[Category("NotWorking")] // transport security
public void DefaultValuesSecurityModeTransport()
{
WSFederationHttpBinding b = new WSFederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
// common tests.
DefaultValues(b, "https");
// WSFederationHttpSecurity
WSFederationHttpSecurity sec = b.Security;
Assert.IsNotNull(sec, "#2-1");
Assert.AreEqual(WSFederationHttpSecurityMode.TransportWithMessageCredential, sec.Mode, "#2-2");
// Security.Message
FederatedMessageSecurityOverHttp msg = sec.Message;
Assert.IsNotNull(msg, "#2-3");
Assert.AreEqual(SecurityAlgorithmSuite.Default,
msg.AlgorithmSuite, "#2-3-2");
Assert.AreEqual(SecurityKeyType.SymmetricKey,
msg.IssuedKeyType, "#2-3-3");
Assert.AreEqual(true, msg.NegotiateServiceCredential, "#2-3-4");
// Binding elements
BindingElementCollection bec = b.CreateBindingElements();
Assert.AreEqual(4, bec.Count, "#5-1");
Assert.AreEqual(typeof(TransactionFlowBindingElement),
bec [0].GetType(), "#5-2");
Assert.AreEqual(typeof(TransportSecurityBindingElement),
bec [1].GetType(), "#5-3");
Assert.AreEqual(typeof(TextMessageEncodingBindingElement),
bec [2].GetType(), "#5-4");
Assert.AreEqual(typeof(HttpsTransportBindingElement),
bec [3].GetType(), "#5-5");
}
//<snippet2>
// This method creates a CustomBinding based on a WSFederationHttpBinding which does not use secure conversation.
public static CustomBinding CreateFederationBindingWithoutSecureSession(WSFederationHttpBinding inputBinding)
{
// This CustomBinding starts out identical to the specified WSFederationHttpBinding.
CustomBinding outputBinding = new CustomBinding(inputBinding.CreateBindingElements());
// Find the SecurityBindingElement for message security.
SecurityBindingElement security = outputBinding.Elements.Find <SecurityBindingElement>();
// If the security mode is message, then the secure session settings are the protection token parameters.
SecureConversationSecurityTokenParameters secureConversation;
if (WSFederationHttpSecurityMode.Message == inputBinding.Security.Mode)
{
SymmetricSecurityBindingElement symmetricSecurity = security as SymmetricSecurityBindingElement;
secureConversation = symmetricSecurity.ProtectionTokenParameters as SecureConversationSecurityTokenParameters;
}
// If the security mode is message, then the secure session settings are the endorsing token parameters.
else if (WSFederationHttpSecurityMode.TransportWithMessageCredential == inputBinding.Security.Mode)
{
TransportSecurityBindingElement transportSecurity = security as TransportSecurityBindingElement;
secureConversation = transportSecurity.EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters;
}
else
{
throw new NotSupportedException(String.Format("Unhandled security mode {0}.", inputBinding.Security.Mode));
}
// Replace the secure session SecurityBindingElement with the bootstrap SecurityBindingElement.
int securityIndex = outputBinding.Elements.IndexOf(security);
outputBinding.Elements[securityIndex] = secureConversation.BootstrapSecurityBindingElement;
// Return modified binding.
return(outputBinding);
}
/// <summary>
/// 创建传输协议
/// </summary>
/// <param name="binding">传输协议名称</param>
/// <returns></returns>
private static Binding CreateBinding(string binding)
{
Binding bindinginstance = null;
if (binding.ToLower() == "basichttpbinding")
{
BasicHttpBinding ws = new BasicHttpBinding();
ws.MaxReceivedMessageSize = 65535000;
bindinginstance = ws;
}
else if (binding.ToLower() == "netnamedpipebinding")
{
NetNamedPipeBinding ws = new NetNamedPipeBinding();
ws.MaxReceivedMessageSize = 65535000;
bindinginstance = ws;
}
else if (binding.ToLower() == "netpeertcpbinding")
{
NetPeerTcpBinding ws = new NetPeerTcpBinding();
ws.MaxReceivedMessageSize = 65535000;
bindinginstance = ws;
}
else if (binding.ToLower() == "nettcpbinding")
{
NetTcpBinding ws = new NetTcpBinding();
ws.MaxReceivedMessageSize = 65535000;
ws.Security.Mode = SecurityMode.None;
bindinginstance = ws;
}
else if (binding.ToLower() == "wsdualhttpbinding")
{
WSDualHttpBinding ws = new WSDualHttpBinding();
ws.MaxReceivedMessageSize = 65535000;
bindinginstance = ws;
}
else if (binding.ToLower() == "webhttpbinding")
{
WebHttpBinding ws = new WebHttpBinding();
ws.MaxReceivedMessageSize = 65535000;
bindinginstance = ws;
}
else if (binding.ToLower() == "wsfederationhttpbinding")
{
WSFederationHttpBinding ws = new WSFederationHttpBinding();
ws.MaxReceivedMessageSize = 65535000;
bindinginstance = ws;
}
else if (binding.ToLower() == "wshttpbinding")
{
WSHttpBinding ws = new WSHttpBinding(SecurityMode.None);
ws.MaxReceivedMessageSize = 65535000;
ws.Security.Message.ClientCredentialType = System.ServiceModel.MessageCredentialType.Windows;
ws.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Windows;
ws.ReaderQuotas.MaxStringContentLength = 65535000;
bindinginstance = ws;
}
return(bindinginstance);
}
public static Binding CreateBinding(BindingType bindingType, long maxReceivedMessageSize)
{
Binding binding = null;
if (bindingType == BindingType.Unknow)
{
return(binding);
}
switch (bindingType)
{
case BindingType.BasicHttpBinding:
BasicHttpBinding basicHttpBinding = new BasicHttpBinding();
basicHttpBinding.MaxReceivedMessageSize = maxReceivedMessageSize;
binding = basicHttpBinding;
break;
case BindingType.NetNamedPipeBinding:
