private static Binding AdjustBinding(Binding binding)
{
CustomBinding customBinding = new CustomBinding(binding);
SecurityBindingElement bindingElement = customBinding.Elements.Find <SecurityBindingElement>();
if (bindingElement == null)
{
return(binding);
}
bindingElement.LocalServiceSettings.MaxPendingSessions = 100000;
bindingElement.LocalServiceSettings.MaxStatefulNegotiations = 100000;
bindingElement.LocalServiceSettings.MaxClockSkew = TimeSpan.FromHours(2);
bindingElement.LocalClientSettings.MaxClockSkew = TimeSpan.FromHours(2);
//
// Check if secure conversation is enabled
//
SecurityTokenParameters tokenParameters = ((SymmetricSecurityBindingElement)bindingElement).ProtectionTokenParameters;
SecureConversationSecurityTokenParameters sct = tokenParameters as SecureConversationSecurityTokenParameters;
if (sct != null)
{
bindingElement = sct.BootstrapSecurityBindingElement;
bindingElement.LocalServiceSettings.MaxPendingSessions = 100000;
bindingElement.LocalServiceSettings.MaxStatefulNegotiations = 100000;
bindingElement.LocalServiceSettings.MaxClockSkew = TimeSpan.FromHours(2);
bindingElement.LocalClientSettings.MaxClockSkew = TimeSpan.FromHours(2);
}
return(customBinding);
}
static public SecurityBindingElement CreateSecureConversationBindingElement(SecurityBindingElement bootstrapSecurity, bool requireCancellation, ChannelProtectionRequirements bootstrapProtectionRequirements)
{
if (bootstrapSecurity == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(bootstrapSecurity));
}
SecurityBindingElement result;
if (bootstrapSecurity is TransportSecurityBindingElement)
{
// there is no need to do replay detection or key derivation for transport bindings
var primary = new TransportSecurityBindingElement();
var scParameters = new SecureConversationSecurityTokenParameters(
bootstrapSecurity,
requireCancellation,
bootstrapProtectionRequirements);
scParameters.RequireDerivedKeys = false;
primary.EndpointSupportingTokenParameters.Endorsing.Add(
scParameters);
primary.LocalClientSettings.DetectReplays = false;
primary.IncludeTimestamp = true;
result = primary;
}
else // Symmetric- or AsymmetricSecurityBindingElement
{
throw ExceptionHelper.PlatformNotSupported();
}
return(result);
}
public override bool TryImportWsspSecureConversationTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters)
{
SecurityTokenInclusionMode mode;
parameters = null;
if (this.IsWsspAssertion(assertion, "SecureConversationToken") && this.TryGetIncludeTokenValue(assertion, out mode))
{
Collection <Collection <XmlElement> > collection;
if (this.TryGetNestedPolicyAlternatives(importer, assertion, out collection))
{
foreach (Collection <XmlElement> collection2 in collection)
{
bool flag;
bool flag2;
SecureConversationSecurityTokenParameters parameters2 = new SecureConversationSecurityTokenParameters();
parameters = parameters2;
if (((this.TryImportWsspRequireDerivedKeysAssertion(collection2, parameters2) && this.TryImportWsspMustNotSendCancelAssertion(collection2, out flag)) && (this.TryImportWsspMustNotSendAmendAssertion(collection2) && this.TryImportWsspMustNotSendRenewAssertion(collection2, out flag2))) && (this.TryImportWsspBootstrapPolicyAssertion(importer, collection2, parameters2) && (collection2.Count == 0)))
{
parameters2.RequireCancellation = flag;
parameters2.CanRenewSession = flag2;
parameters2.InclusionMode = mode;
break;
}
parameters = null;
}
}
else
{
parameters = new SecureConversationSecurityTokenParameters();
parameters.InclusionMode = mode;
parameters.RequireDerivedKeys = false;
}
}
return(parameters != null);
}
public void MessageSecurityCertificateNego()
{
WSHttpBinding binding = new WSHttpBinding();
binding.Security.Message.ClientCredentialType =
MessageCredentialType.Certificate;
SymmetricSecurityBindingElement sbe =
binding.CreateBindingElements().Find <SymmetricSecurityBindingElement> ();
Assert.IsNotNull(sbe, "#1");
Assert.AreEqual(false, sbe.RequireSignatureConfirmation, "#1-2");
SecureConversationSecurityTokenParameters sp =
sbe.ProtectionTokenParameters
as SecureConversationSecurityTokenParameters;
Assert.IsNotNull(sp, "#2");
SymmetricSecurityBindingElement spbe =
sp.BootstrapSecurityBindingElement
as SymmetricSecurityBindingElement;
Assert.IsNotNull(spbe, "#3");
SslSecurityTokenParameters p =
spbe.ProtectionTokenParameters
as SslSecurityTokenParameters;
Assert.IsNotNull(p, "#4");
Assert.AreEqual(SecurityTokenReferenceStyle.Internal,
p.ReferenceStyle, "#5");
Assert.AreEqual(SecurityTokenInclusionMode.AlwaysToRecipient,
p.InclusionMode, "#6");
}
private void CheckForCookie(SecurityTokenParameters tokenParameters, ServiceEndpoint endpoint)
{
bool flag = false;
SecureConversationSecurityTokenParameters parameters = tokenParameters as SecureConversationSecurityTokenParameters;
if ((parameters != null) && !parameters.RequireCancellation)
{
flag = true;
}
SspiSecurityTokenParameters parameters2 = tokenParameters as SspiSecurityTokenParameters;
if ((parameters2 != null) && !parameters2.RequireCancellation)
{
flag = true;
}
SspiSecurityTokenParameters parameters3 = tokenParameters as SspiSecurityTokenParameters;
if ((parameters3 != null) && !parameters3.RequireCancellation)
{
flag = true;
}
if (flag)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("RequireNonCookieMode", new object[] { endpoint.Binding.Name, endpoint.Binding.Namespace })));
}
}
void CheckForCookie(SecurityTokenParameters tokenParameters, ServiceEndpoint endpoint)
{
bool cookie = false;
SecureConversationSecurityTokenParameters sc = tokenParameters as SecureConversationSecurityTokenParameters;
if (sc != null && sc.RequireCancellation == false)
{
cookie = true;
}
SspiSecurityTokenParameters sspi = tokenParameters as SspiSecurityTokenParameters;
