Jaa


Inside the Standard Bindings: WSFederationHttp

Index for bindings in this series:

The final HTTP binding that I'm covering in this series is WSFederationHttp. Federation is the ability to share identities across multiple systems for authentication and authorization. These identities could either be for users or machines. This binding is intended for the very specific scenario of federated security.

Standard disclaimer:

I've cut down on the number of properties presented by eliminating duplicates between the binding settings and binding element settings. For instance, the XML reader quotas can be set on either the binding or the message encoder binding element, but I'm only going to show them on the message encoder. I've also omitted most of the security credential settings because they're very messy and you hopefully won't need to change them much.

Federated HTTP supports SOAP security as well as mixed-mode security, but it doesn't support exclusively using transport security. I'll begin with the usual pattern of first presenting the binding with security disabled.

  1. System.ServiceModel.Channels.TransactionFlowBindingElement

     TransactionProtocol: WSAtomicTransactions
    
  2. System.ServiceModel.Channels.TextMessageEncodingBindingElement

     AddressingVersion: Addressing10 (https://www.w3.org/2005/08/addressing)
    MaxReadPoolSize: 64
    MaxWritePoolSize: 16
    ReaderQuotas: 
      MaxArrayLength: 16384
      MaxBytesPerRead: 4096
      MaxDepth: 32
      MaxNameTableCharCount: 16384
      MaxStringContentLength: 8192
    
  3. System.ServiceModel.Channels.HttpTransportBindingElement

     AllowCookies: False
    AuthenticationScheme: Anonymous
    BypassProxyOnLocal: False
    HostNameComparisonMode: StrongWildcard
    ManualAddressing: False
    MappingMode: SoapWithWSAddressing
    MaxBufferPoolSize: 524288
    MaxBufferSize: 65536
    MaxReceivedMessageSize: 65536
    ProxyAddress: 
    ProxyAuthenticationScheme: Anonymous
    Realm: 
    Scheme: http
    TransferMode: Buffered
    UnsafeConnectionNtlmAuthentication: False
    UseDefaultWebProxy: True
    

There's nothing unusual about these settings compared to any of the other HTTP bindings. However, if you look at the top-level settings on the binding, there are two new components. The first is an address for a privacy notice. The second is buried inside the security settings. If you drill down to the settings for message security (not pictured here) there's now more than a dozen settings instead of the normal two or three.

 CloseTimeout: 00:01:00
EnvelopeVersion: Soap12 (https://www.w3.org/2003/05/soap-envelope)
Namespace: https://tempuri.org/
OpenTimeout: 00:01:00
PrivacyNoticeAt: 
ReceiveTimeout: 00:01:00
ReliableSession: 
  Enabled: False
  InactivityTimeout: 00:10:00
  Ordered: True
SendTimeout: 00:01:00
TextEncoding: System.Text.UTF8Encoding
TransactionFlow: False

The channel stack is identical to the WSHttp binding when Security.Mode is set to Message.

  1. System.ServiceModel.Channels.TransactionFlowBindingElement
  2. System.ServiceModel.Channels.SymmetricSecurityBindingElement
  3. System.ServiceModel.Channels.TextMessageEncodingBindingElement
  4. System.ServiceModel.Channels.HttpTransportBindingElement

However, setting Security.Mode to TransportWithMessageCredential results in something of a hybrid between the WSHttp and BasicHttp bindings.

  1. System.ServiceModel.Channels.TransactionFlowBindingElement

  2. System.ServiceModel.Channels.TransportSecurityBindingElement

  3. System.ServiceModel.Channels.TextMessageEncodingBindingElement

  4. System.ServiceModel.Channels.HttpsTransportBindingElement

     RequireClientCertificate: False
    Scheme: https
    

Finally, using the MTOM encoder looks exactly the same as for WSHttp.

  1. System.ServiceModel.Channels.TransactionFlowBindingElement
  2. System.ServiceModel.Channels.MtomMessageEncodingBindingElement
  3. System.ServiceModel.Channels.HttpTransportBindingElement

Next time: It's All in the BindingContext

Comments

  • Anonymous
    June 23, 2006
    After a few days break, the series on standard bindings continues.  This week will take care of the remainder...

  • Anonymous
    June 24, 2006
    This series has been very useful. I just added a link to the main page of this section into the related category in WinFXGuide.com and removed the links to the single posts.

    Best,
    Fran

  • Anonymous
    July 05, 2006
    I had yesterday's N&N cut short with a trip to the Jersey Shore. After a fine cookout day yesterday,...

  • Anonymous
    July 29, 2006
    I thought I'd share the binding inspector program I wrote a few months ago to explore the different settings...

  • Anonymous
    December 11, 2007
    I had yesterday's N&N cut short with a trip to the Jersey Shore. After a fine cookout day yesterday

  • Anonymous
    December 04, 2008
    I had yesterday's N&N cut short with a trip to the Jersey Shore. After a fine cookout day yesterday, I'm back at work because of the rain this afternoon. I have all my flagged items still at home because Feed Demon still is working on syncing these