NetNamedPipeBinding netNamedPipeBinding = new NetNamedPipeBinding();
netNamedPipeBinding.MaxReceivedMessageSize = maxReceivedMessageSize;
binding = netNamedPipeBinding;
break;
case BindingType.NetPeerTcpBinding:
NetPeerTcpBinding netPeerTcpBinding = new NetPeerTcpBinding();
netPeerTcpBinding.MaxReceivedMessageSize = maxReceivedMessageSize;
binding = netPeerTcpBinding;
break;
case BindingType.NetTcpBinding:
NetTcpBinding netTcpBinding = new NetTcpBinding();
netTcpBinding.MaxReceivedMessageSize = maxReceivedMessageSize;
binding = netTcpBinding;
break;
case BindingType.WSDualHttpBinding:
WSDualHttpBinding wsDualHttpBinding = new WSDualHttpBinding();
wsDualHttpBinding.MaxReceivedMessageSize = maxReceivedMessageSize;
binding = wsDualHttpBinding;
break;
case BindingType.WSFederationHttpBinding:
WSFederationHttpBinding wsFederationHttpBinding = new WSFederationHttpBinding();
wsFederationHttpBinding.MaxReceivedMessageSize = maxReceivedMessageSize;
binding = wsFederationHttpBinding;
break;
case BindingType.WSHttpBinding:
WSHttpBinding wsHttpBinding = new WSHttpBinding();
wsHttpBinding.MaxReceivedMessageSize = maxReceivedMessageSize;
binding = wsHttpBinding;
break;
default:
break;
}
return(binding);
}
private static Binding GetWSFederationHttpBinding()
{
var binding = new WSFederationHttpBinding();
binding.MaxReceivedMessageSize = int.MaxValue;
binding.Security.Mode = WSFederationHttpSecurityMode.None;
return(binding);
}
public static Binding CreateBinding(string bindingName)
{
Binding result = null;
try
{
if (string.Compare(bindingName, typeof(WSHttpBinding).FullName, true) == 0)
{
result = new WSHttpBinding();
}
else if (string.Compare(bindingName, typeof(WS2007HttpBinding).FullName, true) == 0)
{
result = new WS2007HttpBinding();
}
else if (string.Compare(bindingName, typeof(BasicHttpBinding).FullName, true) == 0)
{
result = new BasicHttpBinding();
}
else if (string.Compare(bindingName, typeof(WSDualHttpBinding).FullName, true) == 0)
{
result = new WSDualHttpBinding();
}
else if (string.Compare(bindingName, typeof(WS2007FederationHttpBinding).FullName, true) == 0)
{
result = new WS2007FederationHttpBinding();
}
else if (string.Compare(bindingName, typeof(WSFederationHttpBinding).FullName, true) == 0)
{
result = new WSFederationHttpBinding();
}
else if (string.Compare(bindingName, typeof(NetNamedPipeBinding).FullName, true) == 0)
{
result = new NetNamedPipeBinding();
}
else if (string.Compare(bindingName, typeof(NetMsmqBinding).FullName, true) == 0)
{
result = new NetMsmqBinding();
}
else if (string.Compare(bindingName, typeof(MsmqIntegrationBinding).FullName, true) == 0)
{
result = new MsmqIntegrationBinding();
}
else if (string.Compare(bindingName, typeof(NetTcpBinding).FullName, true) == 0)
{
result = new NetTcpBinding();
}
else if (string.Compare(bindingName, typeof(NetPeerTcpBinding).FullName, true) == 0)
{
result = new NetPeerTcpBinding();
}
}
catch
{
result = new BasicHttpBinding(BasicHttpSecurityMode.None);
}
return(result);
}
/// <summary>
/// Loads the binding's settings from a XML encoded string.
/// </summary>
/// <param name="binding">The binding.</param>
/// <param name="settings">The settings.</param>
/// <exception cref="ArgumentException">Thrown if the settings are not valid.</exception>
private void LoadSettings(WSFederationHttpBinding binding, string settings)
{
if (string.IsNullOrWhiteSpace(settings))
{
return;
}
throw new NotImplementedException(); // $todo(jeff.lill): Implement this
}
static void Main()
{
// Create a channel.
EndpointAddress address = new EndpointAddress("http://localhost/servicemodelsamples/service.svc");
// <Snippet2>
// <Snippet1>
WSFederationHttpBinding binding = new WSFederationHttpBinding();
binding.Security.Message.ClaimTypeRequirements.Add
(new ClaimTypeRequirement
("http://schemas.microsoft.com/ws/2005/05/identity/claims/EmailAddress"));
binding.Security.Message.ClaimTypeRequirements.Add
(new ClaimTypeRequirement
("http://schemas.microsoft.com/ws/2005/05/identity/claims/UserName", true));
// </Snippet1>
ClaimTypeRequirement cr = new ClaimTypeRequirement
("http://schemas.microsoft.com/ws/2005/05/identity/claims/UserName", true);
Console.WriteLine(cr.ClaimType);
Console.WriteLine(cr.IsOptional);
// </Snippet2>
ChannelFactory <ICalculator> factory = new ChannelFactory <ICalculator>(binding, address);
ICalculator channel = factory.CreateChannel();
// Call the Add service operation.
double value1 = 100.00D;
double value2 = 15.99D;
double result = channel.Add(value1, value2);
Console.WriteLine("Add({0},{1}) = {2}", value1, value2, result);
// Call the Subtract service operation.
value1 = 145.00D;
value2 = 76.54D;
result = channel.Subtract(value1, value2);
Console.WriteLine("Subtract({0},{1}) = {2}", value1, value2, result);
// Call the Multiply service operation.
value1 = 9.00D;
value2 = 81.25D;
result = channel.Multiply(value1, value2);
Console.WriteLine("Multiply({0},{1}) = {2}", value1, value2, result);
// Call the Divide service operation.
value1 = 22.00D;
value2 = 7.00D;
result = channel.Divide(value1, value2);
Console.WriteLine("Divide({0},{1}) = {2}", value1, value2, result);
Console.WriteLine();
Console.WriteLine("Press <ENTER> to terminate client.");
Console.ReadLine();
((IChannel)channel).Close();
}
/// <summary>
/// Configures the specified binding.
