WCF custom binding that will support HTTPS, a signed certificate and a signed username token
I've tried asking this question about WC开发者_C百科F but I've got no answers so I'm trying again with a more focused question.
Can anyone tell me how to create a custom binding for a WCF client that will:
- include a signed username token
- include a signed message
- be sent over HTTPS
UPDATE
Not sure if it makes a difference but I'm using .NET 4
ANOTHER UPDATE
If anyone has any specific examples that would be awesome
I think i can give some pointers. You will have to use WIF to get this working. The username token which you want to pass would be a SAML token that is signed. To generate the SAML token, there is a STS sample project that comes with WCF sample, you can use that sample project. Your code should look something like this:
//This class will use the STS WCF sample to generate the signed SAML token
var tm = new TokenManager();
var samlToken = tm.GetSamlToken(Username);
var cf2 = new ChannelFactory<IPingService>("WcfSamlOverMutualSsl");
cf2.Credentials.ClientCertificate.Certificate = clientCert;
cf2.ConfigureChannelFactory();
cf2.Open();
// this code will attach the SAML token to WCF service.
var proxy2 = cf2.CreateChannelWithIssuedToken(samlToken);
response = proxy2.Ping();
Config should look something like this:
<customBinding>
<binding name="SamlOverMutualSsl">
<security defaultAlgorithmSuite="Default" authenticationMode="IssuedTokenOverTransport"
requireDerivedKeys="true" securityHeaderLayout="Strict" includeTimestamp="false"
keyEntropyMode="CombinedEntropy" messageSecurityVersion="WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10">
<issuedTokenParameters keyType="BearerKey" tokenType="">
<additionalRequestParameters>
<trust:SecondaryParameters xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
<trust:KeyType xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType>
</trust:SecondaryParameters>
</additionalRequestParameters>
</issuedTokenParameters>
<localClientSettings cacheCookies="true" detectReplays="false"
replayCacheSize="900000" maxClockSkew="00:05:00" maxCookieCachingTime="Infinite"
replayWindow="00:05:00" sessionKeyRenewalInterval="10:00:00"
sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="true"
timestampValidityDuration="00:05:00" cookieRenewalThresholdPercentage="60" />
<localServiceSettings detectReplays="false" issuedCookieLifetime="10:00:00"
maxStatefulNegotiations="128" replayCacheSize="900000" maxClockSkew="00:05:00"
negotiationTimeout="00:01:00" replayWindow="00:05:00" inactivityTimeout="00:02:00"
sessionKeyRenewalInterval="15:00:00" sessionKeyRolloverInterval="00:05:00"
reconnectTransportOnFailure="true" maxPendingSessions="128"
maxCachedCookies="1000" timestampValidityDuration="00:05:00" />
<secureConversationBootstrap />
</security>
<textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16"
messageVersion="Soap11" writeEncoding="utf-8">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
</textMessageEncoding>
<httpsTransport manualAddressing="false" maxBufferPoolSize="524288"
maxReceivedMessageSize="65536" allowCookies="false" authenticationScheme="Anonymous"
bypassProxyOnLocal="false" decompressionEnabled="true" hostNameComparisonMode="StrongWildcard"
keepAliveEnabled="true" maxBufferSize="65536" proxyAuthenticationScheme="Anonymous"
realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false"
useDefaultWebProxy="true" requireClientCertificate="true" />
</binding>
</customBinding>
Endpoint :
<endpoint address="https://localhost/Ping/saml"
binding="customBinding" bindingConfiguration="SamlOverMutualSsl"
contract="SharedContracts.IPingService" name="WcfSamlOverMutualSsl" />
Please add the reference to the Microsoft.IdentityModel from WIF.
加载中,请稍侯......
精彩评论