WS_NAMEDPIPE_SSPI_TRANSPORT_SECURITY_BINDING structure (webservices.h)

The security binding subtype for specifying the use of the Windows Integrated Authentication protocol (such as Kerberos, NTLM or SPNEGO) with the named pipe transport. A specific SSP package may be chosen using the security binding property WS_SECURITY_BINDING_PROPERTY_WINDOWS_INTEGRATED_AUTH_PACKAGE; if that property is not specified, SPNEGO is used by default.

This security binding operates at the transport security level and is supported only with the WS_NAMEDPIPE_CHANNEL_BINDING. The NamedPipe/Windows SSPI combination uses the wire form defined by the NegotiateStream protocol and the .Net Message Framing specification.

On the client side, the security identity of the target server is specified using the identity field of the WS_ENDPOINT_ADDRESS parameter supplied during WsOpenChannel.

The named pipe binding supports only this one transport security binding and does not support any message security bindings.

With this security binding, the following security binding properties may be specified:

• WS_SECURITY_BINDING_PROPERTY_WINDOWS_INTEGRATED_AUTH_PACKAGE
• WS_SECURITY_BINDING_PROPERTY_REQUIRE_SERVER_AUTH (client side only)
• WS_SECURITY_BINDING_PROPERTY_ALLOW_ANONYMOUS_CLIENTS (server side only)
• WS_SECURITY_BINDING_PROPERTY_ALLOWED_IMPERSONATION_LEVEL (client side only)

Syntax

typedef struct _WS_NAMEDPIPE_SSPI_TRANSPORT_SECURITY_BINDING {
  WS_SECURITY_BINDING                   binding;
  WS_WINDOWS_INTEGRATED_AUTH_CREDENTIAL *clientCredential;
} WS_NAMEDPIPE_SSPI_TRANSPORT_SECURITY_BINDING;

Members

binding

The base type from which this security binding subtype and all other security binding subtypes derive.

clientCredential

The WS_WINDOWS_INTEGRATED_AUTH_CREDENTIAL structure to be used to authenticate the client. This is required on the client and must not be specified on the server.

Requirements