wsHttpBinding configuration

Question

I was reading a wcf book and come accross the following code block

<bindings>
  <wsHttpBinding>
    <binding name="ProductsServiceWSHttpBindingConfig">
      <security mode="TransportWithMessageCredential">
        <transport clientCredentialType="None" />
        <message clientCredentialType="UserName" />
      </security>
    </binding>
  </wsHttpBinding>
</bindings>

I'm confused with the <transport ....> and <message ...> I did onlne search and was able to conclude meaning of each. But, not sure what will be the outcome of this code block. Thanks in advance.

Answer 1

When you are going to configure security for WsHttpBinding you first have to choose how the communication will be secured. That is configured by mode in security element:

• None - no security and authentication
• Transport - communication will be encrypted on transport level (HTTPS) and authentication will be done on transport level as well (through HTTP headers)
• TransportWithMessageCredential - communication will be encrypted on transport level (HTTPS) and authentication will be done on message level (trough standardized SOAP headers)
• Message - each message will be separately encrypted and signed following WS-Security standards and send over HTTP and authentication will be done on message level as well. Encryption, signing and authentication use standardized SOAP headers.

Once you defined mode you can use transport and message elements to further specify details of security used in specific mode. The most common setting is clientCredentialType which specifies how is client authenticated by the service. transport element offers modes available in HTTP protocol and message element offers modes specified by WS-Security.

Your configuration defines binding for endpoint using HTTPS and SOAP header (UserName Token) for passing user name and password to the service.