private void AddAlgorithmParameters(SecurityAlgorithmSuite algorithmSuite, TrustVersion trustVersion, SecurityKeyType keyType, ref IssuedSecurityTokenParameters issuedParameters) { issuedParameters.AdditionalRequestParameters.Insert(0, this.CreateEncryptionAlgorithmElement(algorithmSuite.DefaultEncryptionAlgorithm)); issuedParameters.AdditionalRequestParameters.Insert(0, this.CreateCanonicalizationAlgorithmElement(algorithmSuite.DefaultCanonicalizationAlgorithm)); string signatureAlgorithm = null; string encryptionAlgorithm = null; switch (keyType) { case SecurityKeyType.SymmetricKey: signatureAlgorithm = algorithmSuite.DefaultSymmetricSignatureAlgorithm; encryptionAlgorithm = algorithmSuite.DefaultEncryptionAlgorithm; break; case SecurityKeyType.AsymmetricKey: signatureAlgorithm = algorithmSuite.DefaultAsymmetricSignatureAlgorithm; encryptionAlgorithm = algorithmSuite.DefaultAsymmetricKeyWrapAlgorithm; break; case SecurityKeyType.BearerKey: return; default: throw new ArgumentOutOfRangeException("keyType"); } issuedParameters.AdditionalRequestParameters.Insert(0, this.CreateSignWithElement(signatureAlgorithm)); issuedParameters.AdditionalRequestParameters.Insert(0, this.CreateEncryptWithElement(encryptionAlgorithm)); if (trustVersion != TrustVersion.WSTrustFeb2005) { issuedParameters.AdditionalRequestParameters.Insert(0, CreateKeyWrapAlgorithmElement(algorithmSuite.DefaultAsymmetricKeyWrapAlgorithm)); } }
internal static bool DoAlgorithmsMatch(System.ServiceModel.Security.Tokens.IssuedSecurityTokenParameters issuedTokenParameters, SecurityAlgorithmSuite securityAlgorithmSuite, object versionSpecificStandardsManager, out Collection <XmlElement> nonAlgorithmRequestParameters) { object[] objArray = new object[] { securityAlgorithmSuite, versionSpecificStandardsManager, null }; bool flag = (bool)InvokeHelper.InvokeStaticMethod(typeof(System.ServiceModel.Security.Tokens.IssuedSecurityTokenParameters), "DoAlgorithmsMatch", objArray); nonAlgorithmRequestParameters = objArray[2] as Collection <XmlElement>; return(flag); }
protected IssuedSecurityTokenParameters (IssuedSecurityTokenParameters source) : base (source) { binding = source.binding; issuer_address = source.issuer_address; issuer_meta_address = source.issuer_meta_address; key_size = source.key_size; key_type = source.key_type; token_type = source.token_type; reqs = new Collection<ClaimTypeRequirement> (source.reqs); additional_reqs = new Collection<XmlElement> (source.additional_reqs); }
internal void ApplyConfiguration(IssuedSecurityTokenParameters parameters) { if (parameters == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("parameters")); } if (this.AdditionalRequestParameters != null) { foreach (XmlElementElement element in this.AdditionalRequestParameters) { parameters.AdditionalRequestParameters.Add(element.XmlElement); } } if (this.ClaimTypeRequirements != null) { foreach (ClaimTypeElement element2 in this.ClaimTypeRequirements) { parameters.ClaimTypeRequirements.Add(new ClaimTypeRequirement(element2.ClaimType, element2.IsOptional)); } } parameters.KeySize = this.KeySize; parameters.KeyType = this.KeyType; parameters.DefaultMessageSecurityVersion = this.DefaultMessageSecurityVersion; if (!string.IsNullOrEmpty(this.TokenType)) { parameters.TokenType = this.TokenType; } if (base.ElementInformation.Properties["issuer"].ValueOrigin != PropertyValueOrigin.Default) { this.Issuer.Validate(); parameters.IssuerAddress = ConfigLoader.LoadEndpointAddress(this.Issuer); if (!string.IsNullOrEmpty(this.Issuer.Binding)) { parameters.IssuerBinding = ConfigLoader.LookupBinding(this.Issuer.Binding, this.Issuer.BindingConfiguration, base.EvaluationContext); } } if (base.ElementInformation.Properties["issuerMetadata"].ValueOrigin != PropertyValueOrigin.Default) { parameters.IssuerMetadataAddress = ConfigLoader.LoadEndpointAddress(this.IssuerMetadata); } }
/// <summary> /// /// </summary> /// <param name="transport"></param> /// <returns></returns> private static System.ServiceModel.Channels.Binding CreateBinding(TransportBindingElement transport) { TextMessageEncodingBindingElement encodingBindingElement = new TextMessageEncodingBindingElement(MessageVersion.Soap11WSAddressing10, Encoding.UTF8); var messageSecurity = new AsymmetricSecurityBindingElement(); messageSecurity.LocalClientSettings.IdentityVerifier = new DisabledDnsIdentityCheck(); messageSecurity.AllowSerializedSigningTokenOnReply = true; messageSecurity.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10; messageSecurity.RecipientTokenParameters = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Any, SecurityTokenInclusionMode.AlwaysToInitiator); messageSecurity.RecipientTokenParameters.RequireDerivedKeys = false; var initiator = new IssuedSecurityTokenParameters("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"); messageSecurity.ProtectTokens = true; initiator.UseStrTransform = true; initiator.KeyType = SecurityKeyType.AsymmetricKey; initiator.RequireDerivedKeys = false; messageSecurity.InitiatorTokenParameters = initiator; var customBinding = new CustomBinding(encodingBindingElement, messageSecurity, transport); return customBinding; }
public static void Main (string [] args) { SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement (); IssuedSecurityTokenParameters ip = new IssuedSecurityTokenParameters (); sbe.ProtectionTokenParameters = ip; ip.ClaimTypeRequirements.Add (new ClaimTypeRequirement ( ClaimTypes.Email)); if (args.Length > 0) { ip.IssuerAddress = new EndpointAddress (new Uri (args [0]), new X509CertificateEndpointIdentity (new X509Certificate2 (args [1]))); } ServiceHost host = new ServiceHost (typeof (Foo)); HttpTransportBindingElement hbe = new HttpTransportBindingElement (); CustomBinding binding = new CustomBinding (sbe, hbe); binding.ReceiveTimeout = TimeSpan.FromSeconds (5); host.AddServiceEndpoint ("IFoo", binding, new Uri ("http://localhost:8080")); ServiceCredentials cred = new ServiceCredentials (); cred.ServiceCertificate.Certificate = new X509Certificate2 ("test.pfx", "mono"); cred.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; cred.IssuedTokenAuthentication.AllowUntrustedRsaIssuers = true; host.Description.Behaviors.Add (cred); host.Description.Behaviors.Find<ServiceDebugBehavior> () .IncludeExceptionDetailInFaults = true; ServiceMetadataBehavior smb = new ServiceMetadataBehavior (); smb.HttpGetEnabled = true; smb.HttpGetUrl = new Uri ("http://localhost:8080/wsdl"); host.Description.Behaviors.Add (smb); host.Open (); Console.WriteLine ("Hit [CR] key to close ..."); Console.ReadLine (); host.Close (); }
