- Microsoft Windows Communication Foundation 4.0 Cookbook for Developing SOA Applications
- Steven Cheng
- 365字
- 2021-04-13 17:04:05
For WCF bindings that use message-layer security, a timestamp header will be added in the SOAP envelope to ensure the timely delivery of the message so as to prevent a potential message-replaying attach. However, some non-WCF service platforms may not expose this header. When working with this kind of service client or service, we will need to prevent the WCF message engine from generating the timestamp header.
Using WSHttpBinding as an example, we can create a customized binding that derives most of the setting of the built-in WSHttpBinding (but suppresses the timestamp header generation).
The following code snippet demonstrates how to create the CustomBinding and configure the certain binding element to disable timestamp header generation.
private static Binding GetCustomHttpBinding()
{
WSHttpBinding wshttp = new WSHttpBinding();
var bec = wshttp.CreateBindingElements();
SecurityBindingElement secbe = bec.Find<SecurityBindingElement>();
// Not to include Timestamp header
secbe.IncludeTimestamp = false;
// Suppress the message relay detection
secbe.LocalServiceSettings.DetectReplays = false;
secbe.LocalClientSettings.DetectReplays = false;
CustomBinding cb = new CustomBinding(bec);
return cb;
}
The code first locates the SecurityBindingElement instance from the default element collection of wsHttpBinding. It then sets the IncludeTimestamp property to false. Also, it is necessary to turn off the DetectReplays property on the LocalServiceSettings and LocalClientSettings members.
Finally, we can apply this CustomBinding to any endpoint that needs to suppress the timestamp header.
Since the timestamp header is a security feature that performs a message-replaying check, the WCF programming model exposes this setting through the SecurityBindingElement type. However, only setting the SecurityBindingElement.IncludeTimestamp to false is not enough, because this only helps remove the timestamp header; the runtime will still perform replay detection on incoming/outgoing messages. Therefore, we also need to turn off the DetectReplays property on LocalServiceSettings and LocalClientSettings collection.
By comparing the underlying SOAP messages, we can find the obvious difference in the SoapHeader section before and after we disable the timestamp header generation. The next screenshot is a SOAP message captured before removing the timestamp header:
The following screenshot is for a SOAP message captured after removing the timestamp header:
- Moodle 2.0 E/Learning Course Development
- 自己動手寫分布式搜索引擎
- Moodle 1.9 for Teaching 7/14 Year Olds: Beginner's Guide
- Blender 3D Architecture, Buildings, and Scenery
- Cinema 4D電商美工與視覺設計案例教程(培訓教材版)
- ADOBE FLASH PROFESSIONAL CS6 標準培訓教材
- Photoshop+Adobe Camera Raw+Lightroom(攝影后期照片潤飾實戰)
- PHP應用開發與實踐
- Jetpack Compose:Android全新UI編程
- Photoshop網店美工實例教程(第2版 全彩微課版)
- 邊做邊學:Photoshop CS6數碼藝術照片后期處理教程
- Building Websites with PHP/Nuke
- 中文版AutoCAD 2022從入門到精通
- Photoshop新媒體美工設計(視頻指導版)
- EJB 3.1 Cookbook