none
SecurityBindingElement.CreateMutualCertificateBindingElement is missing in .Net Core RRS feed

  • Question

  • I have WCF mutualCertificate security binding which works totally perfect but we are now switching to .Net core. I didn't find any alternative to SecurityBindingElement.CreateMutualCertificateBindingElement in .Net core.

    The piece of code which works in .net framework. Can someone plz help me find a way to get response form remote service in .Net core.

    private static decimal GetPts(Uri uri, string accountNumber)
            {
                var mutualCert = SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion
                    .WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);
                mutualCert.SecurityHeaderLayout = SecurityHeaderLayout.Strict;
                mutualCert.IncludeTimestamp = false;
                mutualCert.AllowInsecureTransport = true;
                mutualCert.EnableUnsecuredResponse = true;
                mutualCert.SetKeyDerivation(false);
    
                ExtendedProtectionPolicy policy = new ExtendedProtectionPolicy(PolicyEnforcement.Never);
    
                var customBinding = new CustomBinding(new BindingElement[]
                {
                    new TextMessageEncodingBindingElement(MessageVersion.Soap11,Encoding.UTF8),
                    mutualCert,
                    new HttpsTransportBindingElement()
                    {
                        RequireClientCertificate = true, MaxReceivedMessageSize = 2147483647, KeepAliveEnabled = false,
                        ExtendedProtectionPolicy = policy
                    }
                });
    
                string clientCertThumbPrint = "XYZ";
                string serviceCertThumbPrint = "ABC";
                X509Store certStore = new X509Store(StoreName.My, StoreLocation.LocalMachine);
                certStore.Open(OpenFlags.ReadOnly);
                // Find the certificate that matches the thumbprint.
                X509Certificate2Collection clientCertCollection = certStore.Certificates.Find(X509FindType.FindBySubjectName, "Client-CustTest", false);
                X509Certificate2Collection serviceCertCollection = certStore.Certificates.Find(X509FindType.FindByThumbprint, serviceCertThumbPrint, false);
                certStore.Close();
                if (0 == clientCertCollection.Count || 0 == serviceCertCollection.Count)
                {
                    Console.WriteLine("Error: No certificate found containing thumbprint.");
                    return -1;
                }
    
                var  behavior = new ClientCredentials();
                behavior.ClientCertificate.Certificate = clientCertCollection[0];
                behavior.ServiceCertificate.DefaultCertificate = serviceCertCollection[0];
    
                var ptsRequest = new getAccountBalanceV1R4Request
                {
                    getAccountBalanceV1R4Request1 = new  GetAccountBalanceV1R4RequestType
                    {
                        accountNumber = accountNumber
                    },
                    simpleSecurityAssertion = CreateAccountSecurityAssertion()
                };
    
                using (var myChannelFactory = new ChannelFactory<AccountV1>(customBinding,
                    new EndpointAddress(uri, EndpointIdentity.CreateDnsIdentity("Signing-CustTest"))))
                {
                    myChannelFactory.Endpoint.EndpointBehaviors.RemoveAt(1);
                    myChannelFactory.Endpoint.EndpointBehaviors.Add(behavior);
                    AccountV1 client = null;
                    try
                    {
                        client = myChannelFactory.CreateChannel();
                        var resp = client.getAccountBalanceV1R4(ptsRequest);
                        ((ICommunicationObject) client).Close();
                        myChannelFactory.Close();
                        return resp.getAccountBalanceV1R4Output1.getAccountBalanceV1R4Response.accountBalanceInfoType
                            .currentBalance.amount;
                    }
                    catch (Exception e)
                    {
                        Console.WriteLine(e);
                        (client as ICommunicationObject)?.Abort();
                    }
                }
    
                return -1;
            }

    Wednesday, January 9, 2019 11:24 PM

Answers

All replies

  • Hi Anuj-Gupta,
    Sorry, for the DotNetcore platform, Microsoft Web Service Reference Provider does not support all the bindings/WCF features, such as Wshttpbinding, some certificate authentication ways. Your question was actually asked on GitHub and it seems that the authorities do not plan to support these old services in the future.
    https://github.com/dotnet/wcf/issues?utf8=%E2%9C%93&q=securitybindingelement
    At present, I also suggest that you consider using asp.net webapi.
    https://www.asp.net/web-api
    Best Regards
    Abraham
    • Marked as answer by Anuj-Gupta Thursday, January 10, 2019 8:09 PM
    Thursday, January 10, 2019 10:01 AM
    Moderator
  • Thanks for reply.
    Thursday, January 10, 2019 8:09 PM
  • I understand that there is no built in framework supported way in .NET Core, but I'm wondering if there is any way at all to communicate with a WCF service from .NET Core?  Is there some other way I can set up and use these security features?  Maybe some 3rd party product or project?
    Thursday, January 10, 2019 8:19 PM
  • Hi Anuj-Gupta,

    As far as I know, there is no ways to use these security features in .NetCore.
    The complete implementation and feature should only exist in Net Framework. I have not heard of the possibility to use a third-party library implementation. If you have similar requirement, I suggest you submit an issue to the official team on GitHub.

    https://github.com/dotnet/wcf/issues

    Best Regards
    Abraham

    Friday, January 11, 2019 2:30 AM
    Moderator