/// </summary>
/// <param name="binding">The binding.</param>
/// <returns>Binding.</returns>
public virtual Binding Configure(
WSFederationHttpBinding binding)
{
if (binding == null)
{
throw new ArgumentNullException(nameof(binding));
}
return(ConfigureDefault(binding));
}
public static void WSFederationHttpBindingTests_Succeeds()
{
EndpointAddress issuerAddress = null;
EndpointAddress serviceEndpointAddress = null;
string tokenTargetAddress = null;
string testString = "Hello";
ChannelFactory <IWcfService> factory = null;
IWcfService serviceProxy = null;
try
{
// *** SETUP *** \\
issuerAddress = new EndpointAddress(new Uri(Endpoints.WSFederationAuthorityLocalSTS));
tokenTargetAddress = Endpoints.Https_SecModeTransWithMessCred_ClientCredTypeIssuedTokenSaml2;
serviceEndpointAddress = new EndpointAddress(new Uri(tokenTargetAddress));
var issuerBinding = new WSHttpBinding(SecurityMode.Transport);
issuerBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
WSFederationHttpBinding federationBinding = new WSFederationHttpBinding(
new WSTrustTokenParameters
{
IssuerAddress = issuerAddress,
IssuerBinding = issuerBinding,
KeyType = SecurityKeyType.BearerKey,
Target = tokenTargetAddress,
TokenType = Saml2Constants.OasisWssSaml2TokenProfile11
});
//federationBinding.Security.Message.EstablishSecurityContext = false;
var customBinding = new CustomBinding(federationBinding);
var sbe = customBinding.Elements.Find <SecurityBindingElement>();
sbe.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
factory = new ChannelFactory <IWcfService>(customBinding, serviceEndpointAddress);
// TODO: Fix the need for this
factory.Credentials.UserName.UserName = "******";
factory.Credentials.UserName.Password = "******";
serviceProxy = factory.CreateChannel();
// *** EXECUTE *** \\
string result = serviceProxy.Echo(testString);
// *** VALIDATE *** \\
Assert.Equal(testString, result);
// *** CLEANUP *** \\
((ICommunicationObject)serviceProxy).Close();
factory.Close();
}
finally
{
// *** ENSURE CLEANUP *** \\
ScenarioTestHelpers.CloseCommunicationObjects((ICommunicationObject)serviceProxy, factory);
}
}
protected override void OnApplyConfiguration(Binding binding)
{
base.OnApplyConfiguration(binding);
WSFederationHttpBinding binding2 = (WSFederationHttpBinding)binding;
if (this.PrivacyNoticeAt != null)
{
binding2.PrivacyNoticeAt = this.PrivacyNoticeAt;
binding2.PrivacyNoticeVersion = this.PrivacyNoticeVersion;
}
this.Security.ApplyConfiguration(binding2.Security);
}
protected internal override void InitializeFrom(Binding binding)
{
base.InitializeFrom(binding);
WSFederationHttpBinding binding2 = (WSFederationHttpBinding)binding;
if (binding2.PrivacyNoticeAt != null)
{
this.PrivacyNoticeAt = binding2.PrivacyNoticeAt;
this.PrivacyNoticeVersion = binding2.PrivacyNoticeVersion;
}
this.Security.InitializeFrom(binding2.Security);
}
/// <summary>
/// 标签:2015.7.13,魏中针
/// 说明:WSFederationHttpBinding 模式
/// </summary>
/// <returns></returns>
public static WSFederationHttpBinding WsFederationBinding()
{
var WsFederationBinding = new WSFederationHttpBinding();
WsFederationBinding.Security.Mode = WSFederationHttpSecurityMode.None;
WsFederationBinding.ReceiveTimeout = TimeSpan.MaxValue;
WsFederationBinding.SendTimeout = TimeSpan.MaxValue;
WsFederationBinding.MaxReceivedMessageSize = int.MaxValue;
WsFederationBinding.Name = "wsf";
return(WsFederationBinding);
}
public static void WSFederationHttpBindingTests_Succeeds(MessageSecurityVersion messageSecurityVersion, SecurityKeyType securityKeyType, bool useSecureConversation, string endpointSuffix, WSMessageEncoding encoding)
{
Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;
EndpointAddress issuerAddress = null;
EndpointAddress serviceEndpointAddress = null;
string tokenTargetAddress = null;
string testString = "Hello";
ChannelFactory <IWcfService> factory = null;
IWcfService serviceProxy = null;
try
{
// *** SETUP *** \\
issuerAddress = new EndpointAddress(new Uri(Endpoints.WSFederationAuthorityLocalSTS + endpointSuffix));
tokenTargetAddress = Endpoints.Https_SecModeTransWithMessCred_ClientCredTypeIssuedTokenSaml2 + endpointSuffix + (useSecureConversation ? "/sc" : string.Empty) + "/" + Enum.GetName(typeof(WSMessageEncoding), encoding);
serviceEndpointAddress = new EndpointAddress(new Uri(tokenTargetAddress));
var issuerBinding = new WSHttpBinding(SecurityMode.Transport);
issuerBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
WSFederationHttpBinding federationBinding = new WSFederationHttpBinding(
new WSTrustTokenParameters
{
IssuerAddress = issuerAddress,
IssuerBinding = issuerBinding,
KeyType = securityKeyType,
TokenType = Saml2Constants.OasisWssSaml2TokenProfile11,
MessageSecurityVersion = messageSecurityVersion,
});
federationBinding.MessageEncoding = encoding;
federationBinding.Security.Message.EstablishSecurityContext = useSecureConversation;
factory = new ChannelFactory <IWcfService>(federationBinding, serviceEndpointAddress);
factory.Credentials.UserName.UserName = "******";
// [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Not a real secret")]
factory.Credentials.UserName.Password = "******";
serviceProxy = factory.CreateChannel();
// *** EXECUTE *** \\
string result = serviceProxy.Echo(testString);
// *** VALIDATE *** \\
Assert.Equal(testString, result);
// *** CLEANUP *** \\
((ICommunicationObject)serviceProxy).Close();
factory.Close();
}
finally
{
// *** ENSURE CLEANUP *** \\
ScenarioTestHelpers.CloseCommunicationObjects((ICommunicationObject)serviceProxy, factory);
}
}
protected internal override void InitializeFrom(Binding binding)
{
base.InitializeFrom(binding);
WSFederationHttpBinding wspBinding = (WSFederationHttpBinding)binding;
if (wspBinding.PrivacyNoticeAt != null)
{
SetPropertyValueIfNotDefaultValue(ConfigurationStrings.PrivacyNoticeAt, wspBinding.PrivacyNoticeAt);
SetPropertyValueIfNotDefaultValue(ConfigurationStrings.PrivacyNoticeVersion, wspBinding.PrivacyNoticeVersion);
}
this.Security.InitializeFrom(wspBinding.Security);
}
//<snippet4>
// This method creates a WSFederationHttpBinding.
