private static Binding AdjustBinding(Binding binding) { CustomBinding customBinding = new CustomBinding(binding); SecurityBindingElement bindingElement = customBinding.Elements.Find <SecurityBindingElement>(); if (bindingElement == null) { return(binding); } bindingElement.LocalServiceSettings.MaxPendingSessions = 100000; bindingElement.LocalServiceSettings.MaxStatefulNegotiations = 100000; bindingElement.LocalServiceSettings.MaxClockSkew = TimeSpan.FromHours(2); bindingElement.LocalClientSettings.MaxClockSkew = TimeSpan.FromHours(2); // // Check if secure conversation is enabled // SecurityTokenParameters tokenParameters = ((SymmetricSecurityBindingElement)bindingElement).ProtectionTokenParameters; SecureConversationSecurityTokenParameters sct = tokenParameters as SecureConversationSecurityTokenParameters; if (sct != null) { bindingElement = sct.BootstrapSecurityBindingElement; bindingElement.LocalServiceSettings.MaxPendingSessions = 100000; bindingElement.LocalServiceSettings.MaxStatefulNegotiations = 100000; bindingElement.LocalServiceSettings.MaxClockSkew = TimeSpan.FromHours(2); bindingElement.LocalClientSettings.MaxClockSkew = TimeSpan.FromHours(2); } return(customBinding); }
static public SecurityBindingElement CreateSecureConversationBindingElement(SecurityBindingElement bootstrapSecurity, bool requireCancellation, ChannelProtectionRequirements bootstrapProtectionRequirements) { if (bootstrapSecurity == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(bootstrapSecurity)); } SecurityBindingElement result; if (bootstrapSecurity is TransportSecurityBindingElement) { // there is no need to do replay detection or key derivation for transport bindings var primary = new TransportSecurityBindingElement(); var scParameters = new SecureConversationSecurityTokenParameters( bootstrapSecurity, requireCancellation, bootstrapProtectionRequirements); scParameters.RequireDerivedKeys = false; primary.EndpointSupportingTokenParameters.Endorsing.Add( scParameters); primary.LocalClientSettings.DetectReplays = false; primary.IncludeTimestamp = true; result = primary; } else // Symmetric- or AsymmetricSecurityBindingElement { throw ExceptionHelper.PlatformNotSupported(); } return(result); }
public override bool TryImportWsspSecureConversationTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters) { SecurityTokenInclusionMode mode; parameters = null; if (this.IsWsspAssertion(assertion, "SecureConversationToken") && this.TryGetIncludeTokenValue(assertion, out mode)) { Collection <Collection <XmlElement> > collection; if (this.TryGetNestedPolicyAlternatives(importer, assertion, out collection)) { foreach (Collection <XmlElement> collection2 in collection) { bool flag; bool flag2; SecureConversationSecurityTokenParameters parameters2 = new SecureConversationSecurityTokenParameters(); parameters = parameters2; if (((this.TryImportWsspRequireDerivedKeysAssertion(collection2, parameters2) && this.TryImportWsspMustNotSendCancelAssertion(collection2, out flag)) && (this.TryImportWsspMustNotSendAmendAssertion(collection2) && this.TryImportWsspMustNotSendRenewAssertion(collection2, out flag2))) && (this.TryImportWsspBootstrapPolicyAssertion(importer, collection2, parameters2) && (collection2.Count == 0))) { parameters2.RequireCancellation = flag; parameters2.CanRenewSession = flag2; parameters2.InclusionMode = mode; break; } parameters = null; } } else { parameters = new SecureConversationSecurityTokenParameters(); parameters.InclusionMode = mode; parameters.RequireDerivedKeys = false; } } return(parameters != null); }
public void MessageSecurityCertificateNego() { WSHttpBinding binding = new WSHttpBinding(); binding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate; SymmetricSecurityBindingElement sbe = binding.CreateBindingElements().Find <SymmetricSecurityBindingElement> (); Assert.IsNotNull(sbe, "#1"); Assert.AreEqual(false, sbe.RequireSignatureConfirmation, "#1-2"); SecureConversationSecurityTokenParameters sp = sbe.ProtectionTokenParameters as SecureConversationSecurityTokenParameters; Assert.IsNotNull(sp, "#2"); SymmetricSecurityBindingElement spbe = sp.BootstrapSecurityBindingElement as SymmetricSecurityBindingElement; Assert.IsNotNull(spbe, "#3"); SslSecurityTokenParameters p = spbe.ProtectionTokenParameters as SslSecurityTokenParameters; Assert.IsNotNull(p, "#4"); Assert.AreEqual(SecurityTokenReferenceStyle.Internal, p.ReferenceStyle, "#5"); Assert.AreEqual(SecurityTokenInclusionMode.AlwaysToRecipient, p.InclusionMode, "#6"); }
private void CheckForCookie(SecurityTokenParameters tokenParameters, ServiceEndpoint endpoint) { bool flag = false; SecureConversationSecurityTokenParameters parameters = tokenParameters as SecureConversationSecurityTokenParameters; if ((parameters != null) && !parameters.RequireCancellation) { flag = true; } SspiSecurityTokenParameters parameters2 = tokenParameters as SspiSecurityTokenParameters; if ((parameters2 != null) && !parameters2.RequireCancellation) { flag = true; } SspiSecurityTokenParameters parameters3 = tokenParameters as SspiSecurityTokenParameters; if ((parameters3 != null) && !parameters3.RequireCancellation) { flag = true; } if (flag) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("RequireNonCookieMode", new object[] { endpoint.Binding.Name, endpoint.Binding.Namespace }))); } }
void CheckForCookie(SecurityTokenParameters tokenParameters, ServiceEndpoint endpoint) { bool cookie = false; SecureConversationSecurityTokenParameters sc = tokenParameters as SecureConversationSecurityTokenParameters; if (sc != null && sc.RequireCancellation == false) { cookie = true; } SspiSecurityTokenParameters sspi = tokenParameters as SspiSecurityTokenParameters; if (sspi != null && sspi.RequireCancellation == false) { cookie = true; } SspiSecurityTokenParameters ssl = tokenParameters as SspiSecurityTokenParameters; if (ssl != null && ssl.RequireCancellation == false) { cookie = true; } if (cookie) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.RequireNonCookieMode, endpoint.Binding.Name, endpoint.Binding.Namespace))); } }
