Edit

How to: Create a Duplex Federated Binding

  • Article

WSFederationHttpBinding only supports the datagram and request/reply message exchange contracts. To use the duplex message exchange contract, you must create a custom binding. The following procedures show how to do this in configuration, using Message mode security for the HTTP and TCP transports, and using mixed mode security for the TCP transport. Sample code showing all 3 bindings is at the end of this topic.

You can also create the binding in code. For a description of the binding elements stack to create, see How to: Create a Custom Binding Using the SecurityBindingElement.

To create a duplex federated custom binding with HTTP

  1. In the <bindings> node of the configuration file, create a <customBinding> element.

  2. Inside the <customBinding> element, create a <binding> element with the name attribute set to FederationDuplexHttpMessageSecurityBinding.

  3. Inside the <binding> element, create a <security> element with the authenticationMode attribute set to SecureConversation.

  4. Inside the <security> element, create a <secureConversationBootstrap> element with the authenticationMode attribute set to IssuedTokenForCertificate or IssuedTokenForSslNegotiated.

  5. Following the <security> element, create an empty <compositeDuplex> element.

  6. Following the <compositeDuplex> element, create an empty <oneWay> element.

  7. Following the <oneWay> element, create an empty <httpTransport> element.

To create a duplex federated custom binding with TCP message security mode

  1. In the <bindings> node of the configuration file, create a <customBinding> element.

  2. Inside the <customBinding> element, create a <binding> element with the name attribute set to FederationDuplexTcpMessageSecurityBinding.

  3. Inside the <binding> element, create a <security> element with the authenticationMode attribute set to SecureConversation.

  4. Inside the <security> element, create a <secureConversationBootstrap> element with the authenticationMode attribute set to IssuedTokenForCertificate or IssuedTokenForSslNegotiated.

  5. Following the <security> element, create an empty <tcpTransport> element.

To create a duplex federated custom binding with TCP mixed security mode

  1. In the <bindings> node of the configuration file, create a <customBinding> element.

  2. Inside the <customBinding> element, create a <binding> element with the name attribute set to FederationDuplexTcpTransportSecurityWithMessageCredentialBinding.

  3. Inside the <binding> element, create a <security> element with the authenticationMode attribute set to SecureConversation.

  4. Inside the <security> element, create a <secureConversationBootstrap> element with the authenticationMode attribute set to IssuedTokenForCertificate or IssuedTokenForSslNegotiated.

  5. Following the <security> element, create an empty <sslStreamSecurity> element.

  6. Following the <sslStreamSecurity> element, create an empty <tcpTransport> element.

Code Sample

Sample with 3 Bindings

  1. Insert the following code into your configuration file.

Example

<bindings>
   <customBinding>
      <binding name="FederationDuplexHttpMessageSecurityBinding">
<!-- duplex contract requires secure conversation with require cancellation = true -->
          <security authenticationMode="SecureConversation">
              <secureConversationBootstrap authenticationMode="IssuedTokenForSslNegotiated" />
          </security>
          <compositeDuplex />
          <oneWay />
          <httpTransport />
       </binding>
<!-- duplex over https is not supported -->
       <binding name="FederationDuplexTcpMessageSecurityBinding">
<!-- duplex contract requires secure conversation with require cancellation = true -->
          <security authenticationMode="SecureConversation">
              <secureConversationBootstrap authenticationMode="IssuedTokenForSslNegotiated" />
          </security>
          <tcpTransport />
       </binding>
       <binding name="FederationDuplexTcpTransportSecurityWithMessageCredentialsBinding">
<!-- duplex contract requires secure conversation with require cancellation = true -->
          <security authenticationMode="SecureConversation">
              <secureConversationBootstrap authenticationMode="IssuedTokenOverTransport" />
          </security>
<!-- requireClientCertificate = true or <windowsStreamSecurity /> can be used, but does not make sense for most scenarios -->
          <sslStreamSecurity />
          <tcpTransport />
       </binding>
    </customBinding>
</bindings>