SupportingTokenParameters C# (CSharp)代码示例

示例#1

0

显示文件

文件： SecurityBindingElement.cs 项目： yukozh/wcf

        // this method reverses CreateMutualCertificateBindingElement() logic
        internal static bool IsUserNameOverTransportBinding(SecurityBindingElement sbe)
        {
            // do not check local settings: sbe.LocalServiceSettings and sbe.LocalClientSettings
            if (!sbe.IncludeTimestamp)
            {
                return(false);
            }

            if (!(sbe is TransportSecurityBindingElement))
            {
                return(false);
            }

            SupportingTokenParameters parameters = sbe.EndpointSupportingTokenParameters;

            if (parameters.Signed.Count != 0 || parameters.SignedEncrypted.Count != 1 || parameters.Endorsing.Count != 0 || parameters.SignedEndorsing.Count != 0)
            {
                return(false);
            }

            UserNameSecurityTokenParameters userNameParameters = parameters.SignedEncrypted[0] as UserNameSecurityTokenParameters;

            if (userNameParameters == null)
            {
                return(false);
            }

            return(true);
        }

示例#2

0

显示文件

文件： SecurityBindingElement.cs 项目： sq2907/CoreWCF

        internal SecurityBindingElement(SecurityBindingElement elementToBeCloned)
            : base(elementToBeCloned)
        {
            if (elementToBeCloned == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("elementToBeCloned");
            }

            this.defaultAlgorithmSuite                     = elementToBeCloned.defaultAlgorithmSuite;
            this.includeTimestamp                          = elementToBeCloned.includeTimestamp;
            this.keyEntropyMode                            = elementToBeCloned.keyEntropyMode;
            this.messageSecurityVersion                    = elementToBeCloned.messageSecurityVersion;
            this.securityHeaderLayout                      = elementToBeCloned.securityHeaderLayout;
            this.endpointSupportingTokenParameters         = (SupportingTokenParameters)elementToBeCloned.endpointSupportingTokenParameters.Clone();
            this.optionalEndpointSupportingTokenParameters = (SupportingTokenParameters)elementToBeCloned.optionalEndpointSupportingTokenParameters.Clone();
            this.operationSupportingTokenParameters        = new Dictionary <string, SupportingTokenParameters>();
            foreach (string key in elementToBeCloned.operationSupportingTokenParameters.Keys)
            {
                this.operationSupportingTokenParameters[key] = (SupportingTokenParameters)elementToBeCloned.operationSupportingTokenParameters[key].Clone();
            }
            this.optionalOperationSupportingTokenParameters = new Dictionary <string, SupportingTokenParameters>();
            foreach (string key in elementToBeCloned.optionalOperationSupportingTokenParameters.Keys)
            {
                this.optionalOperationSupportingTokenParameters[key] = (SupportingTokenParameters)elementToBeCloned.optionalOperationSupportingTokenParameters[key].Clone();
            }
            this.localServiceSettings = (LocalServiceSecuritySettings)elementToBeCloned.localServiceSettings.Clone();
            // this.internalDuplexBindingElement = elementToBeCloned.internalDuplexBindingElement;
            this.maxReceivedMessageSize           = elementToBeCloned.maxReceivedMessageSize;
            this.readerQuotas                     = elementToBeCloned.readerQuotas;
            this.doNotEmitTrust                   = elementToBeCloned.doNotEmitTrust;
            this.allowInsecureTransport           = elementToBeCloned.allowInsecureTransport;
            this.enableUnsecuredResponse          = elementToBeCloned.enableUnsecuredResponse;
            this.supportsExtendedProtectionPolicy = elementToBeCloned.supportsExtendedProtectionPolicy;
            this.protectTokens                    = elementToBeCloned.protectTokens;
        }

示例#3

0

显示文件

文件： SecurityBindingElementImporter.cs 项目： greyblue9/DecompliedDotNetLibraries

 private void ImportOperationScopeSupportingTokensPolicy(MetadataImporter importer, PolicyConversionContext policyContext, SecurityBindingElement binding)
 {
     foreach (OperationDescription description in policyContext.Contract.Operations)
     {
         string action = null;
         foreach (MessageDescription description2 in description.Messages)
         {
             if (description2.Direction == MessageDirection.Input)
             {
                 action = description2.Action;
                 break;
             }
         }
         SupportingTokenParameters requirements               = new SupportingTokenParameters();
         SupportingTokenParameters optionalRequirements       = new SupportingTokenParameters();
         ICollection <XmlElement>  operationBindingAssertions = policyContext.GetOperationBindingAssertions(description);
         this.ImportSupportingTokenAssertions(importer, policyContext, operationBindingAssertions, requirements, optionalRequirements);
         if (((requirements.Endorsing.Count > 0) || (requirements.Signed.Count > 0)) || ((requirements.SignedEncrypted.Count > 0) || (requirements.SignedEndorsing.Count > 0)))
         {
             if (action == null)
             {
                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("CannotImportSupportingTokensForOperationWithoutRequestAction")));
             }
             binding.OperationSupportingTokenParameters[action] = requirements;
         }
         if (((optionalRequirements.Endorsing.Count > 0) || (optionalRequirements.Signed.Count > 0)) || ((optionalRequirements.SignedEncrypted.Count > 0) || (optionalRequirements.SignedEndorsing.Count > 0)))
         {
             if (action == null)
             {
                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("CannotImportSupportingTokensForOperationWithoutRequestAction")));
             }
             binding.OptionalOperationSupportingTokenParameters[action] = optionalRequirements;
         }
     }
 }

示例#4

0

显示文件

        // this method reverses CreateMutualCertificateBindingElement() logic
        internal static bool IsCertificateOverTransportBinding(SecurityBindingElement sbe)
        {
            // do not check local settings: sbe.LocalServiceSettings and sbe.LocalClientSettings
            if (!sbe.IncludeTimestamp)
            {
                return(false);
            }

            if (!(sbe is TransportSecurityBindingElement))
            {
                return(false);
            }

            SupportingTokenParameters parameters = sbe.EndpointSupportingTokenParameters;

            if (parameters.Signed.Count != 0 || parameters.SignedEncrypted.Count != 0 || parameters.Endorsing.Count != 1 || parameters.SignedEndorsing.Count != 0)
            {
                return(false);
            }

            if (!(parameters.Endorsing[0] is X509SecurityTokenParameters x509Parameters))
            {
                return(false);
            }

            if (x509Parameters.InclusionMode != SecurityTokenInclusionMode.AlwaysToRecipient)
            {
                return(false);
            }

            return(x509Parameters.X509ReferenceStyle == X509KeyIdentifierClauseType.Any || x509Parameters.X509ReferenceStyle == X509KeyIdentifierClauseType.Thumbprint);
        }

