dotnet
diff --git a/‎framework/wcf/Basic/Binding/Basic/TransportSecurity/CS/client/App.config
+1-2 b/‎framework/wcf/Basic/Binding/Basic/TransportSecurity/CS/client/App.config
+1-2
diff --git a/‎framework/wcf/Basic/Binding/Basic/TransportSecurity/CS/client/CalculatorClientConstructor.cs
+12 b/‎framework/wcf/Basic/Binding/Basic/TransportSecurity/CS/client/CalculatorClientConstructor.cs
+12
diff --git a/‎framework/wcf/Basic/Binding/Basic/TransportSecurity/CS/client/Connected Services/Microsoft.Samples.TransportSecurity/ConnectedService.json
+17 b/‎framework/wcf/Basic/Binding/Basic/TransportSecurity/CS/client/Connected Services/Microsoft.Samples.TransportSecurity/ConnectedService.json
+17
diff --git a/‎framework/wcf/Basic/Binding/Basic/TransportSecurity/CS/client/Connected Services/Microsoft.Samples.TransportSecurity/Reference.cs
+177 b/‎framework/wcf/Basic/Binding/Basic/TransportSecurity/CS/client/Connected Services/Microsoft.Samples.TransportSecurity/Reference.cs
+177
diff --git a/‎framework/wcf/Basic/Binding/Basic/TransportSecurity/CS/client/Properties/AssemblyInfo.cs
-22 b/‎framework/wcf/Basic/Binding/Basic/TransportSecurity/CS/client/Properties/AssemblyInfo.cs
-22
diff --git a/‎framework/wcf/Basic/Binding/Basic/TransportSecurity/CS/client/client.cs
+26-18 b/‎framework/wcf/Basic/Binding/Basic/TransportSecurity/CS/client/client.cs
+26-18
@@ -20,5 +20,4 @@
     </bindings>
 
