static void Run() { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement(); sbe.SecurityHeaderLayout = SecurityHeaderLayout.Lax; sbe.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11; sbe.RequireSignatureConfirmation = true; sbe.LocalClientSettings.DetectReplays = false; sbe.IncludeTimestamp = false; X509SecurityTokenParameters p = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.IssuerSerial, SecurityTokenInclusionMode.AlwaysToRecipient); p.RequireDerivedKeys = false; //sbe.EndpointSupportingTokenParameters.Endorsing.Add (p); sbe.ProtectionTokenParameters = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.Never); sbe.SetKeyDerivation(false); sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; HttpTransportBindingElement hbe = new HttpTransportBindingElement(); CustomBinding binding = new CustomBinding(new XBE(), sbe, hbe); //X509Certificate2 cert = new X509Certificate2 ("test.pfx", "mono"); X509Certificate2 cert = new X509Certificate2("test.cer"); //, "mono"); FooProxy proxy = new FooProxy(binding, new EndpointAddress(new Uri("http://localhost:8080"), new X509CertificateEndpointIdentity(cert))); proxy.Endpoint.Behaviors.Add(new StdErrInspectionBehavior()); proxy.Open(); Console.WriteLine(proxy.Echo("TEST FOR ECHO")); }
static void Run() { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement(); //sbe.IncludeTimestamp = false; //sbe.LocalClientSettings.DetectReplays = false; //X509SecurityTokenParameters p = new X509SecurityTokenParameters (); //sbe.EndpointSupportingTokenParameters.Endorsing.Add (p); sbe.ProtectionTokenParameters = new X509SecurityTokenParameters(); sbe.ProtectionTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never; sbe.SetKeyDerivation(false); sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; HttpTransportBindingElement hbe = new HttpTransportBindingElement(); CustomBinding binding = new CustomBinding(new XBE(), sbe, hbe); X509Certificate2 cert = new X509Certificate2("test.pfx", "mono"); X509Certificate2 cert2 = cert; //new X509Certificate2 ("test2.cer"); FooProxy proxy = new FooProxy(binding, new EndpointAddress(new Uri("http://localhost:8080"), new X509CertificateEndpointIdentity(cert2))); //proxy.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; proxy.ClientCredentials.ClientCertificate.Certificate = cert; proxy.Endpoint.Behaviors.Add(new StdErrInspectionBehavior()); proxy.Open(); Console.WriteLine(proxy.Echo(Message.CreateMessage(MessageVersion.Default, "http://tempuri.org/IFoo/Echo", "Request Input text."))); }
// based on WSHttpBinding.CreateMessageSecurity() SecurityBindingElement CreateMessageSecurity() { if (Security.Mode == SecurityMode.Transport || Security.Mode == SecurityMode.None) { return(null); } SymmetricSecurityBindingElement element = new SymmetricSecurityBindingElement(); element.MessageSecurityVersion = MessageSecurityVersion.Default; element.SetKeyDerivation(false); switch (Security.Message.ClientCredentialType) { case MessageCredentialType.Certificate: element.EndpointSupportingTokenParameters.Endorsing.Add( new X509SecurityTokenParameters()); goto default; case MessageCredentialType.IssuedToken: IssuedSecurityTokenParameters istp = new IssuedSecurityTokenParameters(); // FIXME: issuer binding must be secure. istp.IssuerBinding = new CustomBinding( new TextMessageEncodingBindingElement(), GetTransport()); element.EndpointSupportingTokenParameters.Endorsing.Add(istp); goto default; case MessageCredentialType.UserName: element.EndpointSupportingTokenParameters.SignedEncrypted.Add( new UserNameSecurityTokenParameters()); goto default; case MessageCredentialType.Windows: element.ProtectionTokenParameters = new KerberosSecurityTokenParameters(); break; default: // including .None X509SecurityTokenParameters p = new X509SecurityTokenParameters(); p.X509ReferenceStyle = X509KeyIdentifierClauseType.Thumbprint; element.ProtectionTokenParameters = p; break; } return(element); }
