How to: Secure Messages within Reliable Sessions
This topic outlines the steps required to enable message-level security for messages exchanged within a reliable session using one of the system-provided bindings that support such a session, but not by default. You can enable a secure, reliable session either imperatively by using code or declaratively in the configuration file. This procedure uses the client and service configuration files to enable the secure, reliable session.
This procedure consists of the following three key tasks:
Specify that the client and service exchange messages within a reliable session.
Require message-level security within the reliable session.
Specify the client credential type that the client must use to be authenticated with the service.
It is important in the first task that the endpoint configuration element contain a bindingConfiguration attribute that references a binding configuration named (in this example) "MessageSecurity." The <binding> configuration element can then reference this name to enable reliable sessions by setting the enabled attribute of the reliableSession element to true. You can require that the ordered delivery assurances are available within a reliable session by setting the ordered attribute to true.
For the source copy of the example on which this configuration procedure is based, see the WS Reliable Session.
The essential items of the second task are accomplished by setting the mode attribute of the <security> element contained in the <binding> element of the client and service to Message.
The essential items of the third task are accomplished by setting the clientCredentialType attribute of the <message> element contained in the <security> element of the client and service to Certificate.
Note
When using message security with reliable sessions, if the client is not authenticated, Reliable Messaging attempts to authenticate the client until a timeout occurs instead of throwing an exception upon first failure.
To configure the service with a WSHttpBinding to use a reliable session
- This procedure is described in How to: Exchange Messages Within a Reliable Session.
To configure the client with a WSHttpBinding to use a reliable session
- This procedure is described in How to: Exchange Messages Within a Reliable Session.
To set the mode and ClientCredentialType in configuration
Add an appropriate binding element to the <bindings> element of the configuration file. The following example adds a <wsHttpBinding> element.
Add a <binding> element and set its name attribute to an appropriate value.
Add a <security> element and set the mode attribute to Message.
The following example sets the mode to Message, and then sets the clientCredentialType attribute of the <message> element to Certificate.
<wsHttpBinding> <binding name="MessageSecurity"> <security mode="Message" /> <message clientCredentialType = " Certificate" /> </security> </binding> </wsHttpBinding >