public static void Main () { AsymmetricSecurityBindingElement sbe = new AsymmetricSecurityBindingElement (); //sbe.SecurityHeaderLayout = SecurityHeaderLayout.Lax; //sbe.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11; //sbe.RequireSignatureConfirmation = true; //sbe.LocalServiceSettings.DetectReplays = false; //sbe.IncludeTimestamp = false; sbe.RecipientTokenParameters = new X509SecurityTokenParameters (X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.Never); sbe.InitiatorTokenParameters = new X509SecurityTokenParameters (X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.AlwaysToRecipient); X509SecurityTokenParameters p = new X509SecurityTokenParameters (X509KeyIdentifierClauseType.IssuerSerial, SecurityTokenInclusionMode.AlwaysToRecipient); p.RequireDerivedKeys = false; //sbe.EndpointSupportingTokenParameters.Endorsing.Add (p); UserNameSecurityTokenParameters up = new UserNameSecurityTokenParameters (); sbe.EndpointSupportingTokenParameters.Signed.Add (up); sbe.SetKeyDerivation (false); sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; ServiceHost host = new ServiceHost (typeof (Foo)); HttpTransportBindingElement hbe = new HttpTransportBindingElement (); CustomBinding binding = new CustomBinding (sbe, hbe); binding.ReceiveTimeout = TimeSpan.FromSeconds (5); host.AddServiceEndpoint ("IFoo", binding, new Uri ("http://localhost:8080")); ServiceCredentials cred = new ServiceCredentials (); cred.ServiceCertificate.Certificate = new X509Certificate2 ("test.pfx", "mono"); cred.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; cred.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom; cred.UserNameAuthentication.CustomUserNamePasswordValidator = UserNamePasswordValidator.None; host.Description.Behaviors.Add (cred); host.Description.Behaviors.Find<ServiceDebugBehavior> () .IncludeExceptionDetailInFaults = true; foreach (ServiceEndpoint se in host.Description.Endpoints) se.Behaviors.Add (new StdErrInspectionBehavior ()); ServiceMetadataBehavior smb = new ServiceMetadataBehavior (); smb.HttpGetEnabled = true; smb.HttpGetUrl = new Uri ("http://localhost:8080/wsdl"); host.Description.Behaviors.Add (smb); host.Open (); Console.WriteLine ("Hit [CR] key to close ..."); Console.ReadLine (); host.Close (); }
public virtual bool TryImportWsspUsernameTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters) { parameters = null; SecurityTokenInclusionMode inclusionMode; Collection<Collection<XmlElement>> alternatives; if (IsWsspAssertion(assertion, UsernameTokenName) && TryGetIncludeTokenValue(assertion, out inclusionMode)) { if (TryGetNestedPolicyAlternatives(importer, assertion, out alternatives)) { foreach (Collection<XmlElement> alternative in alternatives) { if (TryImportWsspAssertion(alternative, WssUsernameToken10Name) && alternative.Count == 0) { parameters = new UserNameSecurityTokenParameters(); parameters.InclusionMode = inclusionMode; break; } } } else { parameters = new UserNameSecurityTokenParameters(); parameters.InclusionMode = inclusionMode; } } return parameters != null; }
public virtual XmlElement CreateWsspUsernameTokenAssertion(MetadataExporter exporter, UserNameSecurityTokenParameters parameters) { XmlElement result = CreateWsspAssertion(UsernameTokenName); SetIncludeTokenValue(result, parameters.InclusionMode); result.AppendChild( CreateWspPolicyWrapper( exporter, CreateWsspAssertion(WssUsernameToken10Name) )); return result; }
private SecurityBindingElement CreateSecurityBindingElement() { SymmetricSecurityBindingElement secBindingElement = new SymmetricSecurityBindingElement(); secBindingElement.SecurityHeaderLayout = SecurityHeaderLayout.Strict; // TEST //secBindingElement.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256Rsa15; secBindingElement.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256; secBindingElement.