public static void AddClientCertificate(ref HttpWebRequest request)
{
request.ClientCertificates.Add(
CertificateLoader.LoadCertificate(
ConfigVariables.ClientCertificateStoreName,
ConfigVariables.ClientCertificateStoreLocation,
ConfigVariables.ClientCertificateThumbprint));
}
public static SecurityToken IssueToken(string entityId)
{
var certificate = CertificateLoader.LoadCertificate(
ConfigVariables.ClientCertificateStoreName,
ConfigVariables.ClientCertificateStoreLocation,
ConfigVariables.ClientCertificateThumbprint);
var absoluteUri = new Uri(entityId).AbsoluteUri;
return(SendSecurityTokenRequest(absoluteUri, certificate, ConfigVariables.Cvr));
}
private DemoPortType CreateChannel(SecurityToken token, string endpointUrl)
{
DemoPortTypeClient demoPortType = new DemoPortTypeClient();
// Disable revocation checking (do not use in production).
// Should be uncommented if you intent to call DemoService locally.
// demoPortType.ClientCredentials.ServiceCertificate.Authentication.RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck;
EndpointIdentity identity = EndpointIdentity.CreateDnsIdentity(ConfigVariables.ServiceCertificateAlias);
EndpointAddress endpointAddress = endpointUrl != null ? new EndpointAddress(new Uri(endpointUrl), identity) : new EndpointAddress(demoPortType.Endpoint.Address.Uri, identity);
demoPortType.Endpoint.Address = endpointAddress;
var certificate = CertificateLoader.LoadCertificate(
ConfigVariables.ClientCertificateStoreName,
ConfigVariables.ClientCertificateStoreLocation,
ConfigVariables.ClientCertificateThumbprint);
demoPortType.ClientCredentials.ClientCertificate.Certificate = certificate;
demoPortType.Endpoint.Contract.ProtectionLevel = ProtectionLevel.Sign;
return(demoPortType.ChannelFactory.CreateChannelWithIssuedToken(token));
}
private static IWSTrustChannelContract GenerateStsCertificateClientChannel(X509Certificate2 clientCertificate)
{
var stsAddress = new EndpointAddress(new Uri(ConfigVariables.StsEndpoint), EndpointIdentity.CreateDnsIdentity(ConfigVariables.StsCertificateAlias));
var binding = new MutualCertificateWithMessageSecurityBinding(null);
var factory = new WSTrustChannelFactory(binding, stsAddress);
factory.TrustVersion = TrustVersion.WSTrust13;
factory.Credentials.ClientCertificate.Certificate = clientCertificate;
var certificate = CertificateLoader.LoadCertificate(
ConfigVariables.StsCertificateStoreName,
ConfigVariables.StsCertificateStoreLocation,
ConfigVariables.StsCertificateThumbprint);
factory.Credentials.ServiceCertificate.ScopedCertificates.Add(stsAddress.Uri, certificate);
factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
// Disable revocation checking (do not use in production)
// Should be uncommented if you intent to call DemoService locally.
//factory.Credentials.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;
factory.Endpoint.Contract.ProtectionLevel = ProtectionLevel.Sign;
return(factory.CreateChannel());
}