示例#5

0

显示文件

 void ValidateTokensByParameters(SupportingTokenParameters supp, List <SupportingTokenInfo> tokens, bool optional)
 {
     ValidateTokensByParameters(supp.Endorsing, tokens, optional, SecurityTokenAttachmentMode.Endorsing);
     ValidateTokensByParameters(supp.Signed, tokens, optional, SecurityTokenAttachmentMode.Signed);
     ValidateTokensByParameters(supp.SignedEndorsing, tokens, optional, SecurityTokenAttachmentMode.SignedEndorsing);
     ValidateTokensByParameters(supp.SignedEncrypted, tokens, optional, SecurityTokenAttachmentMode.SignedEncrypted);
 }

示例#6

0

显示文件

    public static void Property_Signed()
    {
        SupportingTokenParameters stp = new SupportingTokenParameters();

        Assert.NotNull(stp.Signed);
        Assert.Equal(new Collection <SecurityTokenParameters>(), stp.Signed);
    }

示例#7

0

显示文件

        public void DefaultItems()
        {
            SupportingTokenParameters p = new SupportingTokenParameters();

            Assert.AreEqual(0, p.Endorsing.Count, "#1");
            Assert.AreEqual(0, p.Signed.Count, "#2");
            Assert.AreEqual(0, p.SignedEncrypted.Count, "#3");
            Assert.AreEqual(0, p.SignedEndorsing.Count, "#4");
        }

示例#8

0

显示文件

文件： SecurityBindingElement.cs 项目： yukozh/wcf

 internal SecurityBindingElement()
     : base()
 {
     _messageSecurityVersion            = MessageSecurityVersion.Default;
     _includeTimestamp                  = defaultIncludeTimestamp;
     _localClientSettings               = new LocalClientSecuritySettings();
     _endpointSupportingTokenParameters = new SupportingTokenParameters();
     _securityHeaderLayout              = SecurityProtocolFactory.defaultSecurityHeaderLayout;
 }

示例#9

0

显示文件

 public static void AssertSupportingTokenParameters(
     int endorsing, int signed, int signedEncrypted, int signedEndorsing,
     SupportingTokenParameters tp, string label)
 {
     Assert.IsNotNull(tp, label + " IsNotNull");
     Assert.AreEqual(endorsing, tp.Endorsing.Count, label + ".Endoring.Count");
     Assert.AreEqual(signed, tp.Signed.Count, label + ".Signed.Count");
     Assert.AreEqual(signedEncrypted, tp.SignedEncrypted.Count, label + ".SignedEncrypted.Count");
     Assert.AreEqual(signedEndorsing, tp.SignedEndorsing.Count, label + ".SignedEndorsing.Count");
 }

示例#10

0

显示文件

文件： SecurityBindingElement.cs 项目： setamodius/wcf

 internal SecurityBindingElement()
     : base()
 {
     _messageSecurityVersion            = MessageSecurityVersion.Default;
     _includeTimestamp                  = defaultIncludeTimestamp;
     _localClientSettings               = new LocalClientSecuritySettings();
     _endpointSupportingTokenParameters = new SupportingTokenParameters();
     _securityHeaderLayout              = SecurityProtocolFactory.defaultSecurityHeaderLayout;
     throw ExceptionHelper.PlatformNotSupported("SecurityBindingElement is not supported");
 }

示例#11

0

显示文件

        private SecurityBindingElement CreateSecurityBindingElement()
        {
            // Create an issued token parameters object.
            IssuedSecurityTokenParameters issuedSecTok =
                new IssuedSecurityTokenParameters();

            // Create a security binding element with the parameter object.
            SymmetricSecurityBindingElement secBindingEle =
                SecurityBindingElement.CreateIssuedTokenBindingElement(issuedSecTok);

            // Create a Kerberos token parameter object and set the inclusion
            // mode to AlwaysToRecipient. Add the object as an endorsing token for
            // all operations of the endpoint.
            KerberosSecurityTokenParameters kstp = new KerberosSecurityTokenParameters();

            kstp.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
            secBindingEle.EndpointSupportingTokenParameters.Endorsing.Add(kstp);

            // Create a username token parameter object and set its
            // RequireDerivedKeys to false.
            UserNameSecurityTokenParameters userNameParams =
                new UserNameSecurityTokenParameters();

            userNameParams.RequireDerivedKeys = false;

            // Create a collection object for supporting tokens.
            SupportingTokenParameters stp = new SupportingTokenParameters();

            // Add the previously created supporting tokens.
            stp.Endorsing.Add(issuedSecTok);
            stp.SignedEncrypted.Add(userNameParams);

            // Create a generic dictionary item, a KeyValuePair object
            // that includes all supporting token parameters. Then add
            // it to the dictionary for operation-scope supporting tokens.
            KeyValuePair <string, SupportingTokenParameters> x =
                new KeyValuePair <string, SupportingTokenParameters>("1", stp);

            secBindingEle.OperationSupportingTokenParameters.Add(x);

            // See all dictionary items for the supporting tokens.
            Console.WriteLine("Reading Kevalue pairs");
            foreach (KeyValuePair <string, SupportingTokenParameters> kvp
                     in secBindingEle.OperationSupportingTokenParameters)
            {
                Console.WriteLine("{0}: {1}", kvp.Key, kvp.Value);
            }

            Console.ReadLine();

            return(secBindingEle);
        }

示例#12

0

显示文件

文件： SecurityBindingElement.cs 项目： mdae/MonoRT

 internal SecurityBindingElement()
 {
     DefaultAlgorithmSuite  = SecurityAlgorithmSuite.Default;
     MessageSecurityVersion = MessageSecurityVersion.Default;
     IncludeTimestamp       = true;
     KeyEntropyMode         = SecurityKeyEntropyMode.CombinedEntropy;
     endpoint         = new SupportingTokenParameters();
     operation        = new Dictionary <string, SupportingTokenParameters> ();
     opt_endpoint     = new SupportingTokenParameters();
     opt_operation    = new Dictionary <string, SupportingTokenParameters> ();
     client_settings  = new LocalClientSecuritySettings();
     service_settings = new LocalServiceSecuritySettings();
 }

