internal static bool TryCreate(SecurityBindingElement sbe, TransportBindingElement transport, PrivacyNoticeBindingElement privacy, ReliableSessionBindingElement rsbe, TransactionFlowBindingElement tfbe, out Binding binding) { WSFederationHttpSecurityMode mode; WSFederationHttpSecurity security2; bool isReliableSession = rsbe != null; binding = null; HttpTransportSecurity transportSecurity = new HttpTransportSecurity(); if (!WSFederationHttpBinding.GetSecurityModeFromTransport(transport, transportSecurity, out mode)) { return false; } HttpsTransportBindingElement element = transport as HttpsTransportBindingElement; if (((element != null) && (element.MessageSecurityVersion != null)) && (element.MessageSecurityVersion.SecurityPolicyVersion != WS2007MessageSecurityVersion.SecurityPolicyVersion)) { return false; } if (TryCreateSecurity(sbe, mode, transportSecurity, isReliableSession, out security2)) { binding = new WS2007FederationHttpBinding(security2, privacy, isReliableSession); } if ((rsbe != null) && (rsbe.ReliableMessagingVersion != ReliableMessagingVersion.WSReliableMessaging11)) { return false; } if ((tfbe != null) && (tfbe.TransactionProtocol != TransactionProtocol.WSAtomicTransaction11)) { return false; } return (binding != null); }
public Binding Create(Endpoint serviceInterface) { System.Net.ServicePointManager.ServerCertificateValidationCallback = ((sender, certificate, chain, sslPolicyErrors) => true); var secureBinding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential) { Name = "secure", TransactionFlow = false, HostNameComparisonMode = serviceInterface.HostNameComparisonMode.ParseAsEnum(HostNameComparisonMode.StrongWildcard), MaxBufferPoolSize = serviceInterface.MaxBufferPoolSize, MaxReceivedMessageSize = serviceInterface.MaxReceivedSize, MessageEncoding = serviceInterface.MessageFormat.ParseAsEnum(WSMessageEncoding.Text), TextEncoding = Encoding.UTF8, ReaderQuotas = XmlDictionaryReaderQuotas.Max, BypassProxyOnLocal = true, UseDefaultWebProxy = false }; if (ConfigurationManagerHelper.GetValueOnKey("stardust.UseDefaultProxy")=="true") { secureBinding.BypassProxyOnLocal = false; secureBinding.UseDefaultWebProxy = true; } SetSecuritySettings(serviceInterface, secureBinding); return secureBinding; }
public ActionResult Webservice() { ViewBag.Message = "Your application description page."; // Setup the channel factory for the call to the backend service var binding = new WS2007FederationHttpBinding( WSFederationHttpSecurityMode.TransportWithMessageCredential); var factory = new ChannelFactory<WebService.IService>(binding, new EndpointAddress("https://[BackendService]/Service.svc")); // turn off CardSpace factory.Credentials.SupportInteractive = false; // Get the token representing the logged in user var actAsToken = GetActAsToken(); // Create the channel to the backend service using the acquired token var channel = factory.CreateChannelWithIssuedToken(actAsToken); // Call the service var serviceClaims = channel.GetClaimsPrincipal(); // At this point, you can compare the claims the are available to the backend service with the ones available to the web app // See for example that the backend service has knowledge of both the logged in user and the front end app through which the user is logged in ViewBag.Message = "Web service call succeeded!"; return View(); }
internal static bool TryCreate(SecurityBindingElement sbe, TransportBindingElement transport, PrivacyNoticeBindingElement privacy, ReliableSessionBindingElement rsbe, TransactionFlowBindingElement tfbe, out Binding binding) { WSFederationHttpSecurityMode mode; WSFederationHttpSecurity security2; bool isReliableSession = rsbe != null; binding = null; HttpTransportSecurity transportSecurity = new HttpTransportSecurity(); if (!WSFederationHttpBinding.GetSecurityModeFromTransport(transport, transportSecurity, out mode)) { return(false); } HttpsTransportBindingElement element = transport as HttpsTransportBindingElement; if (((element != null) && (element.MessageSecurityVersion != null)) && (element.MessageSecurityVersion.SecurityPolicyVersion != WS2007MessageSecurityVersion.SecurityPolicyVersion)) { return(false); } if (TryCreateSecurity(sbe, mode, transportSecurity, isReliableSession, out security2)) { binding = new WS2007FederationHttpBinding(security2, privacy, isReliableSession); } if ((rsbe != null) && (rsbe.ReliableMessagingVersion != ReliableMessagingVersion.WSReliableMessaging11)) { return(false); } if ((tfbe != null) && (tfbe.TransactionProtocol != TransactionProtocol.WSAtomicTransaction11)) { return(false); } return(binding != null); }