public static WSFederationHttpBinding CreateWSFederationHttpBinding()
{
// Create an instance of the WSFederationHttpBinding
WSFederationHttpBinding b = new WSFederationHttpBinding();
// Set the security mode to Message
b.Security.Mode = WSFederationHttpSecurityMode.Message;
// Set the Algorithm Suite to Basic256Rsa15
b.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Basic256Rsa15;
// Set NegotiateServiceCredential to true
b.Security.Message.NegotiateServiceCredential = true;
// Set IssuedKeyType to Symmetric
b.Security.Message.IssuedKeyType = SecurityKeyType.SymmetricKey;
// Set IssuedTokenType to SAML 1.1
b.Security.Message.IssuedTokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#samlv1.1";
// Extract the STS certificate from the certificate store
X509Store store = new X509Store(StoreName.TrustedPeople, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindByThumbprint, "cd 54 88 85 0d 63 db ac 92 59 05 af ce b8 b1 de c3 67 9e 3f", false);
store.Close();
// Create an EndpointIdentity from the STS certificate
EndpointIdentity identity = EndpointIdentity.CreateX509CertificateIdentity(certs[0]);
// Set the IssuerAddress using the address of the STS and the previously created EndpointIdentity
b.Security.Message.IssuerAddress = new EndpointAddress(new Uri("http://localhost:8000/sts/x509"), identity);
// <Snippet5>
// Set the IssuerBinding to a WSHttpBinding loaded from config
b.Security.Message.IssuerBinding = new WSHttpBinding("Issuer");
// </Snippet5>
// Set the IssuerMetadataAddress using the metadata address of the STS and the previously created EndpointIdentity
b.Security.Message.IssuerMetadataAddress = new EndpointAddress(new Uri("http://localhost:8001/sts/mex"), identity);
// Create a ClaimTypeRequirement
ClaimTypeRequirement ctr = new ClaimTypeRequirement("http://example.org/claim/c1", false);
// Add the ClaimTypeRequirement to ClaimTypeRequirements
b.Security.Message.ClaimTypeRequirements.Add(ctr);
// Return the created binding
return(b);
}
internal static Binding CreateBinding(string flag)
{
Binding binding = null;
switch (flag)
{
case "NetTcp":
binding = new NetTcpBinding();
break;
case "BasicHttp":
binding = new BasicHttpBinding();
break;
case "WSHttp":
binding = new WSHttpBinding();
break;
case "WSDualHttp":
binding = new WSDualHttpBinding();
break;
case "WSFederationHttp":
binding = new WSFederationHttpBinding();
break;
case "NetNamedPipe":
binding = new NetNamedPipeBinding();
break;
case "NetMsmq":
binding = new NetMsmqBinding();
break;
case "NetPeerTcp":
binding = new NetPeerTcpBinding();
break;
case "MsmqIntegration":
binding = new System.ServiceModel.MsmqIntegration.MsmqIntegrationBinding();
break;
default:
binding = new NetTcpBinding();
break;
}
return(binding);
}
/// <summary>
/// 根据绑定协议创建具体绑定对象
/// </summary>
/// <param name="bindingName"></param>
/// <returns></returns>
private static Binding CreateBindingByName(string bindingName)
{
Binding binding = null;
switch (bindingName)
{
case BindingName.NetTcpBinding:
binding = new NetTcpBinding();
break;
case BindingName.BasicHttpBinding:
binding = new BasicHttpBinding();
break;
case BindingName.WSHttpBinding:
binding = new WSHttpBinding();
break;
case BindingName.WSDualHttpBinding:
binding = new WSDualHttpBinding();
break;
case BindingName.WSFederationHttpBinding:
binding = new WSFederationHttpBinding();
break;
case BindingName.NetNamedPipeBinding:
binding = new NetNamedPipeBinding();
break;
case BindingName.NetMsmqBinding:
binding = new NetMsmqBinding();
break;
case BindingName.NetPeerTcpBinding:
binding = new NetPeerTcpBinding();
break;
case BindingName.CustomBinding:
binding = new CustomBinding();
break;
default:
binding = new NetTcpBinding();
break;
}
return(binding);
}
private Binding method_1(IBindingConfigurationElement ibindingConfigurationElement_0)
{
Binding result;
if (ibindingConfigurationElement_0 is CustomBindingElement)
{
result = new CustomBinding();
}
else if (ibindingConfigurationElement_0 is BasicHttpBindingElement)
{
result = new BasicHttpBinding();
}
else if (ibindingConfigurationElement_0 is NetMsmqBindingElement)
{
result = new NetMsmqBinding();
}
else if (ibindingConfigurationElement_0 is NetNamedPipeBindingElement)
{
result = new NetNamedPipeBinding();
}
else if (ibindingConfigurationElement_0 is NetPeerTcpBindingElement)
{
result = new NetPeerTcpBinding();
}
else if (ibindingConfigurationElement_0 is NetTcpBindingElement)
{
result = new NetTcpBinding();
}
else if (ibindingConfigurationElement_0 is WSDualHttpBindingElement)
{
result = new WSDualHttpBinding();
}
else if (ibindingConfigurationElement_0 is WSHttpBindingElement)
{
result = new WSHttpBinding();
