locked
Add Saml Assertion to a custom binding RRS feed

  • Question

  • I have this CustomBinding:

     var sec = new AsymmetricSecurityBindingElement(
                    new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Any, SecurityTokenInclusionMode.Never),
                    new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Any, SecurityTokenInclusionMode.AlwaysToRecipient));
                    sec.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
                    sec.SecurityHeaderLayout = SecurityHeaderLayout.Strict;
                    sec.IncludeTimestamp = true;
                    sec.SetKeyDerivation(false);
                    sec.KeyEntropyMode = System.ServiceModel.Security.SecurityKeyEntropyMode.ServerEntropy;
                    sec.EnableUnsecuredResponse = true;
        
                    CustomBinding myBinding = new CustomBinding();
                    myBinding.Elements.Add(sec);
        
                    myBinding.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8));
                    myBinding.Elements.Add(new HttpsTransportBindingElement());

    I would like to add some SAML assertions like this:

    <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" saml:ID="authorization-assertion" saml:IssueInstant="2020-11-12T09:10:27Z" saml:Version="2.0" wsu:Id="authorization-assertion" xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:assertion saml-schema-assertion-2.0.xsd">
                <saml:Issuer>COMPANY</saml:Issuer>
                <saml:Subject>
                    <saml:nameID>02942630753.localhost.com</saml:nameID>
                </saml:Subject>
                <saml:AuthzDecisionStatement Decision="Permit" Resource="IDocument">
                    <saml:Action Namespace="http://FSE/IDocumentService"/>
                </saml:AuthzDecisionStatement>
                <saml:AttributeStatement/>
            </saml:Assertion>
    I thought I might use: myBinding.Elements.Add(), But I don't know how to construct the Assertion element.

    Any suggestions?

    Saturday, November 14, 2020 10:36 AM

All replies

  • Hi Francesco Leo,

    Thank you for posting here.

    Could you please tell us what your project type is?

    When I searched for related information, I found that these things seem to be used more in ASP.Net.

    Best Regards,

    Timon


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, November 16, 2020 9:50 AM
  • Hi Timon Yang,

    I better explain my current situation (I've made some progress).
    I created this Assertion in SAML 2.0:

      Saml2Assertion oAssertion = new Saml2Assertion(new Saml2NameIdentifier("MY"));
            oAssertion.Subject = new Saml2Subject(new Saml2NameIdentifier("ident"));
            Saml2Conditions asCondition = new Saml2Conditions();
            asCondition.NotBefore = DateTime.Now;
            asCondition.NotOnOrAfter = DateTime.Now.AddMinutes(15);
            oAssertion.Conditions = asCondition;
            Saml2AuthenticationStatement asAuthnStatement = new Saml2AuthenticationStatement(new Saml2AuthenticationContext());
            oAssertion.Statements.Add(asAuthnStatement);

    I have this CustomBinding which just creates the Security tag for me:

     var sec = new AsymmetricSecurityBindingElement(
                    new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Any, SecurityTokenInclusionMode.Never),
                    new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Any, SecurityTokenInclusionMode.AlwaysToRecipient));
                sec.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
                sec.SecurityHeaderLayout = SecurityHeaderLayout.Strict;
                sec.IncludeTimestamp = true;
                sec.SetKeyDerivation(false);
                sec.KeyEntropyMode = System.ServiceModel.Security.SecurityKeyEntropyMode.ServerEntropy;
                sec.EnableUnsecuredResponse = true;              
    
                CustomBinding myBinding = new CustomBinding();
    
                myBinding.Elements.Add(sec);
    
                myBinding.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8));
                myBinding.Elements.Add(new HttpsTransportBindingElement());

    How can I insert the Assertion in my Header generated by the CustomBinding?
    It is not an Asp project but all C#. Thanks for your help.

    Monday, November 16, 2020 10:38 AM
  • Hi,

    I have searched for a long time but found nothing. I have some doubts whether AsymmetricSecurityBindingElement provides such a function.

    But when I was looking for related information, I found this link that seems to be somewhat similar to your question:

    SAML Assertion in a XML using C#

    The answerer seems to be inserting Assertion into the target file by manipulating the xml file, to see if it might help you.

    Best Regards,

    Timon


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, November 17, 2020 9:37 AM
  • Thanks, I had already seen it, I'm not able to solve the problem ...: _ (
    Tuesday, November 17, 2020 10:25 AM
  • Hi,

    Although your project may not be a Web Service, I found that Saml2Assertion seems to be used more in Web Services.

    Developers who are familiar with Web Service maybe more familiar with Saml2Assertion.

    Try to post your question in this forum, maybe they can give you some useful suggestions.

    Best Regards,

    Timon


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Wednesday, November 18, 2020 9:18 AM
  • Thank you so much!
    Wednesday, November 18, 2020 9:21 AM