/// <summary> /// 设置验证时间间隔 /// </summary> /// <param name="binding"></param> /// <param name="clockSkew"></param> /// <returns></returns> private Binding CreateCustomBinding(Binding binding, TimeSpan clockSkew) { CustomBinding myCustomBinding = new CustomBinding(binding); SymmetricSecurityBindingElement security = myCustomBinding.Elements.Find <SymmetricSecurityBindingElement>(); if (null != security) { security.LocalClientSettings.MaxClockSkew = clockSkew; security.LocalServiceSettings.MaxClockSkew = clockSkew; SecureConversationSecurityTokenParameters securityProtectionTokenParameters = security.ProtectionTokenParameters as SecureConversationSecurityTokenParameters; if (null != securityProtectionTokenParameters) { SecurityBindingElement bootstrap = securityProtectionTokenParameters.BootstrapSecurityBindingElement; if (null != bootstrap) { bootstrap.LocalClientSettings.MaxClockSkew = clockSkew; bootstrap.LocalServiceSettings.MaxClockSkew = clockSkew; } } } return(myCustomBinding); }
public static void RequireCancellation_Property_Is_Settable(bool value) { SecureConversationSecurityTokenParameters scstp = new SecureConversationSecurityTokenParameters(); scstp.RequireCancellation = value; Assert.Equal(value, scstp.RequireCancellation); }
public void CreateSecureConversationBindingElement() { SymmetricSecurityBindingElement be = SecurityBindingElement.CreateSecureConversationBindingElement(new SymmetricSecurityBindingElement()) as SymmetricSecurityBindingElement; SecurityAssert.AssertSymmetricSecurityBindingElement( SecurityAlgorithmSuite.Default, true, // IncludeTimestamp SecurityKeyEntropyMode.CombinedEntropy, MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature, MessageSecurityVersion.Default, false, // RequireSignatureConfirmation SecurityHeaderLayout.Strict, // EndpointSupportingTokenParameters: endorsing, signed, signedEncrypted, signedEndorsing (by count) 0, 0, 0, 0, // ProtectionTokenParameters true, SecurityTokenInclusionMode.AlwaysToRecipient, SecurityTokenReferenceStyle.Internal, true, // LocalClientSettings true, 60, true, be, ""); // test ProtectionTokenParameters SecureConversationSecurityTokenParameters tp = be.ProtectionTokenParameters as SecureConversationSecurityTokenParameters; Assert.IsNotNull(tp, "#2-1"); SecurityAssert.AssertSecurityTokenParameters( SecurityTokenInclusionMode.AlwaysToRecipient, SecurityTokenReferenceStyle.Internal, true, tp, "Protection"); }
void InitializeSecureConversationParameters(SecureConversationSecurityTokenParameters sc, bool initializeNestedBindings) { SetPropertyValueIfNotDefaultValue(ConfigurationStrings.RequireSecurityContextCancellation, sc.RequireCancellation); this.CanRenewSecurityContextToken = sc.CanRenewSession; // can't use default value optimization here because ApplyConfiguration relies on the runtime default instead, which is the opposite of the config default if (sc.BootstrapSecurityBindingElement != null) { this.SecureConversationBootstrap.InitializeFrom(sc.BootstrapSecurityBindingElement, initializeNestedBindings); } }
//</snippet1> private void PrintValue(Binding b) { BindingElementCollection bec = b.CreateBindingElements(); SymmetricSecurityBindingElement sbe = (SymmetricSecurityBindingElement)bec.Find<SecurityBindingElement>(); Console.WriteLine("skew {0}", sbe.LocalServiceSettings.MaxClockSkew.ToString()); SecureConversationSecurityTokenParameters secureTokenParams = (SecureConversationSecurityTokenParameters)sbe.ProtectionTokenParameters; SecurityBindingElement bootstrap = secureTokenParams.BootstrapSecurityBindingElement; Console.WriteLine("skew 2 {0}", bootstrap.LocalServiceSettings.MaxClockSkew.ToString()); }
private void InitializeSecureConversationParameters(SecureConversationSecurityTokenParameters sc, bool initializeNestedBindings) { base.RequireSecurityContextCancellation = sc.RequireCancellation; if (!sc.CanRenewSession) { base.CanRenewSecurityContextToken = sc.CanRenewSession; } if (sc.BootstrapSecurityBindingElement != null) { this.SecureConversationBootstrap.InitializeFrom(sc.BootstrapSecurityBindingElement, initializeNestedBindings); } }
private static bool AreTokenParametersMatching(SecurityTokenParameters p1, SecurityTokenParameters p2, bool skipRequireDerivedKeysComparison, bool exactMessageSecurityVersion) { if ((p1 == null) || (p2 == null)) { return(false); } if (p1.GetType() != p2.GetType()) { return(false); } if (p1.InclusionMode != p2.InclusionMode) { return(false); } if (!skipRequireDerivedKeysComparison && (p1.RequireDerivedKeys != p2.RequireDerivedKeys)) { return(false); } if (p1.ReferenceStyle != p2.ReferenceStyle) { return(false); } if (p1 is SslSecurityTokenParameters) { if (((SslSecurityTokenParameters)p1).RequireClientCertificate != ((SslSecurityTokenParameters)p2).RequireClientCertificate) { return(false); } } else if (p1 is SecureConversationSecurityTokenParameters) { SecureConversationSecurityTokenParameters parameters = (SecureConversationSecurityTokenParameters)p1; SecureConversationSecurityTokenParameters parameters2 = (SecureConversationSecurityTokenParameters)p2; if (parameters.RequireCancellation != parameters2.RequireCancellation) { return(false); } if (parameters.CanRenewSession != parameters2.CanRenewSession) { return(false); } if (!AreBindingsMatching(parameters.BootstrapSecurityBindingElement, parameters2.BootstrapSecurityBindingElement, exactMessageSecurityVersion)) { return(false); } } else if ((p1 is IssuedSecurityTokenParameters) && (((IssuedSecurityTokenParameters)p1).KeyType != ((IssuedSecurityTokenParameters)p2).KeyType)) { return(false); } return(true); }
