Message Security
- How to: Use Message Security
- How to: Control the Level of Message Encryption
- How to: Use Out-of-band Credentials with Message Security
How to: Use Message Security
Use the <Security mode> attribute to configure message security on your binding.
Perform the following steps to configure wsHttpBinding to use message security:
Open your app.config or web.config file and set the security mode to Message as follows:
<bindings> <wsHttpBinding> <binding name="wsHttpEndpointBinding"> <security mode="Message"> </security> </binding> </wsHttpBinding> </bindings>
Save the configuration file.
Message security is available on all of the bindings except for netNamedPipeBinding.
Additional Resources
- For more information, see Message Security in WCF.
How to: Control the Level of Message Encryption
If you are using message security, use the [ServiceContract(ProtectionLevel)] attribute to specify message security protection levels on the interface or operation level.
The protection level options available are:
- None. Use None to turn off signing and encryption on the operation or interface.
- Sign. Use Sign to sign the interface or operation but not encrypt it.
- EncryptAndSign. Use EncryptAndSign to both encrypt and sign the interface or operation.
If you are using transport security, you cannot partially encrypt your messages.
The following code example shows how set the protection level to Sign on an interface:
[ServiceContract(ProtectionLevel=ProtectionLevel.Sign]
public interface IService
{
string GetData(int value);
}
The following code example shows how to set the protection level to Sign on an operation contract:
[OperationContract(ProtectionLevel=ProtectionLevel.Sign]
string GetData(int value);
Additional Resources
- For more information on protection levels and partial encryption, see Understanding Protection Level.
How to: Use Out-of-band Credentials with Message Security
Set the negotiateCredentials attribute to false to use out-of-band credentials. This will require you to provide certificates to the client so that they can encrypt and sign messages.
Perform the following steps to configure the negotiateCredentials attribute:
Open your app.config or web.config file and set the security mode to Message.
<wsHttpBinding> <binding name="MessageAndUserName"> <security mode="Message"> <message clientCredentialType="UserName" negotiateCredentials="false" algorithmSuite="Default" /> </security> </binding> </wsHttpBinding>
Save the configuration file.