Convert wsHttpBinding to customBinding

Question

How do I convert the following wsHttpBinding to a customBinding? I need to so this so I can increase the clock skew. This is for http.

 <wsHttpBinding>
    <binding name="wsHttpSecurityOptions" maxReceivedMessageSize="10485760" maxBufferPoolSize="524288">
      <security mode="Message">
        <message clientCredentialType="UserName" establishSecurityContext="true" negotiateServiceCredential="true"/>
        <transport clientCredentialType="Certificate" proxyCredentialType="None"/>
      </security>
      <readerQuotas maxStringContentLength="500000"/>
    </binding>
  </wsHttpBinding>

My attempt (as follows) fails with the error message "Could not find a base address that matches scheme https for the endpoint with binding CustomBinding" but I can't see how else to configure UserName Message mode security.

  <customBinding>
    <binding name="wsHttpSecurityOptions">
      <transactionFlow />
      <security authenticationMode="UserNameForSslNegotiated">
        <secureConversationBootstrap authenticationMode="UserNameForSslNegotiated">
          <localServiceSettings maxClockSkew="00:10:00" />
        </secureConversationBootstrap>
        <localServiceSettings maxClockSkew="00:10:00" />
      </security>
      <textMessageEncoding>
        <readerQuotas maxStringContentLength="500000"/>
      </textMessageEncoding>
      <httpsTransport maxReceivedMessageSize="10485760" maxBufferPoolSize="524288" />
    </binding>
  </customBinding>

Answer 1

Check this solution. It creates a custom binding via code, mofifies its clock skew, and sets it as the binding to use. (source: http://sandrinodimattia.net/blog/posts/wcf-and-fixing-clienthost-time-issues-maxclockskew-quickly/)

ServiceHost service = new ServiceHost(typeof(Calculator));
Binding currentBinding = service.Description.Endpoints[0].Binding;

// Set the maximum difference in minutes
int maxDifference = 300;
// Create a custom binding based on an existing binding
CustomBinding myCustomBinding = new CustomBinding(currentBinding);
// Set the maxClockSkew
var security = myCustomBinding.Elements.Find<SymmetricSecurityBindingElement>();
security.LocalClientSettings.MaxClockSkew = TimeSpan.FromMinutes(maxDifference);
security.LocalServiceSettings.MaxClockSkew = TimeSpan.FromMinutes(maxDifference);
// Set the maxClockSkew
var secureTokenParams = (SecureConversationSecurityTokenParameters)security.ProtectionTokenParameters;
var bootstrap = secureTokenParams.BootstrapSecurityBindingElement;
bootstrap.LocalClientSettings.MaxClockSkew = TimeSpan.FromMinutes(maxDifference);
bootstrap.LocalServiceSettings.MaxClockSkew = TimeSpan.FromMinutes(maxDifference);

// Update the binding of the endpoint
service.Description.Endpoints[0].Binding = myCustomBinding;

Answer 2

After some more searching I found a cool tool by Yaron Naveh that does the conversion which produces the following (I've added in the clock skews)

  <customBinding>
    <binding name="wsHttpSecurityOptions">
      <transactionFlow />
      <security authenticationMode="SecureConversation" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
        <secureConversationBootstrap authenticationMode="UserNameForSslNegotiated" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
          <localServiceSettings maxClockSkew="00:10:00" />
        </secureConversationBootstrap>
        <localServiceSettings maxClockSkew="00:10:00" />
      </security>
      <textMessageEncoding />
      <httpTransport maxBufferSize="10485760" maxReceivedMessageSize="10485760" />
    </binding>
  </customBinding>

Thanks again to Yaron and I wish I'd found it before asking another question which I've self answered 50mins after asking it (which is a record for me :))