public static Binding CreateBinding(string bindingName) { Binding result = null; try { if (string.Compare(bindingName, typeof(WSHttpBinding).FullName, true) == 0) { result = new WSHttpBinding(); } else if (string.Compare(bindingName, typeof(WS2007HttpBinding).FullName, true) == 0) { result = new WS2007HttpBinding(); } else if (string.Compare(bindingName, typeof(BasicHttpBinding).FullName, true) == 0) { result = new BasicHttpBinding(); } else if (string.Compare(bindingName, typeof(WSDualHttpBinding).FullName, true) == 0) { result = new WSDualHttpBinding(); } else if (string.Compare(bindingName, typeof(WS2007FederationHttpBinding).FullName, true) == 0) { result = new WS2007FederationHttpBinding(); } else if (string.Compare(bindingName, typeof(WSFederationHttpBinding).FullName, true) == 0) { result = new WSFederationHttpBinding(); } else if (string.Compare(bindingName, typeof(NetNamedPipeBinding).FullName, true) == 0) { result = new NetNamedPipeBinding(); } else if (string.Compare(bindingName, typeof(NetMsmqBinding).FullName, true) == 0) { result = new NetMsmqBinding(); } else if (string.Compare(bindingName, typeof(MsmqIntegrationBinding).FullName, true) == 0) { result = new MsmqIntegrationBinding(); } else if (string.Compare(bindingName, typeof(NetTcpBinding).FullName, true) == 0) { result = new NetTcpBinding(); } else if (string.Compare(bindingName, typeof(NetPeerTcpBinding).FullName, true) == 0) { result = new NetPeerTcpBinding(); } } catch { result = new BasicHttpBinding(BasicHttpSecurityMode.None); } return result; }
static Binding CreateBinding() { var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); // only for testing on localhost binding.HostNameComparisonMode = HostNameComparisonMode.Exact; binding.Security.Message.EstablishSecurityContext = false; binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey; return binding; }
public static Binding Resolve(WcfBindingTypes type) { Binding binding = null; switch (type) { case WcfBindingTypes.BasicHttpBinding: binding = new BasicHttpBinding(); break; case WcfBindingTypes.NetTcpBinding: binding = new NetTcpBinding(); break; case WcfBindingTypes.NetTcpContextBinding: binding = new NetTcpContextBinding(); break; case WcfBindingTypes.WsHttpBinding: binding = new WSHttpBinding(); break; case WcfBindingTypes.NetMsmqBinding: binding = new NetMsmqBinding(); break; case WcfBindingTypes.NetPeerTcpBinding: binding = new NetPeerTcpBinding(); break; case WcfBindingTypes.BasicHttpContextBinding: binding = new BasicHttpContextBinding(); break; case WcfBindingTypes.WSHttpContextBinding: binding = new WSHttpContextBinding(); break; case WcfBindingTypes.WS2007FederationHttpBinding: binding = new WS2007FederationHttpBinding(); break; case WcfBindingTypes.WS2007HttpBinding: binding = new WS2007HttpBinding(); break; case WcfBindingTypes.NetNamedPipeBinding: binding = new NetNamedPipeBinding(); break; case WcfBindingTypes.WSFederationHttpBinding: binding = new WSFederationHttpBinding(); break; case WcfBindingTypes.WSDualHttpBinding: binding = new WSDualHttpBinding(); break; default: binding = new CustomBinding(); break; } return binding; }
private static void CallService(SecurityToken token) { var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); binding.Security.Message.EstablishSecurityContext = false; binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey; var factory = new ChannelFactory<IClaimsService>( binding, new EndpointAddress("https://adfs.leastprivilege.vm/adfsapp/service.svc")); factory.Credentials.SupportInteractive = false; var channel = factory.CreateChannelWithIssuedToken(token); channel.GetClaims().ToList().ForEach(c => Console.WriteLine(c.Value)); }
