How to use custom binding in WCF and keep message security mode with username client credentials?

Question

Hi,

I have WCF service accessible over Internet which uses wsHttpBinding with message security mode and username client credentials.

<bindings>
    <wsHttpBinding>
        <binding name="wsHttpEndpointBinding" messageEncoding="Mtom" maxReceivedMessageSize="104857600">
           <readerQuotas maxArrayLength="104857600"/>
           <security mode="Message">
            <message clientCredentialType="UserName"/>
           </security>
        </binding>
    </wsHttpBinding>
</bindings>

I've figured out that it takes too much time to transfer my data from client to the server. I've read that i can use customBinding and binaryEncoding mode for my service.

Like that:

<bindings>
   <customBindings>
     <binding name="NetHttpBinding">
       <binaryMessageEncoding />
       <httpTransport />
     </binding>
  </customBindings>
<bindings>

But here is no any mention about message security mode and client credential type...

How could i use custom binding with binaryEncoding and keep message security mode with username client credentials?

Answer 1

Set secureConversationBootstrap to UserNameForSslNegotiated. Try something similiar to the binding below.

<bindings>
<customBinding>
  <binding name="wss-username-binary">
    <transactionFlow/>

    <security 
authenticationMode="SecureConversation" 
messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">

      <secureConversationBootstrap 
authenticationMode="UserNameForSslNegotiated" 
messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" />
    </security>

      <binaryMessageEncoding />
    <httpTransport/>
  </binding>
</customBinding>
</bindings>

Answer 2

Try this it may help you more---- it has custom binding, custom security and certificate.

            <endpoint address="mex"
                      binding="mexHttpBinding"
                      contract="IMetadataExchange" />

        </service>

    </services>
    <bindings>
        <wsHttpBinding>

            <binding name="CommonBinding" maxReceivedMessageSize ="2147483647">
                <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647"
                              maxArrayLength="2147483647" maxBytesPerRead="2147483647"
                              maxNameTableCharCount="2147483647" />

                <security mode="Message">
                    <message clientCredentialType="UserName"  />
                </security>
            </binding>

        </wsHttpBinding>
    </bindings>
    <behaviors>
        <serviceBehaviors>
            <behavior name="myServiceBehavior">

                <serviceCredentials>

                    <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Custom.Security.CustomUserNameValidator, Custom.Security" />
                    <clientCertificate>
                        <authentication certificateValidationMode= "PeerOrChainTrust"  />
                    </clientCertificate>
                    <serviceCertificate findValue="CertName" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
                </serviceCredentials>

                <serviceMetadata httpGetEnabled="True"/>
                <serviceAuthorization principalPermissionMode="Custom">
                    <authorizationPolicies>
                        <add policyType="Custom.Security.AuthorizationPolicy, Custom.Security" />
                    </authorizationPolicies>
                </serviceAuthorization>
            </behavior>
        </serviceBehaviors>
    </behaviors>
</system.serviceModel>