static void ShowSecurityTokenParmeters(System.Collections.ObjectModel.Collection <SecurityTokenParameters> parmsCollection, string tokenType) { Console.WriteLine("\t\t" + tokenType + " Tokens"); foreach (SecurityTokenParameters parms in parmsCollection) { Console.WriteLine("\t\t\t" + parms.GetType().ToString() + Environment.NewLine + "\t\t\tInclusionMode: " + parms.InclusionMode.ToString()); SecureConversationSecurityTokenParameters secureConvTokenParms = parms as SecureConversationSecurityTokenParameters; if (secureConvTokenParms != null) { ShowSecurityTokenParmeters(secureConvTokenParms.BootstrapSecurityBindingElement.EndpointSupportingTokenParameters.Endorsing, "Bootstrap Endorsing"); } } }
public static Binding DecorateBinding(Binding binding, int?maxNegotiationCount) { CustomBinding customBinding = new CustomBinding(binding); SymmetricSecurityBindingElement security = customBinding.Elements.Find <SymmetricSecurityBindingElement>(); if (security != null) { security.IncludeTimestamp = false; security.LocalClientSettings.DetectReplays = false; security.LocalServiceSettings.DetectReplays = false; security.LocalClientSettings.MaxClockSkew = TimeSpan.MaxValue; security.LocalServiceSettings.MaxClockSkew = TimeSpan.MaxValue; security.LocalClientSettings.SessionKeyRenewalInterval = TimeSpan.MaxValue; security.LocalServiceSettings.SessionKeyRenewalInterval = TimeSpan.FromMilliseconds(Int32.MaxValue); if (maxNegotiationCount.HasValue) { security.LocalServiceSettings.MaxPendingSessions = maxNegotiationCount.Value; security.LocalServiceSettings.MaxStatefulNegotiations = maxNegotiationCount.Value; } // Get the System.ServiceModel.Security.Tokens.SecureConversationSecurityTokenParameters SecureConversationSecurityTokenParameters secureTokenParams = (SecureConversationSecurityTokenParameters)security.ProtectionTokenParameters; // From the collection, get the bootstrap element. SecurityBindingElement bootstrap = secureTokenParams.BootstrapSecurityBindingElement; // Set the MaxClockSkew on the bootstrap element. bootstrap.IncludeTimestamp = false; bootstrap.LocalClientSettings.DetectReplays = false; bootstrap.LocalServiceSettings.DetectReplays = false; bootstrap.LocalClientSettings.MaxClockSkew = TimeSpan.MaxValue; bootstrap.LocalServiceSettings.MaxClockSkew = TimeSpan.MaxValue; bootstrap.LocalClientSettings.SessionKeyRenewalInterval = TimeSpan.MaxValue; bootstrap.LocalServiceSettings.SessionKeyRenewalInterval = TimeSpan.FromMilliseconds(Int32.MaxValue); if (maxNegotiationCount.HasValue) { bootstrap.LocalServiceSettings.MaxPendingSessions = maxNegotiationCount.Value; bootstrap.LocalServiceSettings.MaxStatefulNegotiations = maxNegotiationCount.Value; } return(customBinding); } else { return(binding); } }
private static void ValidateTransportSecurityBindingElement(TransportSecurityBindingElement transportSecurityBindingElement) { if (transportSecurityBindingElement.EndpointSupportingTokenParameters.Signed.Count != 0 || transportSecurityBindingElement.EndpointSupportingTokenParameters.SignedEndorsing.Count != 0) { s_bindingValidationErrors.Add(SR.BindingTransportSecurityTokenSignedOrSignedEndorsingNotSupported); } else if (transportSecurityBindingElement.EndpointSupportingTokenParameters.SignedEncrypted.Count == 1) { ValidateUserNamePasswordSecurityBindingElement(transportSecurityBindingElement); } else if (transportSecurityBindingElement.EndpointSupportingTokenParameters.Endorsing.Count == 1) { SecureConversationSecurityTokenParameters endorsingTokenParams = transportSecurityBindingElement.EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters; if (endorsingTokenParams != null) { if (endorsingTokenParams.RequireDerivedKeys) { s_bindingValidationErrors.Add(SR.BindingTransportSecurityTokenParamsRequiringDerivedKeysNotSupported); } TransportSecurityBindingElement bootstrapElement = endorsingTokenParams.BootstrapSecurityBindingElement as TransportSecurityBindingElement; if (bootstrapElement == null) { s_bindingValidationErrors.Add(string.Format(SR.BindingTransportSecurityElementTypeNotSupportedFormat, endorsingTokenParams.BootstrapSecurityBindingElement.GetType().FullName, typeof(TransportSecurityBindingElement).FullName)); } else { ValidateTransportSecurityBindingElement(bootstrapElement); } } } if (!transportSecurityBindingElement.IncludeTimestamp) { s_bindingValidationErrors.Add(SR.BindingTransportSecurityMustIncludeTimestamp); } if (transportSecurityBindingElement.DefaultAlgorithmSuite != SecurityAlgorithmSuite.Default) { s_bindingValidationErrors.Add(string.Format(SR.BindingTransportSecurityDefaultAlgorithmSuiteNotSupportedFormat, transportSecurityBindingElement.DefaultAlgorithmSuite.GetType().FullName, SecurityAlgorithmSuite.Default.GetType().FullName)); } }