private static void CallService(SecurityToken token) { "Calling Service".ConsoleYellow(); var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); binding.Security.Message.EstablishSecurityContext = false; binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey; var factory = new ChannelFactory<IClaimsService>(binding, new EndpointAddress(_serviceAddress)); factory.Credentials.SupportInteractive = false; factory.Credentials.UseIdentityConfiguration = true; var proxy = factory.CreateChannelWithIssuedToken(token); var id = proxy.GetIdentity(); Helper.ShowIdentity(id); }
private static IService CreateProxy() { // request identity token from ADFS SecurityToken token = RequestIdentityToken(); // set up factory and channel var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); binding.Security.Message.EstablishSecurityContext = false; var factory = new ChannelFactory<IService>(binding, _serviceEndpoint); factory.Credentials.SupportInteractive = false; // enable WIF on channel factory factory.ConfigureChannelFactory(); return factory.CreateChannelWithIssuedToken(token); }
public static string FindCurrentUserOnServer(string password) { // Accept any old certificate (https)... DO NOT DO THIS IN PRODUCTION // Used for self-signed localhost certificate ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, errors) => { return true; }; // ADFS Binding var adfsBinding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential); adfsBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None; var adfsMessage = adfsBinding.Security.Message; adfsMessage.ClientCredentialType = MessageCredentialType.UserName; adfsMessage.EstablishSecurityContext = false; adfsMessage.NegotiateServiceCredential = true; // ACS Binding var acsBinding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); var acsMessage = acsBinding.Security.Message; acsMessage.IssuedKeyType = SecurityKeyType.BearerKey; acsMessage.EstablishSecurityContext = false; acsMessage.IssuerAddress = new EndpointAddress("https://sts.planetsoftware.com.au/adfs/services/trust/13/usernamemixed"); acsMessage.IssuerBinding = adfsBinding; // Service Binding var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); var message = binding.Security.Message; message.IssuedKeyType = SecurityKeyType.BearerKey; message.EstablishSecurityContext = false; message.IssuerMetadataAddress = new EndpointAddress("https://soniatest.accesscontrol.windows.net/v2/wstrust/mex"); message.IssuerAddress = new EndpointAddress("https://soniatest.accesscontrol.windows.net/v2/wstrust/13/issuedtoken-bearer"); message.IssuerBinding = acsBinding; message.ClaimTypeRequirements.Add(new ClaimTypeRequirement("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", true)); // Create the factory to local service var factory = new ChannelFactory<IUserService>(binding, "https://localhost:446/Demo3End/UserService.svc"); //factory.Credentials.Windows.ClientCredential = CredentialCache.DefaultNetworkCredentials; factory.Credentials.UserName.UserName = "******"; factory.Credentials.UserName.Password = password; var service = factory.CreateChannel(); var serverUserName = service.GetCurrentUserName(); factory.Close(); return serverUserName; }
static void Main(string[] args) { var jwt = GetJwt(); var xmlToken = WrapJwt(jwt); var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); binding.HostNameComparisonMode = HostNameComparisonMode.Exact; binding.Security.Message.EstablishSecurityContext = false; binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey; var factory = new ChannelFactory<IService>( binding, new EndpointAddress("https://localhost:44335/token")); var channel = factory.CreateChannelWithIssuedToken(xmlToken); Console.WriteLine(channel.Ping()); }