public static void Main() { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement(); sbe.SecurityHeaderLayout = SecurityHeaderLayout.Lax; sbe.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11; sbe.RequireSignatureConfirmation = true; sbe.LocalServiceSettings.DetectReplays = false; sbe.IncludeTimestamp = false; sbe.ProtectionTokenParameters = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.Never); X509SecurityTokenParameters p = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.IssuerSerial, SecurityTokenInclusionMode.AlwaysToRecipient); p.RequireDerivedKeys = false; //sbe.EndpointSupportingTokenParameters.Endorsing.Add (p); sbe.SetKeyDerivation(false); sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; ServiceHost host = new ServiceHost(typeof(Foo)); HttpTransportBindingElement hbe = new HttpTransportBindingElement(); CustomBinding binding = new CustomBinding(sbe, hbe); binding.ReceiveTimeout = TimeSpan.FromSeconds(5); host.AddServiceEndpoint("IFoo", binding, new Uri("http://localhost:8080")); ServiceCredentials cred = new ServiceCredentials(); cred.ServiceCertificate.Certificate = new X509Certificate2("test.pfx", "mono"); host.Description.Behaviors.Add(cred); host.Description.Behaviors.Find <ServiceDebugBehavior> () .IncludeExceptionDetailInFaults = true; foreach (ServiceEndpoint se in host.Description.Endpoints) { se.Behaviors.Add(new StdErrInspectionBehavior()); } ServiceMetadataBehavior smb = new ServiceMetadataBehavior(); smb.HttpGetEnabled = true; smb.HttpGetUrl = new Uri("http://localhost:8080/wsdl"); host.Description.Behaviors.Add(smb); host.Open(); Console.WriteLine("Hit [CR] key to close ..."); Console.ReadLine(); host.Close(); }
private static SecurityBindingElement CreateSecurityBindingElement() { SymmetricSecurityBindingElement sbe = SecurityBindingElement.CreateUserNameForSslBindingElement(); //sbe.IncludeTimestamp = false; //sbe.LocalServiceSettings.DetectReplays = false; sbe.ProtectionTokenParameters = new X509SecurityTokenParameters(); // This "Never" is somehow mandatory (though I wonder why ...) sbe.ProtectionTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never; sbe.MessageSecurityVersion = MessageSecurityVersion.Default; //sbe.RequireSignatureConfirmation = true; //sbe.KeyEntropyMode = SecurityKeyEntropyMode.ServerEntropy; sbe.SetKeyDerivation(false); sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; return(sbe); }
public void SetKeyDerivation() { SymmetricSecurityBindingElement be; X509SecurityTokenParameters p; be = new SymmetricSecurityBindingElement(); p = new X509SecurityTokenParameters(); be.ProtectionTokenParameters = p; be.SetKeyDerivation(false); Assert.AreEqual(false, p.RequireDerivedKeys, "#1"); be = new SymmetricSecurityBindingElement(); p = new X509SecurityTokenParameters(); be.SetKeyDerivation(false); // set in prior - makes no sense be.ProtectionTokenParameters = p; Assert.AreEqual(true, p.RequireDerivedKeys, "#2"); }
public static void Main() { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement(); //sbe.IncludeTimestamp = false; //sbe.LocalServiceSettings.DetectReplays = false; sbe.ProtectionTokenParameters = new X509SecurityTokenParameters(); // This "Never" is somehow mandatory (though I wonder why ...) sbe.ProtectionTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never; sbe.SetKeyDerivation(false); sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; ServiceHost host = new ServiceHost(typeof(Foo)); HttpTransportBindingElement hbe = new HttpTransportBindingElement(); CustomBinding binding = new CustomBinding(sbe, hbe); binding.ReceiveTimeout = TimeSpan.FromSeconds(5); host.AddServiceEndpoint("IFoo", binding, new Uri("http://localhost:8080")); ServiceCredentials cred = new ServiceCredentials(); cred.ServiceCertificate.Certificate = new X509Certificate2("test.pfx", "mono"); cred.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; host.Description.Behaviors.Add(cred); host.Description.Behaviors.Find <ServiceDebugBehavior> () .IncludeExceptionDetailInFaults = true; foreach (ServiceEndpoint se in host.Description.Endpoints) { se.Behaviors.Add(new StdErrInspectionBehavior()); } ServiceMetadataBehavior smb = new ServiceMetadataBehavior(); smb.HttpGetEnabled = true; smb.HttpGetUrl = new Uri("http://localhost:8080/wsdl"); host.Description.Behaviors.Add(smb); host.Open(); Console.WriteLine("Hit [CR] key to close ..."); Console.ReadLine(); host.Close(); }