if (sspi != null && sspi.RequireCancellation == false)
{
cookie = true;
}
SspiSecurityTokenParameters ssl = tokenParameters as SspiSecurityTokenParameters;
if (ssl != null && ssl.RequireCancellation == false)
{
cookie = true;
}
if (cookie)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.RequireNonCookieMode, endpoint.Binding.Name, endpoint.Binding.Namespace)));
}
}
/// <summary>
/// 设置验证时间间隔
/// </summary>
/// <param name="binding"></param>
/// <param name="clockSkew"></param>
/// <returns></returns>
private Binding CreateCustomBinding(Binding binding, TimeSpan clockSkew)
{
CustomBinding myCustomBinding = new CustomBinding(binding);
SymmetricSecurityBindingElement security = myCustomBinding.Elements.Find <SymmetricSecurityBindingElement>();
if (null != security)
{
security.LocalClientSettings.MaxClockSkew = clockSkew;
security.LocalServiceSettings.MaxClockSkew = clockSkew;
SecureConversationSecurityTokenParameters securityProtectionTokenParameters = security.ProtectionTokenParameters as SecureConversationSecurityTokenParameters;
if (null != securityProtectionTokenParameters)
{
SecurityBindingElement bootstrap = securityProtectionTokenParameters.BootstrapSecurityBindingElement;
if (null != bootstrap)
{
bootstrap.LocalClientSettings.MaxClockSkew = clockSkew;
bootstrap.LocalServiceSettings.MaxClockSkew = clockSkew;
}
}
}
return(myCustomBinding);
}
public static void RequireCancellation_Property_Is_Settable(bool value)
{
SecureConversationSecurityTokenParameters scstp = new SecureConversationSecurityTokenParameters();
scstp.RequireCancellation = value;
Assert.Equal(value, scstp.RequireCancellation);
}
public void CreateSecureConversationBindingElement()
{
SymmetricSecurityBindingElement be =
SecurityBindingElement.CreateSecureConversationBindingElement(new SymmetricSecurityBindingElement())
as SymmetricSecurityBindingElement;
SecurityAssert.AssertSymmetricSecurityBindingElement(
SecurityAlgorithmSuite.Default,
true, // IncludeTimestamp
SecurityKeyEntropyMode.CombinedEntropy,
MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature,
MessageSecurityVersion.Default,
false, // RequireSignatureConfirmation
SecurityHeaderLayout.Strict,
// EndpointSupportingTokenParameters: endorsing, signed, signedEncrypted, signedEndorsing (by count)
0, 0, 0, 0,
// ProtectionTokenParameters
true, SecurityTokenInclusionMode.AlwaysToRecipient, SecurityTokenReferenceStyle.Internal, true,
// LocalClientSettings
true, 60, true,
be, "");
// test ProtectionTokenParameters
SecureConversationSecurityTokenParameters tp =
be.ProtectionTokenParameters as SecureConversationSecurityTokenParameters;
Assert.IsNotNull(tp, "#2-1");
SecurityAssert.AssertSecurityTokenParameters(
SecurityTokenInclusionMode.AlwaysToRecipient,
SecurityTokenReferenceStyle.Internal,
true, tp, "Protection");
}
void InitializeSecureConversationParameters(SecureConversationSecurityTokenParameters sc, bool initializeNestedBindings)
{
SetPropertyValueIfNotDefaultValue(ConfigurationStrings.RequireSecurityContextCancellation, sc.RequireCancellation);
this.CanRenewSecurityContextToken = sc.CanRenewSession; // can't use default value optimization here because ApplyConfiguration relies on the runtime default instead, which is the opposite of the config default
if (sc.BootstrapSecurityBindingElement != null)
{
this.SecureConversationBootstrap.InitializeFrom(sc.BootstrapSecurityBindingElement, initializeNestedBindings);
}
}
//</snippet1>
private void PrintValue(Binding b)
{
BindingElementCollection bec = b.CreateBindingElements();
SymmetricSecurityBindingElement sbe = (SymmetricSecurityBindingElement)bec.Find<SecurityBindingElement>();
Console.WriteLine("skew {0}", sbe.LocalServiceSettings.MaxClockSkew.ToString());
SecureConversationSecurityTokenParameters secureTokenParams =
(SecureConversationSecurityTokenParameters)sbe.ProtectionTokenParameters;
SecurityBindingElement bootstrap = secureTokenParams.BootstrapSecurityBindingElement;
Console.WriteLine("skew 2 {0}", bootstrap.LocalServiceSettings.MaxClockSkew.ToString());
}
private void InitializeSecureConversationParameters(SecureConversationSecurityTokenParameters sc, bool initializeNestedBindings)
{
base.RequireSecurityContextCancellation = sc.RequireCancellation;
if (!sc.CanRenewSession)
{
base.CanRenewSecurityContextToken = sc.CanRenewSession;
}
if (sc.BootstrapSecurityBindingElement != null)
{
this.SecureConversationBootstrap.InitializeFrom(sc.BootstrapSecurityBindingElement, initializeNestedBindings);
}
}
private static bool AreTokenParametersMatching(SecurityTokenParameters p1, SecurityTokenParameters p2, bool skipRequireDerivedKeysComparison, bool exactMessageSecurityVersion)
{
if ((p1 == null) || (p2 == null))
{
return(false);
}
if (p1.GetType() != p2.GetType())
{
return(false);
}
if (p1.InclusionMode != p2.InclusionMode)
{
return(false);
}
if (!skipRequireDerivedKeysComparison && (p1.RequireDerivedKeys != p2.RequireDerivedKeys))
{
return(false);
}
if (p1.ReferenceStyle != p2.ReferenceStyle)
{
return(false);
}
if (p1 is SslSecurityTokenParameters)
{
if (((SslSecurityTokenParameters)p1).RequireClientCertificate != ((SslSecurityTokenParameters)p2).RequireClientCertificate)
{
return(false);
}
}
else if (p1 is SecureConversationSecurityTokenParameters)
{
SecureConversationSecurityTokenParameters parameters = (SecureConversationSecurityTokenParameters)p1;
SecureConversationSecurityTokenParameters parameters2 = (SecureConversationSecurityTokenParameters)p2;
if (parameters.RequireCancellation != parameters2.RequireCancellation)
{
return(false);
}
if (parameters.CanRenewSession != parameters2.CanRenewSession)
{
return(false);
}
if (!AreBindingsMatching(parameters.BootstrapSecurityBindingElement, parameters2.BootstrapSecurityBindingElement, exactMessageSecurityVersion))