internal new static bool TryCreate(SecurityBindingElement sbe, TransportBindingElement transport, PrivacyNoticeBindingElement privacy, ReliableSessionBindingElement rsbe, TransactionFlowBindingElement tfbe, out Binding binding) { bool isReliableSession = (rsbe != null); binding = null; // reverse GetTransport HttpTransportSecurity transportSecurity = new HttpTransportSecurity(); WSFederationHttpSecurityMode mode; if (!WSFederationHttpBinding.GetSecurityModeFromTransport(transport, transportSecurity, out mode)) { return(false); } HttpsTransportBindingElement httpsBinding = transport as HttpsTransportBindingElement; if (httpsBinding != null && httpsBinding.MessageSecurityVersion != null) { if (httpsBinding.MessageSecurityVersion.SecurityPolicyVersion != s_WS2007MessageSecurityVersion.SecurityPolicyVersion) { return(false); } } WSFederationHttpSecurity security; if (WS2007FederationHttpBinding.TryCreateSecurity(sbe, mode, transportSecurity, isReliableSession, out security)) { binding = new WS2007FederationHttpBinding(security, privacy, isReliableSession); } if (rsbe != null && rsbe.ReliableMessagingVersion != ReliableMessagingVersion.WSReliableMessaging11) { return(false); } if (tfbe != null && tfbe.TransactionProtocol != TransactionProtocol.WSAtomicTransaction11) { return(false); } return(binding != null); }
private void _btnCallService_Click(object sender, RoutedEventArgs e) { var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); binding.Security.Message.EstablishSecurityContext = false; binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey; var ep = new EndpointAddress("https://" + Constants.WebHost + "/webservicesecurity/soap.svc/bearer"); var factory = new ChannelFactory<IService>(binding, ep); factory.Credentials.SupportInteractive = false; factory.ConfigureChannelFactory(); var channel = factory.CreateChannelWithIssuedToken(RSTR.SecurityToken); var claims = channel.GetClientIdentity(); var sb = new StringBuilder(128); claims.ForEach(c => sb.AppendFormat("{0}\n {1}\n\n", c.ClaimType, c.Value)); _txtDebug.Text = sb.ToString(); }
private static void CallService(SecurityToken token) { //var serviceEndpoint = "https://" + "adfs.leastprivilege.vm" + "/rp/service.svc"; var serviceEndpoint = "https://" + "localhost:44305" + "/service.svc"; var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); binding.Security.Message.EstablishSecurityContext = false; binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey; var factory = new ChannelFactory<IClaimsService>( binding, new EndpointAddress(serviceEndpoint)); factory.Credentials.SupportInteractive = false; var channel = factory.CreateChannelWithIssuedToken(token); var claims = channel.GetClaims(); claims.ForEach(c => Console.WriteLine("{0}\n {1}\n\n", c.Type, c.Value)); }
private static SecurityToken IssueLocalSecurityToken(SecurityToken foreignToken, string RP_Endpoint, string appliesTo, out RequestSecurityTokenResponse RSTR, string keyType = KeyTypes.Bearer) { if (String.IsNullOrWhiteSpace(RP_Endpoint)) throw new ArgumentNullException("RP_Endpoint"); Binding binding = null; // Authenticate with a SAML Bearer token var WsHttpBinding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); WsHttpBinding.Security.Message.EstablishSecurityContext = false; WsHttpBinding.Security.Message.NegotiateServiceCredential = false; WsHttpBinding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey; binding = WsHttpBinding; // Define the STS endpoint EndpointAddress endpoint = new EndpointAddress(new Uri(RP_Endpoint)); var factory = new WSTrustChannelFactory(binding, endpoint) { TrustVersion = TrustVersion.WSTrust13 }; factory.Credentials.SupportInteractive = false; // avoid that Cardspace dialog // Now we define the Request for Security Token (RST) RequestSecurityToken RST = new RequestSecurityToken() { //identifiy which local token we want AppliesTo = new EndpointReference(appliesTo), //identify what type of request this is (Issue or Validate) RequestType = RequestTypes.Issue, //set what kind of token we want returned (appliesTo will override this) TokenType = tokenType, //set the keytype (symmetric, asymmetric (pub key) or bearer - null = Sender Vouches) KeyType = null }; //create the channel (using the SAML token received from the WSC) IWSTrustChannelContract channel = factory.CreateChannelWithIssuedToken(foreignToken); //send the token issuance command SecurityToken token = channel.Issue(RST, out RSTR); return token; }