示例#13

0

显示文件

文件： SecurityBindingElement.cs 项目： Trading-Lab/WCF-Libraries

 internal SecurityBindingElement()
     : base()
 {
     _messageSecurityVersion                     = MessageSecurityVersion.Default;
     _keyEntropyMode                             = AcceleratedTokenProvider.defaultKeyEntropyMode;
     IncludeTimestamp                            = defaultIncludeTimestamp;
     _defaultAlgorithmSuite                      = defaultDefaultAlgorithmSuite;
     LocalClientSettings                         = new LocalClientSecuritySettings();
     EndpointSupportingTokenParameters           = new SupportingTokenParameters();
     OptionalEndpointSupportingTokenParameters   = new SupportingTokenParameters();
     _operationSupportingTokenParameters         = new Dictionary <string, SupportingTokenParameters>();
     _optionalOperationSupportingTokenParameters = new Dictionary <string, SupportingTokenParameters>();
     _securityHeaderLayout                       = SecurityProtocolFactory.defaultSecurityHeaderLayout;
 }

示例#14

0

显示文件

文件： SecurityBindingElement.cs 项目： setamodius/wcf

        internal SecurityBindingElement(SecurityBindingElement elementToBeCloned)
            : base(elementToBeCloned)
        {
            if (elementToBeCloned == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("elementToBeCloned");
            }

            _includeTimestamp                  = elementToBeCloned._includeTimestamp;
            _messageSecurityVersion            = elementToBeCloned._messageSecurityVersion;
            _securityHeaderLayout              = elementToBeCloned._securityHeaderLayout;
            _endpointSupportingTokenParameters = elementToBeCloned._endpointSupportingTokenParameters.Clone();
            _localClientSettings               = elementToBeCloned._localClientSettings.Clone();
            throw ExceptionHelper.PlatformNotSupported("SecurityBindingElement cloning not supported.");
        }

示例#15

0

显示文件

        private void ImportOperationScopeSupportingTokensPolicy(MetadataImporter importer, PolicyConversionContext policyContext, SecurityBindingElement binding)
        {
            foreach (OperationDescription operation in policyContext.Contract.Operations)
            {
                string requestAction = null;
                foreach (MessageDescription message in operation.Messages)
                {
                    if (message.Direction == MessageDirection.Input)
                    {
                        requestAction = message.Action;
                        break;
                    }
                }

                SupportingTokenParameters requirements               = new SupportingTokenParameters();
                SupportingTokenParameters optionalRequirements       = new SupportingTokenParameters();
                ICollection <XmlElement>  operationBindingAssertions = policyContext.GetOperationBindingAssertions(operation);
                this.ImportSupportingTokenAssertions(importer, policyContext, operationBindingAssertions, requirements, optionalRequirements);
                if (requirements.Endorsing.Count > 0 ||
                    requirements.Signed.Count > 0 ||
                    requirements.SignedEncrypted.Count > 0 ||
                    requirements.SignedEndorsing.Count > 0)
                {
                    if (requestAction != null)
                    {
                        binding.OperationSupportingTokenParameters[requestAction] = requirements;
                    }
                    else
                    {
                        throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SRServiceModel.CannotImportSupportingTokensForOperationWithoutRequestAction));
                    }
                }
                if (optionalRequirements.Endorsing.Count > 0 ||
                    optionalRequirements.Signed.Count > 0 ||
                    optionalRequirements.SignedEncrypted.Count > 0 ||
                    optionalRequirements.SignedEndorsing.Count > 0)
                {
                    if (requestAction != null)
                    {
                        binding.OptionalOperationSupportingTokenParameters[requestAction] = optionalRequirements;
                    }
                    else
                    {
                        throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(string.Format(SRServiceModel.CannotImportSupportingTokensForOperationWithoutRequestAction)));
                    }
                }
            }
        }

示例#16

0

显示文件

        private void GetSupportingTokensCapabilities(SupportingTokenParameters requirements, out bool supportsClientAuth, out bool supportsWindowsIdentity)
        {
            supportsClientAuth      = false;
            supportsWindowsIdentity = false;
            GetSupportingTokensCapabilities(requirements.Endorsing, out bool tmpSupportsClientAuth, out bool tmpSupportsWindowsIdentity);
            supportsClientAuth      = supportsClientAuth || tmpSupportsClientAuth;
            supportsWindowsIdentity = supportsWindowsIdentity || tmpSupportsWindowsIdentity;

            GetSupportingTokensCapabilities(requirements.SignedEndorsing, out tmpSupportsClientAuth, out tmpSupportsWindowsIdentity);
            supportsClientAuth      = supportsClientAuth || tmpSupportsClientAuth;
            supportsWindowsIdentity = supportsWindowsIdentity || tmpSupportsWindowsIdentity;

            GetSupportingTokensCapabilities(requirements.SignedEncrypted, out tmpSupportsClientAuth, out tmpSupportsWindowsIdentity);
            supportsClientAuth      = supportsClientAuth || tmpSupportsClientAuth;
            supportsWindowsIdentity = supportsWindowsIdentity || tmpSupportsWindowsIdentity;
        }

示例#17

0

显示文件

文件： SecurityBindingElement.cs 项目： yukozh/wcf

        internal SecurityBindingElement(SecurityBindingElement elementToBeCloned)
            : base(elementToBeCloned)
        {
            if (elementToBeCloned == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("elementToBeCloned");
            }

            _includeTimestamp                  = elementToBeCloned._includeTimestamp;
            _messageSecurityVersion            = elementToBeCloned._messageSecurityVersion;
            _securityHeaderLayout              = elementToBeCloned._securityHeaderLayout;
            _endpointSupportingTokenParameters = elementToBeCloned._endpointSupportingTokenParameters.Clone();
            _localClientSettings               = elementToBeCloned._localClientSettings.Clone();
            _maxReceivedMessageSize            = elementToBeCloned._maxReceivedMessageSize;
            _readerQuotas = elementToBeCloned._readerQuotas;
        }

