BindingElement be in bec)
                        {
                            Console.WriteLine("\t" + be.GetType().ToString());
                            SymmetricSecurityBindingElement  symBe   = be as SymmetricSecurityBindingElement;
                            AsymmetricSecurityBindingElement asymBe  = be as AsymmetricSecurityBindingElement;
                            TransportSecurityBindingElement  transBe = be as TransportSecurityBindingElement;


                            if (symBe != null)
                            {
                                Console.WriteLine("\t\t" + symBe.ProtectionTokenParameters.GetType().ToString());
                            }

                            if (asymBe != null)
                            {
                                X509SecurityTokenParameters initParms = asymBe.InitiatorTokenParameters as X509SecurityTokenParameters;
                                X509SecurityTokenParameters recParms  = asymBe.RecipientTokenParameters as X509SecurityTokenParameters;
                                if (initParms != null)
                                {
                                    Console.WriteLine("\t\tInitiator Security Token Parmeter type");
                                    Console.WriteLine("\t\t\t" + initParms.GetType().ToString() + Environment.NewLine + "\t\t\tInclusionMode: " + initParms.InclusionMode.ToString());
                                }
                                if (recParms != null)
                                {
                                    Console.WriteLine("\t\tRecipient Security Token Parmeter type");

                                    Console.WriteLine("\t\t\t" + recParms.GetType().ToString() + Environment.NewLine + "\t\t\tInclusionMode: " + recParms.InclusionMode.ToString());
                                }
                            }

                            if (transBe != null)
                            {
                                SupportingTokenParameters supTokParms = transBe.EndpointSupportingTokenParameters;

                                if (supTokParms.Endorsing.Count > 0)
                                {
                                    ShowSecurityTokenParmeters(supTokParms.Endorsing, "Endorsing");
                                }
                            }
                        }
                    }


                    Console.ForegroundColor = origCol;
                    Console.WriteLine();
                }
            }
            return(sh);
        }
Пример #33
0
        public static void CheckBasicHttpBinding(
            Binding binding, string scheme, BasicHttpSecurityMode security,
            WSMessageEncoding encoding, HttpClientCredentialType clientCred,
            AuthenticationSchemes authScheme, TestLabel label)
        {
            label.EnterScope("http");

            if (security == BasicHttpSecurityMode.Message)
            {
                Assert.That(binding, Is.InstanceOfType(typeof(CustomBinding)), label.Get());
            }
            else
            {
                Assert.That(binding, Is.InstanceOfType(typeof(BasicHttpBinding)), label.Get());
                var basicHttp = (BasicHttpBinding)binding;
                Assert.That(basicHttp.EnvelopeVersion, Is.EqualTo(EnvelopeVersion.Soap11), label.Get());
                Assert.That(basicHttp.MessageVersion, Is.EqualTo(MessageVersion.Soap11), label.Get());
                Assert.That(basicHttp.Scheme, Is.EqualTo(scheme), label.Get());
                Assert.That(basicHttp.TransferMode, Is.EqualTo(TransferMode.Buffered), label.Get());
                Assert.That(basicHttp.MessageEncoding, Is.EqualTo(encoding), label.Get());
                Assert.That(basicHttp.Security, Is.Not.Null, label.Get());
                Assert.That(basicHttp.Security.Mode, Is.EqualTo(security), label.Get());
                Assert.That(basicHttp.Security.Transport.ClientCredentialType, Is.EqualTo(clientCred), label.Get());
                Assert.That(basicHttp.Security.Message.AlgorithmSuite, Is.EqualTo(SecurityAlgorithmSuite.Basic256), label.Get());
            }

            label.EnterScope("elements");

            var elements = binding.CreateBindingElements();

            Assert.That(elements, Is.Not.Null, label.Get());
            if ((security == BasicHttpSecurityMode.Message) ||
                (security == BasicHttpSecurityMode.TransportWithMessageCredential))
            {
                Assert.That(elements.Count, Is.EqualTo(3), label.Get());
            }
            else
            {
                Assert.That(elements.Count, Is.EqualTo(2), label.Get());
            }

            TextMessageEncodingBindingElement textElement          = null;
            TransportSecurityBindingElement   securityElement      = null;
            HttpTransportBindingElement       transportElement     = null;
            AsymmetricSecurityBindingElement  asymmSecurityElement = null;
            MtomMessageEncodingBindingElement mtomElement          = null;

            foreach (var element in elements)
            {
                if (element is TextMessageEncodingBindingElement)
                {
                    textElement = (TextMessageEncodingBindingElement)element;
                }
                else if (element is HttpTransportBindingElement)
                {
                    transportElement = (HttpTransportBindingElement)element;
                }
                else if (element is TransportSecurityBindingElement)
                {
                    securityElement = (TransportSecurityBindingElement)element;
                }
                else if (element is AsymmetricSecurityBindingElement)
                {
                    asymmSecurityElement = (AsymmetricSecurityBindingElement)element;
                }
                else if (element is MtomMessageEncodingBindingElement)
                {
                    mtomElement = (MtomMessageEncodingBindingElement)element;
                }
                else
                {
                    Assert.Fail(string.Format(
                                    "Unknown element: {0}", element.GetType()), label.Get());
                }
            }

