WCF Configuration from Novice to Ninja Series Part 2

In today’s blog I am going to explain basicHttpContextBinding. The configuration for basicHttpContextBinding looks like below. If we observe the Configuration of basicHttpBinding and basicHttpContextBinding the configuration is absolutely same. BasicHttpBinding defines a binding used by WCF to configure and expose endpoints which provide compatibility with ASMX based services and clients, or to any other type of services which comply with WS-I Basic Profile 1.1. It makes use of HTTP transport protocol to deliver SOAP 1.1 messages. BasicHttpContextBinding provides same functionality as BasicHttpBinding but with some extras. It ensures that the WCF service exposed through this endpoint biding is compatible with ASP.NET session state features.

<basicHttpContextBinding>
<!-- Binding Section Starting Point -->
<binding
allowCookies="Boolean"
bypassProxyOnLocal="Boolean"
closeTimeout="TimeSpan"
envelopeVersion="None/Soap11/Soap12"
hostNameComparisonMode="StrongWildCard/Exact/WeakWildcard"
maxBufferPoolSize="Integer"
maxBufferSize="Integer"
maxReceivedMessageSize="Integer"
messageEncoding="Text/Mtom"
name="string"
openTimeout="TimeSpan"
proxyAddress="URI"
receiveTimeout="TimeSpan"
sendTimeout="TimeSpan"
textEncoding="UnicodeFffeTextEncoding/Utf16TextEncoding/Utf8TextEncoding"
transferMode="Buffered/Streamed/StreamedRequest/StreamedResponse"
useDefaultWebProxy="Boolean">

<!-- Security Section Starting Point -->
<security mode="None/Transport/Message/TransportWithMessageCredential
/TransportCredentialOnly">

<!-- Transport Section Starting Point -->

<transport clientCredentialType="None/Basic/Digest
/Ntlm/Windows/Certificate"
proxyCredentialType="None/Basic/Digest/Ntlm/Windows"
realm="string" />
<!-- Transport Section Ending Point -->

<!-- Message Section Starting Point -->
<message algorithmSuite="Basic128/Basic192/Basic256/Basic128Rsa15
/Basic256Rsa15/TripleDes/TripleDesRsa15/Basic128Sha256
/Basic192Sha256/TripleDesSha256/Basic128Sha256Rsa15
/Basic192Sha256Rsa15/Basic256Sha256Rsa15/TripleDesSha256Rsa15"
clientCredentialType="UserName/Certificate"/>
<!-- Message Section Ending Point -->

</security>
<!-- Security Section Ending Point -->

<!—Reader Quotas Section Starting Point -->
<readerQuotas maxArrayLength="Integer"
maxBytesPerRead="Integer"
maxDepth="Integer"
maxNameTableCharCount="Integer"
maxStringContentLength="Integer" />
<!—Reader Quotas Section Ending Point -->
</binding>
<!-- Binding Section Ending Point -->
</basicHttpContextBinding>

Binding Attributes

allowCookies
A Boolean value that indicates whether the client accepts cookies and propagates them on future requests or not. The default is false. You can use this property when you interact with ASMX Web services that use cookies. In this way, you can be sure that the cookies returned from the server are automatically copied to all future client requests for that service.

bypassProxyOnLocal
A Boolean value that indicates whether to bypass the proxy server for local addresses. The default is false. An Internet resource is local if it has a local address. A local address is one that is on same computer, the local LAN or intranet and is identified, syntactically, by the lack of a period (.) as in the URIs “http://webserver/” and “http://localhost/”. Setting this attribute determines whether endpoints configured with the BasicHttpBinding use the proxy server when accessing local resources. If this attribute is true, requests to local Internet resources do not use the proxy server. Use the host name (rather than localhost) if you want clients to go through a proxy when talking to services on the same machine when this attribute is set to true. When this attribute is false, all Internet requests are made through the proxy server.

closeTimeout
A TimeSpan value that specifies the interval of time provided for a close operation to complete. This value should be greater than or equal to Zero. The default is 00:01:00

envelopeVersion
Specifies the version of SOAP that is used for messages that are processed by this binding. The only valid value is Soap11.

hostnameComparisonMode
Specifies the HTTP hostname comparison mode used to parse URIs. This attribute is of type HostnameComparisonMode, which indicates whether the hostname is used to reach the service when matching on the URI. The default value is StrongWildcard, which ignores the hostname in the match.

maxBufferPoolSize
An integer value that specifies the maximum amount of memory that is allocated for use by the manager of the message buffers that receive messages from the channel. The default value is 524288 (0x80000) bytes. The Buffer Manager minimizes the cost of using buffers by using a buffer pool. Buffers are required to process messages by the service when they come out of the channel. If there is not sufficient memory in the buffer pool to process the message load, the Buffer Manager must allocate additional memory from the CLR heap, which increases the garbage collection overhead. Extensive allocation from the CLR garbage heap is an indication that the buffer pool size is too small and that performance can be improved with a larger allocation by increasing the limit specified by this attribute.

