Browse by Tags

• Answers
• Channels
• Indigo
• Security
• Standard Bindings

• Context Channel Shapes

  What channels can be used in a context binding? The primary limitation for building a context binding is that the channel stack has to have the right shape. The context exchange protocol used by a context binding requires that the first invoked operation be a request-reply operation. This is so that the initial context can be established. In order to support a request-reply operation, the channel stack needs to support one of a particular set of shapes. There are currently five channel shapes allowed when using a context binding: IRequestChannel IRequestSessionChannel IReplyChannel IReplySessionChannel IDuplexSessionChannel The request and reply channel shapes are paired for the client and server so on any particular endpoint there are three valid channel shapes. Conditions are limited further if you want to use HTTP cookies as your context exchange mechanism rather than the default of SOAP headers. In that case it's no longer possible to use a duplex channel so you're limited to variations on the request-reply message exchange pattern. Next time: Manual Context Management Read More... Posted Monday, April 21, 2008 8:00 AM from Nicholas Allen's Indigo Blog | 0 Comments Filed under: Indigo, Bindings, Channels, Answers, Orcas

• Partial Trust Binding Black List

  Partial trust support in WCF is an Orcas feature that allows clients and services to be run in an environment with restricted permissions. WCF is part of a fully trusted installation, so by default partially trusted callers are not allowed to call into the assembly. However, there is a standard mechanism to change that, which is to mark the assembly with the AllowPartiallyTrustedCallers attribute. Once an assembly is marked, it is then the responsibility of that code to make sure that partially trusted callers can't do bad things through the exposed API of the fully-trusted assembly. To implement this restriction, one of the things that WCF does is limit the bindings that you can build using the out-of-the-box components (custom components would have to join into this same security model and do their own validation before they could be used). There are two rounds of checks, first to knock out the bindings that are not safe for partially trusted callers and then to knock out the binding elements. WCF ships with 15 bindings (plus custom binding) in the box for Orcas. Of these, eight immediately get knocked out: MsmqIntegrationBinding NetMsmqBinding NetNamedPipeBinding NetPeerTcpBinding NetTcpBinding WSDualHttpBinding WS2007FederationHttpBinding WSFederationHttpBinding Then, any binding that contains one of these binding elements gets knocked out: AsymmetricSecurityBindingElement CompositeDuplexBindingElement MsmqTransportBindingElement MtomMessageEncodingBindingElement NamedPipeTransportBindingElement OneWayBindingElement PeerCustomResolverBindingElement PeerTransportBindingElement PnrpPeerResolverBindingElement ReliableSessionBindingElement SymmetricSecurityBindingElement TcpTransportBindingElement TransportSecurityBindingElement That basically allows for the following standard bindings to operate: BasicHttpBinding, BasicHttpContextBinding, WebHttpBinding, WSHttpBinding, WSHttpContextBinding, and WS2007HttpBinding. The WSHttp bindings will be quite limited because many of their features are blocked by the binding element checks. Now you can figure out all of the supported binding configurations if you still haven't read the partial trust feature compatibility guide . Next time: Built In ServiceHost Validation Behaviors Read More... Posted Thursday, March 13, 2008 8:00 AM from Nicholas Allen's Indigo Blog | 0 Comments Filed under: Indigo, Bindings, Security, Standard Bindings, Orcas