wcf icon indicating copy to clipboard operation
wcf copied to clipboard

Published 20 hours ago verified publisher icon dotnet

WS Message mode not supported

Open MenuGamer opened this issue 1 year ago • 3 comments

When dispatching client with WSHttpBinding and SecurityMode.Message the CreateSecurityBindingElement method from System.ServiceModel.MessageSecurityOverHttp will throw platform not supported error.

My old .NET Framework 4.8 project is using the following configuration.

<bindings>
	<wsHttpBinding>
		<binding name="SecureBinding" closeTimeout="23:59:59" openTimeout="23:59:59" receiveTimeout="23:59:59" sendTimeout="23:59:59" maxBufferPoolSize="5242880" maxReceivedMessageSize="1073741824">
			<readerQuotas maxDepth="1000000000" maxStringContentLength="1000000000" maxArrayLength="1000000000" maxBytesPerRead="1000000000" maxNameTableCharCount="1000000000"/>
			<security mode="Message">
				<message clientCredentialType="UserName"/>
			</security>
		</binding>
	</wsHttpBinding>
</bindings>
<client>
	<endpoint name="CustomAuth" address="http://localhost:2000/Service" binding="wsHttpBinding" bindingConfiguration="SecureBinding">
		<identity>
			<dns value="TestCert"/>
		</identity>
	</endpoint>
</client>

I've recreated it in .NET 7.0 manually as followed

// Initialize the default binding
var wsHttpBinding = new WSHttpBinding();
wsHttpBinding.CloseTimeout = TimeSpan.Parse("23:59:59");
wsHttpBinding.OpenTimeout = TimeSpan.Parse("23:59:59");
wsHttpBinding.ReceiveTimeout = TimeSpan.Parse("23:59:59");
wsHttpBinding.SendTimeout = TimeSpan.Parse("23:59:59");
wsHttpBinding.MaxBufferPoolSize = 524288;
wsHttpBinding.MaxReceivedMessageSize = 1073741824;

// Set reader quotas
wsHttpBinding.ReaderQuotas.MaxDepth = 1000000000;
wsHttpBinding.ReaderQuotas.MaxStringContentLength = 1000000000;
wsHttpBinding.ReaderQuotas.MaxArrayLength = 1000000000;
wsHttpBinding.ReaderQuotas.MaxBytesPerRead = 1000000000;
wsHttpBinding.ReaderQuotas.MaxNameTableCharCount = 1000000000;

wsHttpBinding.Security.Mode = SecurityMode.Message;
wsHttpBinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;

// Initialize the default endpoint address
Address = new EndpointAddress(new Uri("http://localhost:2000/Service"));

Is this method not supported in .NET 7.0 or is there a workaround.

MenuGamer avatar Dec 04 '23 10:12 MenuGamer

SecurityMode.Message is not supported. If you control the client and the server, you could switch to using SecurityMode.TransportWithMessageCredentials and the authentication flow/configuration will continue to work exactly as before. You will need to communicate over https instead of http. Depending on your security requirements, this is likely to give you equal security to what you had before. The difference in security only comes into play if you have a front end which is forwarding requests or you store the requests somewhere for consumption later as the SOAP message itself is no longer encrypted, instead relying on the HTTPS connection to provide secrecy and integrity.

mconnew avatar Dec 06 '23 22:12 mconnew