protected IssuedSecurityTokenParameters(IssuedSecurityTokenParameters other) : base(other) { this.additionalRequestParameters = new Collection<XmlElement>(); this.alternativeIssuerEndpoints = new Collection<AlternativeIssuerEndpoint>(); this.claimTypeRequirements = new Collection<ClaimTypeRequirement>(); this.defaultMessageSecurityVersion = other.defaultMessageSecurityVersion; this.issuerAddress = other.issuerAddress; this.keyType = other.keyType; this.tokenType = other.tokenType; this.keySize = other.keySize; foreach (XmlElement element in other.additionalRequestParameters) { this.additionalRequestParameters.Add((XmlElement) element.Clone()); } foreach (ClaimTypeRequirement requirement in other.claimTypeRequirements) { this.claimTypeRequirements.Add(requirement); } if (other.issuerBinding != null) { this.issuerBinding = new CustomBinding(other.issuerBinding); } this.issuerMetadataAddress = other.issuerMetadataAddress; }
protected IssuedSecurityTokenParameters(IssuedSecurityTokenParameters other) : base(other) { this.defaultMessageSecurityVersion = other.defaultMessageSecurityVersion; this.issuerAddress = other.issuerAddress; this.keyType = other.keyType; this.tokenType = other.tokenType; this.keySize = other.keySize; this.useStrTransform = other.useStrTransform; foreach (XmlElement parameter in other.additionalRequestParameters) { this.additionalRequestParameters.Add((XmlElement)parameter.Clone()); } foreach (ClaimTypeRequirement c in other.claimTypeRequirements) { this.claimTypeRequirements.Add(c); } if (other.issuerBinding != null) { this.issuerBinding = new CustomBinding(other.issuerBinding); } this.issuerMetadataAddress = other.issuerMetadataAddress; }
internal static IssuedSecurityTokenParameters CreateInfoCardParameters(SecurityStandardsManager standardsManager, SecurityAlgorithmSuite algorithm) { IssuedSecurityTokenParameters parameters = new IssuedSecurityTokenParameters("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1") { KeyType = SecurityKeyType.AsymmetricKey }; parameters.ClaimTypeRequirements.Add(new ClaimTypeRequirement(wsidPPIClaim)); parameters.IssuerAddress = null; parameters.AddAlgorithmParameters(algorithm, standardsManager, parameters.KeyType); return parameters; }
internal static bool IsInfoCardParameters(IssuedSecurityTokenParameters parameters, SecurityStandardsManager standardsManager) { if (parameters == null) { return(false); } if (parameters.TokenType != SecurityXXX2005Strings.SamlTokenType) { return(false); } if (parameters.KeyType != SecurityKeyType.AsymmetricKey) { return(false); } if (parameters.ClaimTypeRequirements.Count == 1) { ClaimTypeRequirement claimTypeRequirement = parameters.ClaimTypeRequirements[0] as ClaimTypeRequirement; if (claimTypeRequirement == null) { return(false); } if (claimTypeRequirement.ClaimType != wsidPPIClaim) { return(false); } } else if ((parameters.AdditionalRequestParameters != null) && (parameters.AdditionalRequestParameters.Count > 0)) { // Check the AdditionalRequest Parameters to see if ClaimTypeRequirements got imported there. bool claimTypeRequirementMatched = false; XmlElement claimTypeRequirement = GetClaimTypeRequirement(parameters.AdditionalRequestParameters, standardsManager); if (claimTypeRequirement != null && claimTypeRequirement.ChildNodes.Count == 1) { XmlElement claimTypeElement = claimTypeRequirement.ChildNodes[0] as XmlElement; if (claimTypeElement != null) { XmlNode claimType = claimTypeElement.Attributes.GetNamedItem("Uri"); if (claimType != null && claimType.Value == wsidPPIClaim) { claimTypeRequirementMatched = true; } } } if (!claimTypeRequirementMatched) { return(false); } } else { return(false); } if (parameters.IssuerAddress != null) { return(false); } if (parameters.AlternativeIssuerEndpoints != null && parameters.AlternativeIssuerEndpoints.Count > 0) { return(false); } return(true); }
public void SecureConvProviderOnlyWithIssuedParameters () { InitiatorServiceModelSecurityTokenRequirement r = new InitiatorServiceModelSecurityTokenRequirement (); r.TokenType = ServiceModelSecurityTokenTypes.SecureConversation; IssuedSecurityTokenParameters ip = new IssuedSecurityTokenParameters (); ip.IssuerAddress = new EndpointAddress ("http://localhost:8080"); ip.IssuerBinding = new WSHttpBinding (); r.Properties [ReqType.IssuedSecurityTokenParametersProperty] = ip; def_c.CreateSecurityTokenProvider (r); }
public virtual bool TryImportReferenceStyleAssertion(ICollection<XmlElement> assertions, IssuedSecurityTokenParameters parameters) { if (TryImportWsspAssertion(assertions, RequireExternalReferenceName)) { parameters.ReferenceStyle = SecurityTokenReferenceStyle.External; } else if (TryImportWsspAssertion(assertions, RequireInternalReferenceName)) { parameters.ReferenceStyle = SecurityTokenReferenceStyle.Internal; } return true; }
public virtual bool TryImportWsspIssuedTokenAssertion(MetadataImporter importer, PolicyConversionContext policyContext, XmlElement assertion, out SecurityTokenParameters parameters) { parameters = null; SecurityTokenInclusionMode inclusionMode; Collection<Collection<XmlElement>> alternatives; EndpointAddress issuer; EndpointAddress issuerMetadata; Collection<XmlElement> requestSecurityTokenTemplate; if (IsWsspAssertion(assertion, IssuedTokenName) && TryGetIncludeTokenValue(assertion, out inclusionMode) && TryGetIssuer(assertion, out issuer, out issuerMetadata) && TryGetRequestSecurityTokenTemplate(assertion, out requestSecurityTokenTemplate)) { if (TryGetNestedPolicyAlternatives(importer, assertion, out alternatives)) { foreach (Collection<XmlElement> alternative in alternatives) { IssuedSecurityTokenParameters issued = new IssuedSecurityTokenParameters(); parameters = issued; if (TryImportWsspRequireDerivedKeysAssertion(alternative, issued) && TryImportReferenceStyleAssertion(alternative, issued) && alternative.Count == 0) { issued.InclusionMode = inclusionMode; issued.IssuerAddress = issuer; issued.IssuerMetadataAddress = issuerMetadata; issued.SetRequestParameters(requestSecurityTokenTemplate, this.TrustDriver); TokenIssuerPolicyResolver policyResolver = new TokenIssuerPolicyResolver(this.TrustDriver); policyResolver.ResolveTokenIssuerPolicy(importer, policyContext, issued); break; } else { parameters = null; } } } else { IssuedSecurityTokenParameters issued = new IssuedSecurityTokenParameters(); parameters = issued; issued.InclusionMode = inclusionMode; issued.IssuerAddress = issuer; issued.IssuerMetadataAddress = issuerMetadata; issued.SetRequestParameters(requestSecurityTokenTemplate, this.TrustDriver); issued.RequireDerivedKeys = false; } } return parameters != null; }
public virtual bool TryImportWsspIssuedTokenAssertion(MetadataImporter importer, PolicyConversionContext policyContext, XmlElement assertion, out SecurityTokenParameters parameters) { SecurityTokenInclusionMode mode; EndpointAddress address; EndpointAddress address2; Collection<XmlElement> collection2; parameters = null; if ((this.IsWsspAssertion(assertion, "IssuedToken") && this.TryGetIncludeTokenValue(assertion, out mode)) && (this.TryGetIssuer(assertion, out address, out address2) && this.TryGetRequestSecurityTokenTemplate(assertion, out collection2))) { Collection<Collection<XmlElement>> collection; if (this.TryGetNestedPolicyAlternatives(importer, assertion, out collection)) { foreach (Collection<XmlElement> collection3 in collection) { IssuedSecurityTokenParameters parameters2 = new IssuedSecurityTokenParameters(); parameters = parameters2; if ((this.TryImportWsspRequireDerivedKeysAssertion(collection3, parameters2) && this.TryImportReferenceStyleAssertion(collection3, parameters2)) && (collection3.Count == 0)) { parameters2.InclusionMode = mode; parameters2.IssuerAddress = address; parameters2.IssuerMetadataAddress = address2; parameters2.SetRequestParameters(collection2, this.TrustDriver); new TokenIssuerPolicyResolver(this.TrustDriver).ResolveTokenIssuerPolicy(importer, policyContext, parameters2); break; } parameters = null; } } else { IssuedSecurityTokenParameters parameters3 = new IssuedSecurityTokenParameters(); parameters = parameters3; parameters3.InclusionMode = mode; parameters3.IssuerAddress = address; parameters3.IssuerMetadataAddress = address2; parameters3.SetRequestParameters(collection2, this.TrustDriver); parameters3.RequireDerivedKeys = false; } } return (parameters != null); }
internal static bool IsIssuedTokenForSslBinding(System.ServiceModel.Channels.SecurityBindingElement bootstrapSecurity, bool p, out System.ServiceModel.Security.Tokens.IssuedSecurityTokenParameters infocardParameters) { object[] objArray = new object[] { bootstrapSecurity, p, null }; bool flag = (bool)InvokeHelper.InvokeStaticMethod(typeof(System.ServiceModel.Channels.SecurityBindingElement), "IsIssuedTokenForSslBinding", objArray); infocardParameters = objArray[2] as System.ServiceModel.Security.Tokens.IssuedSecurityTokenParameters; return(flag); }
// based on WSHttpBinding.CreateMessageSecurity() SecurityBindingElement CreateMessageSecurity () { if (Security.Mode == SecurityMode.Transport || Security.Mode == SecurityMode.None) return null; SymmetricSecurityBindingElement element = new SymmetricSecurityBindingElement (); element.MessageSecurityVersion = MessageSecurityVersion.Default; element.SetKeyDerivation (false); switch (Security.Message.ClientCredentialType) { case MessageCredentialType.Certificate: element.EndpointSupportingTokenParameters.Endorsing.Add ( new X509SecurityTokenParameters ()); goto default; case MessageCredentialType.IssuedToken: IssuedSecurityTokenParameters istp = new IssuedSecurityTokenParameters (); // FIXME: issuer binding must be secure. istp.IssuerBinding = new CustomBinding ( new TextMessageEncodingBindingElement (), GetTransport ()); element.EndpointSupportingTokenParameters.Endorsing.Add (istp); goto default; case MessageCredentialType.UserName: element.EndpointSupportingTokenParameters.SignedEncrypted.Add ( new UserNameSecurityTokenParameters ()); goto default; case MessageCredentialType.Windows: element.ProtectionTokenParameters = new KerberosSecurityTokenParameters (); break; default: // including .None X509SecurityTokenParameters p = new X509SecurityTokenParameters (); p.X509ReferenceStyle = X509KeyIdentifierClauseType.Thumbprint; element.ProtectionTokenParameters = p; break; } return element; }
internal static void AddAlgorithmParameters(System.ServiceModel.Security.Tokens.IssuedSecurityTokenParameters that, params object[] args) { InvokeHelper.InvokeInstanceMethod(typeof(System.ServiceModel.Security.Tokens.IssuedSecurityTokenParameters), that, "AddAlgorithmParameters", args); }
protected override SecurityBindingElement CreateMessageSecurity () { SymmetricSecurityBindingElement element = new SymmetricSecurityBindingElement (); element.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10; // if (!Security.Message.EstablishSecurityContext) // element.SetKeyDerivation (false); IssuedSecurityTokenParameters istp = new IssuedSecurityTokenParameters (); // FIXME: issuer binding must be secure. istp.IssuerBinding = new CustomBinding ( new TextMessageEncodingBindingElement (), GetTransport ()); element.EndpointSupportingTokenParameters.Endorsing.Add (istp); if (Security.Message.NegotiateServiceCredential) { element.ProtectionTokenParameters = // FIXME: fill proper parameters new SslSecurityTokenParameters (false, true); } else { element.ProtectionTokenParameters = new X509SecurityTokenParameters (); } // if (!Security.Message.EstablishSecurityContext) // return element; // SecureConversation enabled ChannelProtectionRequirements reqs = new ChannelProtectionRequirements (); // FIXME: fill the reqs // FIXME: for TransportWithMessageCredential mode, // return TransportSecurityBindingElement. return SecurityBindingElement.CreateSecureConversationBindingElement ( // FIXME: requireCancellation element, true, reqs); }