{
return(false);
}
}
else if ((p1 is IssuedSecurityTokenParameters) && (((IssuedSecurityTokenParameters)p1).KeyType != ((IssuedSecurityTokenParameters)p2).KeyType))
{
return(false);
}
return(true);
}
static void ShowSecurityTokenParmeters(System.Collections.ObjectModel.Collection <SecurityTokenParameters> parmsCollection, string tokenType)
{
Console.WriteLine("\t\t" + tokenType + " Tokens");
foreach (SecurityTokenParameters parms in parmsCollection)
{
Console.WriteLine("\t\t\t" + parms.GetType().ToString() + Environment.NewLine + "\t\t\tInclusionMode: " + parms.InclusionMode.ToString());
SecureConversationSecurityTokenParameters secureConvTokenParms = parms as SecureConversationSecurityTokenParameters;
if (secureConvTokenParms != null)
{
ShowSecurityTokenParmeters(secureConvTokenParms.BootstrapSecurityBindingElement.EndpointSupportingTokenParameters.Endorsing, "Bootstrap Endorsing");
}
}
}
public static Binding DecorateBinding(Binding binding, int?maxNegotiationCount)
{
CustomBinding customBinding = new CustomBinding(binding);
SymmetricSecurityBindingElement security = customBinding.Elements.Find <SymmetricSecurityBindingElement>();
if (security != null)
{
security.IncludeTimestamp = false;
security.LocalClientSettings.DetectReplays = false;
security.LocalServiceSettings.DetectReplays = false;
security.LocalClientSettings.MaxClockSkew = TimeSpan.MaxValue;
security.LocalServiceSettings.MaxClockSkew = TimeSpan.MaxValue;
security.LocalClientSettings.SessionKeyRenewalInterval = TimeSpan.MaxValue;
security.LocalServiceSettings.SessionKeyRenewalInterval = TimeSpan.FromMilliseconds(Int32.MaxValue);
if (maxNegotiationCount.HasValue)
{
security.LocalServiceSettings.MaxPendingSessions = maxNegotiationCount.Value;
security.LocalServiceSettings.MaxStatefulNegotiations = maxNegotiationCount.Value;
}
// Get the System.ServiceModel.Security.Tokens.SecureConversationSecurityTokenParameters
SecureConversationSecurityTokenParameters secureTokenParams = (SecureConversationSecurityTokenParameters)security.ProtectionTokenParameters;
// From the collection, get the bootstrap element.
SecurityBindingElement bootstrap = secureTokenParams.BootstrapSecurityBindingElement;
// Set the MaxClockSkew on the bootstrap element.
bootstrap.IncludeTimestamp = false;
bootstrap.LocalClientSettings.DetectReplays = false;
bootstrap.LocalServiceSettings.DetectReplays = false;
bootstrap.LocalClientSettings.MaxClockSkew = TimeSpan.MaxValue;
bootstrap.LocalServiceSettings.MaxClockSkew = TimeSpan.MaxValue;
bootstrap.LocalClientSettings.SessionKeyRenewalInterval = TimeSpan.MaxValue;
bootstrap.LocalServiceSettings.SessionKeyRenewalInterval = TimeSpan.FromMilliseconds(Int32.MaxValue);
if (maxNegotiationCount.HasValue)
{
bootstrap.LocalServiceSettings.MaxPendingSessions = maxNegotiationCount.Value;
bootstrap.LocalServiceSettings.MaxStatefulNegotiations = maxNegotiationCount.Value;
}
return(customBinding);
}
else
{
return(binding);
}
}
private static void ValidateTransportSecurityBindingElement(TransportSecurityBindingElement transportSecurityBindingElement)
{
if (transportSecurityBindingElement.EndpointSupportingTokenParameters.Signed.Count != 0 ||
transportSecurityBindingElement.EndpointSupportingTokenParameters.SignedEndorsing.Count != 0)
{
s_bindingValidationErrors.Add(SR.BindingTransportSecurityTokenSignedOrSignedEndorsingNotSupported);
}
else if (transportSecurityBindingElement.EndpointSupportingTokenParameters.SignedEncrypted.Count == 1)
{
ValidateUserNamePasswordSecurityBindingElement(transportSecurityBindingElement);
}
else if (transportSecurityBindingElement.EndpointSupportingTokenParameters.Endorsing.Count == 1)
{
SecureConversationSecurityTokenParameters endorsingTokenParams = transportSecurityBindingElement.EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters;
if (endorsingTokenParams != null)
{
if (endorsingTokenParams.RequireDerivedKeys)
{
s_bindingValidationErrors.Add(SR.BindingTransportSecurityTokenParamsRequiringDerivedKeysNotSupported);
}
TransportSecurityBindingElement bootstrapElement = endorsingTokenParams.BootstrapSecurityBindingElement as TransportSecurityBindingElement;
if (bootstrapElement == null)
{
s_bindingValidationErrors.Add(string.Format(SR.BindingTransportSecurityElementTypeNotSupportedFormat,
endorsingTokenParams.BootstrapSecurityBindingElement.GetType().FullName, typeof(TransportSecurityBindingElement).FullName));
}
else
{
ValidateTransportSecurityBindingElement(bootstrapElement);
}
}
}
if (!transportSecurityBindingElement.IncludeTimestamp)
{
s_bindingValidationErrors.Add(SR.BindingTransportSecurityMustIncludeTimestamp);
}
if (transportSecurityBindingElement.DefaultAlgorithmSuite != SecurityAlgorithmSuite.Default)
{
s_bindingValidationErrors.Add(string.Format(SR.BindingTransportSecurityDefaultAlgorithmSuiteNotSupportedFormat,
transportSecurityBindingElement.DefaultAlgorithmSuite.GetType().FullName, SecurityAlgorithmSuite.Default.GetType().FullName));
}
}
public void MessageSecuritySPNego()
{
WSHttpBinding binding = new WSHttpBinding();
SymmetricSecurityBindingElement sbe =
binding.CreateBindingElements().Find <SymmetricSecurityBindingElement> ();
Assert.IsNotNull(sbe, "#1");
Assert.AreEqual(false, sbe.RequireSignatureConfirmation, "#1-2");
SecureConversationSecurityTokenParameters sp =
sbe.ProtectionTokenParameters
as SecureConversationSecurityTokenParameters;
Assert.IsNotNull(sp, "#2");
SymmetricSecurityBindingElement spbe =
sp.BootstrapSecurityBindingElement
as SymmetricSecurityBindingElement;
Assert.IsNotNull(spbe, "#3");
SspiSecurityTokenParameters p =
spbe.ProtectionTokenParameters
as SspiSecurityTokenParameters;
Assert.IsNotNull(p, "#4");
Assert.AreEqual(SecurityTokenReferenceStyle.Internal,
