How to: Configure WCF Services to Interoperate with WSE 3.0 Clients
Windows Communication Foundation (WCF) services are wire-level compatible with Web Services Enhancements 3.0 for Microsoft .NET (WSE) clients when WCF services are configured to use the August 2004 version of the WS-Addressing specification.
To enable a WCF service to interoperate with WSE 3.0 clients
Define a custom binding for the WCF service.
To specify that the August 2004 version of the WS-Addressing specification is used for message encoding, a custom binding must be created.
To set the authentication mode, set the
authenicationModeattribute of the <security>. An authentication mode is roughly equivalent to a turnkey security assertion in WSE 3.0. The following table maps authentication modes in WCF to turnkey security assertions in WSE 3.0.
WCF Authentication Mode WSE 3.0 turnkey security assertion AnonymousForCertificate
* One of the primary differences between the
mutualCertificate11Securityturnkey security assertions is the version of the WS-Security specification that WSE uses to secure the SOAP messages. For
mutualCertificate10Security, WS-Security 1.0 is used, whereas WS-Security 1.1 is used for
mutualCertificate11Security. For WCF, the version of the WS-Security specification is specified in the
messageSecurityVersionattribute of the <security>.
To set the version of the WS-Security specification that is used to secure SOAP messages, set the
messageSecurityVersionattribute of the <security>. To interoperate with WSE 3.0, set the value of the
messageSecurityVersionattribute to WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10.
When you are using SOAP 1.2, set the
messageVersionattribute to Soap12WSAddressingAugust2004.
Specify that the service uses the custom binding.
The following code example specifies that the
Service.HelloWorldService uses a custom binding to interoperate with WSE 3.0 clients. The custom binding specifies that the August 2004 version of the WS-Addressing and the WS-Security 1.1 set of specifications are used to encode the exchanged messages. The messages are secured using the AnonymousForCertificate authentication mode.
<configuration> <system.serviceModel> <services> <service behaviorConfiguration="ServiceBehavior" name="Service.HelloWorldService"> <endpoint binding="customBinding" address="" bindingConfiguration="ServiceBinding" contract="Service.IHelloWorld"></endpoint> </service> </services> <bindings> <customBinding> <binding name="ServiceBinding"> <security authenticationMode="AnonymousForCertificate" messageProtectionOrder="SignBeforeEncrypt" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" requireDerivedKeys="false"> </security> <textMessageEncoding messageVersion ="Soap11WSAddressingAugust2004"></textMessageEncoding> <httpTransport/> </binding> </customBinding> </bindings> <behaviors> <behavior name="ServiceBehavior" returnUnknownExceptionsAsFaults="true"> <serviceCredentials> <serviceCertificate findValue="CN=WCFQuickstartServer" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName"/> </serviceCredentials> </behavior> </behaviors> </system.serviceModel> </configuration>