Click here to Skip to main content
Click here to Skip to main content
Add your own
alternative version

Custom Authentication and Security for Routing Service of WCF 4.0

, 13 Oct 2012
Defining security contextes in Routing service environment.
Routing_Service_POC-noexe.zip
Routing_Service_POC
POC
RoutingServicePOC
ClientCommonLib
obj
Debug
Properties
Client
bin
Debug
Client.vshost.exe.manifest
MessageLog.svclog
obj
x86
Debug
Properties
GlobalCommonLib
GlobalCommonLib.csproj.user
obj
Debug
Properties
RoutingServicePOC.5.1.ReSharper.user
RoutingServicePOC.suo
RoutingServicePOC
Filter
obj
Debug
CSAutoParameterize
original
transformed
Package
PackageTmp
RoutingService.svc
RoutingServicePOC.zip
TransformWebConfig
original
transformed
Properties
RoutingService.svc
RoutingServicePOC.csproj.user
ServiceA.Contract
obj
Debug
Properties
ServiceA
bin
Debug
ServiceA.vshost.exe.manifest
obj
x86
Debug
Properties
ServiceB.Contract
obj
Debug
Properties
ServiceB
bin
Debug
ServiceB.vshost.exe.manifest
obj
x86
Debug
Properties
ServiceCommonLib
obj
Debug
Properties
_ReSharper.RoutingServicePOC
BuildScriptCache
.crc
.version
9
6ecd42b4.dat
NamedArguments
.crc
.version
8
64bd7be7.dat
ProjectModel
ProjectModel.dat
Resources
.crc
.version
SymbolCache.bin
TagPrefixes
.crc
.version
5
5402198f.dat
TodoCache
.crc
.version
5
5402198f.dat
WebsiteFileReferences
.crc
.version
WordIndex
.crc
.version
1
3da9581c.dat
Routing_Service_POC.zip
library
ICSharpCode.SharpZipLib.dll
Ionic.Zip.dll
bin
Debug
ClientCommonLib.dll
GlobalCommonLib.dll
ClientCommonLib.dll
Client.exe
Client.vshost.exe
Client.vshost.exe.manifest
ClientCommonLib.dll
GlobalCommonLib.dll
MessageLog.svclog
ServiceA.Contract.dll
ServiceB.Contract.dll
Client.exe
bin
Debug
GlobalCommonLib.dll
ICSharpCode.SharpZipLib.dll
Ionic.Zip.dll
GlobalCommonLib.csproj.user
GlobalCommonLib.dll
RoutingServicePOC.5.1.ReSharper.user
RoutingServicePOC.suo
bin
GlobalCommonLib.dll
ICSharpCode.SharpZipLib.dll
Ionic.Zip.dll
RoutingServicePOC.dll
bin
GlobalCommonLib.dll
RoutingServicePOC.dll
RoutingService.svc
RoutingServicePOC.zip
RoutingServicePOC.dll
RoutingService.svc
RoutingServicePOC.csproj.user
bin
Debug
ServiceA.Contract.dll
ServiceA.Contract.dll
GlobalCommonLib.dll
ServiceA.Contract.dll
ServiceA.exe
ServiceA.vshost.exe
ServiceA.vshost.exe.manifest
ServiceCommonLib.dll
ServiceA.exe
bin
Debug
ServiceB.Contract.dll
ServiceB.Contract.dll
GlobalCommonLib.dll
ServiceB.Contract.dll
ServiceB.exe
ServiceB.vshost.exe
ServiceB.vshost.exe.manifest
ServiceCommonLib.dll
ServiceB.exe
bin
Debug
GlobalCommonLib.dll
ServiceCommonLib.dll
ServiceCommonLib.dll
.crc
.version
6ecd42b4.dat
.crc
.version
64bd7be7.dat
ProjectModel.dat
.crc
.version
SymbolCache.bin
.crc
.version
5402198f.dat
.crc
.version
5402198f.dat
.crc
.version
.crc
.version
3da9581c.dat
using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.Cryptography;
using System.Security.Cryptography.Xml;
using System.ServiceModel.Channels;
using System.Text;
using System.Xml;

namespace GlobalCommonLib
{
    public class CryptographerBase
    {
        public const string KeyElementName = "EncryptionKey";
        public const string EncryptedElementName = "Encrypted";

        //The elements that will be encrypted when the contentEncryption is set to "Credentials" or "All".
        public const string CredentialsElementName = "Credentials";
        public const string AllElementName = "s:Envelope";

        public const int AesKeySize = 256; //The minimum size of the key is 128 bits, and the maximum size is 256 bits. [2]
        public const int RsaKeySize = 1024; //The RSACryptoServiceProvider supports key lengths from 384 bits to 16384 bits in increments of 8 bits if you have the Microsoft Enhanced Cryptographic Provider installed. It supports key lengths from 384 bits to 512 bits in increments of 8 bits if you have the Microsoft Base Cryptographic Provider installed.[1]

        protected const bool Content = false;//Encrypt only the content (true) or the node also (false); it seems not to function on true.?!?