private SecurityBindingElement CreateWSS11SecurityBindingElement() { AsymmetricSecurityBindingElement secBindingElement = new AsymmetricSecurityBindingElement(); secBindingElement.SecurityHeaderLayout = SecurityHeaderLayout.Lax; // TEST //secBindingElement.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256Rsa15; secBindingElement.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256; secBindingElement.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; secBindingElement.IncludeTimestamp = true; secBindingElement.SetKeyDerivation(false); secBindingElement.AllowSerializedSigningTokenOnReply = true; secBindingElement.RequireSignatureConfirmation = false; //WS2007HttpBinding stsBinding = new WS2007HttpBinding("wssuntBinding"); //CustomBinding stsBinding = new CustomBinding("ADS-CustomSecureTransport"); // TEMPORARILY DISABLED // .Net 3.5 //string adsAddress = "http://ha50idp:8089/ADS-STS/Issue.svc"; // .Net 4.0 string adsAddress = "https://ha50idp:8543/ADS-STS/Issue.svc"; //IssuedSecurityTokenParameters issuedTokenParameters = new IssuedSecurityTokenParameters("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0", // new EndpointAddress(adsAddress), stsBinding); IssuedSecurityTokenParameters issuedTokenParameters = new IssuedSecurityTokenParameters("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"); issuedTokenParameters.UseStrTransform = false; issuedTokenParameters.KeyType = SecurityKeyType.BearerKey; //issuedTokenParameters.KeyType = SecurityKeyType.AsymmetricKey; //issuedTokenParameters.KeyType = SecurityKeyType.SymmetricKey; // 256? //issuedTokenParameters.KeySize = 256; issuedTokenParameters.KeySize = 0; // .Net 3.5 //string adsMexAddress = "http://ha50idp:8089/ADS-STS/Issue.svc/mex"; // .Net 4.0 //string adsMexAddress = "https://ha50idp:8543/ADS-STS/Issue.svc/mex"; //issuedTokenParameters.IssuerMetadataAddress = new EndpointAddress(adsMexAddress); issuedTokenParameters.RequireDerivedKeys = false; issuedTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient; issuedTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.Internal; //issuedTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.External; // Claims //issuedTokenParameters.ClaimTypeRequirements.Add(new ClaimTypeRequirement("gfipm:2.0:user:SurName")); //issuedTokenParameters.ClaimTypeRequirements.Add(new ClaimTypeRequirement("gfipm:2.0:user:GivenName")); //issuedTokenParameters.ClaimTypeRequirements.Add(new ClaimTypeRequirement("gfipm:2.0:user:EmailAddressText")); //issuedTokenParameters.ClaimTypeRequirements.Add(new ClaimTypeRequirement("gfipm:2.0:user:TelephoneNumber")); //issuedTokenParameters.ClaimTypeRequirements.Add(new ClaimTypeRequirement("gfipm:2.0:user:FederationId")); // THis is a test //secBindingElement.EndpointSupportingTokenParameters.SignedEncrypted.Add(issuedTokenParameters); // This is the right one secBindingElement.EndpointSupportingTokenParameters.Signed.Add(issuedTokenParameters); //secBindingElement.EndpointSupportingTokenParameters.Endorsing.Add(issuedTokenParameters); // need to put this in configuration //X509KeyIdentifierClauseType keyIdClauseType = X509KeyIdentifierClauseType.Any; X509KeyIdentifierClauseType keyIdClauseType = X509KeyIdentifierClauseType.SubjectKeyIdentifier; //X509KeyIdentifierClauseType keyIdClauseType = X509KeyIdentifierClauseType.IssuerSerial; //X509KeyIdentifierClauseType keyIdClauseType = X509KeyIdentifierClauseType.Thumbprint; X509SecurityTokenParameters initiatorTokenParameters = new X509SecurityTokenParameters(keyIdClauseType, SecurityTokenInclusionMode.AlwaysToRecipient); initiatorTokenParameters.RequireDerivedKeys = false; initiatorTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient; initiatorTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.External; //initiatorTokenParameters.ReferenceStyle = (SecurityTokenReferenceStyle)X509KeyIdentifierClauseType.RawDataKeyIdentifier; secBindingElement.InitiatorTokenParameters = initiatorTokenParameters; X509SecurityTokenParameters recipientTokenParameters = new X509SecurityTokenParameters(keyIdClauseType, SecurityTokenInclusionMode.Never); recipientTokenParameters.RequireDerivedKeys = false; recipientTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never; recipientTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.External; secBindingElement.RecipientTokenParameters = recipientTokenParameters; secBindingElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12; return secBindingElement; }
public virtual XmlElement CreateWsspIssuedTokenAssertion(MetadataExporter exporter, IssuedSecurityTokenParameters parameters) { XmlElement tokenAssertion = this.CreateWsspAssertion("IssuedToken"); this.SetIncludeTokenValue(tokenAssertion, parameters.InclusionMode); XmlElement newChild = this.CreateWsspIssuerElement(parameters.IssuerAddress, parameters.IssuerMetadataAddress); if (newChild != null) { tokenAssertion.AppendChild(newChild); } XmlElement element3 = this.CreateWsspAssertion("RequestSecurityTokenTemplate"); System.ServiceModel.Security.TrustDriver trustDriver = this.TrustDriver; foreach (XmlElement element4 in parameters.CreateRequestParameters(trustDriver)) { element3.AppendChild(doc.ImportNode(element4, true)); } tokenAssertion.AppendChild(element3); tokenAssertion.AppendChild(this.CreateWspPolicyWrapper(exporter, new XmlElement[] { this.CreateWsspRequireDerivedKeysAssertion(parameters.RequireDerivedKeys), this.CreateReferenceStyleAssertion(parameters.ReferenceStyle) })); return tokenAssertion; }
