Message Security with a Windows Client
This scenario shows a Windows Communication Foundation (WCF) client and server secured by message security mode. The client and service are authenticated using Windows credentials.
| Characteristic | Description |
|---|---|
|
Security Mode |
Message |
|
Interoperability |
WCF Only |
|
Authentication (Server) |
Mutual authentication of the server and client |
|
Authentication (Client) |
Mutual authentication of the server and client |
|
Integrity |
Yes, using shared security context |
|
Confidentiality |
Yes, using shared security context |
|
Transport |
NET.TCP |
|
Binding |
Service
The following code and configuration are meant to run independently. Do one of the following:
-
Create a stand-alone service using the code with no configuration.
-
Create a service using the supplied configuration, but do not define any endpoints.
Code
The following code shows how to create a service endpoint that uses message security to establish a secure context with a Windows machine.
// Create the binding. NetTcpBinding binding = new NetTcpBinding(); binding.Security.Mode = SecurityMode.Message; binding.Security.Message.ClientCredentialType = MessageCredentialType.Windows; // Create the URI for the endpoint. Uri netTcpUri = new Uri("net.tcp://localhost:8008/Calculator"); // Crate the service host and add an endpoint. ServiceHost myServiceHost = new ServiceHost (typeof(Calculator), netTcpUri); myServiceHost.AddServiceEndpoint( typeof(ICalculator), binding, ""); // Open the service. myServiceHost.Open(); Console.WriteLine("Listening ...."); Console.ReadLine(); // Close the service. myServiceHost.Close();
Configuration
The following configuration can be used instead of the code to set up the service:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.serviceModel>
<services>
<service behaviorConfiguration=""
name="ServiceModel.Calculator">
<endpoint address="net.tcp://localhost:8008/Calculator"
binding="netTcpBinding"
bindingConfiguration="Windows"
name="WindowsOverMessage"
contract="ServiceModel.ICalculator" />
</service>
</services>
<bindings>
<netTcpBinding>
<binding name="Windows">
<security mode="Message">
<message clientCredentialType="Windows" />
</security>
</binding>
</netTcpBinding>
</bindings>
<client />
</system.serviceModel>
</configuration>
Client
The following code and configuration are meant to run independently. Do one of the following:
-
Create a stand-alone client using the code (and client code).
-
Create a client that does not define any endpoint addresses. Instead, use the client constructor that takes the configuration name as an argument. For example:
Code
The following code creates a client. The binding is to Message mode security, and the client credential type is set to Windows.
// Create the binding. WSHttpBinding myBinding = new WSHttpBinding(); myBinding.Security.Mode = SecurityMode.Message; myBinding.Security.Message.ClientCredentialType = MessageCredentialType.Windows; // Create the endpoint address. EndpointAddress ea = new EndpointAddress("net.tcp://machineName:8008/Calculator"); // Create the client. CalculatorClient cc = new CalculatorClient(myBinding, ea); // Begin using the client. try { cc.Open(); Console.WriteLine(cc.Add(200, 1111)); Console.ReadLine(); // Close the client. cc.Close(); }
Configuration
The following configuration is used to set the client properties.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="NetTcpBinding_ICalculator" >
<security mode="Message">
<message clientCredentialType="Windows" />
</security>
</binding>
</netTcpBinding>
</bindings>
<client>
<endpoint address="net.tcp://machineName:8008/Calculator"
binding="netTcpBinding"
bindingConfiguration="NetTcpBinding_ICalculator"
contract="ICalculator"
name="NetTcpBinding_ICalculator">
</endpoint>
</client>
</system.serviceModel>
</configuration>
See Also
Build Date:
