How to: Secure Messages within Reliable Sessions
This topic outlines the steps required to enable message-level security for messages exchanged within a reliable session using one of the system-provided bindings that support such a session, but not by default. Enable a secure, reliable session either imperatively by using code or declaratively in the configuration file. This procedure uses the client and service configuration files to enable the secure, reliable session.
This procedure consists of the following three key tasks:
Specify that the client and service exchange messages within a reliable session.
Require message-level security within the reliable session.
Specify the client credential type that the client must use to be authenticated with the service.
It's important in the first task that the endpoint configuration element contain a bindingConfiguration
attribute that references a binding configuration named (in this example) MessageSecurity
. The <binding> configuration element then references this name to enable reliable sessions by setting the enabled
attribute of the <reliableSession> element to true
. You can require that the ordered delivery assurances are available within a reliable session by setting the ordered
attribute to true
.
For the source copy of the example on which this configuration procedure is based, see the WS Reliable Session.
The essential items of the second task are accomplished by setting the mode
attribute of the <security> element contained in the <binding> element of the client and service to Message
.
The essential items of the third task are accomplished by setting the clientCredentialType
attribute of the <message> element contained in the <security> element of the client and service to Certificate
.
Note
When using message security with reliable sessions, Reliable Messaging attempts to authenticate an unauthenticated client until a timeout occurs instead of throwing an exception upon first failure.
Configure the service with a WSHttpBinding to use a reliable session
This procedure is described in How to: Exchange Messages Within a Reliable Session.
Configure the client with a WSHttpBinding to use a reliable session
This procedure is described in How to: Exchange Messages Within a Reliable Session.
Set the mode and ClientCredentialType in configuration
Add an appropriate binding element to the <bindings> element of the configuration file. The following example adds a <wsHttpBinding> element.
Add a <binding> element and set its
name
attribute to an appropriate value. The example uses the nameMessageSecurity
.Add a <security> element and set the
mode
attribute toMessage
.Within the <security> element, add a <message> element and set the
clientCredentialType
attribute toCertificate
.
<wsHttpBinding>
<binding name="MessageSecurity">
<security mode="Message">
<message clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>