   </system.serviceModel>
-
-<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8"/></startup></configuration>
+</configuration>
@@ -0,0 +1,12 @@
+namespace Microsoft.Samples.TransportSecurity
+{
+    // This partial class constructor is needed as the service is hosted in IIS and advertises both HTTP and HTTPS endpoints.
+    // This causes the generated client to have 2 configurations so a default constructor can't be generated as it's unknown which to use.
+    // By adding this constructor, we can choose which endpoint we wish to use as the default.
+    public partial class CalculatorClient
+    {
+#if NET6_0_OR_GREATER
+        public CalculatorClient() : this(EndpointConfiguration.BasicHttpBinding_ICalculator1) { }
+#endif
+    }
+}
@@ -0,0 +1,17 @@
+{
+  "ExtendedData": {
+    "inputs": [
+      "https://localhost/servicemodelsamples/service.svc"
+    ],
+    "collectionTypes": [
+      "System.Array",
+      "System.Collections.Generic.Dictionary`2"
+    ],
+    "namespaceMappings": [
+      "*, Microsoft.Samples.TransportSecurity"
+    ],
+    "sync": true,
+    "targetFramework": "net6.0",
+    "typeReuseMode": "None"
+  }
+}
@@ -0,0 +1,177 @@
+//------------------------------------------------------------------------------
+// <auto-generated>
+//     This code was generated by a tool.
+//
+//     Changes to this file may cause incorrect behavior and will be lost if
+//     the code is regenerated.
+// </auto-generated>
+//------------------------------------------------------------------------------
+
+namespace Microsoft.Samples.TransportSecurity
+{
+    
+    
+    [System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.Tools.ServiceModel.Svcutil", "2.1.0")]
+    [System.ServiceModel.ServiceContractAttribute(Namespace="http://Microsoft.Samples.TransportSecurity", ConfigurationName="Microsoft.Samples.TransportSecurity.ICalculator")]
+    public interface ICalculator
+    {
+        
+        [System.ServiceModel.OperationContractAttribute(Action="http://Microsoft.Samples.TransportSecurity/ICalculator/Add", ReplyAction="http://Microsoft.Samples.TransportSecurity/ICalculator/AddResponse")]
+        double Add(double n1, double n2);
+        
+        [System.ServiceModel.OperationContractAttribute(Action="http://Microsoft.Samples.TransportSecurity/ICalculator/Add", ReplyAction="http://Microsoft.Samples.TransportSecurity/ICalculator/AddResponse")]
+        System.Threading.Tasks.Task<double> AddAsync(double n1, double n2);
+        
+        [System.ServiceModel.OperationContractAttribute(Action="http://Microsoft.Samples.TransportSecurity/ICalculator/Subtract", ReplyAction="http://Microsoft.Samples.TransportSecurity/ICalculator/SubtractResponse")]
+        double Subtract(double n1, double n2);
+        
+        [System.ServiceModel.OperationContractAttribute(Action="http://Microsoft.Samples.TransportSecurity/ICalculator/Subtract", ReplyAction="http://Microsoft.Samples.TransportSecurity/ICalculator/SubtractResponse")]
+        System.Threading.Tasks.Task<double> SubtractAsync(double n1, double n2);
+        
+        [System.ServiceModel.OperationContractAttribute(Action="http://Microsoft.Samples.TransportSecurity/ICalculator/Multiply", ReplyAction="http://Microsoft.Samples.TransportSecurity/ICalculator/MultiplyResponse")]
+        double Multiply(double n1, double n2);
+        
+        [System.ServiceModel.OperationContractAttribute(Action="http://Microsoft.Samples.TransportSecurity/ICalculator/Multiply", ReplyAction="http://Microsoft.Samples.TransportSecurity/ICalculator/MultiplyResponse")]
+        System.Threading.Tasks.Task<double> MultiplyAsync(double n1, double n2);
+        
+        [System.ServiceModel.OperationContractAttribute(Action="http://Microsoft.Samples.TransportSecurity/ICalculator/Divide", ReplyAction="http://Microsoft.Samples.TransportSecurity/ICalculator/DivideResponse")]
+        double Divide(double n1, double n2);
+        
+        [System.ServiceModel.OperationContractAttribute(Action="http://Microsoft.Samples.TransportSecurity/ICalculator/Divide", ReplyAction="http://Microsoft.Samples.TransportSecurity/ICalculator/DivideResponse")]
+        System.Threading.Tasks.Task<double> DivideAsync(double n1, double n2);
+    }
+    
+    [System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.Tools.ServiceModel.Svcutil", "2.1.0")]
+    public interface ICalculatorChannel : Microsoft.Samples.TransportSecurity.ICalculator, System.ServiceModel.IClientChannel
+    {
+    }
+    
+    [System.Diagnostics.DebuggerStepThroughAttribute()]
+    [System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.Tools.ServiceModel.Svcutil", "2.1.0")]
+    public partial class CalculatorClient : System.ServiceModel.ClientBase<Microsoft.Samples.TransportSecurity.ICalculator>, Microsoft.Samples.TransportSecurity.ICalculator
+    {
+        
+        /// <summary>
+        /// Implement this partial method to configure the service endpoint.
+        /// </summary>
+        /// <param name="serviceEndpoint">The endpoint to configure</param>
+        /// <param name="clientCredentials">The client credentials</param>
+        static partial void ConfigureEndpoint(System.ServiceModel.Description.ServiceEndpoint serviceEndpoint, System.ServiceModel.Description.ClientCredentials clientCredentials);
+        
+        public CalculatorClient(EndpointConfiguration endpointConfiguration) : 