public void ResolveTokenIssuerPolicy(MetadataImporter importer, PolicyConversionContext policyContext, IssuedSecurityTokenParameters parameters) { if (policyContext == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("policyContext"); } if (parameters == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("parameters"); } EndpointAddress address = (parameters.IssuerMetadataAddress != null) ? parameters.IssuerMetadataAddress : parameters.IssuerAddress; if (((address != null) && !address.IsAnonymous) && !address.Uri.Equals(SelfIssuerUri)) { int num = (int) importer.State["MaxPolicyRedirections"]; if (num <= 0) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("MaximumPolicyRedirectionsExceeded"))); } num--; MetadataExchangeClient client = null; if ((importer.State != null) && importer.State.ContainsKey("MetadataExchangeClientKey")) { client = importer.State["MetadataExchangeClientKey"] as MetadataExchangeClient; } if (client == null) { client = new MetadataExchangeClient(address); } ServiceEndpointCollection serviceEndpoints = null; MetadataSet metadata = null; Exception exception = null; try { metadata = client.GetMetadata(address); } catch (Exception exception2) { if (Fx.IsFatal(exception2)) { throw; } if (exception2 is NullReferenceException) { throw; } exception = exception2; } if (metadata == null) { try { metadata = client.GetMetadata(address.Uri, MetadataExchangeClientMode.HttpGet); } catch (Exception exception3) { if (Fx.IsFatal(exception3)) { throw; } if (exception3 is NullReferenceException) { throw; } if (exception == null) { exception = exception3; } } } if (metadata == null) { if (exception != null) { importer.Errors.Add(new MetadataConversionError(System.ServiceModel.SR.GetString("UnableToObtainIssuerMetadata", new object[] { address, exception }), false)); } } else { WsdlImporter importer2; WsdlImporter importer3 = importer as WsdlImporter; if (importer3 != null) { importer2 = new WsdlImporter(metadata, importer.PolicyImportExtensions, importer3.WsdlImportExtensions); } else { importer2 = new WsdlImporter(metadata, importer.PolicyImportExtensions, null); } if ((importer.State != null) && importer.State.ContainsKey("MetadataExchangeClientKey")) { importer2.State.Add("MetadataExchangeClientKey", importer.State["MetadataExchangeClientKey"]); } importer2.State.Add("MaxPolicyRedirections", num); serviceEndpoints = importer2.ImportAllEndpoints(); for (int i = 0; i < importer2.Errors.Count; i++) { MetadataConversionError error = importer2.Errors[i]; importer.Errors.Add(new MetadataConversionError(System.ServiceModel.SR.GetString("ErrorImportingIssuerMetadata", new object[] { address, InsertEllipsisIfTooLong(error.Message) }), error.IsWarning)); } if (serviceEndpoints != null) { this.AddCompatibleFederationEndpoints(serviceEndpoints, parameters); if ((parameters.AlternativeIssuerEndpoints != null) && (parameters.AlternativeIssuerEndpoints.Count > 0)) { importer.Errors.Add(new MetadataConversionError(System.ServiceModel.SR.GetString("MultipleIssuerEndpointsFound", new object[] { address }))); } } } } }
private void AddCompatibleFederationEndpoints(ServiceEndpointCollection serviceEndpoints, IssuedSecurityTokenParameters parameters) { bool flag = (parameters.IssuerAddress != null) && !parameters.IssuerAddress.IsAnonymous; foreach (ServiceEndpoint endpoint in serviceEndpoints) { TrustDriver trustDriver; if (!this.TryGetTrustDriver(endpoint, out trustDriver)) { trustDriver = this.trustDriver; } bool flag2 = false; ContractDescription contract = endpoint.Contract; for (int i = 0; i < contract.Operations.Count; i++) { OperationDescription description2 = contract.Operations[i]; bool flag3 = false; bool flag4 = false; for (int j = 0; j < description2.Messages.Count; j++) { MessageDescription description3 = description2.Messages[j]; if ((description3.Action == trustDriver.RequestSecurityTokenAction.Value) && (description3.Direction == MessageDirection.Input)) { flag3 = true; } else if ((((trustDriver.StandardsManager.TrustVersion == TrustVersion.WSTrustFeb2005) && (description3.Action == trustDriver.RequestSecurityTokenResponseAction.Value)) || ((trustDriver.StandardsManager.TrustVersion == TrustVersion.WSTrust13) && (description3.Action == trustDriver.RequestSecurityTokenResponseFinalAction.Value))) && (description3.Direction == MessageDirection.Output)) { flag4 = true; } } if (flag3 && flag4) { flag2 = true; break; } } if (flag2 && (!flag || parameters.IssuerAddress.Uri.Equals(endpoint.Address.Uri))) { if (parameters.IssuerBinding == null) { parameters.IssuerAddress = endpoint.Address; parameters.IssuerBinding = endpoint.Binding; } else { IssuedSecurityTokenParameters.AlternativeIssuerEndpoint item = new IssuedSecurityTokenParameters.AlternativeIssuerEndpoint { IssuerAddress = endpoint.Address, IssuerBinding = endpoint.Binding }; parameters.AlternativeIssuerEndpoints.Add(item); } } } }
internal static bool IsInfoCardParameters(IssuedSecurityTokenParameters parameters, SecurityStandardsManager standardsManager) { if (parameters == null) { return false; } if (parameters.TokenType != "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1") { return false; } if (parameters.KeyType != SecurityKeyType.AsymmetricKey) { return false; } if (parameters.ClaimTypeRequirements.Count == 1) { ClaimTypeRequirement requirement = parameters.ClaimTypeRequirements[0]; if (requirement == null) { return false; } if (requirement.ClaimType != wsidPPIClaim) { return false; } } else { if ((parameters.AdditionalRequestParameters == null) || (parameters.AdditionalRequestParameters.Count <= 0)) { return false; } bool flag = false; XmlElement claimTypeRequirement = GetClaimTypeRequirement(parameters.AdditionalRequestParameters, standardsManager); if ((claimTypeRequirement != null) && (claimTypeRequirement.ChildNodes.Count == 1)) { XmlElement element2 = claimTypeRequirement.ChildNodes[0] as XmlElement; if (element2 != null) { System.Xml.XmlNode namedItem = element2.Attributes.GetNamedItem("Uri"); if ((namedItem != null) && (namedItem.Value == wsidPPIClaim)) { flag = true; } } } if (!flag) { return false; } } if (parameters.IssuerAddress != null) { return false; } if ((parameters.AlternativeIssuerEndpoints != null) && (parameters.AlternativeIssuerEndpoints.Count > 0)) { return false; } return true; }
