Message Security

patterns & practices Developer Center

How to: Use Message Security

Use the <Security mode> attribute to configure message security on your binding.

Perform the following steps to configure wsHttpBinding to use message security:

  1. Open your app.config or web.config file and set the security mode to Message as follows:
    
    <bindings>
      <wsHttpBinding>
        <binding name="wsHttpEndpointBinding">
          <security mode="Message">
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    
    
  2. Save the configuration file.

Message security is available on all of the bindings except for netNamedPipeBinding.

Additional Resources

How to: Control the Level of Message Encryption

If you are using message security, use the [ServiceContract(ProtectionLevel)] attribute to specify message security protection levels on the interface or operation level.

The protection level options available are:

  • None. Use None to turn off signing and encryption on the operation or interface.
  • Sign. Use Sign to sign the interface or operation but not encrypt it.
  • EncryptAndSign. Use EncryptAndSign to both encrypt and sign the interface or operation.

If you are using transport security, you cannot partially encrypt your messages.

The following code example shows how set the protection level to Sign on an interface:


[ServiceContract(ProtectionLevel=ProtectionLevel.Sign]
public interface IService
{
string GetData(int value);
}

The following code example shows how to set the protection level to Sign on an operation contract:


[OperationContract(ProtectionLevel=ProtectionLevel.Sign]
string GetData(int value);

Additional Resources

How to: Use Out-of-band Credentials with Message Security

Set the negotiateCredentials attribute to false to use out-of-band credentials. This will require you to provide certificates to the client so that they can encrypt and sign messages.

Perform the following steps to configure the negotiateCredentials attribute:

  1. Open your app.config or web.config file and set the security mode to Message.
    
    <wsHttpBinding>
      <binding name="MessageAndUserName">
        <security mode="Message">
          <message clientCredentialType="UserName" negotiateCredentials="false" algorithmSuite="Default" />
        </security>
      </binding>
    </wsHttpBinding>
    
    
  2. Save the configuration file.

Show: