R – Configure WCF Client to Use Web Services Security Kerberos Token Profile 1.1

clientkerberosSecuritywcf

Morning,

Does anyone know how to configure WCF (any binding type, we are currently using WSHttpBinding but am happy to move to a CustomBinding or alternative if necessary) to use

Web Services Security Kerberos Token Profile 1.1

the details of which can be found here:

http://www.oasis-open.org/committees/download.php/16788/wss-v1.1-spec-os-KerberosTokenProfile.pdf

In particular I would like to know how to include the Security BinarySecurityToken and the SecurityTokenReference sections in the SOAP header. Example (taken from the above document)below:

<S11:Envelope xmlns:S11="..." xmlns:wsse="..." xmlns:wsu="...">
  <S11:Header>
    <wsse:Security>
      <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss225 kerberos-token-profile-1.1#Kerberosv5_AP_REQ" wsu:Id="MyToken">
        boIBxDCCAcCgAwIBBaEDAgEOogcD...
      </wsse:BinarySecurityToken>
      ...
      <wsse:SecurityTokenReference>
        <wsse:Reference URI="#MyToken" ValueType="http://docs.oasis-open.org/wss/oasis-wss-kerberos-token232 profile-1.1#Kerberosv5_AP_REQ" >
        </wsse:Reference>
      </wsse:SecurityTokenReference>
      ...
    </wsse:Security>
  </S11:Header>
  <S11:Body>
  ...
  </S11:Body>
</S11:Envelope>

Thanks in advance, Paul.

Best Answer

Straight from the MSDN documentation:

<wsHttpBinding>
    <binding name="MyBinding">
        <security mode="Message>
            <message   
                clientCredentialType="Windows"
                negotiateServiceCredential="false"
                establishSecurityContext="false"/>
        </security>
    </binding>
</wsHttpBinding>
Related Topic