/// <summary>
/// Sets the credentials to use for the service host.
/// </summary>
/// <param name="serviceHost"></param>
public void SetServiceCredentials(System.ServiceModel.ServiceHostBase serviceHost)
{
if (serviceHost == null)
{
throw new ArgumentNullException("serviceHost");
}
if (serviceHost.Credentials == null)
{
throw new ArgumentException("ServiceHost credentials may not be null.");
}
serviceHost.Credentials.ServiceCertificate.Certificate = null;
// Set service certificate
if (_enableSsl)
{
serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName, Transport.ServiceDomainName);
}
// Set the trust level for client certificates
X509ClientCertificateAuthentication x509ClientCertificateAuthentication =
serviceHost.Credentials.ClientCertificate.Authentication;
x509ClientCertificateAuthentication.CertificateValidationMode =
X509CertificateValidationMode.PeerOrChainTrust;
x509ClientCertificateAuthentication.TrustedStoreLocation = StoreLocation.LocalMachine;
x509ClientCertificateAuthentication.RevocationMode = X509RevocationMode.NoCheck;
x509ClientCertificateAuthentication.CustomCertificateValidator = new X509CertificateValidator();
}
private void Snippet1()
{
//<snippet1>
// Create a service host.
Uri httpUri = new Uri("http://localhost/Calculator");
ServiceHost sh = new ServiceHost(typeof(Calculator), httpUri);
// Get a reference to the authentication object.
X509ClientCertificateAuthentication myAuthProperties =
sh.Credentials.ClientCertificate.Authentication;
// Configure peer trust.
myAuthProperties.CertificateValidationMode =
X509CertificateValidationMode.PeerTrust;
// Configure chain trust.
myAuthProperties.CertificateValidationMode =
X509CertificateValidationMode.ChainTrust;
// Configure custom certificate validation.
myAuthProperties.CertificateValidationMode =
X509CertificateValidationMode.Custom;
// Specify a custom certificate validator (not shown here) that inherits
// from the X509CertificateValidator class.
// creds.ClientCertificate.Authentication.CustomCertificateValidator =
// new MyCertificateValidator();
//</snippet1>
}
private void Snippet7()
{
//<snippet7>
// Create a service host.
Uri httpUri = new Uri("http://localhost/Calculator");
ServiceHost sh = new ServiceHost(typeof(Calculator), httpUri);
// Create a binding that uses a certificate.
WSHttpBinding b = new WSHttpBinding(SecurityMode.Message);
b.Security.Message.ClientCredentialType =
MessageCredentialType.Certificate;
// Get a reference to the authentication object.
X509ClientCertificateAuthentication myAuthProperties =
sh.Credentials.ClientCertificate.Authentication;
switch (myAuthProperties.CertificateValidationMode)
{
case X509CertificateValidationMode.ChainTrust:
Console.WriteLine("ChainTrust");
break;
case X509CertificateValidationMode.Custom:
Console.WriteLine("Custom");
break;
case X509CertificateValidationMode.None:
Console.WriteLine("ChainTrust");
break;
case X509CertificateValidationMode.PeerOrChainTrust:
Console.WriteLine("PeerOrChainTrust");
break;
case X509CertificateValidationMode.PeerTrust:
Console.WriteLine("PeerTrust");
break;
default:
Console.WriteLine("Default");
break;
}
//</snippet7>
}
private void Snippet4()
{
//<snippet4>
// Create a service host.
Uri httpUri = new Uri("http://localhost/Calculator");
ServiceHost sh = new ServiceHost(typeof(Calculator), httpUri);
// Create a binding that uses Windows security.
WSHttpBinding b = new WSHttpBinding(SecurityMode.Message);
b.Security.Message.ClientCredentialType = MessageCredentialType.Windows;
// Get a reference to the authentication object.
X509ClientCertificateAuthentication myAuthProperties =
sh.Credentials.ClientCertificate.Authentication;
// Configure IncludeWindowsGroups.
myAuthProperties.IncludeWindowsGroups = true;
//</snippet4>
}
internal void ApplyConfiguration(X509ClientCertificateAuthentication cert)
{
if (cert == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("cert");
}
cert.CertificateValidationMode = this.CertificateValidationMode;
cert.RevocationMode = this.RevocationMode;
cert.TrustedStoreLocation = this.TrustedStoreLocation;
cert.IncludeWindowsGroups = this.IncludeWindowsGroups;
cert.MapClientCertificateToWindowsAccount = this.MapClientCertificateToWindowsAccount;
if (!string.IsNullOrEmpty(this.CustomCertificateValidatorType))
{
Type c = Type.GetType(this.CustomCertificateValidatorType, true);
if (!typeof(X509CertificateValidator).IsAssignableFrom(c))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ConfigurationErrorsException(System.ServiceModel.SR.GetString("ConfigInvalidCertificateValidatorType", new object[] { this.CustomCertificateValidatorType, typeof(X509CertificateValidator).ToString() })));
}
cert.CustomCertificateValidator = (X509CertificateValidator)Activator.CreateInstance(c);
}
}
private void Snippet5()
{
//<snippet5>
// Create a service host.