            label.EnterScope("text");
            if (encoding == WSMessageEncoding.Text)
            {
                Assert.That(textElement, Is.Not.Null, label.Get());
                Assert.That(textElement.WriteEncoding, Is.InstanceOfType(typeof(UTF8Encoding)), label.Get());
            }
            else
            {
                Assert.That(textElement, Is.Null, label.Get());
            }
            label.LeaveScope();

            label.EnterScope("mtom");
            if (encoding == WSMessageEncoding.Mtom)
            {
                Assert.That(mtomElement, Is.Not.Null, label.Get());
            }
            else
            {
                Assert.That(mtomElement, Is.Null, label.Get());
            }
            label.LeaveScope();

            label.EnterScope("security");
            if (security == BasicHttpSecurityMode.TransportWithMessageCredential)
            {
                Assert.That(securityElement, Is.Not.Null, label.Get());
                Assert.That(securityElement.SecurityHeaderLayout,
                            Is.EqualTo(SecurityHeaderLayout.Lax), label.Get());
            }
            else
            {
                Assert.That(securityElement, Is.Null, label.Get());
            }
            label.LeaveScope();

            label.EnterScope("asymmetric");
            if (security == BasicHttpSecurityMode.Message)
            {
                Assert.That(asymmSecurityElement, Is.Not.Null, label.Get());
            }
            else
            {
                Assert.That(asymmSecurityElement, Is.Null, label.Get());
            }
            label.LeaveScope();

            label.EnterScope("transport");
            Assert.That(transportElement, Is.Not.Null, label.Get());

            Assert.That(transportElement.Realm, Is.Empty, label.Get());
            Assert.That(transportElement.Scheme, Is.EqualTo(scheme), label.Get());
            Assert.That(transportElement.TransferMode, Is.EqualTo(TransferMode.Buffered), label.Get());

            label.EnterScope("auth");
            Assert.That(transportElement.AuthenticationScheme, Is.EqualTo(authScheme), label.Get());
            label.LeaveScope();              // auth
            label.LeaveScope();              // transport
            label.LeaveScope();              // elements
            label.LeaveScope();              // http
        }
		public void DefaultValues ()
		{
			var be = new TransportSecurityBindingElement ();
		}
        private TransportSecurityBindingElement CreateTransportBindingElement()
        {
            TransportSecurityBindingElement transportSecurityBindingElement = new TransportSecurityBindingElement();

            transportSecurityBindingElement.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256Sha256;
            transportSecurityBindingElement.IncludeTimestamp = true;
            transportSecurityBindingElement.KeyEntropyMode = SecurityKeyEntropyMode.CombinedEntropy;
            transportSecurityBindingElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12;
            transportSecurityBindingElement.SecurityHeaderLayout = SecurityHeaderLayout.Lax;

            return transportSecurityBindingElement;
        }
    public static void Property_KeyEntropyMode()
    {
        TransportSecurityBindingElement securityBindingElement = new TransportSecurityBindingElement();

        Assert.Equal(securityBindingElement.KeyEntropyMode, SecurityKeyEntropyMode.CombinedEntropy);
    }
Пример #37
0
        public static void CheckNetTcpBinding(
            Binding binding, SecurityMode security, bool reliableSession,
            TransferMode transferMode, TestLabel label)
        {
            label.EnterScope("net-tcp");
            if (security == SecurityMode.Message)
            {
                Assert.That(binding, Is.InstanceOfType(typeof(CustomBinding)), label.Get());
            }
            else
            {
                Assert.That(binding, Is.InstanceOfType(typeof(NetTcpBinding)), label.Get());
                var netTcp = (NetTcpBinding)binding;
                Assert.That(netTcp.EnvelopeVersion, Is.EqualTo(EnvelopeVersion.Soap12), label.Get());
                Assert.That(netTcp.MessageVersion, Is.EqualTo(MessageVersion.Soap12WSAddressing10), label.Get());
                Assert.That(netTcp.Scheme, Is.EqualTo("net.tcp"), label.Get());
                Assert.That(netTcp.TransferMode, Is.EqualTo(transferMode), label.Get());

                label.EnterScope("security");
                Assert.That(netTcp.Security, Is.Not.Null, label.Get());
                Assert.That(netTcp.Security.Mode, Is.EqualTo(security), label.Get());

                Assert.That(netTcp.Security.Transport, Is.Not.Null, label.Get());
                Assert.That(netTcp.Security.Transport.ProtectionLevel, Is.EqualTo(ProtectionLevel.EncryptAndSign), label.Get());
                Assert.That(netTcp.Security.Transport.ClientCredentialType, Is.EqualTo(TcpClientCredentialType.Windows), label.Get());
                label.LeaveScope();
            }

            label.EnterScope("elements");

            var elements = binding.CreateBindingElements();

            Assert.That(elements, Is.Not.Null, label.Get());