}
else if (ibindingConfigurationElement_0 is WSFederationHttpBindingElement)
{
result = new WSFederationHttpBinding();
}
else
{
result = null;
}
return(result);
}
void DefaultValues(WSFederationHttpBinding b, string scheme)
{
Assert.AreEqual(false, b.BypassProxyOnLocal, "#1");
Assert.AreEqual(HostNameComparisonMode.StrongWildcard,
b.HostNameComparisonMode, "#2");
Assert.AreEqual(0x80000, b.MaxBufferPoolSize, "#3");
Assert.AreEqual(0x10000, b.MaxReceivedMessageSize, "#5");
Assert.AreEqual(WSMessageEncoding.Text, b.MessageEncoding, "#6");
Assert.IsNull(b.ProxyAddress, "#7");
// FIXME: test b.ReaderQuotas
Assert.AreEqual(scheme, b.Scheme, "#8");
Assert.AreEqual(EnvelopeVersion.Soap12, b.EnvelopeVersion, "#9");
Assert.AreEqual(65001, b.TextEncoding.CodePage, "#10"); // utf-8
Assert.AreEqual(false, b.TransactionFlow, "#11");
Assert.AreEqual(true, b.UseDefaultWebProxy, "#12");
Assert.AreEqual(MessageVersion.Default, b.MessageVersion, "#14");
Assert.IsNotNull(b.ReliableSession, "#15");
}
public static void WSTrustTokeParameters_WSStaticHelper()
{
Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;
EndpointAddress issuerAddress = null;
EndpointAddress serviceEndpointAddress = null;
string tokenTargetAddress = null;
string testString = "Hello";
ChannelFactory <IWcfService> factory = null;
IWcfService serviceProxy = null;
try
{
// *** SETUP *** \\
issuerAddress = new EndpointAddress(new Uri(Endpoints.WSFederationAuthorityLocalSTS + "wsHttp/wstrustFeb2005"));
tokenTargetAddress = Endpoints.Https_SecModeTransWithMessCred_ClientCredTypeIssuedTokenSaml2 + "wsHttp/wstrustFeb2005";
serviceEndpointAddress = new EndpointAddress(new Uri(tokenTargetAddress));
var issuerBinding = new WSHttpBinding(SecurityMode.Transport);
issuerBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
WSFederationHttpBinding federationBinding = new WSFederationHttpBinding(WSTrustTokenParameters.CreateWSFederationTokenParameters(issuerBinding, issuerAddress));
federationBinding.Security.Message.EstablishSecurityContext = false;
factory = new ChannelFactory <IWcfService>(federationBinding, serviceEndpointAddress);
factory.Credentials.UserName.UserName = "******";
// [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Not a real secret")]
factory.Credentials.UserName.Password = "******";
serviceProxy = factory.CreateChannel();
// *** EXECUTE *** \\
string result = serviceProxy.Echo(testString);
// *** VALIDATE *** \\
Assert.Equal(testString, result);
// *** CLEANUP *** \\
((ICommunicationObject)serviceProxy).Close();
factory.Close();
}
finally
{
// *** ENSURE CLEANUP *** \\
ScenarioTestHelpers.CloseCommunicationObjects((ICommunicationObject)serviceProxy, factory);
}
}
static void Main(string[] args)
{
NetNamedPipeBinding netNamedPipeBinding = new NetNamedPipeBinding(NetNamedPipeSecurityMode.None);
NetMsmqBinding netMsmqBinding = new NetMsmqBinding();
NetTcpBinding netTcpBinding = new NetTcpBinding();
WSHttpBinding wsHttpBinding = new WSHttpBinding();
wsHttpBinding.Security.Mode = SecurityMode.Transport;
WSDualHttpBinding wSDualHttpBinding = new WSDualHttpBinding();
WSFederationHttpBinding wSFederationHttpBinding = new WSFederationHttpBinding();
wSFederationHttpBinding.Security.Mode = SecurityMode.TransportWithMessageCredential;
}
private void SetSecuritySettings(Endpoint serviceInterface, WSFederationHttpBinding secureBinding)
{
GetStsSettingsFromEnvironment(serviceInterface);
secureBinding.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Basic256;
secureBinding.Security.Message.NegotiateServiceCredential = false;
secureBinding.Security.Message.EstablishSecurityContext = false;
secureBinding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
secureBinding.Security.Message.IssuedTokenType = null;
var identity = EndpointIdentity.CreateDnsIdentity((new Uri(serviceInterface.IssuerName).DnsSafeHost));
secureBinding.Security.Message.IssuerAddress = CreateIssuerAddress(serviceInterface, identity);
if (IsClient)
{
secureBinding.Security.Message.IssuerBinding = CreateIssuerBinding(serviceInterface);
}
else
{
secureBinding.Security.Message.IssuerMetadataAddress = new EndpointAddress(new Uri(serviceInterface.IssuerMetadataAddress), identity);
}
}
private WSFederationHttpBinding GetFederatedBindingFromIssuerContract(Type contractType)
{
WSFederationHttpBinding binding;
// If STS endpoint is using WSTrustFeb2005, then need to use WSFederationHttpBinding
if (contractType == typeof(IWSTrustFeb2005SyncContract))
{
binding = new WSFederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
}
// If STS endpoint is using WSTrust1.3, then need to use WS2007FederationHttpBinding
else if (contractType == typeof(IWSTrust13SyncContract))
{
binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
}
else
{
throw new ArgumentException("Unknown contract type", "contractType");
}
return(binding);
}
public void federation()
{
//var stsEp = new EndpointAddress("https://services-int.ehealth.fgov.be/IAM/SingleSignOnService/v1");
var stsEp = new EndpointAddress("https://localhost:8080/services/echo/soap12wss10");
var stsBinding = new WSHttpBinding(SecurityMode.TransportWithMessageCredential);
stsBinding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
stsBinding.Security.Message.NegotiateServiceCredential = false;
stsBinding.Security.Message.EstablishSecurityContext = false;
WSFederationHttpBinding binding;
#if NETFRAMEWORK
binding = new WSFederationHttpBinding();
binding.Security.Mode = WSFederationHttpSecurityMode.TransportWithMessageCredential;
binding.Security.Message.IssuedKeyType = SecurityKeyType.AsymmetricKey;
binding.Security.Message.IssuerAddress = stsEp;
binding.Security.Message.IssuerBinding = stsBinding;
binding.Security.Message.IssuedTokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1";
ClaimTypeRequirement ctr = new ClaimTypeRequirement("http://example.org/claim/c1", false);
binding.Security.Message.ClaimTypeRequirements.Add(ctr);
#else
var parameters = WSTrustTokenParameters.CreateWSFederationTokenParameters(stsBinding, stsEp);
parameters.KeyType = SecurityKeyType.AsymmetricKey;
parameters.TokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1";
binding = new WSFederationHttpBinding(parameters);
#endif
var ep = new EndpointAddress("https://localhost:8080/services/echo/soap12");
ChannelFactory <IEchoService> channelFactory = new ChannelFactory <IEchoService>(binding, ep);
channelFactory.Credentials.ClientCertificate.Certificate = rsa;
IEchoService client = channelFactory.CreateChannel();
String pong = client.Echo("boe");
Assert.Equal("boe", pong);
}
private WSFederationHttpBinding GetFederatedBindingFromIssuerContract(Type contractType)
{
WSFederationHttpBinding binding;
// If STS endpoint is using WSTrustFeb2005, then need to use WSFederationHttpBinding and symmetric issued tokens
if (contractType == typeof(IWSTrustFeb2005SyncContract))
{
binding = new WSFederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.IssuedKeyType = SecurityKeyType.SymmetricKey;
}
// If STS endpoint is using WSTrust1.3, then need to use WS2007FederationHttpBinding and bearer issued tokens
else if (contractType == typeof(IWSTrust13SyncContract))
{
binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
}
else
{
throw new ArgumentException("Unknown contract type", "contractType");
}
return(binding);
}
void ConfigureTransactions(Binding binding)
{
if (binding is NetTcpBinding)
{
NetTcpBinding tcpBinding = binding as NetTcpBinding;
if (tcpBinding.TransactionFlow)
{
m_TransactionFlowLabel.Text = "Flow: Enabled";
if (tcpBinding.TransactionProtocol == TransactionProtocol.OleTransactions)
{
m_TransactionProtocol.Text = "Protocol: OleTx";
}
else
{
m_TransactionProtocol.Text = "Protocol: WSAT";
}
}
else
{
m_TransactionFlowLabel.Text = "Flow: Disabled";
m_TransactionProtocol.Text = "Protocol: -";
}
}
if (binding is NetNamedPipeBinding)
{
NetNamedPipeBinding pipeBinding = binding as NetNamedPipeBinding;
if (pipeBinding.TransactionFlow)
{
m_TransactionFlowLabel.Text = "Flow: Enabled";
if (pipeBinding.TransactionProtocol == TransactionProtocol.OleTransactions)
{
m_TransactionProtocol.Text = "Protocol: OleTx";
}
else
{
m_TransactionProtocol.Text = "Protocol: WSAT";
}
}
else
{
m_TransactionFlowLabel.Text = "Flow: Disabled";
m_TransactionProtocol.Text = "Protocol: -";
}
}
if (binding is NetMsmqBinding)
{
m_TransactionFlowLabel.Text = "Flow: N/A";
m_TransactionProtocol.Text = "Protocol: -";
}
if (binding is BasicHttpBinding || binding is NetPeerTcpBinding)
{
m_TransactionFlowLabel.Text = "Flow: Disabled";
m_TransactionProtocol.Text = "Protocol: -";
}
if (binding is WSHttpBinding)
{
WSHttpBinding wsBinding = binding as WSHttpBinding;
if (wsBinding.TransactionFlow)
{
m_TransactionFlowLabel.Text = "Flow: Enabled";
m_TransactionProtocol.Text = "Protocol: WSAT";
}
else
{
m_TransactionFlowLabel.Text = "Flow: Disabled";
m_TransactionProtocol.Text = "Protocol: -";
}
}
if (binding is WSDualHttpBinding)
{
WSDualHttpBinding wsDualBinding = binding as WSDualHttpBinding;
if (wsDualBinding.TransactionFlow)
{
m_TransactionFlowLabel.Text = "Flow: Enabled";
m_TransactionProtocol.Text = "Protocol: WSAT";
}
else
{
m_TransactionFlowLabel.Text = "Flow: Disabled";
m_TransactionProtocol.Text = "Protocol: -";
}
}
if (binding is WSFederationHttpBinding)
{
WSFederationHttpBinding federatedBinding = binding as WSFederationHttpBinding;