示例#18

0

显示文件

 internal SecurityBindingElement()
     : base()
 {
     _messageSecurityVersion                     = MessageSecurityVersion.Default;
     _keyEntropyMode                             = SecurityKeyEntropyMode.CombinedEntropy; // AcceleratedTokenProvider.defaultKeyEntropyMode;
     IncludeTimestamp                            = DefaultIncludeTimestamp;
     _defaultAlgorithmSuite                      = s_defaultDefaultAlgorithmSuite;
     LocalServiceSettings                        = new LocalServiceSecuritySettings();
     EndpointSupportingTokenParameters           = new SupportingTokenParameters();
     OptionalEndpointSupportingTokenParameters   = new SupportingTokenParameters();
     _operationSupportingTokenParameters         = new Dictionary <string, SupportingTokenParameters>();
     _optionalOperationSupportingTokenParameters = new Dictionary <string, SupportingTokenParameters>();
     _securityHeaderLayout                       = SecurityHeaderLayout.Strict; // SecurityProtocolFactory.defaultSecurityHeaderLayout;
     AllowInsecureTransport                      = DefaultAllowInsecureTransport;
     EnableUnsecuredResponse                     = DefaultEnableUnsecuredResponse;
     ProtectTokens = DefaultProtectTokens;
 }

示例#19

0

显示文件

        private static ServiceHost StartSTS(Type type, string stsLabel, Uri baseAddress, Uri baseMexAddress)
        {
            // Create the service host
            Uri         stsAddress  = new Uri(baseAddress.AbsoluteUri + "/" + stsLabel);
            ServiceHost serviceHost = new ServiceHost(type, stsAddress);

            // Don't require derived keys for the issue method
            ServiceEndpoint            stsEndpoint     = serviceHost.Description.Endpoints.Find(typeof(nl.telin.authep.sts.IWSTrustContract));
            BindingElementCollection   bindingElements = stsEndpoint.Binding.CreateBindingElements();
            SecurityBindingElement     sbe             = bindingElements.Find <SecurityBindingElement>();
            RsaSecurityTokenParameters rsaParams       = new RsaSecurityTokenParameters();

            rsaParams.InclusionMode      = SecurityTokenInclusionMode.Never;
            rsaParams.RequireDerivedKeys = false;
            SupportingTokenParameters requirements = new SupportingTokenParameters();

            requirements.Endorsing.Add(rsaParams);
            sbe.OptionalOperationSupportingTokenParameters.Add(nl.telin.authep.sts.Constants.WSTrust.Actions.Issue, requirements);
            stsEndpoint.Binding = new CustomBinding(bindingElements);
            serviceHost.Credentials.ServiceCertificate.Certificate = SigningCertificate;

            // Add an https mex listener
            string mexAddress = baseMexAddress.AbsoluteUri + "/" + stsLabel + "/mex";

            serviceHost.AddServiceEndpoint(ServiceMetadataBehavior.MexContractName, MetadataExchangeBindings.CreateMexHttpsBinding(), mexAddress);

            // Disable CRL
            serviceHost.Credentials.IssuedTokenAuthentication.RevocationMode = X509RevocationMode.NoCheck;

            // Open the service
            serviceHost.Open();

            // Display the endpoints
            foreach (ChannelDispatcher cd in serviceHost.ChannelDispatchers)
            {
                foreach (EndpointDispatcher ed in cd.Endpoints)
                {
                    Console.WriteLine("Listener = {0}, State = {1}", ed.EndpointAddress.ToString(), cd.State.ToString());
                }
            }

            return(serviceHost);
        }

示例#20

0

显示文件

 private static void SetIssuerBindingContextIfRequired(SupportingTokenParameters supportingParameters, BindingContext issuerBindingContext)
 {
     for (int i = 0; i < supportingParameters.Endorsing.Count; ++i)
     {
         SetIssuerBindingContextIfRequired(supportingParameters.Endorsing[i], issuerBindingContext);
     }
     for (int i = 0; i < supportingParameters.SignedEndorsing.Count; ++i)
     {
         SetIssuerBindingContextIfRequired(supportingParameters.SignedEndorsing[i], issuerBindingContext);
     }
     for (int i = 0; i < supportingParameters.Signed.Count; ++i)
     {
         SetIssuerBindingContextIfRequired(supportingParameters.Signed[i], issuerBindingContext);
     }
     for (int i = 0; i < supportingParameters.SignedEncrypted.Count; ++i)
     {
         SetIssuerBindingContextIfRequired(supportingParameters.SignedEncrypted[i], issuerBindingContext);
     }
 }

示例#21

0

显示文件

文件： WSHttpBindingTest.cs 项目： zzwwqqq/mono

        public void DefaultMessageSecurity()
        {
            WSHttpBinding b = new WSHttpBinding();
            SymmetricSecurityBindingElement sbe = b.CreateBindingElements().Find <SymmetricSecurityBindingElement> ();

            Assert.IsNotNull(sbe, "#0");

            SecureConversationSecurityTokenParameters p =
                sbe.ProtectionTokenParameters as SecureConversationSecurityTokenParameters;

            Assert.IsNotNull(p, "#1");
            SymmetricSecurityBindingElement scbe =
                p.BootstrapSecurityBindingElement as SymmetricSecurityBindingElement;

            Assert.IsNotNull(scbe, "#1.1");
            // since the default w/o SecureConv is SSPI ...
            Assert.IsTrue(scbe.ProtectionTokenParameters is SspiSecurityTokenParameters, "#1.2");

            Assert.AreEqual(SecurityAlgorithmSuite.Default,
                            sbe.DefaultAlgorithmSuite, "#2");

            SupportingTokenParameters s =
                sbe.EndpointSupportingTokenParameters;

            Assert.IsNotNull(s, "#3");
            Assert.AreEqual(0, s.Endorsing.Count, "#3-1");
            Assert.AreEqual(0, s.Signed.Count, "#3-2");
            Assert.AreEqual(0, s.SignedEndorsing.Count, "#3-3");
            Assert.AreEqual(0, s.SignedEncrypted.Count, "#3-4");

            Assert.AreEqual(0, sbe.OperationSupportingTokenParameters.Count, "#4");

            s = sbe.OptionalEndpointSupportingTokenParameters;
            Assert.IsNotNull(s, "#5");
            Assert.AreEqual(0, s.Endorsing.Count, "#5-1");
            Assert.AreEqual(0, s.Signed.Count, "#5-2");
            Assert.AreEqual(0, s.SignedEndorsing.Count, "#5-3");
            Assert.AreEqual(0, s.SignedEncrypted.Count, "#5-4");
            Assert.AreEqual(0, sbe.OptionalOperationSupportingTokenParameters.Count, "#6");
        }

示例#22

0

显示文件

文件： SecurityBindingElement.cs 项目： yukozh/wcf

        // this method reverses CreateMutualCertificateBindingElement() logic
        internal static bool IsCertificateOverTransportBinding(SecurityBindingElement sbe)
        {
            // do not check local settings: sbe.LocalServiceSettings and sbe.LocalClientSettings
            if (!sbe.IncludeTimestamp)
            {
                return(false);
            }

            if (!(sbe is TransportSecurityBindingElement))
            {
                return(false);
            }

            SupportingTokenParameters parameters = sbe.EndpointSupportingTokenParameters;

            if (parameters.Signed.Count != 0 || parameters.SignedEncrypted.Count != 0 || parameters.Endorsing.Count != 1 || parameters.SignedEndorsing.Count != 0)
            {
                return(false);
            }

            throw ExceptionHelper.PlatformNotSupported("SecurityBindingElement.IsCertificateOverTransportBinding is not supported.");
        }

示例#23

0

显示文件

 void CollectSupportingTokensCore(
     SupportingTokenInfoCollection l,
     SupportingTokenParameters s,
     bool required)
 {
     foreach (SecurityTokenParameters p in s.Signed)
     {
         l.Add(new SupportingTokenInfo(GetSigningToken(p), SecurityTokenAttachmentMode.Signed, required));
     }
     foreach (SecurityTokenParameters p in s.Endorsing)
     {
         l.Add(new SupportingTokenInfo(GetSigningToken(p), SecurityTokenAttachmentMode.Endorsing, required));
     }
     foreach (SecurityTokenParameters p in s.SignedEndorsing)
     {
         l.Add(new SupportingTokenInfo(GetSigningToken(p), SecurityTokenAttachmentMode.SignedEndorsing, required));
     }
     foreach (SecurityTokenParameters p in s.SignedEncrypted)
     {
         l.Add(new SupportingTokenInfo(GetSigningToken(p), SecurityTokenAttachmentMode.SignedEncrypted, required));
     }
 }

示例#24

0

显示文件

        //<snippet7>
        // This method creates a CustomBinding that includes two tokens of a given type.
        //<snippet8>
        public static Binding CreateCustomBinding(EndpointAddress issuerEndpointAddress1, Binding issuerBinding1, EndpointAddress issuerEndpointAddress2, Binding issuerBinding2)
        {
            //<snippet9>
            // Create an empty BindingElementCollection to populate,
            // then create a custom binding from it.
            BindingElementCollection bec = new BindingElementCollection();
            //</snippet9>

            //<snippet10>
            SecurityBindingElement sbe = SecurityBindingElement.CreateMutualCertificateBindingElement();
            //</snippet10>

            //<snippet11>
            SupportingTokenParameters supportParams = new SupportingTokenParameters();

            //</snippet11>

            //<snippet12>
            // Two supporting SAML tokens are being added.
            supportParams.SignedEndorsing.Add(new IssuedSecurityTokenParameters("samlTokenType", issuerEndpointAddress1, issuerBinding1));
            supportParams.SignedEndorsing.Add(new IssuedSecurityTokenParameters("samlTokenType", issuerEndpointAddress2, issuerBinding2));
            //</snippet12>

            //<snippet13>
            ((SymmetricSecurityBindingElement)sbe).OperationSupportingTokenParameters.Add("*", supportParams);
            //</snippet13>

            //<snippet14>
            bec.Add(sbe);
            bec.Add(new TextMessageEncodingBindingElement());
            bec.Add(new HttpTransportBindingElement());
            //</snippet14>

            //<snippet15>
            // Create a CustomBinding and return it; otherwise, return null.
            return(new CustomBinding(bec));
            //</snippet15>
        }

示例#25

0

显示文件

文件： SecurityElementBase.cs 项目： longde123/playscript

        internal static bool AreBindingsMatching(SecurityBindingElement b1, SecurityBindingElement b2, bool exactMessageSecurityVersion)
        {
            if (b1 == null || b2 == null)
            {
                return(b1 == b2);
            }

            if (b1.GetType() != b2.GetType())
            {
                return(false);
            }

            if (b1.MessageSecurityVersion != b2.MessageSecurityVersion)
            {
                // exactMessageSecurityVersion meant that BSP mismatch could be ignored
                if (exactMessageSecurityVersion)
                {
                    return(false);
                }

                if (b1.MessageSecurityVersion.SecurityVersion != b2.MessageSecurityVersion.SecurityVersion ||
                    b1.MessageSecurityVersion.TrustVersion != b2.MessageSecurityVersion.TrustVersion ||
                    b1.MessageSecurityVersion.SecureConversationVersion != b2.MessageSecurityVersion.SecureConversationVersion ||
                    b1.MessageSecurityVersion.SecurityPolicyVersion != b2.MessageSecurityVersion.SecurityPolicyVersion)
                {
                    return(false);
                }
            }

            if (b1.SecurityHeaderLayout != b2.SecurityHeaderLayout)
            {
                return(false);
            }

            if (b1.DefaultAlgorithmSuite != b2.DefaultAlgorithmSuite)
            {
                return(false);
            }

            if (b1.IncludeTimestamp != b2.IncludeTimestamp)
            {
                return(false);
            }

            if (b1.SecurityHeaderLayout != b2.SecurityHeaderLayout)
            {
                return(false);
            }

            if (b1.KeyEntropyMode != b2.KeyEntropyMode)
            {
                return(false);
            }

            if (!AreTokenParameterCollectionsMatching(b1.EndpointSupportingTokenParameters.Endorsing, b2.EndpointSupportingTokenParameters.Endorsing, exactMessageSecurityVersion))
            {
                return(false);
            }

            if (!AreTokenParameterCollectionsMatching(b1.EndpointSupportingTokenParameters.SignedEncrypted, b2.EndpointSupportingTokenParameters.SignedEncrypted, exactMessageSecurityVersion))
            {
                return(false);
            }

            if (!AreTokenParameterCollectionsMatching(b1.EndpointSupportingTokenParameters.Signed, b2.EndpointSupportingTokenParameters.Signed, exactMessageSecurityVersion))
            {
                return(false);
            }

            if (!AreTokenParameterCollectionsMatching(b1.EndpointSupportingTokenParameters.SignedEndorsing, b2.EndpointSupportingTokenParameters.SignedEndorsing, exactMessageSecurityVersion))
            {
                return(false);
            }

            if (b1.OperationSupportingTokenParameters.Count != b2.OperationSupportingTokenParameters.Count)
            {
                return(false);
            }

            foreach (KeyValuePair <string, SupportingTokenParameters> operation1 in b1.OperationSupportingTokenParameters)
            {
                if (!b2.OperationSupportingTokenParameters.ContainsKey(operation1.Key))
                {
                    return(false);
                }