maxBufferSize
An integer value that specifies the maximum size, in bytes, of a buffer that stores messages while they are processed for an endpoint configured with this binding. The default value is 65,536 bytes.

maxReceivedMessageSize
A positive integer that defines the maximum message size, in bytes, including headers, for a message that can be received on a channel configured with this binding. The sender receives a SOAP fault if the message is too large for the receiver. The receiver drops the message and creates an entry of the event in the trace log. The default is 65,536 bytes.

messageEncoding
Defines the encoder used to encode the SOAP message. Valid values include the following:
Text: Use a text message encoder.
Mtom: Use a Message Transmission Organization Mechanism 1.0 (MTOM) encoder.

The default is Text. This attribute is of type WSMessageEncoding.

name

A string that contains the configuration name of the binding. This value should be unique because it is used as identification for the binding. Each binding has a name and namespace attribute that together uniquely identify it in the metadata of the service. In addition, this name is unique among bindings of the same type. Starting with .NET Framework 4, bindings and behaviors are not required to have a name.

namespace

Specifies the XML namespace of the binding. The default value is “http://tempuri.org/Bindings”. Each binding has a name and namespace attribute that together uniquely identify it in the metadata of the service.

openTimeout

A TimeSpan value that specifies the interval of time provided for an open operation to complete. This value should be greater than or equal to Zero. The default is 00:01:00

proxyAddress

A URI that contains the address of the HTTP proxy. If useSystemWebProxy is set to true, this setting must be null. The default is null.

receiveTimeout

A TimeSpan value that specifies the interval of time provided for a receive operation to complete. This value should be greater than or equal to Zero. The default is 00:10:00

sendTimeout

A TimeSpan value that specifies the interval of time provided for a send operation to complete. This value should be greater than or equal to Zero. The default is 00:01:00

textEncoding

Sets the character set encoding to be used for emitting messages on the binding. Valid values include the following:
BigEndianUnicode: Unicode BigEndian encoding.
Unicode: 16-bit encoding.
UTF8: 8-bit encoding

The default is UTF8. This attribute is of type Encoding.

transferMode

A valid TransferMode value that specifies whether messages are buffered or streamed on a request or response.

useDefaultWebProxy

A Boolean value that specifies whether the auto-configured HTTP proxy of the system should be used, if available. The default is true.

Security Attributes

mode

Mode is Optional and it specifies the type of security that is going to be used. The default value is None and the possible values are mentioned below.

None: If we mention the mode as none messages are not secured during transfer.

Transport: Security is provided using HTTPS transport. The SOAP messages are secured using HTTPS. The service is authenticated to the client using the service’s X.509 certificate. The client is authenticated using the ClientCredentialType supplied.

Message: Security is provided using SOAP message security. By default, the body is encrypted and signed. For this binding, the system requires that the server certificate be provided to the client out of band. The only valid ClientCredentialType for this binding is Certificate.

TransportWithMessageCredential: Integrity, confidentiality and server authentication are provided by transport security. Client authentication is provided by means of SOAP message security. This mode is relevant when the user is authenticating using username/password and there is an existing HTTP deployment for securing message transfer.

TransportCredentialOnly: This mode does not provide message integrity and confidentiality. It provides http-based client authentication. This mode should be used with caution. It should be used in environments where the transport security is being provided by other means (such as IPSec) and only client authentication is provided by the WCF infrastructure.

Security Child Elements

Transport and Message are the Child elements for the Security

transport

clientCredentialType

Specifies the type of credential to be used when performing client authentication using HTTP authentication. The default is None. This attribute is of type HttpClientCredentialType.

Possible Values
None: Messages are not secured during transfer.
Basic: Specifies basic authentication.
Digest: Specifies digest authentication.
Ntlm: Specifies NTLM authentication when possible, and if Windows authentication fails.
Windows: Specifies Windows integrated authentication.

 

proxyCredentialType

Specifies the type of credential to be used when performing client authentication from within a domain using a proxy over HTTP. This attribute is applicable only when the mode attribute of the parent security element is Transport or TransportCredentialsOnly. This attribute is of type HttpProxyCredentialType.

Possible Values
None: Messages are not secured during transfer.
Basic: Specifies basic authentication as defined by RFC 2617 – HTTP Authentication: Basic and Digest Authentication.
Digest: Specifies digest authentication as defined by RFC 2617 – HTTP Authentication: Basic and Digest Authentication.
Ntlm: Specifies NTLM authentication when possible, and if Windows authentication fails.
Windows: Specifies Windows integrated authentication.
Certificate: Performs client authentication using a certificate. This option works only if the Mode attribute of the parent security element is set to Transport, and will not work if it is set to TransportCredentialOnly.

