public void GetTokenWithoutOpen()
{
IssuedSecurityTokenProvider p =
new IssuedSecurityTokenProvider();
p.GetToken(TimeSpan.FromSeconds(10));
}
protected override System.IdentityModel.Tokens.SecurityToken GetTokenCore(TimeSpan timeout)
{
SecurityToken securityToken = null;
if (this.CacheIssuedTokens)
{
securityToken = TokenCache.GetToken(this.innerProvider.IssuerAddress.Uri);
if (securityToken == null || !IsServiceTokenTimeValid(securityToken))
{
securityToken = innerProvider.GetToken(timeout);
TokenCache.AddToken(this.innerProvider.IssuerAddress.Uri, securityToken);
}
}
else
{
securityToken = innerProvider.GetToken(timeout);
}
return(securityToken);
}
public void GetToken()
{
IssuedSecurityTokenProvider p = SetupProvider(CreateIssuerBinding(new RequestSender(OnGetToken), true));
try {
p.Open(TimeSpan.FromSeconds(5));
p.GetToken(TimeSpan.FromSeconds(10));
} finally {
if (p.State == CommunicationState.Opened)
{
p.Close();
}
}
}
public void GetTokenWithoutProtectionTokenParameters()
{
IssuedSecurityTokenProvider p = SetupProvider(CreateIssuerBinding(null, false));
try {
p.Open();
p.GetToken(TimeSpan.FromSeconds(10));
} finally {
if (p.State == CommunicationState.Opened)
{
p.Close();
}
}
}
public void GetTokenNoSecureBinding()
{
IssuedSecurityTokenProvider p = SetupProvider(new BasicHttpBinding());
try {
p.Open();
p.GetToken(TimeSpan.FromSeconds(10));
} finally {
if (p.State == CommunicationState.Opened)
{
p.Close();
}
}
}
public void GetTokenWithoutServiceCertificate()
{
IssuedSecurityTokenProvider p = SetupProvider(CreateIssuerBinding(null, true));
p.IssuerAddress = new EndpointAddress("stream:dummy");
try {
p.Open(TimeSpan.FromSeconds(5));
p.GetToken(TimeSpan.FromSeconds(10));
} finally {
if (p.State == CommunicationState.Opened)
{
p.Close();
}
}
}
public static void Main()
{
IssuedSecurityTokenProvider p =
new IssuedSecurityTokenProvider();
p.SecurityTokenSerializer = WSSecurityTokenSerializer.DefaultInstance;
p.IssuerAddress = new EndpointAddress("http://localhost:8080");
WSHttpBinding binding = new WSHttpBinding();
//binding.Security.Mode = SecurityMode.Message;
p.IssuerBinding = binding;
p.SecurityAlgorithmSuite = SecurityAlgorithmSuite.Default;
p.TargetAddress = new EndpointAddress("http://localhost:8080");
p.Open();
p.GetToken(TimeSpan.FromSeconds(10));
p.Close();
}
/// <summary>
/// Check for token already cached for user and not expired
/// </summary>
/// <param name="timeout"></param>
/// <returns></returns>
protected override SecurityToken GetTokenCore(TimeSpan timeout)
{
var userName = Thread.CurrentPrincipal.Identity.Name;
var cacheKey = new Uri(string.Concat(innerProvider.TargetAddress.Uri, innerProvider.IssuerAddress.Uri, userName));
var securityToken = TokenCacheHelper.GetToken(cacheKey);
var cacheMiss = securityToken == null || IsSecurityTokenExpired(securityToken);
if (cacheMiss)
{
securityToken = innerProvider.GetToken(timeout);
// Only add the token to the cache if caching has been turned on in web/app.config.
if (innerProvider.CacheIssuedTokens)
{
TokenCacheHelper.AddToken(cacheKey, securityToken);
}
}
return(securityToken);
}
public static void Main(string [] args)
{
bool no_nego = false, no_sc = false;
foreach (string arg in args)
{
if (arg == "--no-nego")
{
no_nego = true;
}
else if (arg == "--no-sc")
{
no_sc = true;
}
else
{
Console.WriteLine("Unrecognized option '{0}'", arg);
return;
}
}
X509Certificate2 cert = new X509Certificate2("test.pfx", "mono");
IssuedSecurityTokenProvider p =
new IssuedSecurityTokenProvider();
p.IssuerAddress = new EndpointAddress(new Uri("http://localhost:8080"), new X509CertificateEndpointIdentity(cert));
p.TargetAddress = new EndpointAddress("http://localhost:8080");
WSHttpBinding binding = new WSHttpBinding();
// the following lines are required to not depend on
// MessageCredentialType.Windows (which uses SSPI).