p.ReferenceStyle, "#5");
Assert.AreEqual(SecurityTokenInclusionMode.AlwaysToRecipient,
p.InclusionMode, "#6");
Assert.AreEqual(0, sbe.EndpointSupportingTokenParameters.Signed.Count, "#7");
Assert.AreEqual(0, sbe.EndpointSupportingTokenParameters.SignedEncrypted.Count, "#8");
Assert.AreEqual(0, sbe.EndpointSupportingTokenParameters.Endorsing.Count, "#9");
Assert.AreEqual(0, sbe.EndpointSupportingTokenParameters.SignedEndorsing.Count, "#10");
Assert.AreEqual(0, spbe.EndpointSupportingTokenParameters.Signed.Count, "#11");
Assert.AreEqual(0, spbe.EndpointSupportingTokenParameters.SignedEncrypted.Count, "#12");
Assert.AreEqual(0, spbe.EndpointSupportingTokenParameters.Endorsing.Count, "#13");
Assert.AreEqual(0, spbe.EndpointSupportingTokenParameters.SignedEndorsing.Count, "#14");
Assert.AreEqual(0, sbe.OptionalEndpointSupportingTokenParameters.Signed.Count, "#17");
Assert.AreEqual(0, sbe.OptionalEndpointSupportingTokenParameters.SignedEncrypted.Count, "#18");
Assert.AreEqual(0, sbe.OptionalEndpointSupportingTokenParameters.Endorsing.Count, "#19");
Assert.AreEqual(0, sbe.OptionalEndpointSupportingTokenParameters.SignedEndorsing.Count, "#110");
Assert.AreEqual(0, spbe.OptionalEndpointSupportingTokenParameters.Signed.Count, "#21");
Assert.AreEqual(0, spbe.OptionalEndpointSupportingTokenParameters.SignedEncrypted.Count, "#22");
Assert.AreEqual(0, spbe.OptionalEndpointSupportingTokenParameters.Endorsing.Count, "#23");
Assert.AreEqual(0, spbe.OptionalEndpointSupportingTokenParameters.SignedEndorsing.Count, "#24");
}
public override bool TryImportWsspSecureConversationTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters)
{
parameters = null;
SecurityTokenInclusionMode inclusionMode;
Collection <Collection <XmlElement> > alternatives;
if (IsWsspAssertion(assertion, SecureConversationTokenName) &&
TryGetIncludeTokenValue(assertion, out inclusionMode))
{
if (TryGetNestedPolicyAlternatives(importer, assertion, out alternatives))
{
foreach (Collection <XmlElement> alternative in alternatives)
{
SecureConversationSecurityTokenParameters sc = new SecureConversationSecurityTokenParameters();
parameters = sc;
bool requireCancellation;
bool canRenewSession;
if (TryImportWsspRequireDerivedKeysAssertion(alternative, sc) &&
TryImportWsspMustNotSendCancelAssertion(alternative, out requireCancellation) &&
TryImportWsspMustNotSendAmendAssertion(alternative) &&
TryImportWsspMustNotSendRenewAssertion(alternative, out canRenewSession) &&
TryImportWsspBootstrapPolicyAssertion(importer, alternative, sc) &&
alternative.Count == 0)
{
sc.RequireCancellation = requireCancellation;
sc.CanRenewSession = canRenewSession;
sc.InclusionMode = inclusionMode;
break;
}
else
{
parameters = null;
}
}
}
else
{
parameters = new SecureConversationSecurityTokenParameters();
parameters.InclusionMode = inclusionMode;
parameters.RequireDerivedKeys = false;
}
}
return(parameters != null);
}
//<snippet1>
// This method returns a custom binding created from a WSHttpBinding. Alter the method
// to use the appropriate binding for your service, with the appropriate settings.
public static Binding CreateCustomBinding(TimeSpan clockSkew)
{
WSHttpBinding standardBinding = new WSHttpBinding(SecurityMode.Message, true);
CustomBinding myCustomBinding = new CustomBinding(standardBinding);
SymmetricSecurityBindingElement security =
myCustomBinding.Elements.Find<SymmetricSecurityBindingElement>();
security.LocalClientSettings.MaxClockSkew = clockSkew;
security.LocalServiceSettings.MaxClockSkew = clockSkew;
// Get the System.ServiceModel.Security.Tokens.SecureConversationSecurityTokenParameters
SecureConversationSecurityTokenParameters secureTokenParams =
(SecureConversationSecurityTokenParameters)security.ProtectionTokenParameters;
// From the collection, get the bootstrap element.
SecurityBindingElement bootstrap = secureTokenParams.BootstrapSecurityBindingElement;
// Set the MaxClockSkew on the bootstrap element.
bootstrap.LocalClientSettings.MaxClockSkew = clockSkew;
bootstrap.LocalServiceSettings.MaxClockSkew = clockSkew;
return myCustomBinding;
}
// If any changes are made to this method, please make sure that they are
// reflected in the corresponding IsSecureConversationBinding() method.
public static SecurityBindingElement CreateSecureConversationBindingElement(SecurityBindingElement bootstrapSecurity, bool requireCancellation, ChannelProtectionRequirements bootstrapProtectionRequirements)
{
if (bootstrapSecurity == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("bootstrapBinding");
}
SecurityBindingElement result;
if (bootstrapSecurity is TransportSecurityBindingElement)
{
// there is no need to do replay detection or key derivation for transport bindings
TransportSecurityBindingElement primary = new TransportSecurityBindingElement();
SecureConversationSecurityTokenParameters scParameters = new SecureConversationSecurityTokenParameters(
bootstrapSecurity,
requireCancellation,
bootstrapProtectionRequirements)
{
RequireDerivedKeys = false
};
primary.EndpointSupportingTokenParameters.Endorsing.Add(
scParameters);
// primary.LocalClientSettings.DetectReplays = false;
primary.LocalServiceSettings.DetectReplays = false;
primary.IncludeTimestamp = true;
result = primary;
}
else // Symmetric- or AsymmetricSecurityBindingElement
{
SymmetricSecurityBindingElement primary = new SymmetricSecurityBindingElement(
new SecureConversationSecurityTokenParameters(
bootstrapSecurity,
requireCancellation,
bootstrapProtectionRequirements))
{
// there is no need for signature confirmation on the steady state binding
RequireSignatureConfirmation = false
};
result = primary;
}
return(result);
}
/// <summary>
/// Builds the <see cref="SecurityBindingElement"/> for the RelyingParty channel.