if (federatedBinding.TransactionFlow)
{
m_TransactionFlowLabel.Text = "Flow: Enabled";
m_TransactionProtocol.Text = "Protocol: WSAT";
}
else
{
m_TransactionFlowLabel.Text = "Flow: Disabled";
m_TransactionProtocol.Text = "Protocol: -";
}
}
}
void ConfigureReliability(Binding binding)
{
if (binding is NetTcpBinding)
{
NetTcpBinding tcpBinding = binding as NetTcpBinding;
if (tcpBinding.ReliableSession.Enabled)
{
m_ReliabilityEnabledLabel.Text = "Enabled";
if (tcpBinding.ReliableSession.Ordered)
{
m_OrderedLabel.Text = "Ordered";
}
else
{
m_OrderedLabel.Text = "Unordered";
}
}
else
{
m_ReliabilityEnabledLabel.Text = "Disabled";
m_OrderedLabel.Text = "Unordered";
}
}
if (binding is NetNamedPipeBinding)
{
m_ReliabilityEnabledLabel.Text = "Enabled";
m_OrderedLabel.Text = "Ordered";
}
if (binding is NetMsmqBinding)
{
m_OrderedLabel.Text = "Reliability: N/A";
m_OrderedLabel.Text = "Ordered: N/A";
}
if (binding is BasicHttpBinding || binding is NetPeerTcpBinding)
{
m_ReliabilityEnabledLabel.Text = "Disabled";
m_OrderedLabel.Text = "Unordered";
}
if (binding is WSHttpBinding)
{
WSHttpBinding wsBinding = binding as WSHttpBinding;
if (wsBinding.ReliableSession.Enabled)
{
m_ReliabilityEnabledLabel.Text = "Enabled";
if (wsBinding.ReliableSession.Ordered)
{
m_OrderedLabel.Text = "Ordered";
}
else
{
m_OrderedLabel.Text = "Unordered";
}
}
else
{
m_ReliabilityEnabledLabel.Text = "Disabled";
m_OrderedLabel.Text = "Unordered";
}
}
if (binding is WSDualHttpBinding)
{
m_ReliabilityEnabledLabel.Text = "Enabled";
WSDualHttpBinding wsDualBinding = binding as WSDualHttpBinding;
if (wsDualBinding.ReliableSession.Ordered)
{
m_OrderedLabel.Text = "Ordered";
}
else
{
m_OrderedLabel.Text = "Unordered";
}
}
if (binding is WSFederationHttpBinding)
{
WSFederationHttpBinding federatedBinding = binding as WSFederationHttpBinding;
if (federatedBinding.ReliableSession.Enabled)
{
m_ReliabilityEnabledLabel.Text = "Enabled";
if (federatedBinding.ReliableSession.Ordered)
{
m_OrderedLabel.Text = "Ordered";
}
else
{
m_OrderedLabel.Text = "Unordered";
}
}
else
{
m_ReliabilityEnabledLabel.Text = "Disabled";
m_OrderedLabel.Text = "Unordered";
}
}
}
void ConfigureSecurityMode(Binding binding)
{
SecurityModeEx securityMode = SecurityModeEx.None;
if (binding is NetTcpBinding)
{
NetTcpBinding tcpBinding = binding as NetTcpBinding;
switch (tcpBinding.Security.Mode)
{
case SecurityMode.Message:
{
securityMode = SecurityModeEx.Message;
break;
}
case SecurityMode.None:
{
securityMode = SecurityModeEx.None;
break;
}
case SecurityMode.Transport:
{
securityMode = SecurityModeEx.Transport;
break;
}
case SecurityMode.TransportWithMessageCredential:
{
securityMode = SecurityModeEx.Mixed;
break;
}
}
}
if (binding is NetNamedPipeBinding)
{
NetNamedPipeBinding pipeBinding = binding as NetNamedPipeBinding;
switch (pipeBinding.Security.Mode)
{
case NetNamedPipeSecurityMode.None:
{
securityMode = SecurityModeEx.None;
break;
}
case NetNamedPipeSecurityMode.Transport:
{
securityMode = SecurityModeEx.Transport;
break;
}
}
}
if (binding is NetMsmqBinding)
{
NetMsmqBinding msmqBinding = binding as NetMsmqBinding;
switch (msmqBinding.Security.Mode)
{
case NetMsmqSecurityMode.Both:
{
securityMode = SecurityModeEx.Both;
break;
}
case NetMsmqSecurityMode.Message:
{
securityMode = SecurityModeEx.Message;
break;
}
case NetMsmqSecurityMode.None:
{
securityMode = SecurityModeEx.None;
break;
}
case NetMsmqSecurityMode.Transport:
{
securityMode = SecurityModeEx.Transport;
break;
}
}
}
if (binding is BasicHttpBinding)
{
BasicHttpBinding basicBinding = binding as BasicHttpBinding;
switch (basicBinding.Security.Mode)
{
case BasicHttpSecurityMode.Message:
{
securityMode = SecurityModeEx.Message;
break;
}
case BasicHttpSecurityMode.None:
{
securityMode = SecurityModeEx.None;
break;
}
case BasicHttpSecurityMode.Transport:
{
securityMode = SecurityModeEx.Transport;
break;
}
case BasicHttpSecurityMode.TransportCredentialOnly:
{
securityMode = SecurityModeEx.Transport;
break;
}
case BasicHttpSecurityMode.TransportWithMessageCredential:
{
securityMode = SecurityModeEx.Mixed;
break;
}
}
}
if (binding is WSHttpBinding)
{
WSHttpBinding wsBinding = binding as WSHttpBinding;
switch (wsBinding.Security.Mode)
{
case SecurityMode.Message:
{
securityMode = SecurityModeEx.Message;
break;
}
case SecurityMode.None:
{
securityMode = SecurityModeEx.None;
break;
}
case SecurityMode.Transport:
{
securityMode = SecurityModeEx.Transport;
break;
}
case SecurityMode.TransportWithMessageCredential:
{
securityMode = SecurityModeEx.Mixed;
break;
}
}
}
if (binding is WSDualHttpBinding)
{
WSDualHttpBinding wsDualBinding = binding as WSDualHttpBinding;