public static void Main () { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement (); sbe.SecurityHeaderLayout = SecurityHeaderLayout.Lax; sbe.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11; sbe.RequireSignatureConfirmation = true; sbe.LocalServiceSettings.DetectReplays = false; sbe.IncludeTimestamp = false; sbe.ProtectionTokenParameters = new X509SecurityTokenParameters (X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.Never); X509SecurityTokenParameters p = new X509SecurityTokenParameters (X509KeyIdentifierClauseType.IssuerSerial, SecurityTokenInclusionMode.AlwaysToRecipient); p.RequireDerivedKeys = false; //sbe.EndpointSupportingTokenParameters.Endorsing.Add (p); sbe.SetKeyDerivation (false); sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; ServiceHost host = new ServiceHost (typeof (Foo)); HttpTransportBindingElement hbe = new HttpTransportBindingElement (); CustomBinding binding = new CustomBinding (sbe, hbe); binding.ReceiveTimeout = TimeSpan.FromSeconds (5); host.AddServiceEndpoint ("IFoo", binding, new Uri ("http://localhost:8080")); ServiceCredentials cred = new ServiceCredentials (); cred.ServiceCertificate.Certificate = new X509Certificate2 ("test.pfx", "mono"); host.Description.Behaviors.Add (cred); host.Description.Behaviors.Find<ServiceDebugBehavior> () .IncludeExceptionDetailInFaults = true; foreach (ServiceEndpoint se in host.Description.Endpoints) se.Behaviors.Add (new StdErrInspectionBehavior ()); ServiceMetadataBehavior smb = new ServiceMetadataBehavior (); smb.HttpGetEnabled = true; smb.HttpGetUrl = new Uri ("http://localhost:8080/wsdl"); host.Description.Behaviors.Add (smb); host.Open (); Console.WriteLine ("Hit [CR] key to close ..."); Console.ReadLine (); host.Close (); }
private Guid CreateService(string url, string username, string password) { Guid sessionId; SymmetricSecurityBindingElement sbe = SecurityBindingElement.CreateUserNameForCertificateBindingElement(); //sbe.IncludeTimestamp = false; //sbe.LocalClientSettings.DetectReplays = false; sbe.ProtectionTokenParameters = new X509SecurityTokenParameters(); sbe.ProtectionTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never; sbe.SetKeyDerivation(false); sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; HttpTransportBindingElement hbe = new HttpTransportBindingElement(); CustomBinding binding = new CustomBinding(sbe, hbe); X509Certificate2 cert = new X509Certificate2("powershell.pfx", "mono"); if (url.IndexOf("://") == -1) { //Default to http connection url = "http://" + url; } UriBuilder builder = new UriBuilder(url); if (builder.Port == 80 || builder.Port == 443) { builder.Port = 5985; } WSManHttpServiceProxy proxy = new WSManHttpServiceProxy(binding, new EndpointAddress(builder.Uri, new X509CertificateEndpointIdentity(cert))); proxy.ClientCredentials.UserName.UserName = username; proxy.ClientCredentials.UserName.Password = password; proxy.Open(); sessionId = proxy.CreateSession(); proxy.SessionId = sessionId; _services.Add(sessionId, proxy); return(sessionId); }
public WSManServiceHost() { try { //localhost:5985/wsman SymmetricSecurityBindingElement sbe = SecurityBindingElement.CreateUserNameForSslBindingElement(); //sbe.IncludeTimestamp = false; //sbe.LocalServiceSettings.DetectReplays = false; sbe.ProtectionTokenParameters = new X509SecurityTokenParameters(); // This "Never" is somehow mandatory (though I wonder why ...) sbe.ProtectionTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never; sbe.SetKeyDerivation(false); sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; _host = new ServiceHost(typeof(WSManHttpService)); HttpTransportBindingElement hbe = new HttpTransportBindingElement(); CustomBinding binding = new CustomBinding(sbe, hbe); binding.ReceiveTimeout = TimeSpan.FromSeconds(5); _host.AddServiceEndpoint(typeof(IWSManHttpService), binding, new Uri("http://localhost:5985/wsman")); ServiceCredentials cred = new ServiceCredentials(); cred.ServiceCertificate.Certificate = new X509Certificate2("powershell.pfx", "mono"); cred.