Zulfiqar's weblog

Architecture, security & random .Net

Changing MessageProtectionOrder for Built-in bindings

Posted by zamd on February 10, 2008


MessageProtectionOrder enumeration defines the order of encryption and signing for the SOAP messages. WCF could be configured to first sign messages and then encrypt or other way around. 

All the built-in bindings (basicHttpBinding, wsHttpBinding etc) uses a default protection order and won’t let you change it. The only way to change the protection order is to use a custom binding(<message> element). However you might end up in a situation where you have configured all sorts of settings on a built-in binding and now you want to alter the protection order (or any other setting not directly exposed through the built-in binding). Following steps and code snipped shows how to create a custom binding to override a property value while still retaining the original settings of the binding/elements. 

·         Ask the configured binding to create all the binding elements for you (as configured in config file). 

·         Find the required BindingElement, which exposing the property you need to change (AsymmetricSecurityBindingElement in this case). 

·         Overwrite the current value with your desired value. You could also pick the actual value from the config file. 

·         Now create a CustomBinding object and copy updated binding element collection into this new object. 

·         Set the custom binding as new binding for the endpoint.  

BindingElementCollection col = fac.Endpoint.Binding.CreateBindingElements();  

AsymmetricSecurityBindingElement asbe = col.Find<AsymmetricSecurityBindingElement>(); 

asbe.MessageProtectionOrder = MessageProtectionOrder.EncryptBeforeSign; 

fac.Endpoint.Binding = new CustomBinding(col); 

Note: You have the flexibility to make the change on a per endpoint basis rather for the whole binding; it all depends on your requirements. 

In the next post, I will talk about ProtectionLevel attribute and how to make it config enabled. 

  

Stay tuned… 

Advertisements

One Response to “Changing MessageProtectionOrder for Built-in bindings”

  1. […] from the config file. You have to use a custom binding, if you need to turn off derived keys. See this for details. By default “derived keys” are turned off in case of […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: