<message> of <netMsmqBinding>

Article
09/15/2021

Defines the SOAP message security settings on this netMsmqBinding binding.

<configuration>
  <system.serviceModel>
    <bindings>
      <netMsmqBinding>
        <binding>
          <security>
            <message>

Syntax

<netMsmqBinding>
  <binding>
    <security>
      <message algorithmSuite="Basic128/Basic192/Basic256/Basic128Rsa15/Basic256Rsa15/TripleDes/TripleDesRsa15/Basic128Sha256/Basic192Sha256/TripleDesSha256/Basic128Sha256Rsa15/Basic192Sha256Rsa15/Basic256Sha256Rsa15/TripleDesSha256Rsa15"
               clientCredentialType="None/Windows/UserName/Certificate/CardSpace" />
    </security>
  </binding>
</netMsmqBinding>

Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute Description

algorithmSuite Sets the message encryption and key-wrap algorithms that are used to achieve message-based security for messages sent over MSMQ transport.

The default value is Aes256. This attribute is of type SecurityAlgorithmSuite.

clientCredentialType Specifies the type of credential to be used when performing client authentication for messages sent over the MSMQ transport. Valid values include the following:

- None: This allows the service to interact with anonymous clients. Neither the service nor the client requires a credential.
- Windows: This enables the SOAP exchanges to be under the authenticated context of a Windows credential. This always performs Kerberos-based authentication.
- UserName: This enables the service to require that the client be authenticated using a UserName credential. The credential in this case needs to be specified using the clientCredentials behavior Caution: Windows Communication Foundation (WCF) does not support sending a password digest or deriving keys using password and using such keys for message security. Therefore, WCF enforces that the exchange is secured when using UserName credentials. This mode requires that the service certificate be specified on the client side using clientCredential behavior and serviceCertificate.

- Certificate: This enables the service to require that the client be authenticated using a certificate. The client credential in this case needs to be specified using the clientCredentials behavior. The service credential in this case needs to be specified using the clientCredentials behavior by specifying the serviceCertificate.
- CardSpace: This allows the service to require that the client be authenticated using a CardSpace. The serviceCertificate must be provisioned in the clientCredential behavior.

The default value is Windows. This attribute is of type MessageCredentialType.

Attribute	Description
algorithmSuite	Sets the message encryption and key-wrap algorithms that are used to achieve message-based security for messages sent over MSMQ transport. The default value is `Aes256`. This attribute is of type SecurityAlgorithmSuite.
clientCredentialType	Specifies the type of credential to be used when performing client authentication for messages sent over the MSMQ transport. Valid values include the following: - None: This allows the service to interact with anonymous clients. Neither the service nor the client requires a credential. - Windows: This enables the SOAP exchanges to be under the authenticated context of a Windows credential. This always performs Kerberos-based authentication. - UserName: This enables the service to require that the client be authenticated using a UserName credential. The credential in this case needs to be specified using the `clientCredentials` behavior Caution: Windows Communication Foundation (WCF) does not support sending a password digest or deriving keys using password and using such keys for message security. Therefore, WCF enforces that the exchange is secured when using UserName credentials. This mode requires that the service certificate be specified on the client side using `clientCredential` behavior and `serviceCertificate`. - Certificate: This enables the service to require that the client be authenticated using a certificate. The client credential in this case needs to be specified using the `clientCredentials` behavior. The service credential in this case needs to be specified using the `clientCredentials` behavior by specifying the `serviceCertificate`. - CardSpace: This allows the service to require that the client be authenticated using a CardSpace. The `serviceCertificate` must be provisioned in the `clientCredential` behavior. The default value is `Windows`. This attribute is of type MessageCredentialType.

Child Elements

None

Parent Elements

Element	Description
<security>	Defines the security settings for a binding.

Share via

<message> of <netMsmqBinding>

Syntax

Attributes and Elements

Attributes

Child Elements

Parent Elements

See also

Feedback

Additional resources