WSDL and Policy

This topic covers Windows Communication Foundation (WCF) WSDL 1.1, WS-Policy and WS-PolicyAttachment implementation details, as well as additional WS-Policy assertions and WSDL 1.1 extensions introduced by WCF.

WCF implements WS-Policy and WS-PolicyAttachment specifications submitted to W3C with constraints and clarifications described in this document.

This document uses the prefixes and namespaces shown in the following table.

Prefix Namespace

wsp (WS-Policy 1.2)

https://schemas.xmlsoap.org/ws/2004/09/policy

wsp (WS-Policy 1.5)

http://www.w3.org/ns/ws-policy

http

https://schemas.microsoft.com/ws/06/2004/policy/http

msmq

https://schemas.microsoft.com/ws/06/2004/mspolicy/msmq

msf

https://schemas.microsoft.com/ws/2006/05/framing/policy

mssp

https://schemas.microsoft.com/ws/2005/07/securitypolicy

msc

https://schemas.microsoft.com/ws/2005/12/wsdl/contract

cdp

https://schemas.microsoft.com/net/2006/06/duplex

WCF WSDL1.1 Extensions

WCF uses the following WSDL1.1 extensions to describe contract session requirements.

  • wsdl:portType/wsdl:operation/@msc:isInitiating
    xs:boolean, indicates this operation initiates a WCF session; the default value is false.
  • wsdl:portType/wsdl:operation/@msc:isTerminating
    xs:boolean, indicates this operation terminates a WCF session; the default value is false.
  • wsdl:portType/wsdl:operation/@msc:usingSession
    xs:boolean, indicates this contract requires session to be established.

SOAP 1.x HTTP Binding Transport URIs

WCF uses the following URIs to indicate transports to be used for WSDL 1.1, SOAP 1.1, and SOAP 1.2 binding extension elements.

Transport URI

HTTP

https://schemas.xmlsoap.org/soap/http

TCP

https://schemas.microsoft.com/soap/tcp

MSMQ

https://schemas.microsoft.com/soap/msmq

Named Pipes

https://schemas.microsoft.com/soap/named-pipe

Policy Assertions Implemented by WCF

In addition to policy assertions introduced in the Web Services specifications (WS-*) and mentioned in other sections of this document, WCF implements the following policy assertions.

Policy assertion Policy subject Description

http:HttpBasicAuthentication

Endpoint

Endpoint uses HTTP Basic Authentication.

http:HttpDigestAuthentication

Endpoint

Endpoint uses HTTP Digest Authentication.

http:HttpNegotiateAuthentication

Endpoint

Endpoint uses HTTP Negotiate Authentication.

http:HttpNtlmAuthentication

Endpoint

Endpoint uses HTTP NTLM Authentication.

msf:Streamed

Endpoint

Endpoint uses streamed message framing. This assertion is used with the Message Framing protocol provided for transports such as TCP, and named pipes.

msf:SslTransportSecurity

Endpoint

Endpoint uses transport-layer security (TLS) with message framing.

msf:WindowsTransportSecurity

Endpoint

Endpoint uses Security Provider Negotiation (SPNEGO) with message framing.

msmq:MsmqBestEffort

Endpoint

MSMQ with best-effort guarantees.

msmq:MsmqSession

Endpoint

MSMQ with Session guarantees.

msmq:MsmqVolatile

Endpoint

MSMQ Volatile.

msmq:Authenticated

Endpoint

Authentication is used with MSMQ transport.

msmq:WindowsDomain

Endpoint

MSMQ uses Windows Domain authentication.

cdp:CompositeDuplex

Endpoint

Endpoint uses two separate converse transport connections for in and out messages.

mssp:RsaToken

Nested

RSA key token assertion. This requirement is typically satisfied by an RSA key serialized directly as part of the key information in an endorsing signature.

mssp:SslContextToken

Nested

Requires that a SecurityContextToken obtained using binary TLS handshake using WS-Trust be used. Nested assertions include: sp:RequireDerivedKeys, mssp:MustNotSendCancel, mssp:RequireClientCertificate.

mssp:MustNotSendCancel

Nested

Specifies a requirement that a request security token (RST) request messages [WS-Trust] using the Cancel binding [WS-Trust, WS-SC] not be sent to the issuer of a given SecurityContextToken. If this assertion is present, then such request messages must not be sent to the issuer. If this assertion is not present, then such request messages can be sent to the issuer.

mssp:RequireClientCertificate

Nested

This optional element specifies a requirement for a client certificate to be provided as part of the TLSNEGO protocol. If this assertion is present, then a client certificate must be provided. If this assertion is not present, then a client certificate must not be provided. This assertion must not be used outside of mssp:SslContextToken.

See Also

Tasks

How to: Export Custom WSDL
How to: Import Custom WSDL

Other Resources

Custom WSDL Publication