private Message Verify(Message message)
{
if (message != null)
{
var wss = WSS.Create(MessageSecurityVersion);
int i = message.Headers.FindHeader("Security", wss.SecExtNs);
if (i >= 0)
{
MessageHeaderInfo sec = message.Headers[i];
XmlDictionaryReader headerReader = message.Headers.GetReaderAtHeader(i);
var doc = new XmlDocument();
var header = (XmlElement)doc.ReadNode(headerReader);
wss.VerifyResponse(header);
message.Headers.UnderstoodHeaders.Add(sec);
}
else
{
//TODO::OK to have unsecure responses?
}
}
return(message);
}
private void Start_Click(object sender, EventArgs e)
{
int portNum = 1111; //1111 is purely for example. It just needs to match what you setup in your web page.
WSS.MessageHandler mh = new WSS.MessageHandler(HandleMessage);
WSS server = new WSS("iceWSTest", portNum, mh);
server.Start();
Start.Hide();
}
/// <summary>
/// Called to write the message to the writer. This implementation add the security headers.
/// </summary>
/// <remarks>
/// It writes the message to memory (of temp file) in order to do so.
/// </remarks>
/// <param name="writer">The xml writer to write the message too</param>
protected override void OnWriteMessage(XmlDictionaryWriter writer)
{
using (var memStream = new MemoryStream())
{
var wss = WSS.Create(MessageSecurityVersion);
//Write the document without security headers in memory
using (var memWriter = XmlDictionaryWriter.CreateTextWriter(memStream, Encoding.UTF8, false))
{
_innerMessage.WriteMessage(memWriter);
}
memStream.Position = 0;
if (_logger != null && _logger.IsEnabled(LogLevel.Trace))
{
String org = new StreamReader(memStream).ReadToEnd();
_logger.LogTrace(org);
memStream.Position = 0;
}
//parse the document to add the security headers
var env = new XmlDocument
{
PreserveWhitespace = true
};
env.Load(memStream);
//Make preperations to do some xpath
string soapPrefix = env.DocumentElement.Prefix;
string soapNs = env.DocumentElement.NamespaceURI;
XmlNamespaceManager nsmgr = new XmlNamespaceManager(env.NameTable);
nsmgr.AddNamespace("s", soapNs);
//Find the body, add an id if needed.
XmlElement body = (XmlElement)env.DocumentElement.SelectSingleNode("./s:Body", nsmgr);
string bodyIdValue = body.GetAttribute("Id", wss.UtilityNs);
if (bodyIdValue == string.Empty)
{
bodyIdValue = "uuid-" + Guid.NewGuid().ToString("D");
var bodyId = env.CreateAttribute(wss.UtilityPrefix, "Id", wss.UtilityNs);
bodyId.Value = bodyIdValue;
body.SetAttributeNode(bodyId);
}
//Find the soap header, create if needed.
XmlElement header = (XmlElement)env.DocumentElement.SelectSingleNode("./s:Header", nsmgr);
if (header == null)
{
header = env.CreateElement(soapPrefix, "Header", soapNs);
env.DocumentElement.InsertBefore(header, env.DocumentElement.FirstChild);
}
//Apply the security
//see github\dotnet\wcf\src\System.Private.ServiceModel\src\System\IdentityModel\Tokens\SecurityTokenTypes.cs
SecurityTokenRequirement requirement = new SecurityTokenRequirement()
{
TokenType = "http://schemas.microsoft.com/ws/2006/05/identitymodel/tokens/X509Certificate"
};
//SecurityTokenResolver resolver;
//var tokenManager = ClientCredentials.CreateSecurityTokenManager();
//var authenticator = tokenManager.CreateSecurityTokenAuthenticator(requirement, out resolver);
//var provider = tokenManager.CreateSecurityTokenProvider(requirement);
wss.ApplyOnRequest(ref header, bodyIdValue, ClientCredentials.ClientCertificate.Certificate, SignParts);
//Write the modified version with security header to the original streams.
env.Save(writer);
}
}
