<wsFederationHttpBinding>
Defines a binding that supports WS-Federation.
<system.serviceModel>
<bindings>
<wsFederationHttpBinding>
<wsFederationHttpBinding>
<binding
bypassProxyOnLocal="Boolean"
closeTimeout="TimeSpan"
hostNameComparisonMode="StrongWildcard/Exact/WeakWildcard"
maxBufferPoolSize="integer"
maxReceivedMessageSize="integer"
messageEncoding="Text/Mtom"
name="string"
openTimeout="TimeSpan"
privacyNoticeAt="Uri"
privacyNoticeVersion="Integer"
proxyAddress="Uri"
receiveTimeout="TimeSpan"
sendTimeout="TimeSpan"
textEncoding="UnicodeFffeTextEncoding/Utf16TextEncoding/ Utf8TextEncoding"
transactionFlow="Boolean"
useDefaultWebProxy="Boolean">
<security mode="None/Message/TransportWithMessageCredential">
<message negotiateServiceCredential="Boolean"
algorithmSuite="Aes128/Aes192/Aes256/Rsa15Aes128/ Rsa15Aes256/TripleDes"
issuedTokenType="saml"
issuedKeyType="SymmetricKey/PublicKey"
</message>
</security>
<reliableSession ordered="Boolean"
inactivityTimeout="TimeSpan"
enabled="Boolean" />
<readerQuotas maxDepth="integer"
maxStringContentLength="integer"
maxByteArrayContentLength="integer"
maxBytesPerRead="integer"
maxNameTableCharCount="integer" />
</binding>
</wsFederationBinding>
Attributes and Elements
The following sections describe attributes, child elements, and parent elements.
Attributes
| Attribute | Description |
|---|---|
bypassProxyOnLocal |
A Boolean value that indicates whether to bypass the proxy server for local addresses. The default is false. |
closeTimeout |
A TimeSpan value that specifies the interval of time provided for a close operation to complete. This value should be greater than or equal to Zero. The default is 00:01:00. |
hostnameComparisonMode |
Specifies the HTTP hostname comparison mode used to parse URIs. This attribute is of type HostnameComparisonMode, which indicates whether the hostname is used to reach the service when matching on the URI. The default value is StrongWildcard, which ignores the hostname in the match. |
maxBufferPoolSize |
An integer that specifies the maximum buffer pool size for this binding. The default is 524,288 bytes (512 * 1024). Many parts of Windows Communication Foundation (WCF) use buffers. Creating and destroying buffers each time they are used is expensive, and garbage collection for buffers is also expensive. With buffer pools, you can take a buffer from the pool, use it, and return it to the pool once you are done. Thus the overhead in creating and destroying buffers is avoided. |
maxReceivedMessageSize |
A positive integer that specifies the maximum message size, in bytes, including headers, that can be received on a channel configured with this binding.. The sender of a message exceeding this limit will receive a SOAP fault. The receiver drops the message and creates an entry of the event in the trace log. The default is 65536. |
messageEncoding |
Defines the encoder used to encode the message. Valid values include the following:
The default is Text. This attribute is of type WSMessageEncoding. |
name |
A string that contains the configuration name of the binding. This value should be unique because it is used as an identification for the binding. |
openTimeout |
A TimeSpan value that specifies the interval of time provided for an open operation to complete. This value should be greater than or equal to Zero. The default is 00:01:00. |
privactyNoticeAt |
A String that specifies a URI at which the privacy notice is located. |
privactyNoticeVersion |
An integer that specifies the version of the current privacy notice. |
proxyAddress |
A URI that specifies the address of the HTTP proxy. If useDefaultWebProxy is true, this setting must be null. The default is null. |
receiveTimeout |
A TimeSpan value that specifies the interval of time provided for a receive operation to complete. This value should be greater than or equal to Zero. The default is 00:10:00. |
sendTimeout |
A TimeSpan value that specifies the interval of time provided for a send operation to complete. This value should be greater than or equal to Zero. The default is 00:01:00. |
textEncoding |
Sets the character set encoding to be used for emitting messages on the binding. Valid values include the following:
The default is UTF8. This attribute is of type Encoding.. |
transactionFlow |
A Boolean value that specifies whether the binding supports flowing WS-Transactions. The default is false. |
useDefaultWebProxy |
A Boolean value that indicates whether the system’s auto-configured HTTP proxy is used. The proxy address must be null (that is, not set) if this attribute is true. The default is true. |
Child Elements
| Element | Description |
|---|---|
Defines the security settings for the message. This element is of type WSFederationHttpSecurityElement. |
|
Defines the constraints on the complexity of SOAP messages that can be processed by endpoints configured with this binding. This element is of type XmlDictionaryReaderQuotasElement. |
|
Specifies if reliable sessions are established between channel endpoints. |
Parent Elements
| Element | Description |
|---|---|
This element holds a collection of standard and custom bindings. Each entry is identified by its name. Services use bindings by linking them using the name. |
Remarks
Keeping policy secure is especially important in federation scenarios. The recommendation is to use some form of security, such as HTTPS, to protect the policy from malicious users.
In federation scenarios using this binding, the service policy potentially has important information such as the key to use to encrypt the issued (SAML) token, the type of claims to put in the token, and so forth. If this policy is tampered with, an attacker could discover the key of the issued token leading to further tampering, info disclosure and other malicious behavior. To help prevent this, the policy must be obtained securely (for example using HTTPS) from the service.
Example
<configuration>
<system.ServiceModel>
<bindings>
<wsFederationHttpBinding>
<binding name="test"
bypassProxyOnLocal="false"
transactionFlow="false"
hostNameComparisonMode="WeakWildcard"
maxReceivedMessageSize="1000"
messageEncoding="Mtom"
proxyAddress="http://foo/bar"
textEncoding="Utf16TextEncoding"
useDefaultWebProxy="false">
<reliableSession ordered="false"
inactivityTimeout="00:02:00" enabled="true" />
<security mode="None">
<message negotiateServiceCredential="false"
algorithmSuite="Aes128"
issuedTokenType="saml"
issuedKeyType="PublicKey">
<issuer address="https://localhost/Sts" />
</message>
</security>
</binding>
</wsFederationBinding>
</bindings>
</system.ServiceModel>
</configuration>
See Also
Reference
.gif)
Send comments about this topic to Microsoft.
© Microsoft Corporation. All rights reserved.