Edit

How to: Configure WCF Services to Interoperate with WSE 3.0 Clients

  • Article

Windows Communication Foundation (WCF) services are wire-level compatible with Web Services Enhancements 3.0 for Microsoft .NET (WSE) clients when WCF services are configured to use the August 2004 version of the WS-Addressing specification.

To enable a WCF service to interoperate with WSE 3.0 clients

  1. Define a custom binding for the WCF service.

    To specify that the August 2004 version of the WS-Addressing specification is used for message encoding, a custom binding must be created.

    1. Add a child <customBinding> to the <bindings> of the service's configuration file.

    2. Specify a name for the binding, by adding a <binding> to the <customBinding> and setting the name attribute.

    3. Specify an authentication mode and the version of the WS-Security specifications that are used to secure messages that are compatible with WSE 3.0, by adding a child <security> to the <binding>.

      To set the authentication mode, set the authenticationMode attribute of the <security>. An authentication mode is roughly equivalent to a turnkey security assertion in WSE 3.0. The following table maps authentication modes in WCF to turnkey security assertions in WSE 3.0.

      WCF Authentication Mode WSE 3.0 turnkey security assertion
      AnonymousForCertificate anonymousForCertificateSecurity
      Kerberos kerberosSecurity
      MutualCertificate mutualCertificate10Security*
      MutualCertificate mutualCertificate11Security*
      UserNameOverTransport usernameOverTransportSecurity
      UserNameForCertificate usernameForCertificateSecurity

      * One of the primary differences between the mutualCertificate10Security and mutualCertificate11Security turnkey security assertions is the version of the WS-Security specification that WSE uses to secure the SOAP messages. For mutualCertificate10Security, WS-Security 1.0 is used, whereas WS-Security 1.1 is used for mutualCertificate11Security. For WCF, the version of the WS-Security specification is specified in the messageSecurityVersion attribute of the <security>.

      To set the version of the WS-Security specification that is used to secure SOAP messages, set the messageSecurityVersion attribute of the <security>. To interoperate with WSE 3.0, set the value of the messageSecurityVersion attribute to WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10.

    4. Specify that the August 2004 version of the WS-Addressing specification is used by WCF by adding a <textMessageEncoding> and set the messageVersion to its value to Soap11WSAddressingAugust2004.

      Note

      When you are using SOAP 1.2, set the messageVersion attribute to Soap12WSAddressingAugust2004.

  2. Specify that the service uses the custom binding.

    1. Set the binding attribute of the <endpoint> element to customBinding.

    2. Set the bindingConfiguration attribute of the <endpoint> element to the value specified in the name attribute of the <binding> for the custom binding.

Example

The following code example specifies that the Service.HelloWorldService uses a custom binding to interoperate with WSE 3.0 clients. The custom binding specifies that the August 2004 version of the WS-Addressing and the WS-Security 1.1 set of specifications are used to encode the exchanged messages. The messages are secured using the AnonymousForCertificate authentication mode.

<configuration>
  <system.serviceModel>
    <services>
      <service
        behaviorConfiguration="ServiceBehavior"
        name="Service.HelloWorldService">
        <endpoint binding="customBinding" address=""
          bindingConfiguration="ServiceBinding"
          contract="Service.IHelloWorld"></endpoint>
      </service>
    </services>

    <bindings>
      <customBinding>
        <binding name="ServiceBinding">
          <security authenticationMode="AnonymousForCertificate"
                  messageProtectionOrder="SignBeforeEncrypt"
                  messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
                  requireDerivedKeys="false">
          </security>
          <textMessageEncoding messageVersion ="Soap11WSAddressingAugust2004"></textMessageEncoding>
          <httpTransport/>
        </binding>
      </customBinding>
    </bindings>
    <behaviors>
      <behavior name="ServiceBehavior" returnUnknownExceptionsAsFaults="true">
        <serviceCredentials>
          <serviceCertificate findValue="CN=WCFQuickstartServer" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName"/>
        </serviceCredentials>
      </behavior>
    </behaviors>
  </system.serviceModel>
</configuration>

See also