C# WCF - certification configuration for WCF

1 minute read

Server side configuration

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
static Binding CreateBinding()
{
    int maxReceivedSize = Constants.MAX_PACKET_LENGTH;
    NetTcpBinding clientManBinding = new NetTcpBinding(SecurityMode.Message, false);
    clientManBinding.TransferMode = TransferMode.Buffered;
    clientManBinding.MaxBufferSize = maxReceivedSize;
    clientManBinding.MaxReceivedMessageSize = maxReceivedSize;
    clientManBinding.ReaderQuotas.MaxStringContentLength = maxReceivedSize;
    clientManBinding.ReaderQuotas.MaxBytesPerRead = maxReceivedSize;
    clientManBinding.ReaderQuotas.MaxArrayLength = maxReceivedSize;
    clientManBinding.ReaderQuotas.MaxDepth = 1024;
    clientManBinding.MaxBufferPoolSize = maxReceivedSize;
    clientManBinding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
    TimeSpan ClockSkew = TimeSpan.MaxValue;
    CustomBinding custBinding = new CustomBinding(clientManBinding);
    SymmetricSecurityBindingElement security = custBinding.Elements.Find<SymmetricSecurityBindingElement>();
    security.LocalClientSettings.MaxClockSkew = ClockSkew;
    security.LocalServiceSettings.MaxClockSkew = ClockSkew;
    security.LocalServiceSettings.DetectReplays = false;
    security.LocalClientSettings.DetectReplays = false;
    SecureConversationSecurityTokenParameters secureTokenParams = (SecureConversationSecurityTokenParameters)security.ProtectionTokenParameters;
    // From the collection, get the bootstrap element.
    SecurityBindingElement bootstrap = secureTokenParams.BootstrapSecurityBindingElement;
    // Set the MaxClockSkew on the bootstrap element.
    bootstrap.LocalClientSettings.MaxClockSkew = ClockSkew;
    bootstrap.LocalServiceSettings.MaxClockSkew = ClockSkew;
    bootstrap.LocalServiceSettings.DetectReplays = false;
    bootstrap.LocalClientSettings.DetectReplays = false;
    return custBinding;
}
public WcfServiceHost(Uri address, Binding binding, X509Certificate2 serverCert, X509Certificate2 clientCert)
{
    m_serviceHost = new ServiceHost(typeof(Host), address);
    m_serviceHost.Credentials.ServiceCertificate.Certificate = serverCert;
    m_serviceHost.Credentials.ClientCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;
    m_serviceHost.Credentials.ClientCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;
    m_serviceHost.Credentials.ClientCertificate.Certificate = clientCert;
}

Client side configuration

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
// create TCP binding
protected static NetTcpBinding CreateDefaultSecureNetTCPBinding()
{
    SecurityMode security = SecurityMode.Message;
    int maxStringContentLength = Constants.MAX_PACKET_LENGTH;
    NetTcpBinding tcpIpBinding = new NetTcpBinding();
    tcpIpBinding.Security.Mode = security;
    if (security == SecurityMode.Message)
    {
        tcpIpBinding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
    }
    tcpIpBinding.ReaderQuotas.MaxArrayLength = maxStringContentLength;
    tcpIpBinding.ReaderQuotas.MaxBytesPerRead = maxStringContentLength;
    tcpIpBinding.ReaderQuotas.MaxStringContentLength = maxStringContentLength;
    tcpIpBinding.ReaderQuotas.MaxDepth = 100;
    tcpIpBinding.MaxReceivedMessageSize = maxStringContentLength;
    tcpIpBinding.MaxBufferSize = maxStringContentLength;
    return tcpIpBinding;
}
// create endpoint address with created TCP binding and certification
public static EndpointAddress GetSecureEndPointAddress(Uri uri, X509Certificate2 cert)
{
    EndpointAddress endpointAddress = new EndpointAddress(uri, EndpointIdentity.CreateX509CertificateIdentity(cert));
    return endpointAddress;
}
// create proxy(ClientBase<I>) based on created binding and certificated address
protected virtual Proxy CreateProxy(Binding binding, EndpointAddress addr, X509Certificate2 cert)
{
    var proxy = new Proxy(binding, addr);
    proxy.ClientCredentials.ClientCertificate.Certificate = cert;
    proxy.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;
    return proxy;
}
// open proxy
protected void Open(Binding binding, EndpointAddress endpointAddr, X509Certificate2 cert)
{
    m_proxy = CreateProxy(BootstrapBinding(binding), endpointAddr, cert);
    m_proxy.Open();
}

Share on

Twitter Facebook LinkedIn

C# WCF - certification configuration for WCF

Share on

You may also enjoy

Java - JFR create a new configuration from existing one

JavaScript - Unit test with fetch

JavaScript - signal will be standard?

LangChain(JS) with Llama cpp for embeddings and prompt example