Partial Trust Binding Black List

  • Article

Partial trust support in WCF is an Orcas feature that allows clients and services to be run in an environment with restricted permissions. WCF is part of a fully trusted installation, so by default partially trusted callers are not allowed to call into the assembly. However, there is a standard mechanism to change that, which is to mark the assembly with the AllowPartiallyTrustedCallers attribute. Once an assembly is marked, it is then the responsibility of that code to make sure that partially trusted callers can't do bad things through the exposed API of the fully-trusted assembly.

To implement this restriction, one of the things that WCF does is limit the bindings that you can build using the out-of-the-box components (custom components would have to join into this same security model and do their own validation before they could be used). There are two rounds of checks, first to knock out the bindings that are not safe for partially trusted callers and then to knock out the binding elements.

WCF ships with 15 bindings (plus custom binding) in the box for Orcas. Of these, eight immediately get knocked out:

1.
MsmqIntegrationBinding
2.
NetMsmqBinding
3.
NetNamedPipeBinding
4.
NetPeerTcpBinding
5.
NetTcpBinding
6.
WSDualHttpBinding
7.
WS2007FederationHttpBinding
8.
WSFederationHttpBinding

Then, any binding that contains one of these binding elements gets knocked out:

1.
AsymmetricSecurityBindingElement
2.
CompositeDuplexBindingElement
3.
MsmqTransportBindingElement
4.
MtomMessageEncodingBindingElement
5.
NamedPipeTransportBindingElement
6.
OneWayBindingElement
7.
PeerCustomResolverBindingElement
8.
PeerTransportBindingElement
9.
PnrpPeerResolverBindingElement
10.
ReliableSessionBindingElement
11.
SymmetricSecurityBindingElement
12.
TcpTransportBindingElement
13.
TransportSecurityBindingElement

That basically allows for the following standard bindings to operate: BasicHttpBinding, BasicHttpContextBinding, WebHttpBinding, WSHttpBinding, WSHttpContextBinding, and WS2007HttpBinding. The WSHttp bindings will be quite limited because many of their features are blocked by the binding element checks.

Now you can figure out all of the supported binding configurations if you still haven't read the partial trust feature compatibility guide.

Next time: Built In ServiceHost Validation Behaviors