Manual addressing with secure customBinding on WCF service

Question

I'm developing a web service for a WSDL defined externally. Access is done with HTTP/S (server and client certificates) and both the request and response are signed with the respective certificate. I have imported the WSDL in VS2010 with a service reference and added signing to the MessageContracts, set up the config file to do security and https and setup SSL on the port. I'm close to getting it working, but I need to enable manual addressing to insert a wsa:To element in the response, but can't figure out how to get that working.. Any help is appreciated.

Here's my current config section:

<bindings>
  <customBinding>
    <binding name="AfleverServiceSoapBinding_V1_1">
      <security defaultAlgorithmSuite="TripleDesRsa15"
                authenticationMode="MutualCertificateDuplex"
                requireDerivedKeys="false"
                securityHeaderLayout="Lax"
                includeTimestamp="true"
                keyEntropyMode="CombinedEntropy"
                messageProtectionOrder="EncryptBeforeSign"
                messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
                requireSignatureConfirmation="false"
                allowSerializedSigningTokenOnReply="true"
                enableUnsecuredResponse="False">
        <localClientSettings cacheCookies="true"
                             detectReplays="true"
                             replayCacheSize="900000"
                             maxClockSkew="00:05:00"
                             maxCookieCachingTime="10:00:00"
                             replayWindow="00:05:00"
                             sessionKeyRenewalInterval="10:00:00"
                             sessionKeyRolloverInterval="00:05:00"
                             reconnectTransportOnFailure="true"
                             timestampValidityDuration="00:05:00"
                             cookieRenewalThresholdPercentage="60"/>
        <localServiceSettings detectReplays="true"
                              issuedCookieLifetime="10:00:00"
                              maxStatefulNegotiations="128"
                              replayCacheSize="900000"
                              maxClockSkew="00:05:00"
                              negotiationTimeout="00:01:00"
                              replayWindow="00:05:00"
                              inactivityTimeout="00:02:00"
                              sessionKeyRenewalInterval="15:00:00"
                              sessionKeyRolloverInterval="00:05:00"
                              reconnectTransportOnFailure="true"
                              maxPendingSessions="128"
                              maxCachedCookies="1000"
                              timestampValidityDuration="00:05:00"/>
        <secureConversationBootstrap/>
      </security>
      <mtomMessageEncoding maxReadPoolSize="64"
                           maxWritePoolSize="16"
                           messageVersion="Soap11WSAddressing10"
                           maxBufferSize="65536"
                           writeEncoding="utf-8">
        <readerQuotas maxDepth="32"
                      maxStringContentLength="8192"
                      maxArrayLength="16384"
                      maxBytesPerRead="4096"
                      maxNameTableCharCount="16384" />
      </mtomMessageEncoding>
      <httpsTransport manualAddressing="false"
                      maxBufferPoolSize="524288"
                      maxReceivedMessageSize="65536"
                      allowCookies="false"
                      authenticationScheme="Anonymous"
                      bypassProxyOnLocal="false"
                      decompressionEnabled="true"
                      hostNameComparisonMode="StrongWildcard"
                      keepAliveEnabled="true"
                      maxBufferSize="65536"
                      proxyAuthenticationScheme="Anonymous"
                      realm=""
                      transferMode="Buffered"
                      unsafeConnectionNtlmAuthentication="false"
                      useDefaultWebProxy="true"
                      requireClientCertificate="true" />
    </binding>
  </customBinding>
</bindings>

Most of this was auto-generated.

I know I need to set the manualAddressing attribute on httpsTransport to true, but then I get an exception because this setup is in message-level security. Would anyone know how to switch to transport-level security whilst keeping the rest the same? Since this is a customBinding, the mode attribute on the security element is not available.

thnx a lot, Gait.

BTW, I know how to set the wsa:To in code, but it get's lost on the encode response unless I can move to manual addressing..

Answer 1

Check out the Nicholas Allen's Indigo Blog on Manual Addressing. Summary; not all of the transports support manual addressing. If the option is available on the transport there are 3 steps to make it work.

First, make sure that the transport that you're using supports some form of manual addressing. If not, then you're out of luck in terms of sending messages to different destinations without creating some new object on a per-destination basis. Second, turn on that manual addressing option to prevent the automatic application of addressing headers during message sends. Third, use whatever method you want to apply your own addressing headers to the outgoing message. If you're just making service calls on a proxy, then you'll want to use something like this:

OperationContext.Current.OutgoingMessageHeaders.To = this.replyTo.Uri;