Share via

<message> element of netTcpBinding

  • Article

Defines the settings for message-level security of the <netTcpBinding>.

<system.serviceModel>

  <binding>

    <netTcpBinding>

      <binding>

        <security> of <netTcpBinding>

          <message> element of netTcpBinding

                                    
                                    <netTcpBinding>
                                
                                    
                                     <binding>
                                
                                    
                                      <security 
                                
                                    
                                           mode="None/Transport/Message/TransportWithMessageCredential">
                                
                                    
                                       <message 
                                
                                    
                                      clientCredentialType="None/Windows/UserName/Certificate/IssuedToken"
                                
                                    
                                        defaultProtectionLevel="none/sign/EncryptAndSign" 
                                
                                    
                                        algorithmSuite = Enumeration. See algorithmSuite below />
                                
                                    
                                       </security>
                                
                                    
                                     </binding>
                                
                                    
                                    </netTcpBinding>

Attributes and Elements

The following sections describe attributes, child elements, and parent elements

Attributes

Attribute Description

algorithmSuite

Sets the message encryption and key-wrap algorithms. The algorithms and the key sizes are determined by the SecurityAlgorithmSuite class. These algorithms map to those specified in the Security Policy Language (WS-SecurityPolicy) specification.

Possible values are shown below. The default value is Basic256.

clientCredentialType

Specifies the type of credential to be used when performing client authentication using Message-based security. Possible values are shown below. The default value is UserName. This attribute is of type MessageCredentialType.

algorithmSuite Attribute

Value Description

Basic128

Use Aes128 encryption, Sha1 for message digest, and Rsa-oaep-mgf1p for key wrap.

Basic192

Use Aes192 encryption, Sha1 for message digest, Rsa-oaep-mgf1p for key wrap.

Basic256

Use Aes256 encryption, Sha1 for message digest, Rsa-oaep-mgf1p for key wrap.

Basic256Rsa15

Use Aes256 for message encryption, Sha1 for message digest and Rsa15 for key wrap.

Basic192Rsa15

Use Aes192 for message encryption, Sha1 for message digest and Rsa15 for key wrap.

TripleDes

Use TripleDes encryption, , Sha1 for message digest, Rsa-oaep-mgf1p for key wrap.

Basic128Rsa15

Use Aes128 for message encryption, Sha1 for message digest and Rsa15 for key wrap.

TripleDesRsa15

Use TripleDes encryption, Sha1 for message digest and Rsa15 for key wrap.

Basic128Sha256

Use Aes256 for message encryption, Sha256 for message digest and Rsa-oaep-mgf1p for key wrap.

Basic192Sha256

Use Aes192 for message encryption, Sha256 for message digest and Rsa-oaep-mgf1p for key wrap.

Basic256Sha256

Use Aes256 for message encryption, Sha256 for message digest and Rsa-oaep-mgf1p for key wrap.

TripleDesSha256

Use TripleDes for message encryption, Sha256 for message digest and Rsa-oaep-mgf1p for key wrap.

Basic128Sha256Rsa15

Use Aes128 for message encryption, Sha256 for message digest and Rsa15 for key wrap.

Basic192Sha256Rsa15

Use Aes192 for message encryption, Sha256 for message digest and Rsa15 for key wrap.

Basic256Sha256Rsa15

Use Aes256 for message encryption, Sha256 for message digest and Rsa15 for key wrap.

TripleDesSha256Rsa15

Use TripleDes for message encryption, Sha256 for message digest and Rsa15 for key wrap.

clientCredentialType Attribute

Value Description

None

This allows the service to interact with anonymous clients. On the service side, this indicates that the service does not require any client credential. On the client, this indicates that the client does not provide any client credential.

Windows

Allows the SOAP exchanges to be under the authenticated context of a Windows credential. If the negotiateServiceCredential attribute is set to true, this either performs an SSPI Negotiation or Kerberos (an interoperable standard).

UserName

Allows the service to require that the client be authenticated using a UserName credential. WCF does not support sending a password digest or deriving keys using password and using such keys for message security. As such, WCF enforces that the transport is secured when using UserName credentials. This credential mode results in either an interoperable exchange or a non-interoperable negotiation based on the negotiateServiceCredential attribute.

Certificate

Allows the service to require that the client be authenticated using a certificate. If message security mode is used and the negotiateServiceCredential attribute is set to false, the client needs to be provisioned with the service certificate.

IssuedToken

Specifies a custom token, usually issued by a Security Token Service.

Child Elements

None

Parent Elements

Element Description

<security> of <netTcpBinding>

Defines the security capabilities for the NetTcpBindingElement.

See Also

Reference

MessageSecurityOverTcp

Other Resources

Selecting a Credential Type

Footer image

Send comments about this topic to Microsoft.
© Microsoft Corporation. All rights reserved.