switch (wsDualBinding.Security.Mode)
{
case WSDualHttpSecurityMode.Message:
{
securityMode = SecurityModeEx.Message;
break;
}
case WSDualHttpSecurityMode.None:
{
securityMode = SecurityModeEx.None;
break;
}
}
}
if (binding is NetPeerTcpBinding)
{
NetPeerTcpBinding peerBinding = binding as NetPeerTcpBinding;
switch (peerBinding.Security.Mode)
{
case SecurityMode.Message:
{
securityMode = SecurityModeEx.Message;
break;
}
case SecurityMode.None:
{
securityMode = SecurityModeEx.None;
break;
}
case SecurityMode.Transport:
{
securityMode = SecurityModeEx.Transport;
break;
}
case SecurityMode.TransportWithMessageCredential:
{
securityMode = SecurityModeEx.Transport;
break;
}
}
}
if (binding is WSFederationHttpBinding)
{
WSFederationHttpBinding federatedBinding = binding as WSFederationHttpBinding;
switch (federatedBinding.Security.Mode)
{
case WSFederationHttpSecurityMode.Message:
{
securityMode = SecurityModeEx.Message;
break;
}
case WSFederationHttpSecurityMode.None:
{
securityMode = SecurityModeEx.None;
break;
}
case WSFederationHttpSecurityMode.TransportWithMessageCredential:
{
securityMode = SecurityModeEx.Mixed;
break;
}
}
}
m_NoneRadioButton.Checked = securityMode == SecurityModeEx.None;
m_TransportRadioButton.Checked = securityMode == SecurityModeEx.Transport;
m_MessageRadioButton.Checked = securityMode == SecurityModeEx.Message;
m_MixedRadioButton.Checked = securityMode == SecurityModeEx.Mixed;
m_BothRadioButton.Checked = securityMode == SecurityModeEx.Both;
}
// Create and configure bindings within this EXE console application.
public static void Main()
{
// Create a WSHttpBinding
// <Snippet3>
// <Snippet1>
WSHttpBinding binding1 = new WSHttpBinding();
// </Snippet1>
binding1.BypassProxyOnLocal = true;
// </Snippet3>
// <Snippet4>
EnvelopeVersion envelopeVersion =
binding1.EnvelopeVersion;
// </Snippet4>
// <Snippet5>
HostNameComparisonMode hostnameComparisonMode =
binding1.HostNameComparisonMode;
// </Snippet5>
// <Snippet6>
long maxBufferPoolSize =
binding1.MaxBufferPoolSize;
// </Snippet6>
// <Snippet7>
long maxReceivedMessageSize =
binding1.MaxReceivedMessageSize;
// </Snippet7>
// <Snippet8>
WSMessageEncoding messageEncoding =
binding1.MessageEncoding;
// </Snippet8>
// <Snippet9>
Uri proxyAddress =
binding1.ProxyAddress;
// </Snippet9>
// <Snippet10>
XmlDictionaryReaderQuotas readerQuotas =
binding1.ReaderQuotas;
// </Snippet10>
// <Snippet11>
OptionalReliableSession reliableSession =
binding1.ReliableSession;
// </Snippet11>
// <Snippet12>
string scheme = binding1.Scheme;
// </Snippet12>
// <Snippet13>
Encoding textEncoding =
binding1.TextEncoding;
// </Snippet13>
// <Snippet14>
bool transactionFlow =
binding1.TransactionFlow;
// </Snippet14>
// <Snippet15>
bool useDefaultWebProxy =
binding1.UseDefaultWebProxy;
// </Snippet15>
// <Snippet16>
BindingElementCollection bindingElements =
binding1.CreateBindingElements();
// </Snippet16>
// Set WSHttpBinding binding property values
binding1.Name = "Binding1";
binding1.HostNameComparisonMode =
HostNameComparisonMode.StrongWildcard;
binding1.Security.Mode = SecurityMode.Message;
binding1.ReliableSession.Enabled = false;
binding1.TransactionFlow = false;
// binding1.Security.Message.DefaultProtectionLevel = System.Net.Security.ProtectionLevel.EncryptAndSign;
// Enumerate properties of the binding1.
Console.WriteLine("WSHttpBinding binding1 properties:");
Console.WriteLine(" - name:\t\t\t{0}", binding1.Name);
Console.WriteLine(" - hostname comparison:\t{0}", binding1.HostNameComparisonMode);
Console.WriteLine(" - security mode:\t\t{0}", binding1.Security.Mode);
Console.WriteLine(" - RM enabled:\t\t{0}", binding1.ReliableSession.Enabled);
Console.WriteLine(" - transaction flow:\t{0}", binding1.TransactionFlow);
//Console.WriteLine(" - message security:\t{0}", binding1.Security.Message.DefaultProtectionLevel);
Console.WriteLine(" - transport scheme:\t{0}", binding1.Scheme);
Console.WriteLine(" - max message size:\t{0}", binding1.MaxReceivedMessageSize);
Console.WriteLine(" - default text encoding:\t{0}", binding1.TextEncoding);
Console.WriteLine();
// Create a WSFederationBinding with a message security mode
// and with a reliable session enabled.
WSFederationHttpBinding binding3 = new WSFederationHttpBinding(WSFederationHttpSecurityMode.Message, true);
// Enumerate properties of the binding2.
Console.WriteLine("WSFederationBinding binding3 properties:");
Console.WriteLine(" - security mode:\t\t{0}", binding3.Security.Mode);
Console.WriteLine(" - RM enabled:\t\t{0}", binding3.ReliableSession.Enabled);
Console.WriteLine();
Console.WriteLine("Press <ENTER> to terminate.");
Console.ReadLine();
}
