WWSAPI to WCF interop 3: BasicHttpBinding with transport security

Transport security means the message integrity and confidentiality are provided at transport layer. For http transport, this means https. In WCF’s BasicHttpBinding, BasicHttpSecurityMode.Transport provides transport security. To use security in WWSAPI, you need to fill in a WS_SECURITY_DESCRIPTION structure. On the client side, you then pass this structure to WsCreateServiceProxy or WsCreateChannel. To use transport security with http binding, WS_SSL_TRANSPORT_SECURITY_BINDING needs to be specified in the WS_SECURITY_DESCRIPTION structure. The security binding structures in WWSAPI use a embedded structure to enable type inheritance (in fact, the embedded structure pattern is followed in all WWSAPI structures for type inheritance). The base structure for security binding is WS_SECURITY_BINDING, which has a type and a property bag. For a simple transport security over http scenario, no binding properties will be filled. If no client certificate is required, the code to fill in the WS_SECURITY_DESCRIPTION can be as simple as the following:

 

    // declare and initialize an SSL transport security binding

    WS_SSL_TRANSPORT_SECURITY_BINDING sslBinding = {}; // zero out the struct

    sslBinding.binding.bindingType = WS_SSL_TRANSPORT_SECURITY_BINDING_TYPE; // set the binding type

   

    // declare and initialize the array of all security bindings

    WS_SECURITY_BINDING* securityBindings[1] = { &sslBinding.binding };

   

    // declare and initialize the security description

    WS_SECURITY_DESCRIPTION securityDescription = {}; // zero out the struct

    securityDescription.securityBindings = securityBindings;

    securityDescription.securityBindingCount = WsCountOf(securityBindings);

 

Once the security description is ready, just pass it into WsCreateServiceProxy. Of course, you still need to set the channel properties to match the BasicHttpBinding’s SOAP version and addressing version (see my previous post).

    // Create the proxy

    hr = WsCreateServiceProxy(

            WS_CHANNEL_TYPE_REQUEST,

            WS_HTTP_CHANNEL_BINDING,

            (const WS_SECURITY_DESCRIPTION*)&securityDescription, // security description

            NULL, // proxy properties

            0, // proxy property count

            channelProperties, // channel properties

            channelPropertyCount, // channel property count

            &proxy,

            error);

 

Note: a BasicHttpBinding with transport security is created by new BasicHttpBinding(BasicHttpSecurityMode.Transport) in code or represented by the following binding element in config:

      <basicHttpBinding>

        <binding name="transportSecurity">

          <security mode="Transport">

          </security>

        </binding>

      </basicHttpBinding>