WWSAPI to WCF interop 3: BasicHttpBinding with transport security

  • [アーティクル]

Transport security means the message integrity and confidentiality are provided at transport layer. For http transport, this means https. In WCF’s BasicHttpBinding, BasicHttpSecurityMode.Transport provides transport security. To use security in WWSAPI, you need to fill in a WS_SECURITY_DESCRIPTION structure. On the client side, you then pass this structure to WsCreateServiceProxy or WsCreateChannel. To use transport security with http binding, WS_SSL_TRANSPORT_SECURITY_BINDING needs to be specified in the WS_SECURITY_DESCRIPTION structure. The security binding structures in WWSAPI use a embedded structure to enable type inheritance (in fact, the embedded structure pattern is followed in all WWSAPI structures for type inheritance). The base structure for security binding is WS_SECURITY_BINDING, which has a type and a property bag. For a simple transport security over http scenario, no binding properties will be filled. If no client certificate is required, the code to fill in the WS_SECURITY_DESCRIPTION can be as simple as the following:

 

    // declare and initialize an SSL transport security binding

    WS_SSL_TRANSPORT_SECURITY_BINDING sslBinding = {}; // zero out the struct

    sslBinding.binding.bindingType = WS_SSL_TRANSPORT_SECURITY_BINDING_TYPE; // set the binding type

   

    // declare and initialize the array of all security bindings

    WS_SECURITY_BINDING* securityBindings[1] = { &sslBinding.binding };

   

    // declare and initialize the security description

    WS_SECURITY_DESCRIPTION securityDescription = {}; // zero out the struct

    securityDescription.securityBindings = securityBindings;

    securityDescription.securityBindingCount = WsCountOf(securityBindings);

 

Once the security description is ready, just pass it into WsCreateServiceProxy. Of course, you still need to set the channel properties to match the BasicHttpBinding’s SOAP version and addressing version (see my previous post).

    // Create the proxy

    hr = WsCreateServiceProxy(

            WS_CHANNEL_TYPE_REQUEST,

            WS_HTTP_CHANNEL_BINDING,

            (const WS_SECURITY_DESCRIPTION*)&securityDescription, // security description

            NULL, // proxy properties

            0, // proxy property count

            channelProperties, // channel properties

            channelPropertyCount, // channel property count

            &proxy,

            error);

 

Note: a BasicHttpBinding with transport security is created by new BasicHttpBinding(BasicHttpSecurityMode.Transport) in code or represented by the following binding element in config:

      <basicHttpBinding>

        <binding name="transportSecurity">

          <security mode="Transport">

          </security>

        </binding>

      </basicHttpBinding>

Comments

  • Anonymous
    November 14, 2008
    PingBack from http://mstechnews.info/2008/11/wwsapi-to-wcf-interop-3-basichttpbinding-with-transport-security/

  • Anonymous
    November 18, 2008
    If you have questions about interoperability between Windows Communication Foundation (WCF) and Windows

  • Anonymous
    November 18, 2008
    WWSAPI doesn’t support full message mode security (where security negotiation happens at SOAP message

  • Anonymous
    April 06, 2009
    Below you may links to resources available for connecting C/C++ code and Web Services using Windows Web