Dynamicaly add encrypted WCF message header

Question

We can add Message header to WCF message by adding MessageHeader attribute like this

 [MessageContract]
 public class HelloResponseMessage
 {
     [MessageHeader(ProtectionLevel=EncryptAndSign)]
     public string SSN
     {
         get { return extra; }
         set { this.extra = value; }
     }
 }

First question is, how secure is this, and is this working for all type of WCF bindings?

and the second question, is it possible to add encrypted header to all messages and extract in server part dynamical like this?

MessageHeader header = MessageHeader.CreateHeader("SessionKey", "ns", _key);
OperationContext.Current.OutgoingMessageHeaders.Add(header);

Answer 1

You could use the IServiceBehavior which in turn will use a DispatchMessageInspector.

For the client proxy you would create a IEndpointBehavior which would use a IClientMessageInspector

The IClientMessageInspector would instantiate a MessageHeader or a derived type and add it to each request inside the BeforeSendRequest method.

The DispatchMessageInspector would parse each request inside the AfterReceiveRequest method and extract the header from there.

One caveat of this is that I do not think that this intent or header will be documented inside the WSDL. FOr that I think you would have to take control using a custom implemntation of the IWsdlExportExtension interface.

Andrew