public void MessageSecuritySPNego() { WSHttpBinding binding = new WSHttpBinding(); SymmetricSecurityBindingElement sbe = binding.CreateBindingElements().Find <SymmetricSecurityBindingElement> (); Assert.IsNotNull(sbe, "#1"); Assert.AreEqual(false, sbe.RequireSignatureConfirmation, "#1-2"); SecureConversationSecurityTokenParameters sp = sbe.ProtectionTokenParameters as SecureConversationSecurityTokenParameters; Assert.IsNotNull(sp, "#2"); SymmetricSecurityBindingElement spbe = sp.BootstrapSecurityBindingElement as SymmetricSecurityBindingElement; Assert.IsNotNull(spbe, "#3"); SspiSecurityTokenParameters p = spbe.ProtectionTokenParameters as SspiSecurityTokenParameters; Assert.IsNotNull(p, "#4"); Assert.AreEqual(SecurityTokenReferenceStyle.Internal, p.ReferenceStyle, "#5"); Assert.AreEqual(SecurityTokenInclusionMode.AlwaysToRecipient, p.InclusionMode, "#6"); Assert.AreEqual(0, sbe.EndpointSupportingTokenParameters.Signed.Count, "#7"); Assert.AreEqual(0, sbe.EndpointSupportingTokenParameters.SignedEncrypted.Count, "#8"); Assert.AreEqual(0, sbe.EndpointSupportingTokenParameters.Endorsing.Count, "#9"); Assert.AreEqual(0, sbe.EndpointSupportingTokenParameters.SignedEndorsing.Count, "#10"); Assert.AreEqual(0, spbe.EndpointSupportingTokenParameters.Signed.Count, "#11"); Assert.AreEqual(0, spbe.EndpointSupportingTokenParameters.SignedEncrypted.Count, "#12"); Assert.AreEqual(0, spbe.EndpointSupportingTokenParameters.Endorsing.Count, "#13"); Assert.AreEqual(0, spbe.EndpointSupportingTokenParameters.SignedEndorsing.Count, "#14"); Assert.AreEqual(0, sbe.OptionalEndpointSupportingTokenParameters.Signed.Count, "#17"); Assert.AreEqual(0, sbe.OptionalEndpointSupportingTokenParameters.SignedEncrypted.Count, "#18"); Assert.AreEqual(0, sbe.OptionalEndpointSupportingTokenParameters.Endorsing.Count, "#19"); Assert.AreEqual(0, sbe.OptionalEndpointSupportingTokenParameters.SignedEndorsing.Count, "#110"); Assert.AreEqual(0, spbe.OptionalEndpointSupportingTokenParameters.Signed.Count, "#21"); Assert.AreEqual(0, spbe.OptionalEndpointSupportingTokenParameters.SignedEncrypted.Count, "#22"); Assert.AreEqual(0, spbe.OptionalEndpointSupportingTokenParameters.Endorsing.Count, "#23"); Assert.AreEqual(0, spbe.OptionalEndpointSupportingTokenParameters.SignedEndorsing.Count, "#24"); }
public override bool TryImportWsspSecureConversationTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters) { parameters = null; SecurityTokenInclusionMode inclusionMode; Collection <Collection <XmlElement> > alternatives; if (IsWsspAssertion(assertion, SecureConversationTokenName) && TryGetIncludeTokenValue(assertion, out inclusionMode)) { if (TryGetNestedPolicyAlternatives(importer, assertion, out alternatives)) { foreach (Collection <XmlElement> alternative in alternatives) { SecureConversationSecurityTokenParameters sc = new SecureConversationSecurityTokenParameters(); parameters = sc; bool requireCancellation; bool canRenewSession; if (TryImportWsspRequireDerivedKeysAssertion(alternative, sc) && TryImportWsspMustNotSendCancelAssertion(alternative, out requireCancellation) && TryImportWsspMustNotSendAmendAssertion(alternative) && TryImportWsspMustNotSendRenewAssertion(alternative, out canRenewSession) && TryImportWsspBootstrapPolicyAssertion(importer, alternative, sc) && alternative.Count == 0) { sc.RequireCancellation = requireCancellation; sc.CanRenewSession = canRenewSession; sc.InclusionMode = inclusionMode; break; } else { parameters = null; } } } else { parameters = new SecureConversationSecurityTokenParameters(); parameters.InclusionMode = inclusionMode; parameters.RequireDerivedKeys = false; } } return(parameters != null); }
//<snippet1> // This method returns a custom binding created from a WSHttpBinding. Alter the method // to use the appropriate binding for your service, with the appropriate settings. public static Binding CreateCustomBinding(TimeSpan clockSkew) { WSHttpBinding standardBinding = new WSHttpBinding(SecurityMode.Message, true); CustomBinding myCustomBinding = new CustomBinding(standardBinding); SymmetricSecurityBindingElement security = myCustomBinding.Elements.Find<SymmetricSecurityBindingElement>(); security.LocalClientSettings.MaxClockSkew = clockSkew; security.LocalServiceSettings.MaxClockSkew = clockSkew; // Get the System.ServiceModel.Security.Tokens.SecureConversationSecurityTokenParameters SecureConversationSecurityTokenParameters secureTokenParams = (SecureConversationSecurityTokenParameters)security.ProtectionTokenParameters; // From the collection, get the bootstrap element. SecurityBindingElement bootstrap = secureTokenParams.BootstrapSecurityBindingElement; // Set the MaxClockSkew on the bootstrap element. bootstrap.LocalClientSettings.MaxClockSkew = clockSkew; bootstrap.LocalServiceSettings.MaxClockSkew = clockSkew; return myCustomBinding; }
// If any changes are made to this method, please make sure that they are // reflected in the corresponding IsSecureConversationBinding() method. public static SecurityBindingElement CreateSecureConversationBindingElement(SecurityBindingElement bootstrapSecurity, bool requireCancellation, ChannelProtectionRequirements bootstrapProtectionRequirements) { if (bootstrapSecurity == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("bootstrapBinding"); } SecurityBindingElement result; if (bootstrapSecurity is TransportSecurityBindingElement) { // there is no need to do replay detection or key derivation for transport bindings TransportSecurityBindingElement primary = new TransportSecurityBindingElement(); SecureConversationSecurityTokenParameters scParameters = new SecureConversationSecurityTokenParameters( bootstrapSecurity, requireCancellation, bootstrapProtectionRequirements) { RequireDerivedKeys = false }; primary.EndpointSupportingTokenParameters.Endorsing.Add( scParameters); // primary.LocalClientSettings.DetectReplays = false; primary.LocalServiceSettings.DetectReplays = false; primary.IncludeTimestamp = true; result = primary; } else // Symmetric- or AsymmetricSecurityBindingElement { SymmetricSecurityBindingElement primary = new SymmetricSecurityBindingElement( new SecureConversationSecurityTokenParameters( bootstrapSecurity, requireCancellation, bootstrapProtectionRequirements)) { // there is no need for signature confirmation on the steady state binding RequireSignatureConfirmation = false }; result = primary; } return(result); }
