C# WCF - certification configuration for WCF
Server side configuration
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
static Binding CreateBinding()
{
int maxReceivedSize = Constants.MAX_PACKET_LENGTH;
NetTcpBinding clientManBinding = new NetTcpBinding(SecurityMode.Message, false);
clientManBinding.TransferMode = TransferMode.Buffered;
clientManBinding.MaxBufferSize = maxReceivedSize;
clientManBinding.MaxReceivedMessageSize = maxReceivedSize;
clientManBinding.ReaderQuotas.MaxStringContentLength = maxReceivedSize;
clientManBinding.ReaderQuotas.MaxBytesPerRead = maxReceivedSize;
clientManBinding.ReaderQuotas.MaxArrayLength = maxReceivedSize;
clientManBinding.ReaderQuotas.MaxDepth = 1024;
clientManBinding.MaxBufferPoolSize = maxReceivedSize;
clientManBinding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
TimeSpan ClockSkew = TimeSpan.MaxValue;
CustomBinding custBinding = new CustomBinding(clientManBinding);
SymmetricSecurityBindingElement security = custBinding.Elements.Find<SymmetricSecurityBindingElement>();
security.LocalClientSettings.MaxClockSkew = ClockSkew;
security.LocalServiceSettings.MaxClockSkew = ClockSkew;
security.LocalServiceSettings.DetectReplays = false;
security.LocalClientSettings.DetectReplays = false;
SecureConversationSecurityTokenParameters secureTokenParams = (SecureConversationSecurityTokenParameters)security.ProtectionTokenParameters;
// From the collection, get the bootstrap element.
SecurityBindingElement bootstrap = secureTokenParams.BootstrapSecurityBindingElement;
// Set the MaxClockSkew on the bootstrap element.
bootstrap.LocalClientSettings.MaxClockSkew = ClockSkew;
bootstrap.LocalServiceSettings.MaxClockSkew = ClockSkew;
bootstrap.LocalServiceSettings.DetectReplays = false;
bootstrap.LocalClientSettings.DetectReplays = false;
return custBinding;
}
public WcfServiceHost(Uri address, Binding binding, X509Certificate2 serverCert, X509Certificate2 clientCert)
{
m_serviceHost = new ServiceHost(typeof(Host), address);
m_serviceHost.Credentials.ServiceCertificate.Certificate = serverCert;
m_serviceHost.Credentials.ClientCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;
m_serviceHost.Credentials.ClientCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;
m_serviceHost.Credentials.ClientCertificate.Certificate = clientCert;
}
Client side configuration
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
// create TCP binding
protected static NetTcpBinding CreateDefaultSecureNetTCPBinding()
{
SecurityMode security = SecurityMode.Message;
int maxStringContentLength = Constants.MAX_PACKET_LENGTH;
NetTcpBinding tcpIpBinding = new NetTcpBinding();
tcpIpBinding.Security.Mode = security;
if (security == SecurityMode.Message)
{
tcpIpBinding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
}
tcpIpBinding.ReaderQuotas.MaxArrayLength = maxStringContentLength;
tcpIpBinding.ReaderQuotas.MaxBytesPerRead = maxStringContentLength;
tcpIpBinding.ReaderQuotas.MaxStringContentLength = maxStringContentLength;
tcpIpBinding.ReaderQuotas.MaxDepth = 100;
tcpIpBinding.MaxReceivedMessageSize = maxStringContentLength;
tcpIpBinding.MaxBufferSize = maxStringContentLength;
return tcpIpBinding;
}
// create endpoint address with created TCP binding and certification
public static EndpointAddress GetSecureEndPointAddress(Uri uri, X509Certificate2 cert)
{
EndpointAddress endpointAddress = new EndpointAddress(uri, EndpointIdentity.CreateX509CertificateIdentity(cert));
return endpointAddress;
}
// create proxy(ClientBase<I>) based on created binding and certificated address
protected virtual Proxy CreateProxy(Binding binding, EndpointAddress addr, X509Certificate2 cert)
{
var proxy = new Proxy(binding, addr);
proxy.ClientCredentials.ClientCertificate.Certificate = cert;
proxy.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;
return proxy;
}
// open proxy
protected void Open(Binding binding, EndpointAddress endpointAddr, X509Certificate2 cert)
{
m_proxy = CreateProxy(BootstrapBinding(binding), endpointAddr, cert);
m_proxy.Open();
}