/// </summary>
/// <returns>a <see cref="SecurityBindingElement"/> for the RelyingParty channel.</returns>
/// <remarks>Creates a new <see cref="TransportBindingElement"/> and adds <see cref="WSTrustTokenParameters"/> to the appropriate EndpointSupportingTokenParameters (Endorsing or Signed).
/// <para>Sets: <see cref="MessageSecurityVersion"/> == <see cref="WSTrustTokenParameters.MessageSecurityVersion"/>.</para></para>
/// <para>Sets: <see cref="IncludeTimestamp"/> == true.</para></remarks>
protected override SecurityBindingElement CreateMessageSecurity()
{
WSTrustTokenParameters.RequireDerivedKeys = false;
var result = new TransportSecurityBindingElement
{
IncludeTimestamp = true,
MessageSecurityVersion = WSTrustTokenParameters.MessageSecurityVersion
};
if (WSTrustTokenParameters.KeyType == SecurityKeyType.BearerKey)
{
result.EndpointSupportingTokenParameters.Signed.Add(WSTrustTokenParameters);
}
else
{
result.EndpointSupportingTokenParameters.Endorsing.Add(WSTrustTokenParameters);
}
if (Security.Message.EstablishSecurityContext)
{
var securityContextWrappingElement = new TransportSecurityBindingElement
{
IncludeTimestamp = true,
MessageSecurityVersion = WSTrustTokenParameters.MessageSecurityVersion
};
securityContextWrappingElement.LocalClientSettings.DetectReplays = false;
var scParameters = new SecureConversationSecurityTokenParameters(result)
{
RequireCancellation = true,
RequireDerivedKeys = false
};
securityContextWrappingElement.EndpointSupportingTokenParameters.Endorsing.Add(scParameters);
result = securityContextWrappingElement;
}
SecurityBindingElement = result;
return(result);
}
public void DefaultMessageSecurity()
{
WSHttpBinding b = new WSHttpBinding();
SymmetricSecurityBindingElement sbe = b.CreateBindingElements().Find <SymmetricSecurityBindingElement> ();
Assert.IsNotNull(sbe, "#0");
SecureConversationSecurityTokenParameters p =
sbe.ProtectionTokenParameters as SecureConversationSecurityTokenParameters;
Assert.IsNotNull(p, "#1");
SymmetricSecurityBindingElement scbe =
p.BootstrapSecurityBindingElement as SymmetricSecurityBindingElement;
Assert.IsNotNull(scbe, "#1.1");
// since the default w/o SecureConv is SSPI ...
Assert.IsTrue(scbe.ProtectionTokenParameters is SspiSecurityTokenParameters, "#1.2");
Assert.AreEqual(SecurityAlgorithmSuite.Default,
sbe.DefaultAlgorithmSuite, "#2");
SupportingTokenParameters s =
sbe.EndpointSupportingTokenParameters;
Assert.IsNotNull(s, "#3");
Assert.AreEqual(0, s.Endorsing.Count, "#3-1");
Assert.AreEqual(0, s.Signed.Count, "#3-2");
Assert.AreEqual(0, s.SignedEndorsing.Count, "#3-3");
Assert.AreEqual(0, s.SignedEncrypted.Count, "#3-4");
Assert.AreEqual(0, sbe.OperationSupportingTokenParameters.Count, "#4");
s = sbe.OptionalEndpointSupportingTokenParameters;
Assert.IsNotNull(s, "#5");
Assert.AreEqual(0, s.Endorsing.Count, "#5-1");
Assert.AreEqual(0, s.Signed.Count, "#5-2");
Assert.AreEqual(0, s.SignedEndorsing.Count, "#5-3");
Assert.AreEqual(0, s.SignedEncrypted.Count, "#5-4");
Assert.AreEqual(0, sbe.OptionalOperationSupportingTokenParameters.Count, "#6");
}
public static CustomBinding CreateWsFederationBindingWithoutSecureConversation(WSFederationHttpBinding inputBinding)
{
// This CustomBinding starts out identical to the specified WSFederationHttpBinding.
var outputBinding = new CustomBinding(inputBinding.CreateBindingElements());
// Find the SecurityBindingElement for message security.
var security = outputBinding.Elements.Find <SecurityBindingElement>();
// If the security mode is message, then the secure session settings are the protection token parameters.
SecureConversationSecurityTokenParameters secureConversation = null;
if (WSFederationHttpSecurityMode.Message == inputBinding.Security.Mode)
{
var symmetricSecurity = security as SymmetricSecurityBindingElement;
if (symmetricSecurity != null)
{
secureConversation = symmetricSecurity.ProtectionTokenParameters as SecureConversationSecurityTokenParameters;
}
}
// If the security mode is message, then the secure session settings are the endorsing token parameters.
else if (WSFederationHttpSecurityMode.TransportWithMessageCredential == inputBinding.Security.Mode)
{
var transportSecurity = security as TransportSecurityBindingElement;
if (transportSecurity != null)
{
secureConversation = transportSecurity.EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters;
}
}
else
{
throw new NotSupportedException(String.Format("Unhandled security mode {0}.", inputBinding.Security.Mode));
}
// Replace the secure session SecurityBindingElement with the bootstrap SecurityBindingElement.
int securityIndex = outputBinding.Elements.IndexOf(security);
if (secureConversation != null)
{
outputBinding.Elements[securityIndex] = secureConversation.BootstrapSecurityBindingElement;
}
// Return modified binding.