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; cred.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom; cred.UserNameAuthentication.CustomUserNamePasswordValidator = new WSManUserNamePasswordValidator(); _host.Description.Behaviors.Add(cred); _host.Description.Behaviors.Find <ServiceDebugBehavior> () .IncludeExceptionDetailInFaults = false; ServiceMetadataBehavior smb = new ServiceMetadataBehavior(); smb.HttpGetEnabled = true; smb.HttpGetUrl = new Uri("http://localhost:5985/wsman/wsdl"); _host.Description.Behaviors.Add(smb); } catch (Exception ex) { Console.WriteLine("Could not create service..."); Console.WriteLine(ex.Message); } }
public static void Main () { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement (); //sbe.IncludeTimestamp = false; //sbe.LocalServiceSettings.DetectReplays = false; sbe.ProtectionTokenParameters = new X509SecurityTokenParameters (); // This "Never" is somehow mandatory (though I wonder why ...) sbe.ProtectionTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never; sbe.SetKeyDerivation (false); sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; ServiceHost host = new ServiceHost (typeof (Foo)); HttpTransportBindingElement hbe = new HttpTransportBindingElement (); CustomBinding binding = new CustomBinding (sbe, hbe); binding.ReceiveTimeout = TimeSpan.FromSeconds (5); host.AddServiceEndpoint ("IFoo", binding, new Uri ("http://localhost:8080")); ServiceCredentials cred = new ServiceCredentials (); cred.ServiceCertificate.Certificate = new X509Certificate2 ("test.pfx", "mono"); cred.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; host.Description.Behaviors.Add (cred); host.Description.Behaviors.Find<ServiceDebugBehavior> () .IncludeExceptionDetailInFaults = true; foreach (ServiceEndpoint se in host.Description.Endpoints) se.Behaviors.Add (new StdErrInspectionBehavior ()); ServiceMetadataBehavior smb = new ServiceMetadataBehavior (); smb.HttpGetEnabled = true; smb.HttpGetUrl = new Uri ("http://localhost:8080/wsdl"); host.Description.Behaviors.Add (smb); host.Open (); Console.WriteLine ("Hit [CR] key to close ..."); Console.ReadLine (); host.Close (); }
Binding CreateIssuerBinding(RequestSender handler, bool tokenParams) { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement(); if (tokenParams) { sbe.ProtectionTokenParameters = new X509SecurityTokenParameters(); } sbe.LocalServiceSettings.NegotiationTimeout = TimeSpan.FromSeconds(5); sbe.KeyEntropyMode = SecurityKeyEntropyMode.ClientEntropy; //sbe.IncludeTimestamp = false; //sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; // for ease of decryption, let's remove DerivedKeyToken. sbe.SetKeyDerivation(false); return(new CustomBinding( // new DebugBindingElement (), sbe, new TextMessageEncodingBindingElement(), new HandlerTransportBindingElement(handler))); }
static void Run() { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement(); //sbe.IncludeTimestamp = false; //sbe.LocalClientSettings.DetectReplays = false; sbe.ProtectionTokenParameters = new X509SecurityTokenParameters(); sbe.ProtectionTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never; sbe.SetKeyDerivation(false); sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; HttpTransportBindingElement hbe = new HttpTransportBindingElement(); CustomBinding binding = new CustomBinding(new XBE(), sbe, hbe); X509Certificate2 cert = new X509Certificate2("test.cer"); FooProxy proxy = new FooProxy(binding, new EndpointAddress(new Uri("http://localhost:8080"), new X509CertificateEndpointIdentity(cert))); proxy.Endpoint.Behaviors.Add(new StdErrInspectionBehavior()); proxy.Open(); Console.WriteLine(proxy.Echo("TEST FOR ECHO")); }
