5 // Atsushi Enomoto <atsushi@ximian.com>
7 // Copyright (C) 2005-2006 Novell, Inc. http://www.novell.com
9 // Permission is hereby granted, free of charge, to any person obtaining
10 // a copy of this software and associated documentation files (the
11 // "Software"), to deal in the Software without restriction, including
12 // without limitation the rights to use, copy, modify, merge, publish,
13 // distribute, sublicense, and/or sell copies of the Software, and to
14 // permit persons to whom the Software is furnished to do so, subject to
15 // the following conditions:
17 // The above copyright notice and this permission notice shall be
18 // included in all copies or substantial portions of the Software.
20 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
21 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
22 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
23 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
24 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
25 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
26 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29 using System.Collections.Generic;
30 using System.Net.Security;
31 using System.ServiceModel.Channels;
32 using System.ServiceModel.Description;
33 using System.ServiceModel.Security;
34 using System.ServiceModel.Security.Tokens;
36 namespace System.ServiceModel
38 public class WSHttpBinding : WSHttpBindingBase
40 WSHttpSecurity security;
43 public WSHttpBinding ()
44 : this (SecurityMode.Message)
48 public WSHttpBinding (SecurityMode mode)
53 public WSHttpBinding (SecurityMode mode,
54 bool reliableSessionEnabled)
55 : base (reliableSessionEnabled)
57 security = new WSHttpSecurity (mode);
61 public WSHttpBinding (string configurationName)
63 throw new NotImplementedException ();
67 public bool AllowCookies {
68 get { return allow_cookies; }
69 set { allow_cookies = value; }
73 public WSHttpSecurity Security {
74 get { return security; }
78 public override BindingElementCollection CreateBindingElements ()
80 BindingElementCollection bc = base.CreateBindingElements ();
81 // message security element is returned only when
82 // it is enabled (while CreateMessageSecurity() still
83 // returns non-null instance).
84 switch (Security.Mode) {
85 case SecurityMode.None:
86 case SecurityMode.Transport:
87 bc.RemoveAll<SecurityBindingElement> ();
94 protected override SecurityBindingElement CreateMessageSecurity ()
96 if (Security.Mode == SecurityMode.Transport ||
97 Security.Mode == SecurityMode.None)
100 SymmetricSecurityBindingElement element =
101 new SymmetricSecurityBindingElement ();
103 element.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
104 element.RequireSignatureConfirmation = true;
106 switch (Security.Message.ClientCredentialType) {
107 case MessageCredentialType.Certificate:
108 X509SecurityTokenParameters p =
109 new X509SecurityTokenParameters (X509KeyIdentifierClauseType.Thumbprint);
110 p.RequireDerivedKeys = false;
111 element.EndpointSupportingTokenParameters.Endorsing.Add (p);
113 case MessageCredentialType.IssuedToken:
114 IssuedSecurityTokenParameters istp =
115 new IssuedSecurityTokenParameters ();
116 // FIXME: issuer binding must be secure.
117 istp.IssuerBinding = new CustomBinding (
118 new TextMessageEncodingBindingElement (),
120 element.EndpointSupportingTokenParameters.Endorsing.Add (istp);
122 case MessageCredentialType.UserName:
123 element.EndpointSupportingTokenParameters.SignedEncrypted.Add (
124 new UserNameSecurityTokenParameters ());
125 element.RequireSignatureConfirmation = false;
127 case MessageCredentialType.Windows:
128 if (Security.Message.NegotiateServiceCredential) {
129 // No SSPI on Linux though...
130 element.ProtectionTokenParameters =
131 // FIXME: fill proper parameters
132 new SspiSecurityTokenParameters ();
134 // and no Kerberos ...
135 element.ProtectionTokenParameters =
136 new KerberosSecurityTokenParameters ();
139 default: // including .None
140 if (Security.Message.NegotiateServiceCredential) {
141 element.ProtectionTokenParameters =
142 // FIXME: fill proper parameters
143 new SslSecurityTokenParameters (false, true);
145 element.ProtectionTokenParameters =
146 new X509SecurityTokenParameters (X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.Never);
147 element.ProtectionTokenParameters.RequireDerivedKeys = true;
152 if (!Security.Message.EstablishSecurityContext)
155 // SecureConversation enabled
157 ChannelProtectionRequirements reqs =
158 new ChannelProtectionRequirements ();
159 // FIXME: fill the reqs
161 return SecurityBindingElement.CreateSecureConversationBindingElement (
162 // FIXME: requireCancellation
163 element, true, reqs);
167 protected override TransportBindingElement GetTransport ()
169 switch (Security.Mode) {
170 case SecurityMode.Transport:
171 case SecurityMode.TransportWithMessageCredential:
172 return new HttpsTransportBindingElement ();
174 return new HttpTransportBindingElement ();