return(outputBinding);
}
public MySecureConversationSecurityTokenParameters(SecureConversationSecurityTokenParameters clone)
: base(clone)
{
}
static bool AreTokenParametersMatching(SecurityTokenParameters p1, SecurityTokenParameters p2, bool skipRequireDerivedKeysComparison, bool exactMessageSecurityVersion)
{
if (p1 == null || p2 == null)
{
return(false);
}
if (p1.GetType() != p2.GetType())
{
return(false);
}
if (p1.InclusionMode != p2.InclusionMode)
{
return(false);
}
if (skipRequireDerivedKeysComparison == false && p1.RequireDerivedKeys != p2.RequireDerivedKeys)
{
return(false);
}
if (p1.ReferenceStyle != p2.ReferenceStyle)
{
return(false);
}
// mutual ssl and anonymous ssl differ in the client cert requirement
if (p1 is SslSecurityTokenParameters)
{
if (((SslSecurityTokenParameters)p1).RequireClientCertificate != ((SslSecurityTokenParameters)p2).RequireClientCertificate)
{
return(false);
}
}
else if (p1 is SecureConversationSecurityTokenParameters)
{
SecureConversationSecurityTokenParameters sc1 = (SecureConversationSecurityTokenParameters)p1;
SecureConversationSecurityTokenParameters sc2 = (SecureConversationSecurityTokenParameters)p2;
if (sc1.RequireCancellation != sc2.RequireCancellation)
{
return(false);
}
if (sc1.CanRenewSession != sc2.CanRenewSession)
{
return(false);
}
if (!AreBindingsMatching(sc1.BootstrapSecurityBindingElement, sc2.BootstrapSecurityBindingElement, exactMessageSecurityVersion))
{
return(false);
}
}
else if (p1 is IssuedSecurityTokenParameters)
{
if (((IssuedSecurityTokenParameters)p1).KeyType != ((IssuedSecurityTokenParameters)p2).KeyType)
{
return(false);
}
}
return(true);
}
public override XmlElement CreateWsspSecureConversationTokenAssertion(MetadataExporter exporter, SecureConversationSecurityTokenParameters parameters)
{
XmlElement tokenAssertion = this.CreateWsspAssertion("SecureConversationToken");
this.SetIncludeTokenValue(tokenAssertion, parameters.InclusionMode);
tokenAssertion.AppendChild(this.CreateWspPolicyWrapper(exporter, new XmlElement[] { this.CreateWsspRequireDerivedKeysAssertion(parameters.RequireDerivedKeys), this.CreateWsspMustNotSendCancelAssertion(parameters.RequireCancellation), this.CreateWsspBootstrapPolicyAssertion(exporter, parameters.BootstrapSecurityBindingElement), this.CreateWsspMustNotSendAmendAssertion(), (!parameters.RequireCancellation || !parameters.CanRenewSession) ? this.CreateWsspMustNotSendRenewAssertion() : null }));
return(tokenAssertion);
}
protected override IServiceDispatcher BuildServiceDispatcherCore <TChannel>(BindingContext context, IServiceDispatcher serviceDispatcher)
{
SecurityServiceDispatcher securityServiceDispatcher = new SecurityServiceDispatcher(context, serviceDispatcher);
SecurityCredentialsManager credentialsManager = serviceDispatcher.Host.Description.Behaviors.Find <SecurityCredentialsManager>();
if (credentialsManager == null)
{
credentialsManager = ServiceCredentials.CreateDefaultCredentials();
}
SecureConversationSecurityTokenParameters scParameters;
if (EndpointSupportingTokenParameters.Endorsing.Count > 0)
{
scParameters = EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters;
}
else
{
scParameters = null;
}
bool requireDemuxer = RequiresChannelDemuxer();
ChannelBuilder channelBuilder = new ChannelBuilder(context, requireDemuxer);
if (requireDemuxer)
{
ApplyPropertiesOnDemuxer(channelBuilder, context);
}
BindingContext issuerBindingContext = context.Clone();
issuerBindingContext.BindingParameters.Add(credentialsManager);
if (scParameters != null)
{
if (scParameters.BootstrapSecurityBindingElement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.Format(SR.SecureConversationSecurityTokenParametersRequireBootstrapBinding)));
}
AddDemuxerForSecureConversation(channelBuilder, issuerBindingContext);
if (scParameters.RequireCancellation)
{
SessionSymmetricTransportSecurityProtocolFactory sessionFactory = new SessionSymmetricTransportSecurityProtocolFactory
{
// base.ApplyAuditBehaviorSettings(context, sessionFactory);
SecurityTokenParameters = scParameters.Clone()
};
((SecureConversationSecurityTokenParameters)sessionFactory.SecurityTokenParameters).IssuerBindingContext = issuerBindingContext;
EndpointSupportingTokenParameters.Endorsing.RemoveAt(0);
try
{
ConfigureProtocolFactory(sessionFactory, credentialsManager, true, issuerBindingContext, context.Binding);
}
finally
{
EndpointSupportingTokenParameters.Endorsing.Insert(0, scParameters);
}
securityServiceDispatcher.SessionMode = true;
securityServiceDispatcher.SessionServerSettings.InactivityTimeout = LocalServiceSettings.InactivityTimeout;
securityServiceDispatcher.SessionServerSettings.KeyRolloverInterval = LocalServiceSettings.SessionKeyRolloverInterval;
securityServiceDispatcher.SessionServerSettings.MaximumPendingSessions = LocalServiceSettings.MaxPendingSessions;
securityServiceDispatcher.SessionServerSettings.MaximumKeyRenewalInterval = LocalServiceSettings.SessionKeyRenewalInterval;
securityServiceDispatcher.SessionServerSettings.TolerateTransportFailures = LocalServiceSettings.ReconnectTransportOnFailure;
securityServiceDispatcher.SessionServerSettings.CanRenewSession = scParameters.CanRenewSession;
securityServiceDispatcher.SessionServerSettings.IssuedSecurityTokenParameters = scParameters.Clone();
((SecureConversationSecurityTokenParameters)securityServiceDispatcher.SessionServerSettings.IssuedSecurityTokenParameters).IssuerBindingContext = issuerBindingContext;
securityServiceDispatcher.SessionServerSettings.SecurityStandardsManager = sessionFactory.StandardsManager;
securityServiceDispatcher.SessionServerSettings.SessionProtocolFactory = sessionFactory;
securityServiceDispatcher.SecurityProtocolFactory = sessionFactory;
// pass in the error handler for handling unknown security sessions - dont do this if the underlying channel is duplex since sending
// back faults in response to badly secured requests over duplex can result in DoS.