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; secBindingElement.IncludeTimestamp = true; secBindingElement.SetKeyDerivation(false); //secBindingElement.RequireSignatureConfirmation = true; //secBindingElement.AllowInsecureTransport = true; ////////////////////////////////////////////////////////// SecurityBindingElement ssbe = (SecurityBindingElement)secBindingElement; // Set the Custom IdentityVerifier //ssbe.LocalClientSettings.IdentityVerifier = new Common.CustomIdentityVerifier(); ////////////////////////////////////////////////////////// X509SecurityTokenParameters protectTokenParameters = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.Never); protectTokenParameters.X509ReferenceStyle = X509KeyIdentifierClauseType.Thumbprint; //X509SecurityTokenParameters protectTokenParameters = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.IssuerSerial, // SecurityTokenInclusionMode.Never); protectTokenParameters.RequireDerivedKeys = false; //protectTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never; //protectTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient; secBindingElement.ProtectionTokenParameters = protectTokenParameters; UserNameSecurityTokenParameters userNameToken = new UserNameSecurityTokenParameters(); userNameToken.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient; secBindingElement.EndpointSupportingTokenParameters.SignedEncrypted.Add(userNameToken); //secBindingElement.EndpointSupportingTokenParameters.Signed.Add(userNameToken); //secBindingElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12; secBindingElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10; return secBindingElement; }
protected UserNameSecurityTokenParameters(UserNameSecurityTokenParameters other) : base(other) { base.RequireDerivedKeys = false; }
protected UserNameSecurityTokenParameters(UserNameSecurityTokenParameters other) : base(other) { }
public void GetPropertySecurityCapabilities () { ISecurityCapabilities c; RsaSecurityTokenParameters rsa = new RsaSecurityTokenParameters (); UserNameSecurityTokenParameters user = new UserNameSecurityTokenParameters (); X509SecurityTokenParameters x509 = new X509SecurityTokenParameters (); SecureConversationSecurityTokenParameters sc1 = new SecureConversationSecurityTokenParameters (); sc1.BootstrapSecurityBindingElement = new SymmetricSecurityBindingElement (); // empty SecureConversationSecurityTokenParameters sc2 = new SecureConversationSecurityTokenParameters (); sc2.BootstrapSecurityBindingElement = new SymmetricSecurityBindingElement (x509); SecureConversationSecurityTokenParameters sc3 = new SecureConversationSecurityTokenParameters (); sc3.BootstrapSecurityBindingElement = new AsymmetricSecurityBindingElement (null, x509); SecureConversationSecurityTokenParameters sc4 = new SecureConversationSecurityTokenParameters (); sc4.BootstrapSecurityBindingElement = new AsymmetricSecurityBindingElement (x509, null); // no parameters c = GetSecurityCapabilities ( new SymmetricSecurityBindingElement ()); AssertSecurityCapabilities ( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, false, false, false, c, "#1"); // x509 parameters for both c = GetSecurityCapabilities ( new SymmetricSecurityBindingElement (x509)); AssertSecurityCapabilities ( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, true, true, true, c, "#2"); // no initiator parameters c = GetSecurityCapabilities ( new AsymmetricSecurityBindingElement (x509, null)); AssertSecurityCapabilities ( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, false, false, true, c, "#3"); // no recipient parameters c = GetSecurityCapabilities ( new AsymmetricSecurityBindingElement (null, x509)); AssertSecurityCapabilities ( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, true, true, false, c, "#4"); // initiator does not support identity c = GetSecurityCapabilities ( new AsymmetricSecurityBindingElement (x509, rsa)); AssertSecurityCapabilities ( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, true, false, true, c, "#5"); // recipient does not support server auth c = GetSecurityCapabilities ( new AsymmetricSecurityBindingElement (user, x509)); AssertSecurityCapabilities ( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, true, true, false, c, "#6"); // secureconv with no symm. bootstrap params c = GetSecurityCapabilities ( new SymmetricSecurityBindingElement (sc1)); AssertSecurityCapabilities ( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, false, false, false, c, "#7"); // secureconv with x509 symm. bootstrap params c = GetSecurityCapabilities ( new SymmetricSecurityBindingElement (sc2)); AssertSecurityCapabilities ( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, true, true, true, c, "#8"); // secureconv with x509 initiator bootstrap params c = GetSecurityCapabilities ( new SymmetricSecurityBindingElement (sc3)); AssertSecurityCapabilities ( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, true, true, false, c, "#9"); // secureconv with x509 recipient bootstrap params c = GetSecurityCapabilities ( new SymmetricSecurityBindingElement (sc4)); AssertSecurityCapabilities ( ProtectionLevel.EncryptAndSign, ProtectionLevel.EncryptAndSign, false, false, true, c, "#10"); // FIXME: find out such cases that returns other ProtectionLevel values. }
/// <summary> /// /// </summary> /// <param name="accountCredentials"></param> /// <returns>A disposable object you should wrap in using() statement</returns> public static DocuSignWeb.APIServiceSoap CreateApiProxy(AccountCredentials accountCredentials) { #if true // the envelope is finally constructed we are ready to send it in DocuSignWeb.APIServiceSoapClient apiService = new DocuSignWeb.APIServiceSoapClient("APIServiceSoap", accountCredentials.ApiUrl); apiService.ClientCredentials.UserName.UserName = accountCredentials.UserName; apiService.ClientCredentials.UserName.Password = accountCredentials.Password; return apiService; #else // this is a security token configuration // this is required for certain calls like RequestRecipientToken // you need to get a certificate from Thawte or VeriSign first and install it DocuSignWeb.APIServiceSoapClient apiService = new DocuSignWeb.APIServiceSoapClient("APIServiceSoap1", accountCredentials.ApiUrl); apiService.ClientCredentials.UserName.UserName = "******"+ConfigurationManager.AppSettings["IntegratorsKey"]+"]"+ConfigurationManager.AppSettings["APIUserEmail"]; apiService.ClientCredentials.UserName.Password = ConfigurationManager.AppSettings["Password"]; // // need to add the supporting token since DocuSign uses dual authentication for // for critical calls CustomBinding binding = (CustomBinding)apiService.Endpoint.Binding; BindingElementCollection elements = binding.CreateBindingElements(); SecurityBindingElement security = elements.Find<SecurityBindingElement>(); UserNameSecurityTokenParameters tokenParameters = new UserNameSecurityTokenParameters(); tokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient; tokenParameters.RequireDerivedKeys = false; security.EndpointSupportingTokenParameters.SignedEncrypted.Add( tokenParameters); apiService.Endpoint.Binding = new CustomBinding(elements.ToArray()); ; return apiService; #endif }
public virtual XmlElement CreateWsspUsernameTokenAssertion(MetadataExporter exporter, UserNameSecurityTokenParameters parameters) { XmlElement tokenAssertion = this.CreateWsspAssertion("UsernameToken"); this.SetIncludeTokenValue(tokenAssertion, parameters.InclusionMode); tokenAssertion.AppendChild(this.CreateWspPolicyWrapper(exporter, new XmlElement[] { this.CreateWsspAssertion("WssUsernameToken10") })); return tokenAssertion; }
public virtual bool TryImportWsspUsernameTokenAssertion(MetadataImporter importer, XmlElement assertion, out SecurityTokenParameters parameters) { SecurityTokenInclusionMode mode; parameters = null; if (this.IsWsspAssertion(assertion, "UsernameToken") && this.TryGetIncludeTokenValue(assertion, out mode)) { Collection<Collection<XmlElement>> collection; if (this.TryGetNestedPolicyAlternatives(importer, assertion, out collection)) { foreach (Collection<XmlElement> collection2 in collection) { if (this.TryImportWsspAssertion(collection2, "WssUsernameToken10") && (collection2.Count == 0)) { parameters = new UserNameSecurityTokenParameters(); parameters.InclusionMode = mode; break; } } } else { parameters = new UserNameSecurityTokenParameters(); parameters.InclusionMode = mode; } } return (parameters != null); }
protected UserNameSecurityTokenParameters(UserNameSecurityTokenParameters other) { Contract.Ensures(!this.RequireDerivedKeys); }
protected UserNameSecurityTokenParameters (UserNameSecurityTokenParameters source) : base (source) { }
protected UserNameSecurityTokenParameters(UserNameSecurityTokenParameters source) : base(source) { }