// It is problematic, but there is no option to disable establishing security context in this binding unlike WSHttpBinding... SecurityBindingElement CreateMessageSecurity() { if (Security.Mode == SecurityMode.Transport || Security.Mode == SecurityMode.None) { return(null); } // FIXME: this is wrong. Could be Asymmetric, depends on Security.Message.AlgorithmSuite value. SymmetricSecurityBindingElement element = new SymmetricSecurityBindingElement(); element.MessageSecurityVersion = MessageSecurityVersion.Default; element.SetKeyDerivation(false); switch (Security.Message.ClientCredentialType) { case MessageCredentialType.Certificate: element.EndpointSupportingTokenParameters.Endorsing.Add( new X509SecurityTokenParameters()); goto default; case MessageCredentialType.IssuedToken: IssuedSecurityTokenParameters istp = new IssuedSecurityTokenParameters(); // FIXME: issuer binding must be secure. istp.IssuerBinding = new CustomBinding( new TextMessageEncodingBindingElement(), GetTransport()); element.EndpointSupportingTokenParameters.Endorsing.Add(istp); goto default; case MessageCredentialType.UserName: element.EndpointSupportingTokenParameters.SignedEncrypted.Add( new UserNameSecurityTokenParameters()); goto default; case MessageCredentialType.Windows: element.ProtectionTokenParameters = new KerberosSecurityTokenParameters(); break; default: // including .None X509SecurityTokenParameters p = new X509SecurityTokenParameters(); p.X509ReferenceStyle = X509KeyIdentifierClauseType.Thumbprint; element.ProtectionTokenParameters = p; break; } // SecureConversation enabled ChannelProtectionRequirements reqs = new ChannelProtectionRequirements(); // FIXME: fill the reqs return(SecurityBindingElement.CreateSecureConversationBindingElement( // FIXME: requireCancellation element, true, reqs)); }
// It is problematic, but there is no option to disable establishing security context in this binding unlike WSHttpBinding... SecurityBindingElement CreateMessageSecurity () { if (Security.Mode == SecurityMode.Transport || Security.Mode == SecurityMode.None) return null; // FIXME: this is wrong. Could be Asymmetric, depends on Security.Message.AlgorithmSuite value. SymmetricSecurityBindingElement element = new SymmetricSecurityBindingElement (); element.MessageSecurityVersion = MessageSecurityVersion.Default; element.SetKeyDerivation (false); switch (Security.Message.ClientCredentialType) { case MessageCredentialType.Certificate: element.EndpointSupportingTokenParameters.Endorsing.Add ( new X509SecurityTokenParameters ()); goto default; case MessageCredentialType.IssuedToken: IssuedSecurityTokenParameters istp = new IssuedSecurityTokenParameters (); // FIXME: issuer binding must be secure. istp.IssuerBinding = new CustomBinding ( new TextMessageEncodingBindingElement (), GetTransport ()); element.EndpointSupportingTokenParameters.Endorsing.Add (istp); goto default; case MessageCredentialType.UserName: element.EndpointSupportingTokenParameters.SignedEncrypted.Add ( new UserNameSecurityTokenParameters ()); goto default; case MessageCredentialType.Windows: element.ProtectionTokenParameters = new KerberosSecurityTokenParameters (); break; default: // including .None X509SecurityTokenParameters p = new X509SecurityTokenParameters (); p.X509ReferenceStyle = X509KeyIdentifierClauseType.Thumbprint; element.ProtectionTokenParameters = p; break; } // SecureConversation enabled ChannelProtectionRequirements reqs = new ChannelProtectionRequirements (); // FIXME: fill the reqs return SecurityBindingElement.CreateSecureConversationBindingElement ( // FIXME: requireCancellation element, true, reqs); }
public void SetKeyDerivation () { SymmetricSecurityBindingElement be; X509SecurityTokenParameters p; be = new SymmetricSecurityBindingElement (); p = new X509SecurityTokenParameters (); be.ProtectionTokenParameters = p; be.SetKeyDerivation (false); Assert.AreEqual (false, p.RequireDerivedKeys, "#1"); be = new SymmetricSecurityBindingElement (); p = new X509SecurityTokenParameters (); be.SetKeyDerivation (false); // set in prior - makes no sense be.ProtectionTokenParameters = p; Assert.AreEqual (true, p.RequireDerivedKeys, "#2"); }
