2

I have a WCF client with a working custom binding that satisfies the UsernameToken-Policy among others. Now i would like to outsource this binding to the .config. This is my binding in code:

AsymmetricSecurityBindingElement asymmetricBinding =
    SecurityBindingElement.CreateMutualCertificateDuplexBindingElement(
        MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);
asymmetricBinding.InitiatorTokenParameters = new X509SecurityTokenParameters { InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient };
asymmetricBinding.RecipientTokenParameters = new X509SecurityTokenParameters { InclusionMode = SecurityTokenInclusionMode.Never };
asymmetricBinding.EndpointSupportingTokenParameters.Signed.Add(new UserNameSecurityTokenParameters
{
    InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient
});
asymmetricBinding.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256;
asymmetricBinding.IncludeTimestamp = true;
asymmetricBinding.SecurityHeaderLayout = SecurityHeaderLayout.Strict;
asymmetricBinding.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
//...

this.Elements.Add(asymmetricBinding);
this.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8));
this.Elements.Add(new HttpsTransportBindingElement
{
    AuthenticationScheme = AuthenticationSchemes.Basic,
    KeepAliveEnabled = false,
    AllowCookies = false
});

I have added UserNameSecurityTokenParameters in code above to add the Token (it uses ClientCredentials.UserName.UserName and ClientCredentials.UserName.Password). But in WCF config i haven't found any option to add this Token. So far my .config looks like this: 

<customBinding>
        <binding name="WsSecurityBinding">
          <security defaultAlgorithmSuite="Default" enableUnsecuredResponse="true"
            authenticationMode="MutualCertificateDuplex" requireDerivedKeys="false"
            securityHeaderLayout="Strict" includeTimestamp="true" allowInsecureTransport="true"
            messageProtectionOrder="SignBeforeEncrypt" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
            requireSignatureConfirmation="false"/>
          <context protectionLevel="EncryptAndSign" />
          <textMessageEncoding messageVersion="Soap11" writeEncoding="utf-8" />
          <httpsTransport maxReceivedMessageSize="1000000" allowCookies="false"
            authenticationScheme="Basic" keepAliveEnabled="false" requireClientCertificate="false" />
        </binding>
      </customBinding>

Does anyone know how to set this UsernameToken in WCF .config?

ankolbi
  • 21
  • 5
  • maybe this link can help you: http://stackoverflow.com/questions/32505194/custom-binding-c-sharp-wcf – Ricardo Pontual Jul 25 '16 at 12:39
  • thank you ricardo. probably the username-token is implicitly set through authenticationMode="UserNameOverTransport", but i need asymmetric binding, because i use two certificates for signing and encryption and i also need the timestamp. – ankolbi Jul 25 '16 at 13:27

0 Answers0