<message> of <wsDualHttpBinding>
Defines message-level security for the <wsDualHttpBinding>.
Schema Hierarchy
<system.serviceModel>
<bindings>
<wsDualHttpBinding>
<binding>
<security> of <wsDualHttpBinding>
<message> of <wsHttpBinding>
Syntax
<message
clientCredentialType="None/Windows/UserName/Certificate/CardSpace"
negotiateServiceCredential="Boolean"
algorithmSuite="Basic128/Basic192/Basic256/Basic128Rsa15/Basic256Rsa15/TripleDes/TripleDesRsa15/Basic128Sha256/Basic192Sha256/TripleDesSha256/Basic128Sha256Rsa15/Basic192Sha256Rsa15/Basic256Sha256Rsa15/TripleDesSha256Rsa15"/>
</message>
Attributes and Elements
The following sections describe attributes, child elements, and parent elements
Attributes
Attribute | Description |
---|---|
algorithmSuite |
Optional. Sets the message encryption and key-wrap algorithms. The algorithms and the key sizes are determined by the SecurityAlgorithmSuite class. These algorithms map to those specified in the Security Policy Language (WS-SecurityPolicy) specification. See below for possible values. The default value is Basic256. |
clientCredentialType |
Optional. Specifies the type of credential to be used when performing client authentication using the security mode is Message. See below for possible values. The default is Windows. This attribute is of type MessageCredentialType. |
negotiateServiceCredential |
Optional. A Boolean value that specifies whether the service credential is provisioned at the client out of band or is obtained from the service to the client through a process of negotiation. Such a negotiation is a precursor to the usual message exchange. If the clientCredentialType attribute equals to None, Username, or Certificate, setting this attribute to false implies that the service certificate is available at the client out of band and that the client needs to specify the service certificate (using the <serviceCertificate> of <serviceCredentials>) in the <serviceCredentials> service behavior. This mode is interoperable with SOAP stacks which implement WS-Trust and WS-SecureConversation. If the ClientCredentialType attribute is set to Windows, setting this attribute to false specifies Kerberos based authentication. This means that the client and service must be part of the same Kerberos domain. This mode is interoperable with SOAP stacks which implement the Kerberos token profile (as defined at OASIS WSS TC) as well as WS-Trust and WS-SecureConversation. When this attribute is true, it causes a .NET SOAP negotiation that tunnels SPNego exchange over SOAP messages. The default is true. |
Child Elements
None.
Parent Elements
Element | Description |
---|---|
Defines the security capabilities of the <wsDualHttpBinding>. |
See Also
Reference
Message
Message
MessageSecurityOverTcpElement
MessageSecurityOverHttp
Concepts
Other Resources
Securing Services and Clients
Windows Communication Foundation Bindings
Configuring System-Provided Bindings
Using Bindings to Configure Services and Clients