private static SecurityToken ConvertToToken(string xml) { WS2007FederationHttpBinding binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential, false); Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannelFactory factory = new Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannelFactory(binding, new EndpointAddress("https://null-EndPoint")); factory.TrustVersion = TrustVersion.WSTrustFeb2005; Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel trustChannel = (Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel)factory.CreateChannel(); RequestSecurityTokenResponse response = trustChannel.WSTrustResponseSerializer.CreateInstance(); response.RequestedSecurityToken = new RequestedSecurityToken(LoadXml(xml).DocumentElement); response.IsFinal = true; RequestSecurityToken requestToken = new RequestSecurityToken(WSTrustFeb2005Constants.RequestTypes.Issue); requestToken.KeyType = WSTrustFeb2005Constants.KeyTypes.Symmetric; return trustChannel.GetTokenFromResponse(requestToken, response); }
private static RequestSecurityTokenResponse ValidateSecurityToken(SecurityToken foreignToken, string RP_Endpoint, string keyType = KeyTypes.Bearer) { if (String.IsNullOrWhiteSpace(RP_Endpoint)) throw new ArgumentNullException("RP_Endpoint"); Binding binding = null; // Using a SAML bearer token var WsHttpBinding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); WsHttpBinding.Security.Message.EstablishSecurityContext = false; WsHttpBinding.Security.Message.NegotiateServiceCredential = false; WsHttpBinding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey; binding = WsHttpBinding; // Define the STS endpoint EndpointAddress endpoint = new EndpointAddress(new Uri(RP_Endpoint)); var factory = new WSTrustChannelFactory(binding, endpoint) { TrustVersion = TrustVersion.WSTrust13 }; factory.Credentials.SupportInteractive = false; // Avoid that CardSpace popup... IWSTrustChannelContract channel = factory.CreateChannelWithIssuedToken(foreignToken); // When we create the Channel we specify the SAML token received from the WSC // Build the RST RequestSecurityToken RST = new RequestSecurityToken() { //identify what type of request this is (Issue or Validate) RequestType = RequestTypes.Validate }; // Send the Validate RST RequestSecurityTokenResponse RSTR = channel.Validate(RST); return RSTR; }
internal static bool TryCreate(BindingElementCollection elements, out Binding binding) { binding = null; if (elements.Count > 6) { return(false); } PrivacyNoticeBindingElement privacy = null; System.ServiceModel.Channels.TransactionFlowBindingElement tfbe = null; System.ServiceModel.Channels.ReliableSessionBindingElement rsbe = null; SecurityBindingElement sbe = null; MessageEncodingBindingElement encoding = null; HttpTransportBindingElement transport = null; foreach (BindingElement element7 in elements) { if (element7 is SecurityBindingElement) { sbe = element7 as SecurityBindingElement; } else if (element7 is TransportBindingElement) { transport = element7 as HttpTransportBindingElement; } else if (element7 is MessageEncodingBindingElement) { encoding = element7 as MessageEncodingBindingElement; } else if (element7 is System.ServiceModel.Channels.TransactionFlowBindingElement) { tfbe = element7 as System.ServiceModel.Channels.TransactionFlowBindingElement; } else if (element7 is System.ServiceModel.Channels.ReliableSessionBindingElement) { rsbe = element7 as System.ServiceModel.Channels.ReliableSessionBindingElement; } else if (element7 is PrivacyNoticeBindingElement) { privacy = element7 as PrivacyNoticeBindingElement; } else { return(false); } } if (transport == null) { return(false); } if (encoding == null) { return(false); } if (((privacy != null) || !WSHttpBinding.TryCreate(sbe, transport, rsbe, tfbe, out binding)) && ((!WSFederationHttpBinding.TryCreate(sbe, transport, privacy, rsbe, tfbe, out binding) && !WS2007HttpBinding.TryCreate(sbe, transport, rsbe, tfbe, out binding)) && !WS2007FederationHttpBinding.TryCreate(sbe, transport, privacy, rsbe, tfbe, out binding))) { return(false); } if (tfbe == null) { tfbe = GetDefaultTransactionFlowBindingElement(); if ((binding is WS2007HttpBinding) || (binding is WS2007FederationHttpBinding)) { tfbe.TransactionProtocol = TransactionProtocol.WSAtomicTransaction11; } } WSHttpBindingBase base2 = binding as WSHttpBindingBase; base2.InitializeFrom(transport, encoding, tfbe, rsbe); if (!base2.IsBindingElementsMatch(transport, encoding, tfbe, rsbe)) { return(false); } return(true); }
