You cannot mix your protection level when you use transport security. You're going to have to use message security if this is important to you.
Configuring a service for multiple message ProtectionLevels while using transport security
Pregunta
I have a WCF service that I want to use message signing for, but only for certain calls- the rest should not be signed. I can't figure out how to set it up to support both.
The message signing uses a non-windows username and password that gets verified by a usernamepasswordvalidator on the service side. Both signed and unsigned messages should use transport security.
Here's an example of my interface:
[ServiceContract(ProtectionLevel=ProtectionLevel.None)]
public interface ISecTest
{
[OperationContract(ProtectionLevel = ProtectionLevel.Sign)]
string GetData(string value);
[OperationContract(ProtectionLevel = ProtectionLevel.None)]
string GetStuff(string stuff);
}
The problem I'm running into is that the signing seems to be based entirely on the service's binding configuration, as opposed to the ProtectionLevels defined on the interface.
If I use the following binding, both calls will require username credentials, regardless of the ProtectionLevel attributes:
<wsHttpBinding>
<binding name="secureWSHttpBindingConfig">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName" />
<transport clientCredentialType="None" />
</security>
</binding>
</wsHttpBinding>
If I omit the message security and use the following binding, then neither call requires credentials:
<wsHttpBinding>
<binding name="tolerantWSHttpBindingConfig">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</wsHttpBinding>
Is this a complication from using transport security in addition to the message security? Any advice on how I could accomplish this in a single service (if it's even possible)?
Thanks!
Solución