WWSAPI to WCF interop 3: BasicHttpBinding with transport security


Transport security means the message integrity and confidentiality are provided at transport layer. For http transport, this means https. In WCF’s BasicHttpBinding, BasicHttpSecurityMode.Transport provides transport security. To use security in WWSAPI, you need to fill in a WS_SECURITY_DESCRIPTION structure. On the client side, you then pass this structure to WsCreateServiceProxy or WsCreateChannel. To use transport security with http binding, WS_SSL_TRANSPORT_SECURITY_BINDING needs to be specified in the WS_SECURITY_DESCRIPTION structure. The security binding structures in WWSAPI use a embedded structure to enable type inheritance (in fact, the embedded structure pattern is followed in all WWSAPI structures for type inheritance). The base structure for security binding is WS_SECURITY_BINDING, which has a type and a property bag. For a simple transport security over http scenario, no binding properties will be filled. If no client certificate is required, the code to fill in the WS_SECURITY_DESCRIPTION can be as simple as the following:


 


    // declare and initialize an SSL transport security binding


    WS_SSL_TRANSPORT_SECURITY_BINDING sslBinding = {}; // zero out the struct


    sslBinding.binding.bindingType = WS_SSL_TRANSPORT_SECURITY_BINDING_TYPE; // set the binding type


   


    // declare and initialize the array of all security bindings


    WS_SECURITY_BINDING* securityBindings[1] = { &sslBinding.binding };


   


    // declare and initialize the security description


    WS_SECURITY_DESCRIPTION securityDescription = {}; // zero out the struct


    securityDescription.securityBindings = securityBindings;


    securityDescription.securityBindingCount = WsCountOf(securityBindings);


 


Once the security description is ready, just pass it into WsCreateServiceProxy. Of course, you still need to set the channel properties to match the BasicHttpBinding’s SOAP version and addressing version (see my previous post).


 


    // Create the proxy


    hr = WsCreateServiceProxy(


            WS_CHANNEL_TYPE_REQUEST,


            WS_HTTP_CHANNEL_BINDING,


            (const WS_SECURITY_DESCRIPTION*)&securityDescription, // security description


            NULL, // proxy properties


            0, // proxy property count


            channelProperties, // channel properties


            channelPropertyCount, // channel property count


            &proxy,


            error);


 


Note: a BasicHttpBinding with transport security is created by new BasicHttpBinding(BasicHttpSecurityMode.Transport) in code or represented by the following binding element in config:


      <basicHttpBinding>


        <binding name=transportSecurity>


          <security mode=Transport>


          </security>


        </binding>


      </basicHttpBinding>

Comments (4)

  1. If you have questions about interoperability between Windows Communication Foundation (WCF) and Windows

  2. WWSAPI doesn’t support full message mode security (where security negotiation happens at SOAP message

  3. Below you may links to resources available for connecting C/C++ code and Web Services using Windows Web