/// <summary> /// Builds the <see cref="SecurityBindingElement"/> for the RelyingParty channel. /// </summary> /// <returns>a <see cref="SecurityBindingElement"/> for the RelyingParty channel.</returns> /// <remarks>Creates a new <see cref="TransportBindingElement"/> and adds <see cref="WSTrustTokenParameters"/> to the appropriate EndpointSupportingTokenParameters (Endorsing or Signed). /// <para>Sets: <see cref="MessageSecurityVersion"/> == <see cref="WSTrustTokenParameters.MessageSecurityVersion"/>.</para></para> /// <para>Sets: <see cref="IncludeTimestamp"/> == true.</para></remarks> protected override SecurityBindingElement CreateMessageSecurity() { WSTrustTokenParameters.RequireDerivedKeys = false; var result = new TransportSecurityBindingElement { IncludeTimestamp = true, MessageSecurityVersion = WSTrustTokenParameters.MessageSecurityVersion }; if (WSTrustTokenParameters.KeyType == SecurityKeyType.BearerKey) { result.EndpointSupportingTokenParameters.Signed.Add(WSTrustTokenParameters); } else { result.EndpointSupportingTokenParameters.Endorsing.Add(WSTrustTokenParameters); } if (Security.Message.EstablishSecurityContext) { var securityContextWrappingElement = new TransportSecurityBindingElement { IncludeTimestamp = true, MessageSecurityVersion = WSTrustTokenParameters.MessageSecurityVersion }; securityContextWrappingElement.LocalClientSettings.DetectReplays = false; var scParameters = new SecureConversationSecurityTokenParameters(result) { RequireCancellation = true, RequireDerivedKeys = false }; securityContextWrappingElement.EndpointSupportingTokenParameters.Endorsing.Add(scParameters); result = securityContextWrappingElement; } SecurityBindingElement = result; return(result); }
public void DefaultMessageSecurity() { WSHttpBinding b = new WSHttpBinding(); SymmetricSecurityBindingElement sbe = b.CreateBindingElements().Find <SymmetricSecurityBindingElement> (); Assert.IsNotNull(sbe, "#0"); SecureConversationSecurityTokenParameters p = sbe.ProtectionTokenParameters as SecureConversationSecurityTokenParameters; Assert.IsNotNull(p, "#1"); SymmetricSecurityBindingElement scbe = p.BootstrapSecurityBindingElement as SymmetricSecurityBindingElement; Assert.IsNotNull(scbe, "#1.1"); // since the default w/o SecureConv is SSPI ... Assert.IsTrue(scbe.ProtectionTokenParameters is SspiSecurityTokenParameters, "#1.2"); Assert.AreEqual(SecurityAlgorithmSuite.Default, sbe.DefaultAlgorithmSuite, "#2"); SupportingTokenParameters s = sbe.EndpointSupportingTokenParameters; Assert.IsNotNull(s, "#3"); Assert.AreEqual(0, s.Endorsing.Count, "#3-1"); Assert.AreEqual(0, s.Signed.Count, "#3-2"); Assert.AreEqual(0, s.SignedEndorsing.Count, "#3-3"); Assert.AreEqual(0, s.SignedEncrypted.Count, "#3-4"); Assert.AreEqual(0, sbe.OperationSupportingTokenParameters.Count, "#4"); s = sbe.OptionalEndpointSupportingTokenParameters; Assert.IsNotNull(s, "#5"); Assert.AreEqual(0, s.Endorsing.Count, "#5-1"); Assert.AreEqual(0, s.Signed.Count, "#5-2"); Assert.AreEqual(0, s.SignedEndorsing.Count, "#5-3"); Assert.AreEqual(0, s.SignedEncrypted.Count, "#5-4"); Assert.AreEqual(0, sbe.OptionalOperationSupportingTokenParameters.Count, "#6"); }
public static CustomBinding CreateWsFederationBindingWithoutSecureConversation(WSFederationHttpBinding inputBinding) { // This CustomBinding starts out identical to the specified WSFederationHttpBinding. var outputBinding = new CustomBinding(inputBinding.CreateBindingElements()); // Find the SecurityBindingElement for message security. var security = outputBinding.Elements.Find <SecurityBindingElement>(); // If the security mode is message, then the secure session settings are the protection token parameters. SecureConversationSecurityTokenParameters secureConversation = null; if (WSFederationHttpSecurityMode.Message == inputBinding.Security.Mode) { var symmetricSecurity = security as SymmetricSecurityBindingElement; if (symmetricSecurity != null) { secureConversation = symmetricSecurity.ProtectionTokenParameters as SecureConversationSecurityTokenParameters; } } // If the security mode is message, then the secure session settings are the endorsing token parameters. else if (WSFederationHttpSecurityMode.TransportWithMessageCredential == inputBinding.Security.Mode) { var transportSecurity = security as TransportSecurityBindingElement; if (transportSecurity != null) { secureConversation = transportSecurity.EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters; } } else { throw new NotSupportedException(String.Format("Unhandled security mode {0}.", inputBinding.Security.Mode)); } // Replace the secure session SecurityBindingElement with the bootstrap SecurityBindingElement. int securityIndex = outputBinding.Elements.IndexOf(security); if (secureConversation != null) { outputBinding.Elements[securityIndex] = secureConversation.BootstrapSecurityBindingElement; } // Return modified binding. return(outputBinding); }
public MySecureConversationSecurityTokenParameters(SecureConversationSecurityTokenParameters clone) : base(clone) { }
static bool AreTokenParametersMatching(SecurityTokenParameters p1, SecurityTokenParameters p2, bool skipRequireDerivedKeysComparison, bool exactMessageSecurityVersion) { if (p1 == null || p2 == null) { return(false); } if (p1.GetType() != p2.GetType()) { return(false); } if (p1.InclusionMode != p2.InclusionMode) { return(false); } if (skipRequireDerivedKeysComparison == false && p1.RequireDerivedKeys != p2.RequireDerivedKeys) { return(false); } if (p1.ReferenceStyle != p2.ReferenceStyle) { return(false); } // mutual ssl and anonymous ssl differ in the client cert requirement if (p1 is SslSecurityTokenParameters) { if (((SslSecurityTokenParameters)p1).RequireClientCertificate != ((SslSecurityTokenParameters)p2).RequireClientCertificate) { return(false); } } else if (p1 is SecureConversationSecurityTokenParameters) { SecureConversationSecurityTokenParameters sc1 = (SecureConversationSecurityTokenParameters)p1; SecureConversationSecurityTokenParameters sc2 = (SecureConversationSecurityTokenParameters)p2; if (sc1.RequireCancellation != sc2.RequireCancellation) { return(false); } if (sc1.CanRenewSession != sc2.CanRenewSession) { return(false); } if (!AreBindingsMatching(sc1.BootstrapSecurityBindingElement, sc2.BootstrapSecurityBindingElement, exactMessageSecurityVersion)) { return(false); } } else if (p1 is IssuedSecurityTokenParameters) { if (((IssuedSecurityTokenParameters)p1).KeyType != ((IssuedSecurityTokenParameters)p2).KeyType) { return(false); } } return(true); }
