Export (0) Print
Expand All

Message Security with a Windows Client

This scenario shows a Windows Communication Foundation (WCF) client and server secured by message security mode. The client and service are authenticated using Windows credentials.

Message security with a Windows client

Characteristic

Description

Security Mode

Message

Interoperability

WCF Only

Authentication (Server)

Mutual authentication of the server and client

Authentication (Client)

Mutual authentication of the server and client

Integrity

Yes, using shared security context

Confidentiality

Yes, using shared security context

Transport

NET.TCP

Binding

NetTcpBinding

The following code and configuration are meant to run independently. Do one of the following:

  • Create a stand-alone service using the code with no configuration.

  • Create a service using the supplied configuration, but do not define any endpoints.

ms729709.collapse_all(en-us,VS.110).gifCode

The following code shows how to create a service endpoint that uses message security to establish a secure context with a Windows machine.


// Create the binding.
NetTcpBinding binding = new NetTcpBinding();
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType =
    MessageCredentialType.Windows;

// Create the URI for the endpoint.
Uri netTcpUri = new Uri("net.tcp://localhost:8008/Calculator");

// Crate the service host and add an endpoint.
ServiceHost myServiceHost = new ServiceHost
    (typeof(Calculator), netTcpUri);
myServiceHost.AddServiceEndpoint(
    typeof(ICalculator), binding, "");

// Open the service. 
myServiceHost.Open();
Console.WriteLine("Listening ....");
Console.ReadLine();

// Close the service.
myServiceHost.Close();


ms729709.collapse_all(en-us,VS.110).gifConfiguration

The following configuration can be used instead of the code to set up the service:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.serviceModel>
    <services>
      <service behaviorConfiguration=""
               name="ServiceModel.Calculator">
        <endpoint address="net.tcp://localhost:8008/Calculator"
                  binding="netTcpBinding"
                  bindingConfiguration="Windows"
                  name="WindowsOverMessage"
                  contract="ServiceModel.ICalculator" />
      </service>
    </services>
    <bindings>
      <netTcpBinding>
        <binding name="Windows">
          <security mode="Message">
            <message clientCredentialType="Windows" />
          </security>
        </binding>
      </netTcpBinding>
    </bindings>
    <client />
  </system.serviceModel>
</configuration>

The following code and configuration are meant to run independently. Do one of the following:

  • Create a stand-alone client using the code (and client code).

  • Create a client that does not define any endpoint addresses. Instead, use the client constructor that takes the configuration name as an argument. For example:

    
    CalculatorClient cc = new CalculatorClient("EndpointConfigurationName");
    
    
    

ms729709.collapse_all(en-us,VS.110).gifCode

The following code creates a client. The binding is to Message mode security, and the client credential type is set to Windows.


// Create the binding.
WSHttpBinding myBinding = new WSHttpBinding();
myBinding.Security.Mode = SecurityMode.Message;
myBinding.Security.Message.ClientCredentialType =
    MessageCredentialType.Windows;

// Create the endpoint address. 
EndpointAddress ea = new
    EndpointAddress("net.tcp://machineName:8008/Calculator");

// Create the client. 
CalculatorClient cc =
    new CalculatorClient(myBinding, ea);

// Begin using the client.
try
{
    cc.Open();
    Console.WriteLine(cc.Add(200, 1111));
    Console.ReadLine();

    // Close the client.
    cc.Close();
}


ms729709.collapse_all(en-us,VS.110).gifConfiguration

The following configuration is used to set the client properties.

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.serviceModel>
    <bindings>
      <netTcpBinding>
        <binding name="NetTcpBinding_ICalculator" >
         <security mode="Message">
            <message clientCredentialType="Windows" />
          </security>
        </binding>
      </netTcpBinding>
    </bindings>
    <client>
      <endpoint address="net.tcp://machineName:8008/Calculator" 
                binding="netTcpBinding"
                bindingConfiguration="NetTcpBinding_ICalculator"
                contract="ICalculator"
                name="NetTcpBinding_ICalculator">        
      </endpoint>
    </client>
  </system.serviceModel>
</configuration>
Show:
© 2014 Microsoft