WCF: Adding Nonce to UsernameToken

by

To create the nonce, I had to change a few things

First, added a custom binding in my config

<system.serviceModel>
    <bindings>
      <customBinding>
        <binding name="myCustomBindingConfig">
          <security includeTimestamp="false" 
                    authenticationMode="UserNameOverTransport" 
                    defaultAlgorithmSuite="Basic256" 
                    requireDerivedKeys="true"
                    messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
          </security>
          <textMessageEncoding messageVersion="Soap11"></textMessageEncoding>
          <httpsTransport maxReceivedMessageSize="2000000000" />
        </binding>
      </customBinding>
    </bindings>
</system.serviceModel>

<client>
    <endpoint address="https://..." [other tags] 
        binding="customBinding" bindingConfiguration="OrangeLeapCustomBindingConfig"/>
</client>

Then, take this code found here: http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/4df3354f-0627-42d9-b5fb-6e880b60f8ee
and modify it to create the nonce (just a random hash, base-64 encoded)

protected override void WriteTokenCore(System.Xml.XmlWriter writer, System.IdentityModel.Tokens.SecurityToken token)
{
    Random r = new Random();
    string tokennamespace = "o";
    DateTime created = DateTime.Now;
    string createdStr = created.ToString("yyyy-MM-ddTHH:mm:ss.fffZ");
    string nonce = Convert.ToBase64String(Encoding.ASCII.GetBytes(SHA1Encrypt(created + r.Next().ToString())));
    System.IdentityModel.Tokens.UserNameSecurityToken unToken = (System.IdentityModel.Tokens.UserNameSecurityToken)token;
    writer.WriteRaw(String.Format(
    "<{0}:UsernameToken u:Id=\"" + token.Id + "\" xmlns:u=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">" +
    "<{0}:Username>" + unToken.UserName + "</{0}:Username>" +
    "<{0}:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText\">" +
    unToken.Password + "</{0}:Password>" +
    "<{0}:Nonce EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\">" +
    nonce + "</{0}:Nonce>" +
    "<u:Created>" + createdStr + "</u:Created></{0}:UsernameToken>", tokennamespace));
}

protected String ByteArrayToString(byte[] inputArray)
{
    StringBuilder output = new StringBuilder("");
    for (int i = 0; i < inputArray.Length; i++)
    {
    output.Append(inputArray[i].ToString("X2"));
    }
    return output.ToString();
}
protected String SHA1Encrypt(String phrase)
{
    UTF8Encoding encoder = new UTF8Encoding();
    SHA1CryptoServiceProvider sha1Hasher = new SHA1CryptoServiceProvider();
    byte[] hashedDataBytes = sha1Hasher.ComputeHash(encoder.GetBytes(phrase));
    return ByteArrayToString(hashedDataBytes);
}

More Related Contents:

  1. Is there some way to handle async/await behind an ASMX service?
  2. Large WCF web service request failing with (400) HTTP Bad Request
  3. WCF Service Client: The content type text/html; charset=utf-8 of the response message does not match the content type of the binding
  4. Patterns for Compensating Lack of Inheritance in SOA
  5. How can I pass a username/password in the header to a SOAP WCF Service
  6. Error in WCF client consuming Axis 2 web service with WS-Security UsernameToken PasswordDigest authentication scheme
  7. Returning DataTables in WCF/.NET
  8. My CustomAuthorizationPolicy.Evaluate() method never fires
  9. Getting a POST endpoint to work in self-hosted (WebServiceHost) C# webservice?
  10. How to get the X509Certificate from a client request
  11. Client configuration to consume WCF JSON web service
  12. Web Service without adding a reference?
  13. Signing SOAP messages using X.509 certificate from WCF service to Java webservice
  14. The content type text/html; charset=UTF-8 of the response message does not match the content type of the binding (text/xml; charset=utf-8)
  15. How to avoid implementing methods repeatedly for identical classes?
  16. What is the best workaround for the WCF client `using` block issue?
  17. How to use a WSDL
  18. How does WCF deserialization instantiate objects without calling a constructor?
  19. Pattern for calling WCF service using async/await
  20. Could not find an implementation of the query pattern
  21. Turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the configuration behavior) on the server
  22. Queuing in OneWay WCF Messages using Windows Service and SQL Server
  23. Simple Automapper Example
  24. WCF Error – Could not find default endpoint element that references contract ‘UserService.UserService’
  25. Can we create custom HTTP Status codes?
  26. ASP.NET 5 add WCF service reference
  27. WCF service attribute to log method calls and exceptions
  28. How to use Custom Serialization or Deserialization in WCF to force a new instance on every property of a datacontact ?
  29. Why does my C# client, POSTing to my WCF REST service, return (400) Bad Request?
  30. Why are Static Methods not Usable as Web Service Operations in ASMX Web Services?

Leave a Comment