 

realm

A string that specifies the realm that is used by the HTTP authentication scheme for digest or basic authentication. The default is an empty string.

policyEnforcement

This enumeration specifies when the ExtendedProtectionPolicy should be enforced.

Possible Values
Never: The policy is never enforced (Extended Protection is disabled).
WhenSupported: The policy is enforced only if the client supports Extended Protection.
Always: The policy is always enforced. Clients which don’t support Extended Protection will fail to authenticate.

protectionScenario

This enumeration specifies the protection scenario enforced by the policy.

message

algorithmSuite

Sets the message encryption and key-wrap algorithms. This attribute is of type SecurityAlgorithmSuite, which specifies the algorithms and the key sizes. These algorithms map to those specified in the Security Policy Language (WS-SecurityPolicy) specification.

Possible Values:
Basic128: Gets the Basic128 algorithm suite.

Basic128Rsa15: Gets an algorithm suite that uses RSA15 as the key wrap algorithm and 128-bit Basic as the message encryption algorithm.

Basic128Sha256: Gets an algorithm suite that uses SHA256 for the signature digest and 128-bit Basic as the message encryption algorithm.

Basic128Sha256Rsa15: Gets an algorithm suite that uses RSA15 as the key wrap algorithm, SHA256 for the signature digest, and 128-bit Basic as the message encryption algorithm.

Basic192: Gets an algorithm suite that uses 192-bit Basic as the message encryption algorithm.

Basic192Rsa15: Gets an algorithm suite that uses RSA15 as the key wrap algorithm and 192-bit Basic as the message encryption algorithm.

Basic192Sha256: Gets an algorithm suite which uses SHA256 for the signature digest and 192-bit Basic as the message encryption algorithm.

Basic192Sha256Rsa15: Gets an algorithm suite that uses RSA15 as the key wrap algorithm, SHA256 for the signature digest, and 192-bit Basic as the message encryption algorithm.

Basic256: Gets an algorithm suite that uses 256-bit Basic as the message encryption algorithm.

Basic256Rsa15: Gets an algorithm suite that uses RSA15 as the key wrap algorithm and 256-bit Basic as the message encryption algorithm.

Basic256Sha256: Gets an algorithm suite that uses SHA256 for the signature digest and 256-bit Basic as the message encryption algorithm.

Basic256Sha256Rsa15: Gets an algorithm suite that uses RSA15 as the key wrap algorithm, SHA256 for the signature digest, and 128-bit Basic as the message encryption algorithm.

Default: Gets the default algorithm suite.

TripleDes: Gets the Triple Data Encryption Standard (DES) algorithm suite.

TripleDesRsa15: Gets an algorithm suite that uses RSA15 as the key wrap algorithm and 192-bit Triple Data Encryption Standard (DES) as the message encryption algorithm.

TripleDesSha256: Gets an algorithm suite that uses SHA256 for the signature digest and 192-bit Triple Data Encryption Standard (DES) as the message encryption algorithm.

TripleDesSha256Rsa15: Gets an algorithm suite that uses RSA15 as the key wrap algorithm, SHA256 for the signature digest, and 192-bit Triple Data Encryption Standard (DES) as the message encryption algorithm.

The default value is Basic256.

clientCredentialType

Specifies the type of credential to be used when performing client authentication using message-based security. The default is UserName.
Possible Values
UserName: Requires the client be authenticated to the server with a UserName credential. This credential needs to be specified using the <clientCredentials>. WCF does not support sending a password digest or deriving keys using passwords and using such keys for message security. Therefore, WCF enforces that the transport be secured when using UserName credentials. For the basicHttpBinding, this requires setting up an SSL channel.

Certificate: Requires that the client be authenticated to the server using a certificate. The client credential in this case needs to be specified using <clientCredentials> and the <clientCertificate> of <serviceCredentials>. In addition, when using message security mode, the client needs to be provisioned with the service certificate. The service credential in this case needs to be specified using ClientCredentials class or ClientCredentials behavior element and specifying the service certificate using the <serviceCertificate> of <serviceCredentials>.

readerQuotas

maxArrayLength

A positive integer that specifies the maximum allowed array length of data being received by Windows Communication Foundation (WCF) from a client. The default is 16384.

maxBytesPerRead

A positive integer that specifies the maximum allowed bytes returned per read. The default is 4096.

maxDepth

A positive integer that specifies the maximum nested node depth per read. The default is 32.

maxNameTableCharCount

A positive integer that specifies the maximum characters allowed in a table name. The default is 16384.

maxStringContentLength

A positive integer that specifies the maximum characters allowed in XML element content. The default is 8192.