                SupportingTokenParameters stp2 = b2.OperationSupportingTokenParameters[operation1.Key];

                if (!AreTokenParameterCollectionsMatching(operation1.Value.Endorsing, stp2.Endorsing, exactMessageSecurityVersion))
                {
                    return(false);
                }

                if (!AreTokenParameterCollectionsMatching(operation1.Value.SignedEncrypted, stp2.SignedEncrypted, exactMessageSecurityVersion))
                {
                    return(false);
                }

                if (!AreTokenParameterCollectionsMatching(operation1.Value.Signed, stp2.Signed, exactMessageSecurityVersion))
                {
                    return(false);
                }

                if (!AreTokenParameterCollectionsMatching(operation1.Value.SignedEndorsing, stp2.SignedEndorsing, exactMessageSecurityVersion))
                {
                    return(false);
                }
            }

            SymmetricSecurityBindingElement ssbe1 = b1 as SymmetricSecurityBindingElement;

            if (ssbe1 != null)
            {
                SymmetricSecurityBindingElement ssbe2 = (SymmetricSecurityBindingElement)b2;

                if (ssbe1.MessageProtectionOrder != ssbe2.MessageProtectionOrder)
                {
                    return(false);
                }

                if (!AreTokenParametersMatching(ssbe1.ProtectionTokenParameters, ssbe2.ProtectionTokenParameters, false, exactMessageSecurityVersion))
                {
                    return(false);
                }
            }

            AsymmetricSecurityBindingElement asbe1 = b1 as AsymmetricSecurityBindingElement;

            if (asbe1 != null)
            {
                AsymmetricSecurityBindingElement asbe2 = (AsymmetricSecurityBindingElement)b2;

                if (asbe1.MessageProtectionOrder != asbe2.MessageProtectionOrder)
                {
                    return(false);
                }

                if (asbe1.RequireSignatureConfirmation != asbe2.RequireSignatureConfirmation)
                {
                    return(false);
                }

                if (!AreTokenParametersMatching(asbe1.InitiatorTokenParameters, asbe2.InitiatorTokenParameters, true, exactMessageSecurityVersion) ||
                    !AreTokenParametersMatching(asbe1.RecipientTokenParameters, asbe2.RecipientTokenParameters, true, exactMessageSecurityVersion))
                {
                    return(false);
                }
            }

            return(true);
        }

示例#26

0

显示文件

        private void ImportSupportingTokenAssertions(MetadataImporter importer, PolicyConversionContext policyContext, ICollection <XmlElement> assertions, SupportingTokenParameters requirements, SupportingTokenParameters optionalRequirements)
        {
            WSSecurityPolicy securityPolicy;

            if (WSSecurityPolicy.TryGetSecurityPolicyDriver(assertions, out securityPolicy))
            {
                securityPolicy.TryImportWsspSupportingTokensAssertion(
                    importer,
                    policyContext,
                    assertions,
                    requirements.Signed,
                    requirements.SignedEncrypted,
                    requirements.Endorsing,
                    requirements.SignedEndorsing,
                    optionalRequirements.Signed,
                    optionalRequirements.SignedEncrypted,
                    optionalRequirements.Endorsing,
                    optionalRequirements.SignedEndorsing);
            }
        }

示例#27

0

显示文件

文件： Program.cs 项目： DarthScottius/WCFMonitor

        private static ServiceHost CreateServiceHost(Type component)
        {
            ServiceHost sh = new ServiceHost(component);

            sh.Open();

            Console.WriteLine("Endpoint Listeners:");
            Console.WriteLine("----------------");
            foreach (ChannelDispatcher cd in sh.ChannelDispatchers)
            {
                foreach (EndpointDispatcher epd in cd.Endpoints)
                {
                    Console.Write(epd.EndpointAddress.Uri.AbsoluteUri);

                    ConsoleColor origCol = Console.ForegroundColor;

                    ServiceEndpoint servend = sh.Description.Endpoints.Find(epd.EndpointAddress.Uri);
                    if (servend != null)
                    {
                        Console.WriteLine("\tPhysical listeningURI: " + servend.ListenUri.AbsoluteUri);

                        Console.ForegroundColor = ConsoleColor.DarkYellow;

                        BindingElementCollection bec = servend.Binding.CreateBindingElements();
                        foreach (BindingElement be in bec)
                        {
                            Console.WriteLine("\t" + be.GetType().ToString());
                            SymmetricSecurityBindingElement  symBe   = be as SymmetricSecurityBindingElement;
                            AsymmetricSecurityBindingElement asymBe  = be as AsymmetricSecurityBindingElement;
                            TransportSecurityBindingElement  transBe = be as TransportSecurityBindingElement;


                            if (symBe != null)
                            {
                                Console.WriteLine("\t\t" + symBe.ProtectionTokenParameters.GetType().ToString());
                            }

                            if (asymBe != null)
                            {
                                X509SecurityTokenParameters initParms = asymBe.InitiatorTokenParameters as X509SecurityTokenParameters;
                                X509SecurityTokenParameters recParms  = asymBe.RecipientTokenParameters as X509SecurityTokenParameters;
                                if (initParms != null)
                                {
                                    Console.WriteLine("\t\tInitiator Security Token Parmeter type");
                                    Console.WriteLine("\t\t\t" + initParms.GetType().ToString() + Environment.NewLine + "\t\t\tInclusionMode: " + initParms.InclusionMode.ToString());
                                }
                                if (recParms != null)
                                {
                                    Console.WriteLine("\t\tRecipient Security Token Parmeter type");

                                    Console.WriteLine("\t\t\t" + recParms.GetType().ToString() + Environment.NewLine + "\t\t\tInclusionMode: " + recParms.InclusionMode.ToString());
                                }
                            }

                            if (transBe != null)
                            {
                                SupportingTokenParameters supTokParms = transBe.EndpointSupportingTokenParameters;