if (context.BindingParameters != null && context.BindingParameters.Find <IChannelDemuxFailureHandler>() == null &&
!IsUnderlyingDispatcherDuplex <TChannel>(context))
{
context.BindingParameters.Add(new SecuritySessionServerSettings.SecuritySessionDemuxFailureHandler(sessionFactory.StandardsManager));
}
}
else
{
//TODO later
TransportSecurityProtocolFactory protocolFactory = new TransportSecurityProtocolFactory();
// base.ApplyAuditBehaviorSettings(context, protocolFactory);
EndpointSupportingTokenParameters.Endorsing.RemoveAt(0);
try
{
ConfigureProtocolFactory(protocolFactory, credentialsManager, true, issuerBindingContext, context.Binding);
SecureConversationSecurityTokenParameters acceleratedTokenParameters = (SecureConversationSecurityTokenParameters)scParameters.Clone();
acceleratedTokenParameters.IssuerBindingContext = issuerBindingContext;
protocolFactory.SecurityBindingElement.EndpointSupportingTokenParameters.Endorsing.Insert(0, acceleratedTokenParameters);
}
finally
{
EndpointSupportingTokenParameters.Endorsing.Insert(0, scParameters);
}
securityServiceDispatcher.SecurityProtocolFactory = protocolFactory;
}
}
else
{
SecurityProtocolFactory protocolFactory = CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, true, issuerBindingContext);
securityServiceDispatcher.SecurityProtocolFactory = protocolFactory;
}
securityServiceDispatcher.InitializeSecurityDispatcher(channelBuilder, typeof(TChannel));
//return channelListener;
channelBuilder.BuildServiceDispatcher <TChannel>(context, securityServiceDispatcher);
return(securityServiceDispatcher);
}
protected override IChannelFactory <TChannel> BuildChannelFactoryCore <TChannel>(BindingContext context)
{
ISecurityCapabilities property = this.GetProperty <ISecurityCapabilities>(context);
SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>();
if (credentialsManager == null)
{
credentialsManager = ClientCredentials.CreateDefaultCredentials();
}
SecureConversationSecurityTokenParameters item = null;
if (base.EndpointSupportingTokenParameters.Endorsing.Count > 0)
{
item = base.EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters;
}
bool addChannelDemuxerIfRequired = this.RequiresChannelDemuxer();
ChannelBuilder builder = new ChannelBuilder(context, addChannelDemuxerIfRequired);
if (addChannelDemuxerIfRequired)
{
base.ApplyPropertiesOnDemuxer(builder, context);
}
BindingContext issuerBindingContext = context.Clone();
if (item != null)
{
if (item.BootstrapSecurityBindingElement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("SecureConversationSecurityTokenParametersRequireBootstrapBinding")));
}
item.IssuerBindingContext = issuerBindingContext;
if (item.RequireCancellation)
{
SessionSymmetricTransportSecurityProtocolFactory factory2 = new SessionSymmetricTransportSecurityProtocolFactory {
SecurityTokenParameters = item.Clone()
};
((SecureConversationSecurityTokenParameters)factory2.SecurityTokenParameters).IssuerBindingContext = issuerBindingContext;
base.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0);
try
{
base.ConfigureProtocolFactory(factory2, credentialsManager, false, issuerBindingContext, context.Binding);
}
finally
{
base.EndpointSupportingTokenParameters.Endorsing.Insert(0, item);
}
SecuritySessionClientSettings <TChannel> sessionClientSettings = new SecuritySessionClientSettings <TChannel> {
ChannelBuilder = builder,
KeyRenewalInterval = base.LocalClientSettings.SessionKeyRenewalInterval,
KeyRolloverInterval = base.LocalClientSettings.SessionKeyRolloverInterval,
TolerateTransportFailures = base.LocalClientSettings.ReconnectTransportOnFailure,
CanRenewSession = item.CanRenewSession,
IssuedSecurityTokenParameters = item.Clone()
};
((SecureConversationSecurityTokenParameters)sessionClientSettings.IssuedSecurityTokenParameters).IssuerBindingContext = issuerBindingContext;
sessionClientSettings.SecurityStandardsManager = factory2.StandardsManager;
sessionClientSettings.SessionProtocolFactory = factory2;
return(new SecurityChannelFactory <TChannel>(property, context, sessionClientSettings));
}
TransportSecurityProtocolFactory factory = new TransportSecurityProtocolFactory();
base.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0);
try
{
base.ConfigureProtocolFactory(factory, credentialsManager, false, issuerBindingContext, context.Binding);
SecureConversationSecurityTokenParameters parameters2 = (SecureConversationSecurityTokenParameters)item.Clone();
parameters2.IssuerBindingContext = issuerBindingContext;
factory.SecurityBindingElement.EndpointSupportingTokenParameters.Endorsing.Insert(0, parameters2);
}
finally
{
base.EndpointSupportingTokenParameters.Endorsing.Insert(0, item);
}
return(new SecurityChannelFactory <TChannel>(property, context, builder, factory));
}
return(new SecurityChannelFactory <TChannel>(property, context, builder, this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, false, issuerBindingContext)));
}
public void GetPropertySecurityCapabilities()
{
ISecurityCapabilities c;
RsaSecurityTokenParameters rsa =
new RsaSecurityTokenParameters();
UserNameSecurityTokenParameters user =
new UserNameSecurityTokenParameters();
X509SecurityTokenParameters x509 =
new X509SecurityTokenParameters();
SecureConversationSecurityTokenParameters sc1 =
new SecureConversationSecurityTokenParameters();
sc1.BootstrapSecurityBindingElement =
new SymmetricSecurityBindingElement(); // empty
SecureConversationSecurityTokenParameters sc2 =
new SecureConversationSecurityTokenParameters();
sc2.BootstrapSecurityBindingElement =
new SymmetricSecurityBindingElement(x509);
SecureConversationSecurityTokenParameters sc3 =
new SecureConversationSecurityTokenParameters();
sc3.BootstrapSecurityBindingElement =
new AsymmetricSecurityBindingElement(null, x509);
SecureConversationSecurityTokenParameters sc4 =
new SecureConversationSecurityTokenParameters();
sc4.BootstrapSecurityBindingElement =
new AsymmetricSecurityBindingElement(x509, null);
// no parameters
c = GetSecurityCapabilities(
new SymmetricSecurityBindingElement());
AssertSecurityCapabilities(
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
false, false, false, c, "#1");
// x509 parameters for both
c = GetSecurityCapabilities(
new SymmetricSecurityBindingElement(x509));
AssertSecurityCapabilities(
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
true, true, true, c, "#2");
// no initiator parameters
c = GetSecurityCapabilities(
new AsymmetricSecurityBindingElement(x509, null));
AssertSecurityCapabilities(
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
false, false, true, c, "#3");
// no recipient parameters
c = GetSecurityCapabilities(
new AsymmetricSecurityBindingElement(null, x509));
AssertSecurityCapabilities(
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
true, true, false, c, "#4");
// initiator does not support identity
c = GetSecurityCapabilities(
new AsymmetricSecurityBindingElement(x509, rsa));
AssertSecurityCapabilities(
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
true, false, true, c, "#5");
// recipient does not support server auth
c = GetSecurityCapabilities(
new AsymmetricSecurityBindingElement(user, x509));
AssertSecurityCapabilities(
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
true, true, false, c, "#6");
// secureconv with no symm. bootstrap params
c = GetSecurityCapabilities(
new SymmetricSecurityBindingElement(sc1));
AssertSecurityCapabilities(
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
false, false, false, c, "#7");
// secureconv with x509 symm. bootstrap params
c = GetSecurityCapabilities(
new SymmetricSecurityBindingElement(sc2));
AssertSecurityCapabilities(
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
true, true, true, c, "#8");
// secureconv with x509 initiator bootstrap params
c = GetSecurityCapabilities(
new SymmetricSecurityBindingElement(sc3));
AssertSecurityCapabilities(
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
true, true, false, c, "#9");
// secureconv with x509 recipient bootstrap params
c = GetSecurityCapabilities(
new SymmetricSecurityBindingElement(sc4));
AssertSecurityCapabilities(
ProtectionLevel.EncryptAndSign,
ProtectionLevel.EncryptAndSign,
false, false, true, c, "#10");
// FIXME: find out such cases that returns other ProtectionLevel values.
