Inside the Standard Bindings: WSFederationHttp

Index for bindings in this series:

• BasicHttp
• WSHttp
• WSDualHttp
• WSFederationHttp
• NetTcp
• NetPeerTcp
• NetNamedPipe
• NetMsmq

The final HTTP binding that I'm covering in this series is WSFederationHttp. Federation is the ability to share identities across multiple systems for authentication and authorization. These identities could either be for users or machines. This binding is intended for the very specific scenario of federated security.

Standard disclaimer:

I've cut down on the number of properties presented by eliminating duplicates between the binding settings and binding element settings. For instance, the XML reader quotas can be set on either the binding or the message encoder binding element, but I'm only going to show them on the message encoder. I've also omitted most of the security credential settings because they're very messy and you hopefully won't need to change them much.

Federated HTTP supports SOAP security as well as mixed-mode security, but it doesn't support exclusively using transport security. I'll begin with the usual pattern of first presenting the binding with security disabled.

1. System.ServiceModel.Channels.TransactionFlowBindingElement

    TransactionProtocol: WSAtomicTransactions
   

2. System.ServiceModel.Channels.TextMessageEncodingBindingElement

    AddressingVersion: Addressing10 (https://www.w3.org/2005/08/addressing)
   MaxReadPoolSize: 64
   MaxWritePoolSize: 16
   ReaderQuotas: 
     MaxArrayLength: 16384
     MaxBytesPerRead: 4096
     MaxDepth: 32
     MaxNameTableCharCount: 16384
     MaxStringContentLength: 8192
   

3. System.ServiceModel.Channels.HttpTransportBindingElement

    AllowCookies: False
   AuthenticationScheme: Anonymous
   BypassProxyOnLocal: False
   HostNameComparisonMode: StrongWildcard
   ManualAddressing: False
   MappingMode: SoapWithWSAddressing
   MaxBufferPoolSize: 524288
   MaxBufferSize: 65536
   MaxReceivedMessageSize: 65536
   ProxyAddress: 
   ProxyAuthenticationScheme: Anonymous
   Realm: 
   Scheme: http
   TransferMode: Buffered
   UnsafeConnectionNtlmAuthentication: False
   UseDefaultWebProxy: True
   

There's nothing unusual about these settings compared to any of the other HTTP bindings. However, if you look at the top-level settings on the binding, there are two new components. The first is an address for a privacy notice. The second is buried inside the security settings. If you drill down to the settings for message security (not pictured here) there's now more than a dozen settings instead of the normal two or three.

 CloseTimeout: 00:01:00
EnvelopeVersion: Soap12 (https://www.w3.org/2003/05/soap-envelope)
Namespace: https://tempuri.org/
OpenTimeout: 00:01:00
PrivacyNoticeAt: 
ReceiveTimeout: 00:01:00
ReliableSession: 
  Enabled: False
  InactivityTimeout: 00:10:00
  Ordered: True
SendTimeout: 00:01:00
TextEncoding: System.Text.UTF8Encoding
TransactionFlow: False

The channel stack is identical to the WSHttp binding when Security.Mode is set to Message.

1. System.ServiceModel.Channels.TransactionFlowBindingElement
2. System.ServiceModel.Channels.SymmetricSecurityBindingElement
3. System.ServiceModel.Channels.TextMessageEncodingBindingElement
4. System.ServiceModel.Channels.HttpTransportBindingElement

However, setting Security.Mode to TransportWithMessageCredential results in something of a hybrid between the WSHttp and BasicHttp bindings.

1. System.ServiceModel.Channels.TransactionFlowBindingElement

2. System.ServiceModel.Channels.TransportSecurityBindingElement

3. System.ServiceModel.Channels.TextMessageEncodingBindingElement

4. System.ServiceModel.Channels.HttpsTransportBindingElement

    RequireClientCertificate: False
   Scheme: https
   

Finally, using the MTOM encoder looks exactly the same as for WSHttp.

1. System.ServiceModel.Channels.TransactionFlowBindingElement
2. System.ServiceModel.Channels.MtomMessageEncodingBindingElement
3. System.ServiceModel.Channels.HttpTransportBindingElement

Next time: It's All in the BindingContext

Comments

• Anonymous
  June 23, 2006
  After a few days break, the series on standard bindings continues.  This week will take care of the remainder...

• Anonymous
  June 24, 2006
  This series has been very useful. I just added a link to the main page of this section into the related category in WinFXGuide.com and removed the links to the single posts.
  
  Best,
  Fran

• Anonymous
  July 05, 2006
  I had yesterday's N&N cut short with a trip to the Jersey Shore. After a fine cookout day yesterday,...

• Anonymous
  July 29, 2006
  I thought I'd share the binding inspector program I wrote a few months ago to explore the different settings...

• Anonymous
  December 11, 2007
  I had yesterday's N&N cut short with a trip to the Jersey Shore. After a fine cookout day yesterday

• Anonymous
  December 04, 2008
  I had yesterday's N&N cut short with a trip to the Jersey Shore. After a fine cookout day yesterday, I'm back at work because of the rain this afternoon. I have all my flagged items still at home because Feed Demon still is working on syncing these