public override XmlElement CreateWsspSecureConversationTokenAssertion(MetadataExporter exporter, SecureConversationSecurityTokenParameters parameters) { XmlElement tokenAssertion = this.CreateWsspAssertion("SecureConversationToken"); this.SetIncludeTokenValue(tokenAssertion, parameters.InclusionMode); tokenAssertion.AppendChild(this.CreateWspPolicyWrapper(exporter, new XmlElement[] { this.CreateWsspRequireDerivedKeysAssertion(parameters.RequireDerivedKeys), this.CreateWsspMustNotSendCancelAssertion(parameters.RequireCancellation), this.CreateWsspBootstrapPolicyAssertion(exporter, parameters.BootstrapSecurityBindingElement), this.CreateWsspMustNotSendAmendAssertion(), (!parameters.RequireCancellation || !parameters.CanRenewSession) ? this.CreateWsspMustNotSendRenewAssertion() : null })); return(tokenAssertion); }
protected override IServiceDispatcher BuildServiceDispatcherCore <TChannel>(BindingContext context, IServiceDispatcher serviceDispatcher) { SecurityServiceDispatcher securityServiceDispatcher = new SecurityServiceDispatcher(context, serviceDispatcher); SecurityCredentialsManager credentialsManager = serviceDispatcher.Host.Description.Behaviors.Find <SecurityCredentialsManager>(); if (credentialsManager == null) { credentialsManager = ServiceCredentials.CreateDefaultCredentials(); } SecureConversationSecurityTokenParameters scParameters; if (EndpointSupportingTokenParameters.Endorsing.Count > 0) { scParameters = EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters; } else { scParameters = null; } bool requireDemuxer = RequiresChannelDemuxer(); ChannelBuilder channelBuilder = new ChannelBuilder(context, requireDemuxer); if (requireDemuxer) { ApplyPropertiesOnDemuxer(channelBuilder, context); } BindingContext issuerBindingContext = context.Clone(); issuerBindingContext.BindingParameters.Add(credentialsManager); if (scParameters != null) { if (scParameters.BootstrapSecurityBindingElement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.Format(SR.SecureConversationSecurityTokenParametersRequireBootstrapBinding))); } AddDemuxerForSecureConversation(channelBuilder, issuerBindingContext); if (scParameters.RequireCancellation) { SessionSymmetricTransportSecurityProtocolFactory sessionFactory = new SessionSymmetricTransportSecurityProtocolFactory { // base.ApplyAuditBehaviorSettings(context, sessionFactory); SecurityTokenParameters = scParameters.Clone() }; ((SecureConversationSecurityTokenParameters)sessionFactory.SecurityTokenParameters).IssuerBindingContext = issuerBindingContext; EndpointSupportingTokenParameters.Endorsing.RemoveAt(0); try { ConfigureProtocolFactory(sessionFactory, credentialsManager, true, issuerBindingContext, context.Binding); } finally { EndpointSupportingTokenParameters.Endorsing.Insert(0, scParameters); } securityServiceDispatcher.SessionMode = true; securityServiceDispatcher.SessionServerSettings.InactivityTimeout = LocalServiceSettings.InactivityTimeout; securityServiceDispatcher.SessionServerSettings.KeyRolloverInterval = LocalServiceSettings.SessionKeyRolloverInterval; securityServiceDispatcher.SessionServerSettings.MaximumPendingSessions = LocalServiceSettings.MaxPendingSessions; securityServiceDispatcher.SessionServerSettings.MaximumKeyRenewalInterval = LocalServiceSettings.SessionKeyRenewalInterval; securityServiceDispatcher.SessionServerSettings.TolerateTransportFailures = LocalServiceSettings.ReconnectTransportOnFailure; securityServiceDispatcher.SessionServerSettings.CanRenewSession = scParameters.CanRenewSession; securityServiceDispatcher.SessionServerSettings.IssuedSecurityTokenParameters = scParameters.Clone(); ((SecureConversationSecurityTokenParameters)securityServiceDispatcher.SessionServerSettings.IssuedSecurityTokenParameters).IssuerBindingContext = issuerBindingContext; securityServiceDispatcher.SessionServerSettings.SecurityStandardsManager = sessionFactory.StandardsManager; securityServiceDispatcher.SessionServerSettings.SessionProtocolFactory = sessionFactory; securityServiceDispatcher.SecurityProtocolFactory = sessionFactory; // pass in the error handler for handling unknown security sessions - dont do this if the underlying channel is duplex since sending // back faults in response to badly secured requests over duplex can result in DoS. if (context.BindingParameters != null && context.BindingParameters.Find <IChannelDemuxFailureHandler>() == null && !IsUnderlyingDispatcherDuplex <TChannel>(context)) { context.BindingParameters.Add(new SecuritySessionServerSettings.SecuritySessionDemuxFailureHandler(sessionFactory.StandardsManager)); } } else { //TODO later TransportSecurityProtocolFactory protocolFactory = new TransportSecurityProtocolFactory(); // base.ApplyAuditBehaviorSettings(context, protocolFactory); EndpointSupportingTokenParameters.Endorsing.RemoveAt(0); try { ConfigureProtocolFactory(protocolFactory, credentialsManager, true, issuerBindingContext, context.Binding); SecureConversationSecurityTokenParameters acceleratedTokenParameters = (SecureConversationSecurityTokenParameters)scParameters.Clone(); acceleratedTokenParameters.IssuerBindingContext = issuerBindingContext; protocolFactory.SecurityBindingElement.EndpointSupportingTokenParameters.Endorsing.Insert(0, acceleratedTokenParameters); } finally { EndpointSupportingTokenParameters.Endorsing.Insert(0, scParameters); } securityServiceDispatcher.SecurityProtocolFactory = protocolFactory; } } else { SecurityProtocolFactory protocolFactory = CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, true, issuerBindingContext); securityServiceDispatcher.SecurityProtocolFactory = protocolFactory; } securityServiceDispatcher.InitializeSecurityDispatcher(channelBuilder, typeof(TChannel)); //return channelListener; channelBuilder.BuildServiceDispatcher <TChannel>(context, securityServiceDispatcher); return(securityServiceDispatcher); }