internal static object GetAlternativeIssuerEndpoints(System.ServiceModel.Security.Tokens.IssuedSecurityTokenParameters issuedTokenParameters) { return(InvokeHelper.InvokeStaticGet(typeof(System.ServiceModel.Security.Tokens.IssuedSecurityTokenParameters), "AlternativeIssuerEndpoints")); }
internal void InitializeFrom(IssuedSecurityTokenParameters source, bool initializeNestedBindings) { if (null == source) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("source"); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.KeyType, source.KeyType); if (source.KeySize > 0) { SetPropertyValueIfNotDefaultValue(ConfigurationStrings.KeySize, source.KeySize); } SetPropertyValueIfNotDefaultValue(ConfigurationStrings.TokenType, source.TokenType); SetPropertyValueIfNotDefaultValue(ConfigurationStrings.UseStrTransform, source.UseStrTransform); if (source.IssuerAddress != null) this.Issuer.InitializeFrom(source.IssuerAddress); if (source.DefaultMessageSecurityVersion != null) SetPropertyValueIfNotDefaultValue(ConfigurationStrings.DefaultMessageSecurityVersion, source.DefaultMessageSecurityVersion); if (source.IssuerBinding != null && initializeNestedBindings) { this.Issuer.BindingConfiguration = this.Issuer.Address.ToString(); string bindingSectionName; BindingsSection.TryAdd(this.Issuer.BindingConfiguration, source.IssuerBinding, out bindingSectionName); this.Issuer.Binding = bindingSectionName; } if (source.IssuerMetadataAddress != null) { this.IssuerMetadata.InitializeFrom(source.IssuerMetadataAddress); } foreach (XmlElement element in source.AdditionalRequestParameters) { this.AdditionalRequestParameters.Add(new XmlElementElement(element)); } foreach (ClaimTypeRequirement c in source.ClaimTypeRequirements) { this.ClaimTypeRequirements.Add(new ClaimTypeElement(c.ClaimType, c.IsOptional)); } foreach (IssuedSecurityTokenParameters.AlternativeIssuerEndpoint alternativeIssuer in source.AlternativeIssuerEndpoints) { IssuedTokenParametersElement element = new IssuedTokenParametersElement(); element.Issuer.InitializeFrom(alternativeIssuer.IssuerAddress); if (initializeNestedBindings) { element.Issuer.BindingConfiguration = element.Issuer.Address.ToString(); string bindingSectionName; BindingsSection.TryAdd(element.Issuer.BindingConfiguration, alternativeIssuer.IssuerBinding, out bindingSectionName); element.Issuer.Binding = bindingSectionName; } this.OptionalIssuedTokenParameters.Add(element); } }
internal static bool IsInfoCardParameters(IssuedSecurityTokenParameters parameters, SecurityStandardsManager standardsManager) { if (parameters == null) { return(false); } if (parameters.TokenType != "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1") { return(false); } if (parameters.KeyType != SecurityKeyType.AsymmetricKey) { return(false); } if (parameters.ClaimTypeRequirements.Count == 1) { ClaimTypeRequirement requirement = parameters.ClaimTypeRequirements[0]; if (requirement == null) { return(false); } if (requirement.ClaimType != wsidPPIClaim) { return(false); } } else { if ((parameters.AdditionalRequestParameters == null) || (parameters.AdditionalRequestParameters.Count <= 0)) { return(false); } bool flag = false; XmlElement claimTypeRequirement = GetClaimTypeRequirement(parameters.AdditionalRequestParameters, standardsManager); if ((claimTypeRequirement != null) && (claimTypeRequirement.ChildNodes.Count == 1)) { XmlElement element2 = claimTypeRequirement.ChildNodes[0] as XmlElement; if (element2 != null) { System.Xml.XmlNode namedItem = element2.Attributes.GetNamedItem("Uri"); if ((namedItem != null) && (namedItem.Value == wsidPPIClaim)) { flag = true; } } } if (!flag) { return(false); } } if (parameters.IssuerAddress != null) { return(false); } if ((parameters.AlternativeIssuerEndpoints != null) && (parameters.AlternativeIssuerEndpoints.Count > 0)) { return(false); } return(true); }
internal IssuedSecurityTokenParameters Create(bool createTemplateOnly, SecurityKeyType templateKeyType) { IssuedSecurityTokenParameters result = new IssuedSecurityTokenParameters(); if (!createTemplateOnly) { this.ApplyConfiguration(result); } else { result.KeyType = templateKeyType; } return result; }
// It is problematic, but there is no option to disable establishing security context in this binding unlike WSHttpBinding... SecurityBindingElement CreateMessageSecurity () { if (Security.Mode == SecurityMode.Transport || Security.Mode == SecurityMode.None) return null; // FIXME: this is wrong. Could be Asymmetric, depends on Security.Message.AlgorithmSuite value. SymmetricSecurityBindingElement element = new SymmetricSecurityBindingElement (); element.MessageSecurityVersion = MessageSecurityVersion.Default; element.SetKeyDerivation (false); switch (Security.Message.ClientCredentialType) { case MessageCredentialType.Certificate: element.EndpointSupportingTokenParameters.Endorsing.Add ( new X509SecurityTokenParameters ()); goto default; case MessageCredentialType.IssuedToken: IssuedSecurityTokenParameters istp = new IssuedSecurityTokenParameters (); // FIXME: issuer binding must be secure. istp.IssuerBinding = new CustomBinding ( new TextMessageEncodingBindingElement (), GetTransport ()); element.EndpointSupportingTokenParameters.Endorsing.Add (istp); goto default; case MessageCredentialType.UserName: element.EndpointSupportingTokenParameters.SignedEncrypted.Add ( new UserNameSecurityTokenParameters ()); goto default; case MessageCredentialType.Windows: element.ProtectionTokenParameters = new KerberosSecurityTokenParameters (); break; default: // including .None X509SecurityTokenParameters p = new X509SecurityTokenParameters (); p.X509ReferenceStyle = X509KeyIdentifierClauseType.Thumbprint; element.ProtectionTokenParameters = p; break; } // SecureConversation enabled ChannelProtectionRequirements reqs = new ChannelProtectionRequirements (); // FIXME: fill the reqs return SecurityBindingElement.CreateSecureConversationBindingElement ( // FIXME: requireCancellation element, true, reqs); }
internal static bool IsInfoCardParameters(System.ServiceModel.Security.Tokens.IssuedSecurityTokenParameters infocardParameters) { return((bool)InvokeHelper.InvokeStaticMethod(typeof(System.ServiceModel.Security.Tokens.IssuedSecurityTokenParameters), "IsInfocardParameters", null)); }
