79 lines
6.1 KiB
XML
79 lines
6.1 KiB
XML
<?xml version="1.0" encoding="utf-8"?>
|
|
<Type Name="SecureConversationServiceCredential" FullName="System.ServiceModel.Security.SecureConversationServiceCredential">
|
|
<TypeSignature Language="C#" Value="public sealed class SecureConversationServiceCredential" />
|
|
<TypeSignature Language="ILAsm" Value=".class public auto ansi sealed beforefieldinit SecureConversationServiceCredential extends System.Object" />
|
|
<AssemblyInfo>
|
|
<AssemblyName>System.ServiceModel</AssemblyName>
|
|
<AssemblyVersion>4.0.0.0</AssemblyVersion>
|
|
</AssemblyInfo>
|
|
<Base>
|
|
<BaseTypeName>System.Object</BaseTypeName>
|
|
</Base>
|
|
<Interfaces />
|
|
<Docs>
|
|
<remarks>
|
|
<attribution license="cc4" from="Microsoft" modified="false" />
|
|
<para>Secure conversations involve the exchange of multiple messages and use a Security Context Token (SCT) to ensure security. The SCT is shared among the communicating parties for the lifetime of a communications session. A service can issue two different kinds of SCTs:</para>
|
|
<list type="bullet">
|
|
<item>
|
|
<para>The first is a session-based SCT that contains a unique id. Messages carry only the id, and the service maintains a state-mapping cache that maps between the SCT ids and contents (such as claims, security keys, and so on). A well-behaved client must send an SCT cancellation to help the service optimize the cache resources. If you instantiate this class by calling <see cref="M:System.ServiceModel.Channels.SecurityBindingElement.CreateSecureConversationBindingElement(System.ServiceModel.Channels.SecurityBindingElement,System.Boolean)" /> with the <paramref name="requireCancellation" /> parameter equal to true, the SCT is issued in this manner.</para>
|
|
</item>
|
|
<item>
|
|
<para>The second is a self-contained SCT that resides in a cookie on the client. This SCT contains the entire state information, so requires neither state management from the service nor SCT cancellation from the client. This is sometimes called a "cookie-mode" SCT. Because the SCT contains the entire state information, its size is larger than in the session-based case. With session-based SCTs, the service stores much of the state information. However, because it is self-contained, it can be used across service lifetime and persists across service shutdown and restart.</para>
|
|
</item>
|
|
</list>
|
|
</remarks>
|
|
<summary>
|
|
<attribution license="cc4" from="Microsoft" modified="false" />
|
|
<para>Provides credential settings for a secure conversation service.</para>
|
|
</summary>
|
|
</Docs>
|
|
<Members>
|
|
<Member MemberName="SecurityContextClaimTypes">
|
|
<MemberSignature Language="C#" Value="public System.Collections.ObjectModel.Collection<Type> SecurityContextClaimTypes { get; }" />
|
|
<MemberSignature Language="ILAsm" Value=".property instance class System.Collections.ObjectModel.Collection`1<class System.Type> SecurityContextClaimTypes" />
|
|
<MemberType>Property</MemberType>
|
|
<AssemblyInfo>
|
|
<AssemblyVersion>4.0.0.0</AssemblyVersion>
|
|
</AssemblyInfo>
|
|
<ReturnValue>
|
|
<ReturnType>System.Collections.ObjectModel.Collection<System.Type></ReturnType>
|
|
</ReturnValue>
|
|
<Docs>
|
|
<value>To be added.</value>
|
|
<remarks>
|
|
<attribution license="cc4" from="Microsoft" modified="false" />
|
|
<para>To serialize claims into SCT cookies, indigo1 uses <see cref="T:System.Runtime.Serialization.DataContractSerializer" /> as the default. Because the Claim resource is extensible, indigo2 allows you to provide a list of known resource types. This assists the <see cref="T:System.Runtime.Serialization.DataContractSerializer" /> during deserialization of the claims in the cookie so that it can return the original strongly-typed objects.</para>
|
|
</remarks>
|
|
<summary>
|
|
<attribution license="cc4" from="Microsoft" modified="false" />
|
|
<para>Gets a collection of the <see cref="T:System.Type" /> claims for cookie serialization. </para>
|
|
</summary>
|
|
</Docs>
|
|
</Member>
|
|
<Member MemberName="SecurityStateEncoder">
|
|
<MemberSignature Language="C#" Value="public System.ServiceModel.Security.SecurityStateEncoder SecurityStateEncoder { get; set; }" />
|
|
<MemberSignature Language="ILAsm" Value=".property instance class System.ServiceModel.Security.SecurityStateEncoder SecurityStateEncoder" />
|
|
<MemberType>Property</MemberType>
|
|
<AssemblyInfo>
|
|
<AssemblyVersion>4.0.0.0</AssemblyVersion>
|
|
</AssemblyInfo>
|
|
<ReturnValue>
|
|
<ReturnType>System.ServiceModel.Security.SecurityStateEncoder</ReturnType>
|
|
</ReturnValue>
|
|
<Docs>
|
|
<value>To be added.</value>
|
|
<remarks>
|
|
<attribution license="cc4" from="Microsoft" modified="false" />
|
|
<para>In "cookie mode", a service issues the client a security context token (SCT) in the form of a cookie to the client so that it does not have to maintain any security state. The client sends the cookie back in the request message so that the service knows how to unprotect and verify the request message. Because the SCT is often transmitted over a non-secure network, it must be protected. </para>
|
|
<para>By default, indigo1 uses the <see cref="T:System.ServiceModel.Security.DataProtectionSecurityStateEncoder" /> class to protect the cookie using the Data Protection API (DPAPI). For DPAPI to work in a Web farm environment, all the backend services must run as the same domain user account. In other words, if the service is Web hosted, then the Internet Information Services (IIS) worker process must be configured to run as a domain user.</para>
|
|
<para>This property enables you to use a customized <see cref="T:System.ServiceModel.Security.SecurityStateEncoder" /> to encrypt and decrypt the cookie and not depend on DPAPI. </para>
|
|
</remarks>
|
|
<summary>
|
|
<attribution license="cc4" from="Microsoft" modified="false" />
|
|
<para>Gets or sets a customized <see cref="T:System.ServiceModel.Security.SecurityStateEncoder" /> for encoding and decoding cookie serialization. </para>
|
|
</summary>
|
|
</Docs>
|
|
</Member>
|
|
</Members>
|
|
</Type> |