private static IClaimsService GetServiceProxy(SecurityToken token) { var serviceAddress = FederatedAuthentication.FederationConfiguration.WsFederationConfiguration.Reply + "service.svc"; var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); binding.Security.Message.EstablishSecurityContext = false; binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey; var factory = new ChannelFactory<IClaimsService>( binding, new EndpointAddress(serviceAddress)); factory.Credentials.SupportInteractive = false; var channel = factory.CreateChannelWithIssuedToken(token); return channel; }
internal static bool TryCreate(BindingElementCollection elements, out Binding binding) { binding = null; if (elements.Count > 6) { return(false); } // collect all binding elements PrivacyNoticeBindingElement privacy = null; TransactionFlowBindingElement txFlow = null; ReliableSessionBindingElement session = null; SecurityBindingElement security = null; MessageEncodingBindingElement encoding = null; HttpTransportBindingElement transport = null; foreach (BindingElement element in elements) { if (element is SecurityBindingElement) { security = element as SecurityBindingElement; } else if (element is TransportBindingElement) { transport = element as HttpTransportBindingElement; } else if (element is MessageEncodingBindingElement) { encoding = element as MessageEncodingBindingElement; } else if (element is TransactionFlowBindingElement) { txFlow = element as TransactionFlowBindingElement; } else if (element is ReliableSessionBindingElement) { session = element as ReliableSessionBindingElement; } else if (element is PrivacyNoticeBindingElement) { privacy = element as PrivacyNoticeBindingElement; } else { return(false); } } if (transport == null) { return(false); } if (encoding == null) { return(false); } if (!transport.AuthenticationScheme.IsSingleton()) { //multiple authentication schemes selected -- not supported in StandardBindings return(false); } HttpsTransportBindingElement httpsTransport = transport as HttpsTransportBindingElement; if ((security != null) && (httpsTransport != null) && (httpsTransport.RequireClientCertificate != TransportDefaults.RequireClientCertificate)) { return(false); } if (null != privacy || !WSHttpBinding.TryCreate(security, transport, session, txFlow, out binding)) { if (!WSFederationHttpBinding.TryCreate(security, transport, privacy, session, txFlow, out binding)) { if (!WS2007HttpBinding.TryCreate(security, transport, session, txFlow, out binding)) { if (!WS2007FederationHttpBinding.TryCreate(security, transport, privacy, session, txFlow, out binding)) { return(false); } } } } if (txFlow == null) { txFlow = GetDefaultTransactionFlowBindingElement(); if ((binding is WS2007HttpBinding) || (binding is WS2007FederationHttpBinding)) { txFlow.TransactionProtocol = TransactionProtocol.WSAtomicTransaction11; } } WSHttpBindingBase wSHttpBindingBase = binding as WSHttpBindingBase; wSHttpBindingBase.InitializeFrom(transport, encoding, txFlow, session); if (!wSHttpBindingBase.IsBindingElementsMatch(transport, encoding, txFlow, session)) { return(false); } return(true); }
/// <summary> /// Issues security token /// </summary> /// <param name="binding"> /// The binding. /// </param> /// <param name="serviceAddress"> /// The service address. /// </param> /// <param name="actAsToken"> /// The act as token. /// </param> /// <returns> /// The security token /// </returns> /// <exception cref="ApplicationException"> /// </exception> public virtual SecurityToken IssueToken(WS2007FederationHttpBinding binding, string serviceAddress, SecurityToken actAsToken) { var issuerEndpointAddress = binding.Security.Message.IssuerAddress; var issuerBinding = binding.Security.Message.IssuerBinding as WS2007HttpBinding; if (issuerBinding == null) { throw new ApplicationException("Unable to get WS2007HttpBinding"); } var token = this.IssueToken(issuerBinding, issuerEndpointAddress, serviceAddress, actAsToken); return token; }