binding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
ClientCredentials cred = new ClientCredentials();
cred.ClientCertificate.Certificate = cert;
cred.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
p.IssuerChannelBehaviors.Add(cred);
if (no_sc)
{
binding.Security.Message.EstablishSecurityContext = false;
}
if (no_nego)
{
binding.Security.Message.NegotiateServiceCredential = false;
}
p.IssuerBinding = binding;
p.SecurityTokenSerializer = new WSSecurityTokenSerializer();
p.SecurityAlgorithmSuite = SecurityAlgorithmSuite.Default;
p.KeyEntropyMode = SecurityKeyEntropyMode.ClientEntropy;
p.Open();
SecurityToken token = p.GetToken(TimeSpan.FromSeconds(10));
p.Close();
XmlWriter writer = XmlWriter.Create(Console.Out);
new ClientCredentialsSecurityTokenManager(cred).CreateSecurityTokenSerializer(MessageSecurityVersion.Default.SecurityTokenVersion).WriteToken(writer, token);
writer.Close();
}
public static eHtalkMessage GetResponseSync(eHtalkMessage msg, X509Certificate2 extInterfaCertificate, string esbEndpoint, string relyingParty, string identityProviderURL, X509Certificate2 userCertificate, string wsaddressingTo, Stopwatch stopw)
{
#if !CC
IssuedSecurityTokenProvider provider = new IssuedSecurityTokenProvider();
provider.SecurityTokenSerializer = new WSSecurityTokenSerializer();
provider.TargetAddress = new EndpointAddress(new Uri(relyingParty), new AddressHeader[0]);
provider.IssuerAddress = new EndpointAddress(new Uri(identityProviderURL), new AddressHeader[0]);
provider.SecurityAlgorithmSuite = SecurityAlgorithmSuite.Basic256;
provider.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
ClientCredentials credentials = new ClientCredentials
{
ClientCertificate = { Certificate = userCertificate }
};
provider.IssuerChannelBehaviors.Add(credentials);
HttpsTransportBindingElement tbe = new HttpsTransportBindingElement
{
AuthenticationScheme = AuthenticationSchemes.Digest,
RequireClientCertificate = true,
KeepAliveEnabled = false
};
CustomBinding stsBinding = new CustomBinding(new BindingElement[] { tbe });
provider.IssuerBinding = stsBinding;
provider.Open();
var token = provider.GetToken(TimeSpan.FromSeconds(30.0)) as GenericXmlSecurityToken;
#endif
#if CC
var cc = new EhealthCryptoController();
var token = cc.GetSamlTokenForHealthProfessional(relyingParty);
#endif
if (token == null)
{
throw new ApplicationException("No AT token received");
}
Console.WriteLine(string.Format("Ziskany AT token in {0}", stopw.ElapsedMilliseconds));
CustomBinding binding = new CustomBinding();
SecurityBindingElement sbe = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(new IssuedSecurityTokenParameters()
{
RequireDerivedKeys = true, KeyType = SecurityKeyType.SymmetricKey
});
sbe.MessageSecurityVersion =
MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
sbe.SecurityHeaderLayout = SecurityHeaderLayout.Strict;
sbe.IncludeTimestamp = true;
//sbe.AllowInsecureTransport = true;
sbe.SetKeyDerivation(true);
sbe.KeyEntropyMode = SecurityKeyEntropyMode.ClientEntropy;
binding.Elements.Add(sbe);
binding.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap12WSAddressing10, System.Text.Encoding.UTF8));
binding.Elements.Add(new HttpsTransportBindingElement()
{
RequireClientCertificate = true, KeepAliveEnabled = true
});
var regEx = new Regex(@"https?://([^/]+)");
var dnsIdentity = regEx.Match(wsaddressingTo).Groups[1].Captures[0].Value;
var channelFactory = new ChannelFactory <IeHealthSyncService>(binding,
new EndpointAddress(
new Uri(wsaddressingTo),
new DnsEndpointIdentity(dnsIdentity),
new AddressHeader[] { }));
channelFactory.Credentials.SupportInteractive = false;
channelFactory.Credentials.ClientCertificate.Certificate = userCertificate;
channelFactory.Credentials.ServiceCertificate.DefaultCertificate = extInterfaCertificate;
channelFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode =
X509CertificateValidationMode.None;
channelFactory.ConfigureChannelFactory <IeHealthSyncService>();
channelFactory.Endpoint.Behaviors.Add(new ClientViaBehavior(new Uri(esbEndpoint)));
var channel = channelFactory.CreateChannelWithIssuedToken(token);
Console.WriteLine(string.Format("vytvoreny kanal: {0}", stopw.ElapsedMilliseconds));
var stopw1 = new Stopwatch();
eHtalkMessage data = null;
int wait = 1;
for (int i = 0; i < 20; i++)
{
stopw1.Reset();
stopw1.Start();
msg.Header.MessageInfo.MessageID = Guid.NewGuid().ToString("D");
Debug.WriteLine("Start calling", "MyCustom");
try
{
data = channel.GetData(msg);
}
catch (CommunicationException ex)
{
data = channel.GetData(msg);
}
Console.WriteLine(string.Format("po {1} sekundach: {0}", stopw1.ElapsedMilliseconds, wait));
Thread.Sleep(wait * 1000);
wait = wait * 2;
}
return(data);
}