            TcpTransportBindingElement          transportElement         = null;
            TransactionFlowBindingElement       transactionFlowElement   = null;
            BinaryMessageEncodingBindingElement encodingElement          = null;
            WindowsStreamSecurityBindingElement windowsStreamElement     = null;
            ReliableSessionBindingElement       reliableSessionElement   = null;
            TransportSecurityBindingElement     transportSecurityElement = null;
            SslStreamSecurityBindingElement     sslStreamElement         = null;
            SymmetricSecurityBindingElement     symmSecurityElement      = null;

            foreach (var element in elements)
            {
                if (element is TcpTransportBindingElement)
                {
                    transportElement = (TcpTransportBindingElement)element;
                }
                else if (element is TransactionFlowBindingElement)
                {
                    transactionFlowElement = (TransactionFlowBindingElement)element;
                }
                else if (element is BinaryMessageEncodingBindingElement)
                {
                    encodingElement = (BinaryMessageEncodingBindingElement)element;
                }
                else if (element is WindowsStreamSecurityBindingElement)
                {
                    windowsStreamElement = (WindowsStreamSecurityBindingElement)element;
                }
                else if (element is ReliableSessionBindingElement)
                {
                    reliableSessionElement = (ReliableSessionBindingElement)element;
                }
                else if (element is TransportSecurityBindingElement)
                {
                    transportSecurityElement = (TransportSecurityBindingElement)element;
                }
                else if (element is SslStreamSecurityBindingElement)
                {
                    sslStreamElement = (SslStreamSecurityBindingElement)element;
                }
                else if (element is SymmetricSecurityBindingElement)
                {
                    symmSecurityElement = (SymmetricSecurityBindingElement)element;
                }
                else
                {
                    Assert.Fail(string.Format(
                                    "Unknown element `{0}'.", element.GetType()), label.Get());
                }
            }

            label.EnterScope("windows-stream");
            if (security == SecurityMode.Transport)
            {
                Assert.That(windowsStreamElement, Is.Not.Null, label.Get());
                Assert.That(windowsStreamElement.ProtectionLevel, Is.EqualTo(ProtectionLevel.EncryptAndSign), label.Get());
            }
            else
            {
                Assert.That(windowsStreamElement, Is.Null, label.Get());
            }
            label.LeaveScope();

            label.EnterScope("reliable-session");
            if (reliableSession)
            {
                Assert.That(reliableSessionElement, Is.Not.Null, label.Get());
            }
            else
            {
                Assert.That(reliableSessionElement, Is.Null, label.Get());
            }
            label.LeaveScope();

            label.EnterScope("encoding");
            Assert.That(encodingElement, Is.Not.Null, label.Get());
            label.LeaveScope();

            label.EnterScope("transaction");
            if (security == SecurityMode.Message)
            {
                Assert.That(transactionFlowElement, Is.Null, label.Get());
            }
            else
            {
                Assert.That(transactionFlowElement, Is.Not.Null, label.Get());
            }
            label.LeaveScope();

            label.EnterScope("transport");
            Assert.That(transportElement, Is.Not.Null, label.Get());

            Assert.That(transportElement.Scheme, Is.EqualTo("net.tcp"), label.Get());
            Assert.That(transportElement.TransferMode, Is.EqualTo(transferMode), label.Get());
            label.LeaveScope();              // transport

            label.EnterScope("security");
            switch (security)
            {
            case SecurityMode.None:
            case SecurityMode.Transport:
                Assert.That(transportSecurityElement, Is.Null, label.Get());
                Assert.That(sslStreamElement, Is.Null, label.Get());
                Assert.That(symmSecurityElement, Is.Null, label.Get());
                break;

            case SecurityMode.TransportWithMessageCredential:
                Assert.That(transportSecurityElement, Is.Not.Null, label.Get());
                Assert.That(sslStreamElement, Is.Not.Null, label.Get());
                Assert.That(symmSecurityElement, Is.Null, label.Get());
                break;

            case SecurityMode.Message:
                Assert.That(transportSecurityElement, Is.Null, label.Get());
                Assert.That(sslStreamElement, Is.Null, label.Get());
                Assert.That(symmSecurityElement, Is.Not.Null, label.Get());
                break;

            default:
                throw new InvalidOperationException();
            }
            label.LeaveScope();

            label.LeaveScope();              // elements
            label.LeaveScope();              // net-tcp
        }
 public virtual XmlElement CreateWsspTransportBindingAssertion(MetadataExporter exporter, TransportSecurityBindingElement binding, XmlElement transportTokenAssertion)
 {
     XmlElement element = this.CreateWsspAssertion("TransportBinding");
     element.AppendChild(this.CreateWspPolicyWrapper(exporter, new XmlElement[] { this.CreateWsspTransportTokenAssertion(exporter, transportTokenAssertion), this.CreateWsspAlgorithmSuiteAssertion(exporter, binding.DefaultAlgorithmSuite), this.CreateWsspLayoutAssertion(exporter, binding.SecurityHeaderLayout), this.CreateWsspIncludeTimestampAssertion(binding.IncludeTimestamp) }));
     return element;
 }