How to: Create a Duplex Federated Binding
WSFederationHttpBinding only supports the datagram and request/reply message exchange contracts. To use the duplex message exchange contract, you must create a custom binding. The following procedures show how to do this in configuration, using Message mode security for the HTTP and TCP transports, and using mixed mode security for the TCP transport. Sample code showing all 3 bindings is at the end of this topic.
You can also create the binding in code. For a description of the binding elements stack to create, see How to: Create a Custom Binding Using the SecurityBindingElement.
To create a duplex federated custom binding with HTTP
In the <bindings> node of the configuration file, create a <customBinding> element.
Inside the <customBinding> element, create a <binding> element with the
name
attribute set toFederationDuplexHttpMessageSecurityBinding
.Inside the <binding> element, create a <security> element with the
authenticationMode
attribute set toSecureConversation
.Inside the <security> element, create a <secureConversationBootstrap> element with the
authenticationMode
attribute set toIssuedTokenForCertificate
orIssuedTokenForSslNegotiated
.Following the <security> element, create an empty <compositeDuplex> element.
Following the <compositeDuplex> element, create an empty <oneWay> element.
Following the <oneWay> element, create an empty <httpTransport> element.
To create a duplex federated custom binding with TCP message security mode
In the <bindings> node of the configuration file, create a <customBinding> element.
Inside the <customBinding> element, create a <binding> element with the
name
attribute set toFederationDuplexTcpMessageSecurityBinding
.Inside the <binding> element, create a <security> element with the
authenticationMode
attribute set toSecureConversation
.Inside the <security> element, create a <secureConversationBootstrap> element with the
authenticationMode
attribute set toIssuedTokenForCertificate
orIssuedTokenForSslNegotiated
.Following the <security> element, create an empty <tcpTransport> element.
To create a duplex federated custom binding with TCP mixed security mode
In the <bindings> node of the configuration file, create a <customBinding> element.
Inside the <customBinding> element, create a <binding> element with the
name
attribute set toFederationDuplexTcpTransportSecurityWithMessageCredentialBinding
.Inside the <binding> element, create a <security> element with the
authenticationMode
attribute set toSecureConversation
.Inside the <security> element, create a <secureConversationBootstrap> element with the
authenticationMode
attribute set toIssuedTokenForCertificate
orIssuedTokenForSslNegotiated
.Following the <security> element, create an empty <sslStreamSecurity> element.
Following the <sslStreamSecurity> element, create an empty <tcpTransport> element.
Code Sample
Sample with 3 Bindings
- Insert the following code into your configuration file.
Example
<bindings>
<customBinding>
<binding name="FederationDuplexHttpMessageSecurityBinding">
<!-- duplex contract requires secure conversation with require cancellation = true -->
<security authenticationMode="SecureConversation">
<secureConversationBootstrap authenticationMode="IssuedTokenForSslNegotiated" />
</security>
<compositeDuplex />
<oneWay />
<httpTransport />
</binding>
<!-- duplex over https is not supported -->
<binding name="FederationDuplexTcpMessageSecurityBinding">
<!-- duplex contract requires secure conversation with require cancellation = true -->
<security authenticationMode="SecureConversation">
<secureConversationBootstrap authenticationMode="IssuedTokenForSslNegotiated" />
</security>
<tcpTransport />
</binding>
<binding name="FederationDuplexTcpTransportSecurityWithMessageCredentialsBinding">
<!-- duplex contract requires secure conversation with require cancellation = true -->
<security authenticationMode="SecureConversation">
<secureConversationBootstrap authenticationMode="IssuedTokenOverTransport" />
</security>
<!-- requireClientCertificate = true or <windowsStreamSecurity /> can be used, but does not make sense for most scenarios -->
<sslStreamSecurity />
<tcpTransport />
</binding>
</customBinding>
</bindings>