Suggested Videos
Part 46 - WCF throttling
Part 47 - WCF security
Part 48 - Controlling WCF message protection using ProtectionLevel parameter
In this video we will discuss, what happens, if the binding does not provide security, and you have explicitly set ProtectionLevel other than None
This is continuation to Part 48. Please watch Part 48 before proceeding.
What happens if the binding does not provide security, and you have explicitly set ProtectionLevel other than None
An exception will be thrown.
For example, out of the box security is not enabled for basicHttpBinding. So, if you set ProtectionLevel other than None using the ProtectionLevel named parameter as shown below
and if you use basicHttpBinding in the config file
The following exception will be be thrown
Unhandled Exception: System.InvalidOperationException: The request message must be protected. This is required by an operation of the contract ('IHelloService','http://tempuri.org/'). The protection must be provided by the binding ('BasicHttpBinding','http://tempuri.org/').
In general ProtectionLevel parameter is used to enforce the minimum level of protection required. If the binding does not provide that minimum level of protection then an exception will be thrown.
Part 46 - WCF throttling
Part 47 - WCF security
Part 48 - Controlling WCF message protection using ProtectionLevel parameter
In this video we will discuss, what happens, if the binding does not provide security, and you have explicitly set ProtectionLevel other than None
This is continuation to Part 48. Please watch Part 48 before proceeding.
What happens if the binding does not provide security, and you have explicitly set ProtectionLevel other than None
An exception will be thrown.
For example, out of the box security is not enabled for basicHttpBinding. So, if you set ProtectionLevel other than None using the ProtectionLevel named parameter as shown below
[ServiceContract]
public interface IHelloService
{
[OperationContract(ProtectionLevel = ProtectionLevel.None)]
string GetMessageWithoutAnyProtection();
[OperationContract(ProtectionLevel = ProtectionLevel.Sign)]
string GetSignedMessage();
[OperationContract(ProtectionLevel = ProtectionLevel.EncryptAndSign)]
string GetSignedAndEncryptedMessage();
}
and if you use basicHttpBinding in the config file
<endpoint address="HelloService"
binding="basicHttpBinding"
contract="HelloService.IHelloService"/>
The following exception will be be thrown
Unhandled Exception: System.InvalidOperationException: The request message must be protected. This is required by an operation of the contract ('IHelloService','http://tempuri.org/'). The protection must be provided by the binding ('BasicHttpBinding','http://tempuri.org/').
In general ProtectionLevel parameter is used to enforce the minimum level of protection required. If the binding does not provide that minimum level of protection then an exception will be thrown.
Sir, Can we use different protection level for basicHttpBinding or webHttpBinding with security mode to none in configuration file.
ReplyDeleteObviously not I guess because when you are setting the security mode to none means you are not providing any security and inturn if you provide protection level it may not work
ReplyDelete