void AddCompatibleFederationEndpoints(ServiceEndpointCollection serviceEndpoints, IssuedSecurityTokenParameters parameters) { // check if an explicit issuer address has been specified. If so,add the endpoint corresponding to that address only. If not add all acceptable endpoints. bool isIssuerSpecified = (parameters.IssuerAddress != null && !parameters.IssuerAddress.IsAnonymous); foreach (ServiceEndpoint endpoint in serviceEndpoints) { TrustDriver trustDriver; if (!TryGetTrustDriver(endpoint, out trustDriver)) { // if endpoint does not have trustDriver, assume // parent trustDriver. trustDriver = this.trustDriver; } bool isFederationContract = false; ContractDescription contract = endpoint.Contract; for (int j = 0; j < contract.Operations.Count; ++j) { OperationDescription operation = contract.Operations[j]; bool hasIncomingRst = false; bool hasOutgoingRstr = false; for (int k = 0; k < operation.Messages.Count; ++k) { MessageDescription message = operation.Messages[k]; if (message.Action == trustDriver.RequestSecurityTokenAction.Value && message.Direction == MessageDirection.Input) { hasIncomingRst = true; } else if ((((trustDriver.StandardsManager.TrustVersion == TrustVersion.WSTrustFeb2005) && (message.Action == trustDriver.RequestSecurityTokenResponseAction.Value)) || ((trustDriver.StandardsManager.TrustVersion == TrustVersion.WSTrust13) && (message.Action == trustDriver.RequestSecurityTokenResponseFinalAction.Value))) && message.Direction == MessageDirection.Output) { hasOutgoingRstr = true; } } if (hasIncomingRst && hasOutgoingRstr) { isFederationContract = true; break; } } if (isFederationContract) { // skip if it is not an acceptable endpoint if (isIssuerSpecified && !parameters.IssuerAddress.Uri.Equals(endpoint.Address.Uri)) { continue; } if (parameters.IssuerBinding == null) { parameters.IssuerAddress = endpoint.Address; parameters.IssuerBinding = endpoint.Binding; } else { IssuedSecurityTokenParameters.AlternativeIssuerEndpoint endpointInfo = new IssuedSecurityTokenParameters.AlternativeIssuerEndpoint(); endpointInfo.IssuerAddress = endpoint.Address; endpointInfo.IssuerBinding = endpoint.Binding; parameters.AlternativeIssuerEndpoints.Add(endpointInfo); } } } }
protected IssuedSecurityTokenParameters(IssuedSecurityTokenParameters other) { Contract.Requires(other != null); }
public void CreateIssuedTokenForCertificateBindingElement1 () { IssuedSecurityTokenParameters tp = new IssuedSecurityTokenParameters (); SymmetricSecurityBindingElement be = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement (tp); SecurityAssert.AssertSymmetricSecurityBindingElement ( SecurityAlgorithmSuite.Default, true, // IncludeTimestamp SecurityKeyEntropyMode.CombinedEntropy, MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature, MessageSecurityVersion.Default, true, // RequireSignatureConfirmation SecurityHeaderLayout.Strict, // EndpointSupportingTokenParameters: endorsing, signed, signedEncrypted, signedEndorsing (by count) 1, 0, 0, 0, // ProtectionTokenParameters true, SecurityTokenInclusionMode.Never, SecurityTokenReferenceStyle.Internal, true, // LocalClientSettings true, 60, true, be, ""); // test ProtectionTokenParameters X509SecurityTokenParameters ptp = be.ProtectionTokenParameters as X509SecurityTokenParameters; Assert.IsNotNull (ptp, "#2-1"); SecurityAssert.AssertSecurityTokenParameters ( SecurityTokenInclusionMode.Never, SecurityTokenReferenceStyle.Internal, true, ptp, "Protection"); Assert.AreEqual (X509KeyIdentifierClauseType.Thumbprint, ptp.X509ReferenceStyle, "#2-2"); Assert.AreEqual (tp, be.EndpointSupportingTokenParameters.Endorsing [0], "EndpointParams.Endorsing[0]"); }
public virtual XmlElement CreateWsspIssuedTokenAssertion(MetadataExporter exporter, IssuedSecurityTokenParameters parameters) { XmlElement result = CreateWsspAssertion(IssuedTokenName); SetIncludeTokenValue(result, parameters.InclusionMode); XmlElement issuerAssertion = CreateWsspIssuerElement(parameters.IssuerAddress, parameters.IssuerMetadataAddress); if (issuerAssertion != null) { result.AppendChild(issuerAssertion); } XmlElement tokenTemplate = CreateWsspAssertion(RequestSecurityTokenTemplateName); TrustDriver driver = this.TrustDriver; foreach (XmlElement p in parameters.CreateRequestParameters(driver)) { tokenTemplate.AppendChild(doc.ImportNode(p, true)); } result.AppendChild(tokenTemplate); result.AppendChild( CreateWspPolicyWrapper( exporter, CreateWsspRequireDerivedKeysAssertion(parameters.RequireDerivedKeys), CreateReferenceStyleAssertion(parameters.ReferenceStyle) )); return result; }
public void CreateIssuedTokenBindingElement1 () { IssuedSecurityTokenParameters tp = new IssuedSecurityTokenParameters (); SymmetricSecurityBindingElement be = SecurityBindingElement.CreateIssuedTokenBindingElement (tp); SecurityAssert.AssertSymmetricSecurityBindingElement ( SecurityAlgorithmSuite.Default, true, // IncludeTimestamp SecurityKeyEntropyMode.CombinedEntropy, MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature, MessageSecurityVersion.Default, false, // RequireSignatureConfirmation SecurityHeaderLayout.Strict, // EndpointSupportingTokenParameters: endorsing, signed, signedEncrypted, signedEndorsing (by count) 0, 0, 0, 0, // ProtectionTokenParameters true, SecurityTokenInclusionMode.AlwaysToRecipient, SecurityTokenReferenceStyle.Internal, true, // LocalClientSettings true, 60, true, be, ""); // test ProtectionTokenParameters Assert.AreEqual (tp, be.ProtectionTokenParameters, "#2-1"); SecurityAssert.AssertSecurityTokenParameters ( SecurityTokenInclusionMode.AlwaysToRecipient, SecurityTokenReferenceStyle.Internal, true, tp, "Protection"); }
