Saturday, September 7, 2019

How WCF bindings and the impact on message protection?

What happens if the binding does not provide security, and you have explicitly set ProtectionLevel other than None
An exception will be thrown. 

For example, out of the box security is not enabled for basicHttpBinding. So, if you set ProtectionLevel other than None using the ProtectionLevel named parameter as shown below
[ServiceContract]
public interface IHelloService
{
    [OperationContract(ProtectionLevel = ProtectionLevel.None)]
    string GetMessageWithoutAnyProtection();

    [OperationContract(ProtectionLevel = ProtectionLevel.Sign)]
    string GetSignedMessage();

    [OperationContract(ProtectionLevel = ProtectionLevel.EncryptAndSign)]
    string GetSignedAndEncryptedMessage();
}

and if you use basicHttpBinding in the config file
<endpoint address="HelloService"
          binding="basicHttpBinding"
          contract="HelloService.IHelloService"/>

The following exception will be be thrown
Unhandled Exception: System.InvalidOperationException: The request message must be protected. This is required by an operation of the contract ('IHelloService','http://tempuri.org/'). The protection must be provided by the binding ('BasicHttpBinding','http://tempuri.org/').

In general ProtectionLevel parameter is used to enforce the minimum level of protection required. If the binding does not provide that minimum level of protection then an exception will be thrown.
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Get max value for identity column without a table scan

  You can use   IDENT_CURRENT   to look up the last identity value to be inserted, e.g. IDENT_CURRENT( 'MyTable' ) However, be caut...