description | title | ms.date | ms.assetid |
---|---|---|---|
Learn more about: How to: Configure WCF Services to Interoperate with WSE 3.0 Clients |
How to: Configure WCF Services to Interoperate with WSE 3.0 Clients |
03/30/2017 |
0f38c4a0-49a6-437c-bdde-ad1d138d3c4a |
Windows Communication Foundation (WCF) services are wire-level compatible with Web Services Enhancements 3.0 for Microsoft .NET (WSE) clients when WCF services are configured to use the August 2004 version of the WS-Addressing specification.
-
Define a custom binding for the WCF service.
To specify that the August 2004 version of the WS-Addressing specification is used for message encoding, a custom binding must be created.
-
Add a child <customBinding> to the <bindings> of the service's configuration file.
-
Specify a name for the binding, by adding a <binding> to the <customBinding> and setting the
name
attribute. -
Specify an authentication mode and the version of the WS-Security specifications that are used to secure messages that are compatible with WSE 3.0, by adding a child <security> to the <binding>.
To set the authentication mode, set the
authenticationMode
attribute of the <security>. An authentication mode is roughly equivalent to a turnkey security assertion in WSE 3.0. The following table maps authentication modes in WCF to turnkey security assertions in WSE 3.0.WCF Authentication Mode WSE 3.0 turnkey security assertion xref:System.ServiceModel.Configuration.AuthenticationMode.AnonymousForCertificate anonymousForCertificateSecurity
xref:System.ServiceModel.Configuration.AuthenticationMode.Kerberos kerberosSecurity
xref:System.ServiceModel.Configuration.AuthenticationMode.MutualCertificate mutualCertificate10Security
*xref:System.ServiceModel.Configuration.AuthenticationMode.MutualCertificate mutualCertificate11Security
*xref:System.ServiceModel.Configuration.AuthenticationMode.UserNameOverTransport usernameOverTransportSecurity
xref:System.ServiceModel.Configuration.AuthenticationMode.UserNameForCertificate usernameForCertificateSecurity
* One of the primary differences between the
mutualCertificate10Security
andmutualCertificate11Security
turnkey security assertions is the version of the WS-Security specification that WSE uses to secure the SOAP messages. FormutualCertificate10Security
, WS-Security 1.0 is used, whereas WS-Security 1.1 is used formutualCertificate11Security
. For WCF, the version of the WS-Security specification is specified in themessageSecurityVersion
attribute of the <security>.To set the version of the WS-Security specification that is used to secure SOAP messages, set the
messageSecurityVersion
attribute of the <security>. To interoperate with WSE 3.0, set the value of themessageSecurityVersion
attribute to xref:System.ServiceModel.MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10%2A. -
Specify that the August 2004 version of the WS-Addressing specification is used by WCF by adding a <textMessageEncoding> and set the
messageVersion
to its value to xref:System.ServiceModel.Channels.MessageVersion.Soap11WSAddressingAugust2004%2A.[!NOTE] When you are using SOAP 1.2, set the
messageVersion
attribute to xref:System.ServiceModel.Channels.MessageVersion.Soap12WSAddressingAugust2004%2A.
-
-
Specify that the service uses the custom binding.
-
Set the
binding
attribute of the <endpoint> element tocustomBinding
. -
Set the
bindingConfiguration
attribute of the <endpoint> element to the value specified in thename
attribute of the <binding> for the custom binding.
-
The following code example specifies that the Service.HelloWorldService
uses a custom binding to interoperate with WSE 3.0 clients. The custom binding specifies that the August 2004 version of the WS-Addressing and the WS-Security 1.1 set of specifications are used to encode the exchanged messages. The messages are secured using the xref:System.ServiceModel.Configuration.AuthenticationMode.AnonymousForCertificate authentication mode.
<configuration>
<system.serviceModel>
<services>
<service
behaviorConfiguration="ServiceBehavior"
name="Service.HelloWorldService">
<endpoint binding="customBinding" address=""
bindingConfiguration="ServiceBinding"
contract="Service.IHelloWorld"></endpoint>
</service>
</services>
<bindings>
<customBinding>
<binding name="ServiceBinding">
<security authenticationMode="AnonymousForCertificate"
messageProtectionOrder="SignBeforeEncrypt"
messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
requireDerivedKeys="false">
</security>
<textMessageEncoding messageVersion ="Soap11WSAddressingAugust2004"></textMessageEncoding>
<httpTransport/>
</binding>
</customBinding>
</bindings>
<behaviors>
<behavior name="ServiceBehavior" returnUnknownExceptionsAsFaults="true">
<serviceCredentials>
<serviceCertificate findValue="CN=WCFQuickstartServer" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName"/>
</serviceCredentials>
</behavior>
</behaviors>
</system.serviceModel>
</configuration>