+                base(CalculatorClient.GetBindingForEndpoint(endpointConfiguration), CalculatorClient.GetEndpointAddress(endpointConfiguration))
+        {
+            this.Endpoint.Name = endpointConfiguration.ToString();
+            ConfigureEndpoint(this.Endpoint, this.ClientCredentials);
+        }
+        
+        public CalculatorClient(EndpointConfiguration endpointConfiguration, string remoteAddress) : 
+                base(CalculatorClient.GetBindingForEndpoint(endpointConfiguration), new System.ServiceModel.EndpointAddress(remoteAddress))
+        {
+            this.Endpoint.Name = endpointConfiguration.ToString();
+            ConfigureEndpoint(this.Endpoint, this.ClientCredentials);
+        }
+        
+        public CalculatorClient(EndpointConfiguration endpointConfiguration, System.ServiceModel.EndpointAddress remoteAddress) : 
+                base(CalculatorClient.GetBindingForEndpoint(endpointConfiguration), remoteAddress)
+        {
+            this.Endpoint.Name = endpointConfiguration.ToString();
+            ConfigureEndpoint(this.Endpoint, this.ClientCredentials);
+        }
+        
+        public CalculatorClient(System.ServiceModel.Channels.Binding binding, System.ServiceModel.EndpointAddress remoteAddress) : 
+                base(binding, remoteAddress)
+        {
+        }
+        
+        public double Add(double n1, double n2)
+        {
+            return base.Channel.Add(n1, n2);
+        }
+        
+        public System.Threading.Tasks.Task<double> AddAsync(double n1, double n2)
+        {
+            return base.Channel.AddAsync(n1, n2);
+        }
+        
+        public double Subtract(double n1, double n2)
+        {
+            return base.Channel.Subtract(n1, n2);
+        }
+        
+        public System.Threading.Tasks.Task<double> SubtractAsync(double n1, double n2)
+        {
+            return base.Channel.SubtractAsync(n1, n2);
+        }
+        
+        public double Multiply(double n1, double n2)
+        {
+            return base.Channel.Multiply(n1, n2);
+        }
+        
+        public System.Threading.Tasks.Task<double> MultiplyAsync(double n1, double n2)
+        {
+            return base.Channel.MultiplyAsync(n1, n2);
+        }
+        
+        public double Divide(double n1, double n2)
+        {
+            return base.Channel.Divide(n1, n2);
+        }
+        
+        public System.Threading.Tasks.Task<double> DivideAsync(double n1, double n2)
+        {
+            return base.Channel.DivideAsync(n1, n2);
+        }
+        
+        public virtual System.Threading.Tasks.Task OpenAsync()
+        {
+            return System.Threading.Tasks.Task.Factory.FromAsync(((System.ServiceModel.ICommunicationObject)(this)).BeginOpen(null, null), new System.Action<System.IAsyncResult>(((System.ServiceModel.ICommunicationObject)(this)).EndOpen));
+        }
+        
+        private static System.ServiceModel.Channels.Binding GetBindingForEndpoint(EndpointConfiguration endpointConfiguration)
+        {
+            if ((endpointConfiguration == EndpointConfiguration.BasicHttpBinding_ICalculator))
+            {
+                System.ServiceModel.BasicHttpBinding result = new System.ServiceModel.BasicHttpBinding();
+                result.MaxBufferSize = int.MaxValue;
+                result.ReaderQuotas = System.Xml.XmlDictionaryReaderQuotas.Max;
+                result.MaxReceivedMessageSize = int.MaxValue;
+                result.AllowCookies = true;
+                return result;
+            }
+            if ((endpointConfiguration == EndpointConfiguration.BasicHttpBinding_ICalculator1))
+            {
+                System.ServiceModel.BasicHttpBinding result = new System.ServiceModel.BasicHttpBinding();
+                result.MaxBufferSize = int.MaxValue;
+                result.ReaderQuotas = System.Xml.XmlDictionaryReaderQuotas.Max;
+                result.MaxReceivedMessageSize = int.MaxValue;
+                result.AllowCookies = true;
+                result.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport;
+                return result;
+            }
+            throw new System.InvalidOperationException(string.Format("Could not find endpoint with name \'{0}\'.", endpointConfiguration));
+        }
+        
+        private static System.ServiceModel.EndpointAddress GetEndpointAddress(EndpointConfiguration endpointConfiguration)
+        {
+            if ((endpointConfiguration == EndpointConfiguration.BasicHttpBinding_ICalculator))
+            {
+                return new System.ServiceModel.EndpointAddress("http://localhost/servicemodelsamples/service.svc");
+            }
+            if ((endpointConfiguration == EndpointConfiguration.BasicHttpBinding_ICalculator1))
+            {
+                return new System.ServiceModel.EndpointAddress("https://localhost/servicemodelsamples/service.svc");
+            }
+            throw new System.InvalidOperationException(string.Format("Could not find endpoint with name \'{0}\'.", endpointConfiguration));
+        }
+        
+        public enum EndpointConfiguration
+        {
+            
+            BasicHttpBinding_ICalculator,
+            
+            BasicHttpBinding_ICalculator1,
+        }
+    }
+}
@@ -3,8 +3,10 @@
 //----------------------------------------------------------------
 