protected override IChannelFactory <TChannel> BuildChannelFactoryCore <TChannel>(BindingContext context) { ISecurityCapabilities property = this.GetProperty <ISecurityCapabilities>(context); SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>(); if (credentialsManager == null) { credentialsManager = ClientCredentials.CreateDefaultCredentials(); } SecureConversationSecurityTokenParameters item = null; if (base.EndpointSupportingTokenParameters.Endorsing.Count > 0) { item = base.EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters; } bool addChannelDemuxerIfRequired = this.RequiresChannelDemuxer(); ChannelBuilder builder = new ChannelBuilder(context, addChannelDemuxerIfRequired); if (addChannelDemuxerIfRequired) { base.ApplyPropertiesOnDemuxer(builder, context); } BindingContext issuerBindingContext = context.Clone(); if (item != null) { if (item.BootstrapSecurityBindingElement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("SecureConversationSecurityTokenParametersRequireBootstrapBinding"))); } item.IssuerBindingContext = issuerBindingContext; if (item.RequireCancellation) { SessionSymmetricTransportSecurityProtocolFactory factory2 = new SessionSymmetricTransportSecurityProtocolFactory { SecurityTokenParameters = item.Clone() }; ((SecureConversationSecurityTokenParameters)factory2.SecurityTokenParameters).IssuerBindingContext = issuerBindingContext; base.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0); try { base.ConfigureProtocolFactory(factory2, credentialsManager, false, issuerBindingContext, context.Binding); } finally { base.EndpointSupportingTokenParameters.Endorsing.Insert(0, item); } SecuritySessionClientSettings <TChannel> sessionClientSettings = new SecuritySessionClientSettings <TChannel> { ChannelBuilder = builder, KeyRenewalInterval = base.LocalClientSettings.SessionKeyRenewalInterval, KeyRolloverInterval = base.LocalClientSettings.SessionKeyRolloverInterval, TolerateTransportFailures = base.LocalClientSettings.ReconnectTransportOnFailure, CanRenewSession = item.CanRenewSession, IssuedSecurityTokenParameters = item.Clone() }; ((SecureConversationSecurityTokenParameters)sessionClientSettings.IssuedSecurityTokenParameters).IssuerBindingContext = issuerBindingContext; sessionClientSettings.SecurityStandardsManager = factory2.StandardsManager; sessionClientSettings.SessionProtocolFactory = factory2; return(new SecurityChannelFactory <TChannel>(property, context, sessionClientSettings)); } TransportSecurityProtocolFactory factory = new TransportSecurityProtocolFactory(); base.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0); try { base.ConfigureProtocolFactory(factory, credentialsManager, false, issuerBindingContext, context.Binding); SecureConversationSecurityTokenParameters parameters2 = (SecureConversationSecurityTokenParameters)item.Clone(); parameters2.IssuerBindingContext = issuerBindingContext; factory.SecurityBindingElement.EndpointSupportingTokenParameters.Endorsing.Insert(0, parameters2); } finally { base.EndpointSupportingTokenParameters.Endorsing.Insert(0, item); } return(new SecurityChannelFactory <TChannel>(property, context, builder, factory)); } return(new SecurityChannelFactory <TChannel>(property, context, builder, this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, false, issuerBindingContext))); }
public void GetPropertySecurityCapabilities() { ISecurityCapabilities c; RsaSecurityTokenParameters rsa = new RsaSecurityTokenParameters(); UserNameSecurityTokenParameters user = new UserNameSecurityTokenParameters(); X509SecurityTokenParameters x509 = new X509SecurityTokenParameters(); SecureConversationSecurityTokenParameters sc1 = new SecureConversationSecurityTokenParameters(); sc1.BootstrapSecurityBindingElement = new SymmetricSecurityBindingElement(); // empty SecureConversationSecurityTokenParameters sc2 = new SecureConversationSecurityTokenParameters(); sc2.BootstrapSecurityBindingElement = new SymmetricSecurityBindingElement(x509); SecureConversationSecurityTokenParameters sc3 = new SecureConversationSecurityTokenParameters(); sc3.BootstrapSecurityBindingElement = new AsymmetricSecurityBindingElement(null, x509); SecureConversationSecurityTokenParameters sc4 = new SecureConversationSecurityTokenParameters(); sc4.BootstrapSecurityBindingElement = new AsymmetricSecurityBindingElement(x509, null); // no parameters c = GetSecurityCapabilities( new SymmetricSecurityBindingElement()); AssertSecurityCapabilities( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, false, false, false, c, "#1"); // x509 parameters for both c = GetSecurityCapabilities( new SymmetricSecurityBindingElement(x509)); AssertSecurityCapabilities( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, true, true, true, c, "#2"); // no initiator parameters c = GetSecurityCapabilities( new AsymmetricSecurityBindingElement(x509, null)); AssertSecurityCapabilities( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, false, false, true, c, "#3"); // no recipient parameters c = GetSecurityCapabilities( new