| Subject: Message Security usage |
| Group: microsoft.public.windows.developer.winfx.indigo |
| Date: 4/2/2008 5:22:33 AM |
| From: DEE [Email Address Protection] |
Hi There, I have a scenario where in , i need to use wsHttpBinding binding , so the default is message security and client credential type is Windows . my service app.config looks like this : <system.serviceModel> <bindings /> <behaviors> <serviceBehaviors> <behavior name="NewBehavior"> <serviceMetadata httpGetEnabled="true" /> </behavior> </serviceBehaviors> </behaviors> <services> <service behaviorConfiguration="NewBehavior" name="SampleService.Service"> <endpoint address="SampleService" binding="wsHttpBinding" bindingConfiguration="" contract="SampleService.IService" /> <endpoint address="Mex" binding="mexHttpBinding" bindingConfiguration="" contract="IMetadataExchange" /> <host> <baseAddresses> <add baseAddress="http://localhost:2000/" /> </baseAddresses> </host> </service> </services> </system.serviceModel> and now when i generate the proxy and clients app.config , app.config of client is shown below <system.serviceModel> <bindings> <wsHttpBinding> <binding name="WSHttpBinding_IService" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false"> <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /> <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" /> <security mode="Message"> <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" /> <message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="true" /> </security> </binding> </wsHttpBinding> </bindings> <client> <endpoint address="http://localhost:2000/SampleService" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService" contract="SampleClient.ServiceReference.IService" name="WSHttpBinding_IService"> </endpoint> </client> </system.serviceModel> NOW , the question is when the security mode is " Message " , what is the reason behind having transport tags and configuring it to windows . could anybody throw some light on it. Thanks in Advance |
| Back |
| Subject: Re: Message Security usage |
| Group: microsoft.public.windows.developer.winfx.indigo |
| Date: 4/2/2008 3:49:59 PM |
| From: "Tiago Halm" [Email Address Protection] |
If security is set to Message, the transport tag is ignored. However, if the security is set to TransportWithMessageCredential, both tags are used. Why? Encrytion and Signature is done at transport (HTTP) and credentials travel through the rich WS-Security/WS-Trust/WS-Policy model with Security Tokens of your choosing like SAML, Kerberos, Username, X.509. Tiago Halm "DEE" <tsdeepak@gmail.com> wrote in message news:c2ac321a-a13a-4d55-a34b-5fa646e1b60c@r9g2000prd.googlegroups.com... > Hi There, > > I have a scenario where in , i need to use wsHttpBinding binding , > so the default is message security and client credential type is > Windows . my service app.config looks like this : > > <system.serviceModel> > <bindings /> > <behaviors> > <serviceBehaviors> > <behavior name="NewBehavior"> > <serviceMetadata httpGetEnabled="true" /> > </behavior> > </serviceBehaviors> > </behaviors> > <services> > <service behaviorConfiguration="NewBehavior" > name="SampleService.Service"> > <endpoint address="SampleService" > binding="wsHttpBinding" bindingConfiguration="" > contract="SampleService.IService" /> > <endpoint address="Mex" binding="mexHttpBinding" > bindingConfiguration="" > contract="IMetadataExchange" /> > <host> > <baseAddresses> > <add baseAddress="http://localhost:2000/" /> > </baseAddresses> > </host> > </service> > </services> > </system.serviceModel> > > > and now when i generate the proxy and clients app.config , app.config > of client is shown below > > > <system.serviceModel> > <bindings> > <wsHttpBinding> > <binding name="WSHttpBinding_IService" > closeTimeout="00:01:00" > openTimeout="00:01:00" receiveTimeout="00:10:00" > sendTimeout="00:01:00" > bypassProxyOnLocal="false" transactionFlow="false" > hostNameComparisonMode="StrongWildcard" > maxBufferPoolSize="524288" > maxReceivedMessageSize="65536" > messageEncoding="Text" textEncoding="utf-8" > useDefaultWebProxy="true" > allowCookies="false"> > <readerQuotas maxDepth="32" > maxStringContentLength="8192" maxArrayLength="16384" > maxBytesPerRead="4096" > maxNameTableCharCount="16384" /> > <reliableSession ordered="true" > inactivityTimeout="00:10:00" > enabled="false" /> > <security mode="Message"> > <transport clientCredentialType="Windows" > proxyCredentialType="None" > realm="" /> > <message clientCredentialType="Windows" > negotiateServiceCredential="true" > algorithmSuite="Default" > establishSecurityContext="true" /> > </security> > </binding> > </wsHttpBinding> > </bindings> > <client> > <endpoint address="http://localhost:2000/SampleService" > binding="wsHttpBinding" > bindingConfiguration="WSHttpBinding_IService" > contract="SampleClient.ServiceReference.IService" > name="WSHttpBinding_IService"> > </endpoint> > </client> > </system.serviceModel> > > NOW , the question is when the security mode is " Message " , what is > the reason behind having transport tags and configuring it to > windows . > > could anybody throw some light on it. > > Thanks in Advance |
| Back |
| Subject: Re: Message Security usage |
| Group: microsoft.public.windows.developer.winfx.indigo |
| Date: 4/2/2008 11:54:08 PM |
| From: DEE [Email Address Protection] |
Hi Tiago Halm, Thanks for your response . i have one more question though : if am using security mode as "Message" , then does kerberos or NTLM come into picture . as per my knowledge " kerberos / NTLM is used only during transport autentication " is this statement correct ? "kerberos/NTLM is used when windows autenication is in place irrespective of security mode used " is this statement correct ? when "Message" security mode is used with clientcredentails configured to "Windows" , does this use kerberos/ntlm under the hood Thanks in Advance Regards DEE |
| Back |
| Subject: Re: Message Security usage |
| Group: microsoft.public.windows.developer.winfx.indigo |
| Date: 4/3/2008 2:32:12 AM |
| From: tiago.halm@gmail.com |
Kerberos and NTLM can both be sent by the transport protocol (HTTP) or SOAP. > " kerberos / NTLM is used only during transport autentication " is > this statement correct ? No > "kerberos/NTLM is used when windows autenication is in place > irrespective of security mode used " is this statement correct ? If the client credentials are set to Windows, then yes. > when "Message" security mode is used with clientcredentails configured > to "Windows" , does this use kerberos/ntlm under the hood Yes it does. Tiago Halm On Apr 3, 7:54=A0am, DEE <tsdee...@gmail.com> wrote: > HiTiago Halm, > > Thanks for your response . > > i have one more question though : > > if am using security mode as "Message" , then does kerberos or NTLM > come into picture . as per my knowledge > > " kerberos / NTLM is used only during transport autentication " is > this statement correct ? > > "kerberos/NTLM is used when windows autenication is in place > irrespective of security mode used " is this statement correct ? > > when "Message" security mode is used with clientcredentails configured > to "Windows" , does this use kerberos/ntlm under the hood > > Thanks in Advance > > Regards > DEE |
| Back |
| Subject: Re: Message Security usage |
| Group: microsoft.public.windows.developer.winfx.indigo |
| Date: 4/3/2008 5:50:19 AM |
| From: DEE [Email Address Protection] |
Hi Tiago Halm, Thanks for the response and your time . it was really helpfull. Regards dee |
| Back |