Article
08/16/2010

<localClientSettings> (Silverlight)

Microsoft Silverlight will reach end of support after October 2021. Learn more.

Specifies the security settings of a local client for this binding.

Schema Hierarchy

<system.serviceModel> (Silverlight)
  <bindings> (Silverlight)
    <customBinding> (Silverlight)
      <binding> of <customBinding> (Silverlight)
        <security> of <customBinding> (Silverlight)
          <localClientSettings> (Silverlight)

Syntax

<security 
   authenticationMode="UserNameOverTransport">
   <localClientSettings
      maxClockSkew=”string”
      replayWindow=”string”
      timestampValidityDuration=”string”/>
   <secureConversationBootstrap /> 
</security>

Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute	Description
maxClockSkew	A TimeSpan that specifies the maximum time difference between the system clocks of the two communicating parties. The default value is "00:05:00". When this value is set to the default, the receiver accepts messages with send-time time stamps up to 5 minutes later or earlier than the time the message was received. Messages that do not pass the send-time test are rejected. This setting is used in conjunction with the replayWindow attribute.
replayWindow	A TimeSpan that specifies the duration in which individual message nonces (unique IDs) are valid. After this duration, a message sent with the same nonce as the one sent before will not be accepted. This attribute is used in conjunction with the maxClockSkew attribute to prevent replay attacks. An attacker could replay a message after its replay window has expired. This message, however, would fail the maxClockSkew test, which rejects messages with send-time time stamps up to a specified time later or earlier than the time the message was received.
timestampValidityDuration	A positive TimeSpan that specifies the duration in which a time stamp is valid. The default is "00:15:00".

maxClockSkew

A TimeSpan that specifies the maximum time difference between the system clocks of the two communicating parties. The default value is "00:05:00".

When this value is set to the default, the receiver accepts messages with send-time time stamps up to 5 minutes later or earlier than the time the message was received. Messages that do not pass the send-time test are rejected. This setting is used in conjunction with the replayWindow attribute.

replayWindow

A TimeSpan that specifies the duration in which individual message nonces (unique IDs) are valid.

After this duration, a message sent with the same nonce as the one sent before will not be accepted. This attribute is used in conjunction with the maxClockSkew attribute to prevent replay attacks. An attacker could replay a message after its replay window has expired. This message, however, would fail the maxClockSkew test, which rejects messages with send-time time stamps up to a specified time later or earlier than the time the message was received.

timestampValidityDuration

A positive TimeSpan that specifies the duration in which a time stamp is valid. The default is "00:15:00".

Child Elements

None

Parent Elements

Element	Description
<security> of <customBinding> (Silverlight)	This element configures security settings of the local client that use this custom binding and the values it uses for initiating a secure conversation with a service.

Text Value

Remarks

The settings are local in the sense that they are not settings derived from the security policy of the service.

Example

The following example demonstrates how to configure the clock skew on the security of a custom binding.

          <security authenticationMode="UserNameOverTransport" 
                    includeTimestamp=”true” >
             <localClientSettings maxClockSkew=”00:10:00” />
          </security>

On the service, the clock skew is set on the <localServiceSettings> element in the Windows Communication Foundation (WCF) configuration.

Partager via