private static string GetADFSMembershipTokenHelper(string adfsEndpoint, string authSiteEndPoint, string userName, string password) { var identityProviderEndpoint = new EndpointAddress(new Uri(authSiteEndPoint + "/wstrust/issue/usernamemixed")); var federationEndpoint = new EndpointAddress(new Uri(adfsEndpoint + "/adfs/services/trust/13/issuedtokenmixedasymmetricbasic256sha256")); var identityProviderBinding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential); identityProviderBinding.Security.Message.EstablishSecurityContext = false; identityProviderBinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName; identityProviderBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None; var xml = new XmlDocument(); xml.LoadXml(@"<wsp:AppliesTo xmlns:wsp=""http://schemas.xmlsoap.org/ws/2004/09/policy""><wsa:EndpointReference xmlns:wsa=""http://www.w3.org/2005/08/addressing""><wsa:Address>http://kc-adfs.katalcloud.com/adfs/services/trust</wsa:Address></wsa:EndpointReference></wsp:AppliesTo>"); var federationBinding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); federationBinding.Security.Message.EstablishSecurityContext = false; federationBinding.Security.Message.IssuedKeyType = SecurityKeyType.AsymmetricKey; federationBinding.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Basic256Sha256; federationBinding.Security.Message.NegotiateServiceCredential = false; federationBinding.Security.Message.TokenRequestParameters.Add(xml.DocumentElement); federationBinding.Security.Message.IssuerAddress = identityProviderEndpoint; federationBinding.Security.Message.IssuerBinding = identityProviderBinding; federationBinding.Security.Message.IssuedTokenType = "urn:oasis:names:tc:SAML:2.0:assertion"; var trustChannelFactory = new WSTrustChannelFactory(federationBinding, federationEndpoint) { TrustVersion = TrustVersion.WSTrust13, }; trustChannelFactory.Credentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication() { CertificateValidationMode = X509CertificateValidationMode.None }; trustChannelFactory.Credentials.SupportInteractive = false; trustChannelFactory.Credentials.UserName.UserName = userName; trustChannelFactory.Credentials.UserName.Password = password; var channel = trustChannelFactory.CreateChannel(); var rst = new RequestSecurityToken(RequestTypes.Issue) { AppliesTo = new EndpointReference("http://azureservices/TenantSite"), TokenType = "urn:ietf:params:oauth:token-type:jwt", KeyType = KeyTypes.Bearer, }; RequestSecurityTokenResponse rstr = null; var token = channel.Issue(rst, out rstr); var tokenString = (token as GenericXmlSecurityToken).TokenXml.InnerText; var jwtString = Encoding.UTF8.GetString(Convert.FromBase64String(tokenString)); return jwtString; }
internal new static bool TryCreate(SecurityBindingElement sbe, TransportBindingElement transport, PrivacyNoticeBindingElement privacy, ReliableSessionBindingElement rsbe, TransactionFlowBindingElement tfbe, out Binding binding) { bool isReliableSession = (rsbe != null); binding = null; // reverse GetTransport HttpTransportSecurity transportSecurity = new HttpTransportSecurity(); WSFederationHttpSecurityMode mode; if (!WSFederationHttpBinding.GetSecurityModeFromTransport(transport, transportSecurity, out mode)) { return false; } HttpsTransportBindingElement httpsBinding = transport as HttpsTransportBindingElement; if (httpsBinding != null && httpsBinding.MessageSecurityVersion != null) { if (httpsBinding.MessageSecurityVersion.SecurityPolicyVersion != WS2007MessageSecurityVersion.SecurityPolicyVersion) { return false; } } WSFederationHttpSecurity security; if (WS2007FederationHttpBinding.TryCreateSecurity(sbe, mode, transportSecurity, isReliableSession, out security)) { binding = new WS2007FederationHttpBinding(security, privacy, isReliableSession); } if (rsbe != null && rsbe.ReliableMessagingVersion != ReliableMessagingVersion.WSReliableMessaging11) { return false; } if (tfbe != null && tfbe.TransactionProtocol != TransactionProtocol.WSAtomicTransaction11) { return false; } return binding != null; }