        //on server: generates a new public/private key at its instantiation
        //on client: must be initiated with the public key of the server 
        public static RSACryptoServiceProvider RsaServiceProvider { get; private set; }

        //this is necessary on a multithreading environment to pair the request and reply (both on server and client)
        //on client: contains the message id and the key used to encrypt the request message; it will be used to decrypt the reply message.
        //on server: contains the message is and the key extracted from the encrypted message; it will be used to encrypt the reply message.
        //protected static ConcurrentDictionary<string, byte[]> AesKeys { get; private set; }

        static CryptographerBase()
        {
            RsaServiceProvider = new RSACryptoServiceProvider(RsaKeySize);
            //AesKeys = new ConcurrentDictionary<string, byte[]>();
        }

    }

    public class Cryptographer : CryptographerBase
    {
        public static void Encrypt(XmlDocument xmlDoc, string elementToEncrypt)
        {
            XmlNodeList elementsToEncrypt = xmlDoc.GetElementsByTagName(elementToEncrypt);
            if (elementsToEncrypt.Count == 0)
                return;

            var aesServiceProvider = new AesCryptoServiceProvider {KeySize = 256};
            aesServiceProvider.GenerateKey();

            XmlNode idNode = xmlDoc.GetElementsByTagName("a:MessageID")[0];
            
            string id = string.Empty;
            if (null != idNode)
                id =  BitConverter.ToString( Encoding.UTF8.GetBytes(idNode.InnerText));
             id += "||" + BitConverter.ToString(aesServiceProvider.Key);
            
            //AesKeys.TryAdd(id, );

            var xmlElementToEncrypt = (XmlElement)elementsToEncrypt[0];
            var encryptedXml = new EncryptedXml();

            byte[] encryptedElement = encryptedXml.EncryptData(xmlElementToEncrypt, aesServiceProvider, Content);

            var encryptedData = new EncryptedData
                                    {
                                        Type = EncryptedXml.XmlEncElementUrl,
                                        EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url)
                                    };
            var encryptedKey = new EncryptedKey
                                   {
                                       CipherData =
                                           new CipherData(EncryptedXml.EncryptKey(aesServiceProvider.Key,
                                                                                  RsaServiceProvider, Content)),
                                       EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url)
                                   };
            encryptedData.KeyInfo = new KeyInfo();
            encryptedKey.KeyInfo.AddClause(new KeyInfoName(KeyElementName));
            encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey));
            encryptedData.CipherData.CipherValue = encryptedElement;
            encryptedData.Id = id;
            EncryptedXml.ReplaceElement(xmlElementToEncrypt, encryptedData, Content);
        }

        public static void Decrypt(XmlDocument xmlDoc)
        {

            XmlNodeList encryptedElements = xmlDoc.GetElementsByTagName("EncryptedData");
            if (encryptedElements.Count == 0)
                return;

            var aesServiceProvider = new AesCryptoServiceProvider();
            var encryptedElement = (XmlElement)encryptedElements[0];

            var encryptedData = new EncryptedData();
            encryptedData.LoadXml(encryptedElement);

            var keyinString = encryptedData.Id.Split(new string[] {"||"}, StringSplitOptions.None).ElementAt(1);
            byte[] key = keyinString.Split('-').Select(b => Convert.ToByte(b, 16)).ToArray();
            //AesKeys.TryRemove(encryptedData.Id, out key);
            aesServiceProvider.Key = key;


            var encryptedXml = new EncryptedXml();
            encryptedXml.ReplaceData(encryptedElement, encryptedXml.DecryptData(encryptedData, aesServiceProvider));
        }

        public static ArraySegment<byte> EncryptBuffer(ArraySegment<byte> buffer, BufferManager bufferManager, int messageOffset, string elementToEncrypt = "s:Envelope")
        {
            var xmlDoc = new XmlDocument();

            using (var memoryStream = new MemoryStream(buffer.Array, buffer.Offset, buffer.Count))
            {
                xmlDoc.Load(memoryStream);                
            }

            Cryptographer.Encrypt(xmlDoc, elementToEncrypt);
            byte[] encryptedBytes = Encoding.UTF8.GetBytes(xmlDoc.OuterXml);
            byte[] bufferedBytes = bufferManager.TakeBuffer(encryptedBytes.Length);
            Array.Copy(encryptedBytes, 0, bufferedBytes, 0, encryptedBytes.Length);
            bufferManager.ReturnBuffer(buffer.Array);

            var byteArray = new ArraySegment<byte>(bufferedBytes, messageOffset, encryptedBytes.Length);

            return byteArray;
        }

        public static ArraySegment<byte> DecryptBuffer(ArraySegment<byte> buffer, BufferManager bufferManager)
        {
            var xmlDoc = new XmlDocument();
            using (var memoryStream = new MemoryStream(buffer.Array, buffer.Offset, buffer.Count))
            {
                xmlDoc.Load(memoryStream);
            }

            Cryptographer.Decrypt(xmlDoc);
            byte[] decryptedBytes = Encoding.UTF8.GetBytes(xmlDoc.OuterXml);

            byte[] bufferedBytes = bufferManager.TakeBuffer(decryptedBytes.Length);
            Array.Copy(decryptedBytes, 0, bufferedBytes, 0, decryptedBytes.Length);
            bufferManager.ReturnBuffer(buffer.Array);
            var byteArray = new ArraySegment<byte>(bufferedBytes, 0, decryptedBytes.Length);

            string s = Encoding.UTF8.GetString(byteArray.Array, byteArray.Offset, byteArray.Count);
            return byteArray;

        }

    }
}

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

About the Author

Morshed Anwar
Team Leader Adaptive Enterprise Limited (www.ael-bd.com)
Bangladesh Bangladesh
No Biography provided

| Advertise | Privacy | Mobile
Web02 | 2.8.140721.1 | Last Updated 13 Oct 2012
Article Copyright 2012 by Morshed Anwar
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid