- Microsoft Windows Communication Foundation 4.0 Cookbook for Developing SOA Applications
- Steven Cheng
- 365字
- 2021-04-13 17:04:05
For WCF bindings that use message-layer security, a timestamp header will be added in the SOAP envelope to ensure the timely delivery of the message so as to prevent a potential message-replaying attach. However, some non-WCF service platforms may not expose this header. When working with this kind of service client or service, we will need to prevent the WCF message engine from generating the timestamp header.
Using WSHttpBinding as an example, we can create a customized binding that derives most of the setting of the built-in WSHttpBinding (but suppresses the timestamp header generation).
The following code snippet demonstrates how to create the CustomBinding and configure the certain binding element to disable timestamp header generation.
private static Binding GetCustomHttpBinding()
{
WSHttpBinding wshttp = new WSHttpBinding();
var bec = wshttp.CreateBindingElements();
SecurityBindingElement secbe = bec.Find<SecurityBindingElement>();
// Not to include Timestamp header
secbe.IncludeTimestamp = false;
// Suppress the message relay detection
secbe.LocalServiceSettings.DetectReplays = false;
secbe.LocalClientSettings.DetectReplays = false;
CustomBinding cb = new CustomBinding(bec);
return cb;
}
The code first locates the SecurityBindingElement instance from the default element collection of wsHttpBinding. It then sets the IncludeTimestamp property to false. Also, it is necessary to turn off the DetectReplays property on the LocalServiceSettings and LocalClientSettings members.
Finally, we can apply this CustomBinding to any endpoint that needs to suppress the timestamp header.
Since the timestamp header is a security feature that performs a message-replaying check, the WCF programming model exposes this setting through the SecurityBindingElement type. However, only setting the SecurityBindingElement.IncludeTimestamp to false is not enough, because this only helps remove the timestamp header; the runtime will still perform replay detection on incoming/outgoing messages. Therefore, we also need to turn off the DetectReplays property on LocalServiceSettings and LocalClientSettings collection.
By comparing the underlying SOAP messages, we can find the obvious difference in the SoapHeader section before and after we disable the timestamp header generation. The next screenshot is a SOAP message captured before removing the timestamp header:
The following screenshot is for a SOAP message captured after removing the timestamp header:
- Photoshop CC 網(wǎng)店視覺設(shè)計(jì)
- 從零開始:AutoCAD 2015中文版機(jī)械制圖基礎(chǔ)培訓(xùn)教程
- Oracle SOA Suite Developer's Guide
- UG NX 8.0基礎(chǔ)與實(shí)例教程
- 中文版Premiere影視編輯課堂實(shí)錄
- VSTO 3.0 for Office 2007 Programming
- PPT 2016幻燈片設(shè)計(jì)與制作從入門到精通
- CakePHP 1.3 Application Development Cookbook
- RESTful PHP Web Services
- 新編AutoCAD 2016從入門到精通
- 無(wú)師自通AutoCAD 2014中文版機(jī)械設(shè)計(jì)
- UG NX 12.0中文版從入門到精通
- 中文版CINEMA 4D R20 實(shí)用教程
- 中文版Photoshop CS5平面設(shè)計(jì)實(shí)用教程(第2版)
- 和秋葉一起學(xué):秒懂Photoshop后期修圖