Changing MessageProtectionOrder for Built-in bindings
MessageProtectionOrder enumeration defines the order of encryption and signing for the SOAP messages. WCF could be configured to first sign messages and then encrypt or other way around.
All the built-in bindings (basicHttpBinding, wsHttpBinding etc) uses a default protection order and won't let you change it. The only way to change the protection order is to use a custom binding(<message> element). However you might end up in a situation where you have configured all sorts of settings on a built-in binding and now you want to alter the protection order (or any other setting not directly exposed through the built-in binding). Following steps and code snipped shows how to create a custom binding to override a property value while still retaining the original settings of the binding/elements.
· Ask the configured binding to create all the binding elements for you (as configured in config file).
· Find the required BindingElement, which exposing the property you need to change (AsymmetricSecurityBindingElement in this case).
· Overwrite the current value with your desired value. You could also pick the actual value from the config file.
· Now create a CustomBinding object and copy updated binding element collection into this new object.
· Set the custom binding as new binding for the endpoint.
BindingElementCollection col = fac.Endpoint.Binding.CreateBindingElements();
AsymmetricSecurityBindingElement asbe = col.Find<AsymmetricSecurityBindingElement>();
asbe.MessageProtectionOrder = MessageProtectionOrder.EncryptBeforeSign;
fac.Endpoint.Binding = new CustomBinding(col);
Note: You have the flexibility to make the change on a per endpoint basis rather for the whole binding; it all depends on your requirements.
In the next post, I will talk about ProtectionLevel attribute and how to make it config enabled.
Stay tuned...