 using System;
-using System.Net;
+using System.IdentityModel.Selectors;
+using System.IdentityModel.Tokens;
 using System.Security.Cryptography.X509Certificates;
+using System.ServiceModel.Security;
 
 namespace Microsoft.Samples.TransportSecurity
 {
@@ -17,10 +19,12 @@ static void Main()
         {
             // WARNING: This code is only needed for test certificates such as those created by makecert. It is 
             // not recommended for production code.
-            PermissiveCertificatePolicy.Enact("CN=ServiceModelSamples-HTTPS-Server");
-
             // Create a client
             CalculatorClient client = new CalculatorClient();
+            client.ClientCredentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication();
+            client.ClientCredentials.ServiceCertificate.SslCertificateAuthentication.CertificateValidationMode = X509CertificateValidationMode.Custom;
+            MyX509CertificateValidator myX509CertificateValidator = new MyX509CertificateValidator("CN=ServiceModelSamples-HTTPS-Server");
+            client.ClientCredentials.ServiceCertificate.SslCertificateAuthentication.CustomCertificateValidator = myX509CertificateValidator;
 
             // Call the Add service operation.
             double value1 = 100.00D;
@@ -57,30 +61,34 @@ static void Main()
 
     // WARNING: This code is only needed for test certificates such as those created by makecert. It is 
     // not recommended for production code.
-    class PermissiveCertificatePolicy
+    public class MyX509CertificateValidator : X509CertificateValidator
     {
-        string subjectName;
-        static PermissiveCertificatePolicy currentPolicy;
-        PermissiveCertificatePolicy(string subjectName)
-        {
-            this.subjectName = subjectName;
-            ServicePointManager.ServerCertificateValidationCallback +=
-                new System.Net.Security.RemoteCertificateValidationCallback(RemoteCertValidate);
-        }
+        private string _allowedIssuerName;
 
-        public static void Enact(string subjectName)
+        public MyX509CertificateValidator(string allowedIssuerName)
         {
-            currentPolicy = new PermissiveCertificatePolicy(subjectName);
+            if (string.IsNullOrEmpty(allowedIssuerName))
+            {
+                throw new ArgumentNullException("allowedIssuerName", "[MyX509CertificateValidator] The string parameter allowedIssuerName was null or empty.");
+            }
+
+            _allowedIssuerName = allowedIssuerName;
         }
 
-        bool RemoteCertValidate(object sender, X509Certificate cert, X509Chain chain, System.Net.Security.SslPolicyErrors error)
+        public override void Validate(X509Certificate2 certificate)
         {
-            if (cert.Subject == subjectName)
+            // Check that there is a certificate.
+            if (certificate == null)
             {
-                return true;
+                throw new ArgumentNullException("certificate", "[MyX509CertificateValidator] The X509Certificate2 parameter certificate was null.");
             }
 
-            return false;
+            // Check that the certificate issuer matches the configured issuer.
+            if (!certificate.Subject.Contains(_allowedIssuerName))
+            {
+                throw new SecurityTokenValidationException
+                  (string.Format("Certificate was not issued by a trusted issuer. Expected: {0}, Actual: {1}", _allowedIssuerName, certificate.IssuerName.Name));
+            }
         }
     }
 }