                                if (supTokParms.Endorsing.Count > 0)
                                {
                                    ShowSecurityTokenParmeters(supTokParms.Endorsing, "Endorsing");
                                }
                            }
                        }
                    }


                    Console.ForegroundColor = origCol;
                    Console.WriteLine();
                }
            }
            return(sh);
        }

示例#28

0

显示文件

        public static void AssertSecurityBindingElement(
            SecurityAlgorithmSuite algorithm,
            bool includeTimestamp,
            SecurityKeyEntropyMode keyEntropyMode,
            MessageSecurityVersion messageSecurityVersion,
            SecurityHeaderLayout securityHeaderLayout,
            // EndpointSupportingTokenParameters
            int endorsing, int signed, int signedEncrypted, int signedEndorsing,
            // LocalClientSettings
            bool cacheCookies,
            int renewalThresholdPercentage,
            bool detectReplays,
            SecurityBindingElement be, string label)
        {
            Assert.AreEqual(algorithm, be.DefaultAlgorithmSuite, label + ".DefaultAlgorithmSuite");
            Assert.AreEqual(includeTimestamp, be.IncludeTimestamp, label + ".KeyEntropyMode");
            Assert.AreEqual(keyEntropyMode,
                            be.KeyEntropyMode, label + "#3");

            Assert.AreEqual(messageSecurityVersion,
                            be.MessageSecurityVersion, label + ".MessageSecurityVersion");
            Assert.AreEqual(securityHeaderLayout,
                            be.SecurityHeaderLayout, label + ".SecurityHeaderLayout");

            // FIXME: they should be extracted step by step...

            // EndpointSupportingTokenParameters
            SupportingTokenParameters tp = be.EndpointSupportingTokenParameters;

            AssertSupportingTokenParameters(
                endorsing, signed, signedEncrypted, signedEndorsing,
                tp, label + ".Endpoint");

            // OptionalEndpointSupportingTokenParameters
            tp = be.OptionalEndpointSupportingTokenParameters;
            Assert.IsNotNull(tp, label + "#3-0");
            Assert.AreEqual(0, tp.Endorsing.Count, label + "#3-1");
            Assert.AreEqual(0, tp.Signed.Count, label + "#3-2");
            Assert.AreEqual(0, tp.SignedEncrypted.Count, label + "#3-3");
            Assert.AreEqual(0, tp.SignedEndorsing.Count, label + "#3-4");

            // OperationSupportingTokenParameters
            IDictionary <string, SupportingTokenParameters> oper = be.OperationSupportingTokenParameters;

            Assert.IsNotNull(oper, label + "#4-1");
            Assert.AreEqual(0, oper.Count, label + "#4-2");

            // OptionalOperationSupportingTokenParameters
            oper = be.OptionalOperationSupportingTokenParameters;
            Assert.IsNotNull(oper, label + "#5-1");
            Assert.AreEqual(0, oper.Count, label + "#5-2");

            // LocalClientSettings
            LocalClientSecuritySettings lc =
                be.LocalClientSettings;

            AssertLocalClientSecuritySettings(
                cacheCookies,
                renewalThresholdPercentage,
                detectReplays,
                lc, "");
            // FIXME: IdentityVerifier
            Assert.AreEqual(TimeSpan.FromMinutes(5), lc.MaxClockSkew, label + "#7-5");
            Assert.AreEqual(TimeSpan.MaxValue, lc.MaxCookieCachingTime, label + "#7-6");
            Assert.AreEqual(true, lc.ReconnectTransportOnFailure, label + "#7-7");
            Assert.AreEqual(900000, lc.ReplayCacheSize, label + "#7-8");
            Assert.AreEqual(TimeSpan.FromMinutes(5), lc.ReplayWindow, label + "#7-9");
            Assert.AreEqual(TimeSpan.FromHours(10), lc.SessionKeyRenewalInterval, label + "#7-10");
            Assert.AreEqual(TimeSpan.FromMinutes(5), lc.SessionKeyRolloverInterval, label + "#7-11");
            Assert.AreEqual(TimeSpan.FromMinutes(5), lc.TimestampValidityDuration, label + "#7-12");

            // FIXME: LocalServiceSettings
        }

示例#29

0

显示文件

 private void AddSupportingTokenAuthenticators(SupportingTokenParameters supportingTokenParameters, bool isOptional, IList <SupportingTokenAuthenticatorSpecification> authenticatorSpecList)
 {
     for (int i = 0; i < supportingTokenParameters.Endorsing.Count; ++i)
     {
         SecurityTokenRequirement requirement = this.CreateRecipientSecurityTokenRequirement(supportingTokenParameters.Endorsing[i], SecurityTokenAttachmentMode.Endorsing);
         try
         {
             System.IdentityModel.Selectors.SecurityTokenResolver      resolver;
             System.IdentityModel.Selectors.SecurityTokenAuthenticator authenticator = this.SecurityTokenManager.CreateSecurityTokenAuthenticator(requirement, out resolver);
             SupportingTokenAuthenticatorSpecification authenticatorSpec             = new SupportingTokenAuthenticatorSpecification(authenticator, resolver, SecurityTokenAttachmentMode.Endorsing, supportingTokenParameters.Endorsing[i], isOptional);
             authenticatorSpecList.Add(authenticatorSpec);
         }
         catch (Exception e)
         {
             if (!isOptional || Fx.IsFatal(e))
             {
                 throw;
             }
         }
     }
     for (int i = 0; i < supportingTokenParameters.SignedEndorsing.Count; ++i)
     {
         SecurityTokenRequirement requirement = this.CreateRecipientSecurityTokenRequirement(supportingTokenParameters.SignedEndorsing[i], SecurityTokenAttachmentMode.SignedEndorsing);
         try
         {
             System.IdentityModel.Selectors.SecurityTokenResolver      resolver;
             System.IdentityModel.Selectors.SecurityTokenAuthenticator authenticator = this.SecurityTokenManager.CreateSecurityTokenAuthenticator(requirement, out resolver);
             SupportingTokenAuthenticatorSpecification authenticatorSpec             = new SupportingTokenAuthenticatorSpecification(authenticator, resolver, SecurityTokenAttachmentMode.SignedEndorsing, supportingTokenParameters.SignedEndorsing[i], isOptional);
             authenticatorSpecList.Add(authenticatorSpec);
         }
         catch (Exception e)
         {
             if (!isOptional || Fx.IsFatal(e))
             {
                 throw;
             }
         }
     }
     for (int i = 0; i < supportingTokenParameters.SignedEncrypted.Count; ++i)
     {
         SecurityTokenRequirement requirement = this.CreateRecipientSecurityTokenRequirement(supportingTokenParameters.SignedEncrypted[i], SecurityTokenAttachmentMode.SignedEncrypted);
         try
         {
             System.IdentityModel.Selectors.SecurityTokenResolver      resolver;
             System.IdentityModel.Selectors.SecurityTokenAuthenticator authenticator = this.SecurityTokenManager.CreateSecurityTokenAuthenticator(requirement, out resolver);
             SupportingTokenAuthenticatorSpecification authenticatorSpec             = new SupportingTokenAuthenticatorSpecification(authenticator, resolver, SecurityTokenAttachmentMode.SignedEncrypted, supportingTokenParameters.SignedEncrypted[i], isOptional);
             authenticatorSpecList.Add(authenticatorSpec);
         }
         catch (Exception e)
         {
             if (!isOptional || Fx.IsFatal(e))
             {
                 throw;
             }
         }
     }
     for (int i = 0; i < supportingTokenParameters.Signed.Count; ++i)
     {
         SecurityTokenRequirement requirement = this.CreateRecipientSecurityTokenRequirement(supportingTokenParameters.Signed[i], SecurityTokenAttachmentMode.Signed);
         try
         {
             System.IdentityModel.Selectors.SecurityTokenResolver      resolver;
             System.IdentityModel.Selectors.SecurityTokenAuthenticator authenticator = this.SecurityTokenManager.CreateSecurityTokenAuthenticator(requirement, out resolver);
             SupportingTokenAuthenticatorSpecification authenticatorSpec             = new SupportingTokenAuthenticatorSpecification(authenticator, resolver, SecurityTokenAttachmentMode.Signed, supportingTokenParameters.Signed[i], isOptional);
             authenticatorSpecList.Add(authenticatorSpec);
         }
         catch (Exception e)
         {
             if (!isOptional || Fx.IsFatal(e))
             {
                 throw;
             }
         }
     }
 }