Uri httpUri = new Uri("http://localhost/Calculator");
ServiceHost sh = new ServiceHost(typeof(Calculator), httpUri);
// Create a binding that uses a certificate.
WSHttpBinding b = new WSHttpBinding(SecurityMode.Message);
b.Security.Message.ClientCredentialType =
MessageCredentialType.Certificate;
// Get a reference to the authentication object.
X509ClientCertificateAuthentication myAuthProperties =
sh.Credentials.ClientCertificate.Authentication;
// Configure ChainTrust with no revocation check.
myAuthProperties.CertificateValidationMode =
X509CertificateValidationMode.ChainTrust;
myAuthProperties.RevocationMode = X509RevocationMode.NoCheck;
//</snippet5>
}
private void Snippet6()
{
//<snippet6>
// Create a service host.
Uri httpUri = new Uri("http://localhost/Calculator");
ServiceHost sh = new ServiceHost(typeof(Calculator), httpUri);
// Create a binding that uses a certificate.
WSHttpBinding b = new WSHttpBinding(SecurityMode.Message);
b.Security.Message.ClientCredentialType =
MessageCredentialType.Certificate;
// Get a reference to the authentication object.
X509ClientCertificateAuthentication myAuthProperties =
sh.Credentials.ClientCertificate.Authentication;
// Configure peer trust.
myAuthProperties.CertificateValidationMode =
X509CertificateValidationMode.PeerTrust;
myAuthProperties.TrustedStoreLocation =
StoreLocation.LocalMachine;
//</snippet6>
}
protected override void ApplyConfiguration()
{
try
{
//Check if there is a valid configuration section
Configuration.Section section = Configuration.Section.GetSection();
if (section == null || section.Services == null)
{
//System.IO.File.WriteAllText(@"test.txt", string.Format("section is null"));
return;
}
//Check if there is a valid configuration for this service
Configuration.ServiceElement element = section.Services.GetElementByKey(Description.ConfigurationName);
if (element == null)
{
//StringBuilder sb = new StringBuilder();
//foreach (Configuration.ServiceElement service in section.Services)
//{
// sb.AppendLine(service.Name);
//}
//System.IO.File.WriteAllText(@"test2.txt", string.Format("element is null, Description.Name: {0}\r\nAll services list:{1}", Description.ConfigurationName, sb.ToString()));
return;
}
X509Certificate2 serverCertificate = element.GetServerCertificate();
//Set the server certificate
if (serverCertificate != null)
{
this.Credentials.ServiceCertificate.Certificate = serverCertificate;
}
else
{
//System.IO.File.WriteAllText(@"test3.txt", string.Format("serverCertificate is null"));
}
//Set the userNameAuthentication
Configuration.UserNameAuthenticationElement userNameAuthElement = section.UserNameAuthentication;
if (userNameAuthElement != null)
{
this.Credentials.UserNameAuthentication.UserNamePasswordValidationMode = userNameAuthElement.UserNamePasswordValidationMode;
// Don't know how to configure the MembershipProvider from conig files, currently use default membership provider
//this.Credentials.UserNameAuthentication.MembershipProvider = userNameAuthElement.MembershipProviderName;
}
base.ApplyConfiguration();
//Set the client certificates and the validator
if (string.IsNullOrEmpty(element.ClientCertificates) == false)
{
X509ClientCertificateAuthentication authentication =
this.Credentials.ClientCertificate.Authentication;
authentication.CertificateValidationMode =
System.ServiceModel.Security.X509CertificateValidationMode.Custom;
authentication.CustomCertificateValidator =
new CustomCertificateValidator(element.GetClientCertificates());
}
}
catch (Exception ex)
{
//throw;
System.IO.File.WriteAllText(System.Web.Hosting.HostingEnvironment.MapPath("~/Exception2.txt"), string.Format("Error occurred: {0}\r\n{1}\r\n{2}", ex.Message, ex.Source, ex.StackTrace));
}
finally
{
}
}
