how-to-configure-wcf-services-to-interoperate-with-wse-3-0-clients.md

description	title	ms.date	ms.assetid
Learn more about: How to: Configure WCF Services to Interoperate with WSE 3.0 Clients	How to: Configure WCF Services to Interoperate with WSE 3.0 Clients	03/30/2017	0f38c4a0-49a6-437c-bdde-ad1d138d3c4a

How to: Configure WCF Services to Interoperate with WSE 3.0 Clients

Windows Communication Foundation (WCF) services are wire-level compatible with Web Services Enhancements 3.0 for Microsoft .NET (WSE) clients when WCF services are configured to use the August 2004 version of the WS-Addressing specification.

To enable a WCF service to interoperate with WSE 3.0 clients

1. Define a custom binding for the WCF service.

   To specify that the August 2004 version of the WS-Addressing specification is used for message encoding, a custom binding must be created.

   1. Add a child <customBinding> to the <bindings> of the service's configuration file.

   2. Specify a name for the binding, by adding a <binding> to the <customBinding> and setting the name attribute.

   3. Specify an authentication mode and the version of the WS-Security specifications that are used to secure messages that are compatible with WSE 3.0, by adding a child <security> to the <binding>.

      To set the authentication mode, set the authenticationMode attribute of the <security>. An authentication mode is roughly equivalent to a turnkey security assertion in WSE 3.0. The following table maps authentication modes in WCF to turnkey security assertions in WSE 3.0.

      WCF Authentication Mode	WSE 3.0 turnkey security assertion
      xref:System.ServiceModel.Configuration.AuthenticationMode.AnonymousForCertificate	anonymousForCertificateSecurity
      xref:System.ServiceModel.Configuration.AuthenticationMode.Kerberos	kerberosSecurity
      xref:System.ServiceModel.Configuration.AuthenticationMode.MutualCertificate	mutualCertificate10Security*
      xref:System.ServiceModel.Configuration.AuthenticationMode.MutualCertificate	mutualCertificate11Security*
      xref:System.ServiceModel.Configuration.AuthenticationMode.UserNameOverTransport	usernameOverTransportSecurity
      xref:System.ServiceModel.Configuration.AuthenticationMode.UserNameForCertificate	usernameForCertificateSecurity

      * One of the primary differences between the mutualCertificate10Security and mutualCertificate11Security turnkey security assertions is the version of the WS-Security specification that WSE uses to secure the SOAP messages. For mutualCertificate10Security, WS-Security 1.0 is used, whereas WS-Security 1.1 is used for mutualCertificate11Security. For WCF, the version of the WS-Security specification is specified in the messageSecurityVersion attribute of the <security>.

      To set the version of the WS-Security specification that is used to secure SOAP messages, set the messageSecurityVersion attribute of the <security>. To interoperate with WSE 3.0, set the value of the messageSecurityVersion attribute to xref:System.ServiceModel.MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10%2A.

   4. Specify that the August 2004 version of the WS-Addressing specification is used by WCF by adding a <textMessageEncoding> and set the messageVersion to its value to xref:System.ServiceModel.Channels.MessageVersion.Soap11WSAddressingAugust2004%2A.

      [!NOTE] When you are using SOAP 1.2, set the messageVersion attribute to xref:System.ServiceModel.Channels.MessageVersion.Soap12WSAddressingAugust2004%2A.

2. Specify that the service uses the custom binding.

   1. Set the binding attribute of the <endpoint> element to customBinding.

   2. Set the bindingConfiguration attribute of the <endpoint> element to the value specified in the name attribute of the <binding> for the custom binding.

Example

The following code example specifies that the Service.HelloWorldService uses a custom binding to interoperate with WSE 3.0 clients. The custom binding specifies that the August 2004 version of the WS-Addressing and the WS-Security 1.1 set of specifications are used to encode the exchanged messages. The messages are secured using the xref:System.ServiceModel.Configuration.AuthenticationMode.AnonymousForCertificate authentication mode.

<configuration>
  <system.serviceModel>
    <services>
      <service
        behaviorConfiguration="ServiceBehavior"
        name="Service.HelloWorldService">
        <endpoint binding="customBinding" address=""
          bindingConfiguration="ServiceBinding"
          contract="Service.IHelloWorld"></endpoint>
      </service>
    </services>

    <bindings>
      <customBinding>
        <binding name="ServiceBinding">
          <security authenticationMode="AnonymousForCertificate"
                  messageProtectionOrder="SignBeforeEncrypt"
                  messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
                  requireDerivedKeys="false">
          </security>
          <textMessageEncoding messageVersion ="Soap11WSAddressingAugust2004"></textMessageEncoding>
          <httpTransport/>
        </binding>
      </customBinding>
    </bindings>
    <behaviors>
      <behavior name="ServiceBehavior" returnUnknownExceptionsAsFaults="true">
        <serviceCredentials>
          <serviceCertificate findValue="CN=WCFQuickstartServer" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName"/>
        </serviceCredentials>
      </behavior>
    </behaviors>
  </system.serviceModel>
</configuration>

See also

• How to: Customize a System-Provided Binding