I'm using SAML 2.0 and have figured out how to add my token to the soap header when using transport security (https) - see this post, but now I need to do this over http without the digital signature on the SAML token. When i use this binding:
private static System.ServiceModel.Channels.Binding BuildCustomBindingPIX_SAML()
{
TransportSecurityBindingElement messageSecurityBindingElement = new TransportSecurityBindingElement();
TextMessageEncodingBindingElement textMessageEncodingBindingElement = new TextMessageEncodingBindingElement(MessageVersion.Soap12, System.Text.UTF8Encoding.UTF8);
textMessageEncodingBindingElement.MaxReadPoolSize = 16;
textMessageEncodingBindingElement.MaxWritePoolSize = 16;
textMessageEncodingBindingElement.ReaderQuotas.MaxDepth = int.MaxValue; //32;
textMessageEncodingBindingElement.ReaderQuotas.MaxStringContentLength = int.MaxValue; //65536;// 8192;
textMessageEncodingBindingElement.ReaderQuotas.MaxArrayLength = int.MaxValue; //16384;
textMessageEncodingBindingElement.ReaderQuotas.MaxBytesPerRead = int.MaxValue; //4096;
textMessageEncodingBindingElement.ReaderQuotas.MaxNameTableCharCount = int.MaxValue; // 16384;
HttpTransportBindingElement httpTransportBindingElement = new HttpTransportBindingElement();
httpTransportBindingElement.ManualAddressing = false;
httpTransportBindingElement.MaxBufferPoolSize = 524288;
httpTransportBindingElement.MaxReceivedMessageSize = 65536;
httpTransportBindingElement.AllowCookies = false;
httpTransportBindingElement.AuthenticationScheme = System.Net.AuthenticationSchemes.Anonymous;
httpTransportBindingElement.BypassProxyOnLocal = false;
httpTransportBindingElement.HostNameComparisonMode = HostNameComparisonMode.StrongWildcard;
httpTransportBindingElement.KeepAliveEnabled = true;
httpTransportBindingElement.MaxBufferSize = 65536;
httpTransportBindingElement.ProxyAuthenticationScheme = System.Net.AuthenticationSchemes.Anonymous;
httpTransportBindingElement.Realm = String.Empty;
httpTransportBindingElement.TransferMode = TransferMode.Buffered;
httpTransportBindingElement.UnsafeConnectionNtlmAuthentication = false;
httpTransportBindingElement.UseDefaultWebProxy = true;
//httpTransport.ExtendedProtectionPolicy.PolicyEnforcement = System.Security.Authentication.ExtendedProtection.PolicyEnforcement.Never;
BindingElementCollection bindingElementCollection = new BindingElementCollection();
bindingElementCollection.Add(messageSecurityBindingElement);
bindingElementCollection.Add(textMessageEncodingBindingElement);
bindingElementCollection.Add(httpTransportBindingElement);
CustomBinding cb = new CustomBinding(bindingElementCollection);
cb.Name = "PIXManager_Binding_Soap12";
cb.CreateBindingElements();
return cb;
}
I get this error:
The 'PIXManager_Binding_Soap12'.'http://tempuri.org/' binding for the 'IPIXManager_PortType'.'urn:ihe:iti:pixv3:2007' contract is configured with an authentication mode that requires transport level integrity and confidentiality. However the transport cannot provide integrity and confidentiality.
which is expected as I'm saying I want to use transport level security, but i do not create any type of certificate for that binding element. So what can I use in place of TransportSecurityBindingElement to add an unsigned SAML token?
My initial thoughts are that I'll need to write a class that inherits from the System.ServiceModel.Channels.BindingElement abstract class..