示例#30

0

显示文件

文件： SecurityProtocol.cs 项目： Trading-Lab/WCF-Libraries

        private void AddSupportingTokenProviders(SupportingTokenParameters supportingTokenParameters, bool isOptional, IList <SupportingTokenProviderSpecification> providerSpecList)
        {
            for (int i = 0; i < supportingTokenParameters.Endorsing.Count; ++i)
            {
                SecurityTokenRequirement requirement = CreateInitiatorSecurityTokenRequirement(supportingTokenParameters.Endorsing[i], SecurityTokenAttachmentMode.Endorsing);
                try
                {
                    if (isOptional)
                    {
                        requirement.IsOptionalToken = true;
                    }
                    SecurityTokenProvider provider = SecurityProtocolFactory.SecurityTokenManager.CreateSecurityTokenProvider(requirement);
                    if (provider == null)
                    {
                        continue;
                    }
                    SupportingTokenProviderSpecification providerSpec = new SupportingTokenProviderSpecification(provider, SecurityTokenAttachmentMode.Endorsing, supportingTokenParameters.Endorsing[i]);
                    providerSpecList.Add(providerSpec);
                }
                catch (Exception e)
                {
                    if (!isOptional || Fx.IsFatal(e))
                    {
                        throw;
                    }
                }
            }

            for (int i = 0; i < supportingTokenParameters.SignedEndorsing.Count; ++i)
            {
                SecurityTokenRequirement requirement = CreateInitiatorSecurityTokenRequirement(supportingTokenParameters.SignedEndorsing[i], SecurityTokenAttachmentMode.SignedEndorsing);
                try
                {
                    if (isOptional)
                    {
                        requirement.IsOptionalToken = true;
                    }
                    SecurityTokenProvider provider = SecurityProtocolFactory.SecurityTokenManager.CreateSecurityTokenProvider(requirement);
                    if (provider == null)
                    {
                        continue;
                    }
                    SupportingTokenProviderSpecification providerSpec = new SupportingTokenProviderSpecification(provider, SecurityTokenAttachmentMode.SignedEndorsing, supportingTokenParameters.SignedEndorsing[i]);
                    providerSpecList.Add(providerSpec);
                }
                catch (Exception e)
                {
                    if (!isOptional || Fx.IsFatal(e))
                    {
                        throw;
                    }
                }
            }

            for (int i = 0; i < supportingTokenParameters.SignedEncrypted.Count; ++i)
            {
                SecurityTokenRequirement requirement = CreateInitiatorSecurityTokenRequirement(supportingTokenParameters.SignedEncrypted[i], SecurityTokenAttachmentMode.SignedEncrypted);
                try
                {
                    if (isOptional)
                    {
                        requirement.IsOptionalToken = true;
                    }
                    SecurityTokenProvider provider = SecurityProtocolFactory.SecurityTokenManager.CreateSecurityTokenProvider(requirement);
                    if (provider == null)
                    {
                        continue;
                    }
                    SupportingTokenProviderSpecification providerSpec = new SupportingTokenProviderSpecification(provider, SecurityTokenAttachmentMode.SignedEncrypted, supportingTokenParameters.SignedEncrypted[i]);
                    providerSpecList.Add(providerSpec);
                }
                catch (Exception e)
                {
                    if (!isOptional || Fx.IsFatal(e))
                    {
                        throw;
                    }
                }
            }

            for (int i = 0; i < supportingTokenParameters.Signed.Count; ++i)
            {
                SecurityTokenRequirement requirement = CreateInitiatorSecurityTokenRequirement(supportingTokenParameters.Signed[i], SecurityTokenAttachmentMode.Signed);
                try
                {
                    if (isOptional)
                    {
                        requirement.IsOptionalToken = true;
                    }
                    SecurityTokenProvider provider = SecurityProtocolFactory.SecurityTokenManager.CreateSecurityTokenProvider(requirement);
                    if (provider == null)
                    {
                        continue;
                    }
                    SupportingTokenProviderSpecification providerSpec = new SupportingTokenProviderSpecification(provider, SecurityTokenAttachmentMode.Signed, supportingTokenParameters.Signed[i]);
                    providerSpecList.Add(providerSpec);
                }
                catch (Exception e)
                {
                    if (!isOptional || Fx.IsFatal(e))
                    {
                        throw;
                    }
                }
            }
        }

C# (CSharp) SupportingTokenParameters示例