}
protected override IChannelListener <TChannel> BuildChannelListenerCore <TChannel>(BindingContext context) where TChannel : class, IChannel
{
SecureConversationSecurityTokenParameters parameters;
SecurityChannelListener <TChannel> listener = new SecurityChannelListener <TChannel>(this, context);
SecurityCredentialsManager credentialsManager = context.BindingParameters.Find <SecurityCredentialsManager>();
if (credentialsManager == null)
{
credentialsManager = ServiceCredentials.CreateDefaultCredentials();
}
if (base.EndpointSupportingTokenParameters.Endorsing.Count > 0)
{
parameters = base.EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters;
}
else
{
parameters = null;
}
bool addChannelDemuxerIfRequired = this.RequiresChannelDemuxer();
ChannelBuilder builder = new ChannelBuilder(context, addChannelDemuxerIfRequired);
if (addChannelDemuxerIfRequired)
{
base.ApplyPropertiesOnDemuxer(builder, context);
}
BindingContext secureConversationBindingContext = context.Clone();
if (parameters != null)
{
if (parameters.BootstrapSecurityBindingElement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("SecureConversationSecurityTokenParametersRequireBootstrapBinding")));
}
base.AddDemuxerForSecureConversation(builder, secureConversationBindingContext);
if (parameters.RequireCancellation)
{
SessionSymmetricTransportSecurityProtocolFactory factory = new SessionSymmetricTransportSecurityProtocolFactory();
base.ApplyAuditBehaviorSettings(context, factory);
factory.SecurityTokenParameters = parameters.Clone();
((SecureConversationSecurityTokenParameters)factory.SecurityTokenParameters).IssuerBindingContext = secureConversationBindingContext;
base.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0);
try
{
base.ConfigureProtocolFactory(factory, credentialsManager, true, secureConversationBindingContext, context.Binding);
}
finally
{
base.EndpointSupportingTokenParameters.Endorsing.Insert(0, parameters);
}
listener.SessionMode = true;
listener.SessionServerSettings.InactivityTimeout = base.LocalServiceSettings.InactivityTimeout;
listener.SessionServerSettings.KeyRolloverInterval = base.LocalServiceSettings.SessionKeyRolloverInterval;
listener.SessionServerSettings.MaximumPendingSessions = base.LocalServiceSettings.MaxPendingSessions;
listener.SessionServerSettings.MaximumKeyRenewalInterval = base.LocalServiceSettings.SessionKeyRenewalInterval;
listener.SessionServerSettings.TolerateTransportFailures = base.LocalServiceSettings.ReconnectTransportOnFailure;
listener.SessionServerSettings.CanRenewSession = parameters.CanRenewSession;
listener.SessionServerSettings.IssuedSecurityTokenParameters = parameters.Clone();
((SecureConversationSecurityTokenParameters)listener.SessionServerSettings.IssuedSecurityTokenParameters).IssuerBindingContext = secureConversationBindingContext;
listener.SessionServerSettings.SecurityStandardsManager = factory.StandardsManager;
listener.SessionServerSettings.SessionProtocolFactory = factory;
if (((context.BindingParameters != null) && (context.BindingParameters.Find <IChannelDemuxFailureHandler>() == null)) && !base.IsUnderlyingListenerDuplex <TChannel>(context))
{
context.BindingParameters.Add(new SecuritySessionServerSettings.SecuritySessionDemuxFailureHandler(factory.StandardsManager));
}
}
else
{
TransportSecurityProtocolFactory factory2 = new TransportSecurityProtocolFactory();
base.ApplyAuditBehaviorSettings(context, factory2);
base.EndpointSupportingTokenParameters.Endorsing.RemoveAt(0);
try
{
base.ConfigureProtocolFactory(factory2, credentialsManager, true, secureConversationBindingContext, context.Binding);
SecureConversationSecurityTokenParameters item = (SecureConversationSecurityTokenParameters)parameters.Clone();
item.IssuerBindingContext = secureConversationBindingContext;
factory2.SecurityBindingElement.EndpointSupportingTokenParameters.Endorsing.Insert(0, item);
}
finally
{
base.EndpointSupportingTokenParameters.Endorsing.Insert(0, parameters);
}
listener.SecurityProtocolFactory = factory2;
}
}
else
{
SecurityProtocolFactory factory3 = this.CreateSecurityProtocolFactory <TChannel>(context, credentialsManager, true, secureConversationBindingContext);
listener.SecurityProtocolFactory = factory3;
}
listener.InitializeListener(builder);
return(listener);
}
