使用TransportWithMessageCredential安全模式在wsHttpBinding中配置MaxClockSkew

Question

I have the following configuration for my service that is working fine. The problem appears when i need to change the value of MaxClockSkew in wsHttpBinding with TransportWithMessageCredential security mode.

How can I change the MaxClockSkew value in this configuration?

<system.serviceModel>
    <bindings>
      <wsHttpBinding>
        <binding name="HttpsService_wsHttpBinding" closeTimeout="01:10:00"
          openTimeout="01:10:00" receiveTimeout="Infinite" sendTimeout="Infinite"
          maxBufferPoolSize="999999999" maxReceivedMessageSize="99999999">
          <readerQuotas maxDepth="999999999" maxStringContentLength="999999999"
            maxArrayLength="999999999" maxBytesPerRead="999999999" maxNameTableCharCount="999999999" />
          <reliableSession inactivityTimeout="Infinite" enabled="true" />
          <security mode="TransportWithMessageCredential">
            <message clientCredentialType="UserName" />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <services>
      <service name="WcfServiceApp.Service1">
        <endpoint address="" binding="wsHttpBinding" bindingConfiguration="HttpsService_wsHttpBinding"
          name="wsHttpEndPoint" contract="CommonTypes.IService" />
      </service>
    </services>
    <behaviors>
      <serviceBehaviors>
        <behavior name="">
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="true" />
          <serviceCredentials>
            <userNameAuthentication userNamePasswordValidationMode="Custom"
              customUserNamePasswordValidatorType="CommonTypes.CustomValidator, CommonTypes" />
          </serviceCredentials>
          <dataContractSerializer maxItemsInObjectGraph="2147483646" />
          <bufferedReceive maxPendingMessagesPerChannel="2147483647" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <protocolMapping>
      <add binding="basicHttpsBinding" scheme="https" />
    </protocolMapping>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
    <diagnostics wmiProviderEnabled="true">
      <messageLogging
           logEntireMessage="true"
           logMalformedMessages="true"
           logMessagesAtServiceLevel="true"
           logMessagesAtTransportLevel="true"
           maxMessagesToLog="3000"
       />
    </diagnostics>
  </system.serviceModel>

Answer 1

Based on the information in this post , it appears you can't change the maxClockSkew property on a standard (ie, WCF-provided) binding, you need to use a custom binding. Something like this:

<system.serviceModel>
  <bindings>
    <customBinding>
      <binding name="HttpsService_wsHttpBinding" 
               closeTimeout="01:10:00"
               openTimeout="01:10:00" 
               receiveTimeout="Infinite" 
               sendTimeout="Infinite">
        <reliableSession inactivityTimeout="Infinite" 
                         enabled="true" />
        <security authenticationMode="SecureConversation">
          <secureConversationBootstrap authenticationMode="UserNameOverTransport" />
          <localServiceSettings maxClockSkew="00:30:00" />
        </security>
        <textMessageEncoding messageVersion="soap12">
          <readerQuotas maxDepth="999999999" 
                        maxStringContentLength="999999999"
                        maxArrayLength="999999999" 
                        maxBytesPerRead="999999999"
                        maxNameTableCharCount="999999999" />
        </textMessageEncoding> 
        <httpsTransport maxBufferPoolSize="999999999"
                        maxReceivedMessageSize="99999999" />
      </binding>
    <customBinding>
  </bindings>
</system.serviceModel>

Note that the clock skew is set in the <security> section with the <localServiceSettings> element's attribute maxClockSkew (in this example, 30 minutes). Custom bindings can be a little intimidating and/or confusing at first, but careful examination of the above example and using MSDN will be helpful.

CustomBindings is a good place to start, and note that the article indicates a specific order for the elements.

For an overview of the config section elements and attributes, you can look here: <customBinding> .

You will also need to set the maxClockSkew property on the client's custom binding to the same value as the service, I believe.