// based on WSHttpBinding.CreateMessageSecurity() SecurityBindingElement CreateMessageSecurity () { if (Security.Mode == SecurityMode.Transport || Security.Mode == SecurityMode.None) return null; SymmetricSecurityBindingElement element = new SymmetricSecurityBindingElement (); element.MessageSecurityVersion = MessageSecurityVersion.Default; element.SetKeyDerivation (false); switch (Security.Message.ClientCredentialType) { case MessageCredentialType.Certificate: element.EndpointSupportingTokenParameters.Endorsing.Add ( new X509SecurityTokenParameters ()); goto default; case MessageCredentialType.IssuedToken: IssuedSecurityTokenParameters istp = new IssuedSecurityTokenParameters (); // FIXME: issuer binding must be secure. istp.IssuerBinding = new CustomBinding ( new TextMessageEncodingBindingElement (), GetTransport ()); element.EndpointSupportingTokenParameters.Endorsing.Add (istp); goto default; case MessageCredentialType.UserName: element.EndpointSupportingTokenParameters.SignedEncrypted.Add ( new UserNameSecurityTokenParameters ()); goto default; case MessageCredentialType.Windows: element.ProtectionTokenParameters = new KerberosSecurityTokenParameters (); break; default: // including .None X509SecurityTokenParameters p = new X509SecurityTokenParameters (); p.X509ReferenceStyle = X509KeyIdentifierClauseType.Thumbprint; element.ProtectionTokenParameters = p; break; } return element; }
private SecurityBindingElement CreateSecurityBindingElement() { SymmetricSecurityBindingElement secBindingElement = new SymmetricSecurityBindingElement(); secBindingElement.SecurityHeaderLayout = SecurityHeaderLayout.Strict; // TEST //secBindingElement.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256Rsa15; secBindingElement.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256; secBindingElement.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; secBindingElement.IncludeTimestamp = true; secBindingElement.SetKeyDerivation(false); //secBindingElement.RequireSignatureConfirmation = true; //secBindingElement.AllowInsecureTransport = true; ////////////////////////////////////////////////////////// SecurityBindingElement ssbe = (SecurityBindingElement)secBindingElement; // Set the Custom IdentityVerifier //ssbe.LocalClientSettings.IdentityVerifier = new Common.CustomIdentityVerifier(); ////////////////////////////////////////////////////////// X509SecurityTokenParameters protectTokenParameters = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.Never); protectTokenParameters.X509ReferenceStyle = X509KeyIdentifierClauseType.Thumbprint; //X509SecurityTokenParameters protectTokenParameters = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.IssuerSerial, // SecurityTokenInclusionMode.Never); protectTokenParameters.RequireDerivedKeys = false; //protectTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never; //protectTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient; secBindingElement.ProtectionTokenParameters = protectTokenParameters; UserNameSecurityTokenParameters userNameToken = new UserNameSecurityTokenParameters(); userNameToken.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient; secBindingElement.EndpointSupportingTokenParameters.SignedEncrypted.Add(userNameToken); //secBindingElement.EndpointSupportingTokenParameters.Signed.Add(userNameToken); //secBindingElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12; secBindingElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10; return secBindingElement; }
Binding CreateIssuerBinding (RequestSender handler, bool tokenParams) { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement (); if (tokenParams) sbe.ProtectionTokenParameters = new X509SecurityTokenParameters (); sbe.LocalServiceSettings.NegotiationTimeout = TimeSpan.FromSeconds (5); sbe.KeyEntropyMode = SecurityKeyEntropyMode.ClientEntropy; //sbe.IncludeTimestamp = false; //sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; // for ease of decryption, let's remove DerivedKeyToken. sbe.SetKeyDerivation (false); return new CustomBinding ( // new DebugBindingElement (), sbe, new TextMessageEncodingBindingElement (), new HandlerTransportBindingElement (handler)); }