public void ResolveTokenIssuerPolicy(MetadataImporter importer, PolicyConversionContext policyContext, IssuedSecurityTokenParameters parameters) { if (policyContext == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("policyContext"); } if (parameters == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("parameters"); } EndpointAddress mexAddress = (parameters.IssuerMetadataAddress != null) ? parameters.IssuerMetadataAddress : parameters.IssuerAddress; if (mexAddress == null || mexAddress.IsAnonymous || mexAddress.Uri.Equals(SelfIssuerUri)) { return; } int maximumRedirections = (int)importer.State[SecurityBindingElementImporter.MaxPolicyRedirectionsKey]; if (maximumRedirections <= 0) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.MaximumPolicyRedirectionsExceeded))); } --maximumRedirections; // // Try to retrieve the proxy from the importer.State bag so that we can have secure mex // and it fails, then we can create a default one // MetadataExchangeClient policyFetcher = null; if ((importer.State != null) && (importer.State.ContainsKey(MetadataExchangeClient.MetadataExchangeClientKey))) { policyFetcher = importer.State[MetadataExchangeClient.MetadataExchangeClientKey] as MetadataExchangeClient; } if (policyFetcher == null) policyFetcher = new MetadataExchangeClient(mexAddress); ServiceEndpointCollection federationEndpoints = null; MetadataSet metadataSet = null; Exception mexException = null; try { metadataSet = policyFetcher.GetMetadata(mexAddress); } catch (Exception e) { if (Fx.IsFatal(e)) throw; if (e is NullReferenceException) throw; mexException = e; } // // DCR 6729: Try the http get option here if mex failed. // if (metadataSet == null ) { try { metadataSet = policyFetcher.GetMetadata(mexAddress.Uri, MetadataExchangeClientMode.HttpGet); } catch (Exception e) { if (Fx.IsFatal(e)) throw; if (e is NullReferenceException) throw; if (mexException == null) mexException = e; } } if (metadataSet == null) { // // we could not retrieve the metadata from the issuer for some reason // if (mexException != null) importer.Errors.Add(new MetadataConversionError(SR.GetString(SR.UnableToObtainIssuerMetadata, mexAddress, mexException), false)); return; } WsdlImporter wsdlImporter; // NOTE: [....], Policy import/export is seperate from WSDL however, this policy importer // invokes the WsdlImporter. In the event that the current MetadataImporter is a WsdlImporter, // we should use it's collection of extensions for the import process. Other wise WsdlImporter currentWsdlImporter = importer as WsdlImporter; if (currentWsdlImporter != null) { wsdlImporter = new WsdlImporter(metadataSet, importer.PolicyImportExtensions, currentWsdlImporter.WsdlImportExtensions); } else { wsdlImporter = new WsdlImporter(metadataSet, importer.PolicyImportExtensions, null); } // // Copy the State from the first importer to the second one so that the state can be passed to the second round wsdl retrieval // if ((importer.State != null) && (importer.State.ContainsKey(MetadataExchangeClient.MetadataExchangeClientKey))) { wsdlImporter.State.Add(MetadataExchangeClient.MetadataExchangeClientKey, importer.State[MetadataExchangeClient.MetadataExchangeClientKey]); } wsdlImporter.State.Add(SecurityBindingElementImporter.MaxPolicyRedirectionsKey, maximumRedirections); federationEndpoints = wsdlImporter.ImportAllEndpoints(); // copy all the import errors into the current metadata importer for (int i = 0; i < wsdlImporter.Errors.Count; ++i) { MetadataConversionError error = wsdlImporter.Errors[i]; importer.Errors.Add(new MetadataConversionError(SR.GetString(SR.ErrorImportingIssuerMetadata, mexAddress, InsertEllipsisIfTooLong(error.Message)), error.IsWarning)); } if (federationEndpoints != null) { AddCompatibleFederationEndpoints(federationEndpoints, parameters); if (parameters.AlternativeIssuerEndpoints != null && parameters.AlternativeIssuerEndpoints.Count > 0) { importer.Errors.Add(new MetadataConversionError(SR.GetString(SR.MultipleIssuerEndpointsFound, mexAddress))); } } }
protected override SecurityBindingElement CreateSecurityBindingElement() { SecurityBindingElement element; IssuedSecurityTokenParameters issuedParameters = new IssuedSecurityTokenParameters(this._tokenType, this._issuerAddress, this._issuerBinding) { KeyType = this._keyType, IssuerMetadataAddress = this._issuerMetadataAddress }; if (this._keyType == SecurityKeyType.SymmetricKey) { issuedParameters.KeySize = this._algorithmSuite.DefaultSymmetricKeyLength; } else { issuedParameters.KeySize = 0; } if (this._claimTypeRequirements != null) { foreach (ClaimTypeRequirement requirement in this._claimTypeRequirements) { issuedParameters.ClaimTypeRequirements.Add(requirement); } } this.AddAlgorithmParameters(this._algorithmSuite, base.TrustVersion, this._keyType, ref issuedParameters); if (SecurityMode.Message == base.SecurityMode) { element = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(issuedParameters); } else { if (SecurityMode.TransportWithMessageCredential != base.SecurityMode) { throw new InvalidOperationException("ID3226"); } element = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(issuedParameters); } element.DefaultAlgorithmSuite = this._algorithmSuite; element.IncludeTimestamp = true; return element; }
public void CreateRequestParameters () { IssuedSecurityTokenParameters p = new IssuedSecurityTokenParameters (); p.ClaimTypeRequirements.Add (new ClaimTypeRequirement (ClaimTypes.Name, true)); p.AdditionalRequestParameters.Add (new XmlDocument () .CreateElement ("AdditionalFoo")); Collection<XmlElement> c = p.CreateRequestParameters ( MessageSecurityVersion.Default, WSSecurityTokenSerializer.DefaultInstance); StringWriter sw = new StringWriter (); XmlWriterSettings settings = new XmlWriterSettings (); settings.OmitXmlDeclaration = true; foreach (XmlElement el in c) { XmlWriter w = XmlWriter.Create (sw, settings); el.WriteTo (w); w.Close (); } string expected = @"<t:KeyType xmlns:t='http://schemas.xmlsoap.org/ws/2005/02/trust'>http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType><t:Claims xmlns:t='http://schemas.xmlsoap.org/ws/2005/02/trust'><wsid:ClaimType Uri='http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name' Optional='true' xmlns:wsid='http://schemas.xmlsoap.org/ws/2005/05/identity' /></t:Claims><AdditionalFoo />"; Assert.AreEqual (expected.Replace ('\'', '"'), sw.ToString ()); }