AsymmetricSecurityBindingElement(null, x509)); AssertSecurityCapabilities( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, true, true, false, c, "#4"); // initiator does not support identity c = GetSecurityCapabilities( new AsymmetricSecurityBindingElement(x509, rsa)); AssertSecurityCapabilities( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, true, false, true, c, "#5"); // recipient does not support server auth c = GetSecurityCapabilities( new AsymmetricSecurityBindingElement(user, x509)); AssertSecurityCapabilities( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, true, true, false, c, "#6"); // secureconv with no symm. bootstrap params c = GetSecurityCapabilities( new SymmetricSecurityBindingElement(sc1)); AssertSecurityCapabilities( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, false, false, false, c, "#7"); // secureconv with x509 symm. bootstrap params c = GetSecurityCapabilities( new SymmetricSecurityBindingElement(sc2)); AssertSecurityCapabilities( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, true, true, true, c, "#8"); // secureconv with x509 initiator bootstrap params c = GetSecurityCapabilities( new SymmetricSecurityBindingElement(sc3)); AssertSecurityCapabilities( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, true, true, false, c, "#9"); // secureconv with x509 recipient bootstrap params c = GetSecurityCapabilities( new SymmetricSecurityBindingElement(sc4)); AssertSecurityCapabilities( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, false, false, true, c, "#10"); // FIXME: find out such cases that returns other ProtectionLevel values. }
protected override IChannelListener <TChannel> BuildChannelListenerCore <TChannel>(BindingContext context) where TChannel : class, IChannel { SecureConversationSecurityTokenParameters parameters; SecurityChannelListener <TChannel> listener = new SecurityChannelListener <TChannel>(this, context); SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>(); if (credentialsManager == null) { credentialsManager = ServiceCredentials.CreateDefaultCredentials(); } if (base.EndpointSupportingTokenParameters.Endorsing.Count > 0) { parameters = base.EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters; } else { parameters = null; } bool addChannelDemuxerIfRequired = this.RequiresChannelDemuxer(); ChannelBuilder builder = new ChannelBuilder(context, addChannelDemuxerIfRequired); if (addChannelDemuxerIfRequired) { base.ApplyPropertiesOnDemuxer(builder, context); } BindingContext secureConversationBindingContext = context.Clone(); if (parameters != null) { if (parameters.BootstrapSecurityBindingElement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("SecureConversationSecurityTokenParametersRequireBootstrapBinding"))); } base.AddDemuxerForSecureConversation(builder, secureConversationBindingContext); if (parameters.RequireCancellation) { SessionSymmetricTransportSecurityProtocolFactory factory = new SessionSymmetricTransportSecurityProtocolFactory(); base.ApplyAuditBehaviorSettings(context, factory); factory.SecurityTokenParameters = parameters.Clone(); ((SecureConversationSecurityTokenParameters)factory.SecurityTokenParameters).IssuerBindingContext = secureConversationBindingContext; base.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0); try { base.ConfigureProtocolFactory(factory, credentialsManager, true, secureConversationBindingContext, context.Binding); } finally { base.EndpointSupportingTokenParameters.Endorsing.Insert(0, parameters); } listener.SessionMode = true; listener.SessionServerSettings.InactivityTimeout = base.LocalServiceSettings.InactivityTimeout; listener.SessionServerSettings.KeyRolloverInterval = base.LocalServiceSettings.SessionKeyRolloverInterval; listener.SessionServerSettings.MaximumPendingSessions = base.LocalServiceSettings.MaxPendingSessions; listener.SessionServerSettings.MaximumKeyRenewalInterval = base.LocalServiceSettings.SessionKeyRenewalInterval; listener.SessionServerSettings.TolerateTransportFailures = base.LocalServiceSettings.ReconnectTransportOnFailure; listener.SessionServerSettings.CanRenewSession = parameters.CanRenewSession; listener.SessionServerSettings.IssuedSecurityTokenParameters = parameters.Clone(); ((SecureConversationSecurityTokenParameters)listener.SessionServerSettings.IssuedSecurityTokenParameters).IssuerBindingContext = secureConversationBindingContext; listener.SessionServerSettings.SecurityStandardsManager = factory.StandardsManager; listener.SessionServerSettings.SessionProtocolFactory = factory; if (((context.BindingParameters != null) && (context.BindingParameters.Find <IChannelDemuxFailureHandler>() == null)) && !base.IsUnderlyingListenerDuplex <TChannel>(context)) { context.BindingParameters.Add(new SecuritySessionServerSettings.SecuritySessionDemuxFailureHandler(factory.StandardsManager)); } } else { TransportSecurityProtocolFactory factory2 = new TransportSecurityProtocolFactory(); base.ApplyAuditBehaviorSettings(context, factory2); base.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0); try { base.ConfigureProtocolFactory(factory2, credentialsManager, true, secureConversationBindingContext, context.Binding); SecureConversationSecurityTokenParameters item = (SecureConversationSecurityTokenParameters)parameters.Clone(); item.IssuerBindingContext = secureConversationBindingContext; factory2.SecurityBindingElement.EndpointSupportingTokenParameters.Endorsing.Insert(0, item); } finally { base.EndpointSupportingTokenParameters.Endorsing.Insert(0, parameters); } listener.SecurityProtocolFactory = factory2; } } else { SecurityProtocolFactory factory3 = this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, true, secureConversationBindingContext); listener.SecurityProtocolFactory = factory3; } listener.InitializeListener(builder); return(listener); }