/// <summary> /// Initializes the binding. /// </summary> /// <param name="namespaceUris">The namespace uris.</param> /// <param name="factory">The factory.</param> /// <param name="configuration">The configuration.</param> /// <param name="description">The description.</param> public UaSoapXmlBinding( NamespaceTable namespaceUris, EncodeableFactory factory, EndpointConfiguration configuration, EndpointDescription description) : base(namespaceUris, factory, configuration) { if (description != null && description.SecurityMode != MessageSecurityMode.None) { SymmetricSecurityBindingElement bootstrap = (SymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement(); bootstrap.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature; bootstrap.DefaultAlgorithmSuite = SecurityPolicies.ToSecurityAlgorithmSuite(description.SecurityPolicyUri); bootstrap.IncludeTimestamp = true; bootstrap.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10; bootstrap.RequireSignatureConfirmation = false; bootstrap.SecurityHeaderLayout = SecurityHeaderLayout.Strict; bootstrap.SetKeyDerivation(true); m_security = (SymmetricSecurityBindingElement)SecurityBindingElement.CreateSecureConversationBindingElement(bootstrap, true); m_security.MessageProtectionOrder = MessageProtectionOrder.EncryptBeforeSign; m_security.DefaultAlgorithmSuite = SecurityPolicies.ToSecurityAlgorithmSuite(description.SecurityPolicyUri); m_security.IncludeTimestamp = true; m_security.KeyEntropyMode = SecurityKeyEntropyMode.CombinedEntropy; m_security.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10; m_security.RequireSignatureConfirmation = false; m_security.SecurityHeaderLayout = SecurityHeaderLayout.Strict; m_security.SetKeyDerivation(true); } m_encoding = new TextMessageEncodingBindingElement(MessageVersion.Soap12WSAddressing10, Encoding.UTF8); // WCF does not distinguish between arrays and byte string. int maxArrayLength = configuration.MaxArrayLength; if (configuration.MaxArrayLength < configuration.MaxByteStringLength) { maxArrayLength = configuration.MaxByteStringLength; } m_encoding.ReaderQuotas.MaxArrayLength = maxArrayLength; m_encoding.ReaderQuotas.MaxStringContentLength = configuration.MaxStringLength; m_encoding.ReaderQuotas.MaxBytesPerRead = Int32.MaxValue; m_encoding.ReaderQuotas.MaxDepth = Int32.MaxValue; m_encoding.ReaderQuotas.MaxNameTableCharCount = Int32.MaxValue; m_transport = new HttpTransportBindingElement(); m_transport.AllowCookies = false; m_transport.AuthenticationScheme = System.Net.AuthenticationSchemes.Anonymous; m_transport.BypassProxyOnLocal = true; m_transport.HostNameComparisonMode = HostNameComparisonMode.StrongWildcard; m_transport.KeepAliveEnabled = true; m_transport.ManualAddressing = false; m_transport.MaxBufferPoolSize = Int32.MaxValue; m_transport.MaxBufferSize = configuration.MaxMessageSize; m_transport.MaxReceivedMessageSize = configuration.MaxMessageSize; m_transport.TransferMode = TransferMode.Buffered; m_transport.UseDefaultWebProxy = false; }
// <snippet2> public override BindingElementCollection CreateBindingElements() { //SecurityBindingElement sbe = bec.Find<SecurityBindingElement>(); BindingElementCollection bec = new BindingElementCollection(); // By default http transport is used SecurityBindingElement securityBinding; BindingElement transport; switch (assertion) { case WseSecurityAssertion.UsernameOverTransport: transport = new HttpsTransportBindingElement(); securityBinding = (TransportSecurityBindingElement)SecurityBindingElement.CreateUserNameOverTransportBindingElement(); if (establishSecurityContext == true) { throw new InvalidOperationException("Secure Conversation is not supported for this Security Assertion Type"); } if (requireSignatureConfirmation == true) { throw new InvalidOperationException("Signature Confirmation is not supported for this Security Assertion Type"); } break; case WseSecurityAssertion.MutualCertificate10: transport = new HttpTransportBindingElement(); securityBinding = SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10); if (requireSignatureConfirmation == true) { throw new InvalidOperationException("Signature Confirmation is not supported for this Security Assertion Type"); } ((AsymmetricSecurityBindingElement)securityBinding).MessageProtectionOrder = messageProtectionOrder; break; case WseSecurityAssertion.UsernameForCertificate: transport = new HttpTransportBindingElement(); securityBinding = (SymmetricSecurityBindingElement)SecurityBindingElement.CreateUserNameForCertificateBindingElement(); // We want signatureconfirmation on the bootstrap process // either for the application messages or for the RST/RSTR ((SymmetricSecurityBindingElement)securityBinding).RequireSignatureConfirmation = requireSignatureConfirmation; ((SymmetricSecurityBindingElement)securityBinding).MessageProtectionOrder = messageProtectionOrder; break; case WseSecurityAssertion.AnonymousForCertificate: transport = new HttpTransportBindingElement(); securityBinding = (SymmetricSecurityBindingElement)SecurityBindingElement.CreateAnonymousForCertificateBindingElement(); ((SymmetricSecurityBindingElement)securityBinding).RequireSignatureConfirmation = requireSignatureConfirmation; ((SymmetricSecurityBindingElement)securityBinding).MessageProtectionOrder = messageProtectionOrder; break; case WseSecurityAssertion.MutualCertificate11: transport = new HttpTransportBindingElement(); securityBinding = SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11); ((SymmetricSecurityBindingElement)securityBinding).RequireSignatureConfirmation = requireSignatureConfirmation; ((SymmetricSecurityBindingElement)securityBinding).MessageProtectionOrder = messageProtectionOrder; break; case WseSecurityAssertion.Kerberos: transport = new HttpTransportBindingElement(); securityBinding = (SymmetricSecurityBindingElement)SecurityBindingElement.CreateKerberosBindingElement(); ((SymmetricSecurityBindingElement)securityBinding).RequireSignatureConfirmation = requireSignatureConfirmation; ((SymmetricSecurityBindingElement)securityBinding).MessageProtectionOrder = messageProtectionOrder; break; default: throw new NotSupportedException("This supplied Wse security assertion is not supported"); } //Set defaults for the security binding securityBinding.IncludeTimestamp = true; // Derived Keys // set the preference for derived keys before creating SecureConversationBindingElement securityBinding.SetKeyDerivation(requireDerivedKeys); //Secure Conversation if (establishSecurityContext == true) { SymmetricSecurityBindingElement secureconversation = (SymmetricSecurityBindingElement)SymmetricSecurityBindingElement.CreateSecureConversationBindingElement( securityBinding, false); // This is the default //secureconversation.DefaultProtectionLevel = ProtectionLevel.EncryptAndSign; //Set defaults for the secure conversation binding secureconversation.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256; // We do not want signature confirmation on the application level messages // when secure conversation is enabled. secureconversation.RequireSignatureConfirmation = false; secureconversation.MessageProtectionOrder = messageProtectionOrder; secureconversation.SetKeyDerivation(requireDerivedKeys); securityBinding = secureconversation; } // Add the security binding to the binding collection bec.Add(securityBinding); // Add the message encoder. TextMessageEncodingBindingElement textelement = new TextMessageEncodingBindingElement(); textelement.MessageVersion = MessageVersion.Soap11WSAddressingAugust2004; //These are the defaults required for WSE //textelement.MessageVersion = MessageVersion.Soap11Addressing1; //textelement.WriteEncoding = System.Text.Encoding.UTF8; bec.Add(textelement); // Add the transport bec.Add(transport); // return the binding elements return(bec); }