Last post Oct 31, 2012 04:58 AM by Haixia Xie - MSFT
Oct 29, 2012 01:19 PM|mou_inn|LINK
I have read in Training Kit of MS -WCF that all the bindings by default provide network security that is developer has to do nothing for implementing security.
I have one query over this :- I have used netTcpBinding and i send various objects from client to server. When sending objects we send a special guid in one of the properties of object which we again verify at Server before processing the request.
I will like to know what all vulnerabilities are involved, if do not do anything explicitly for Security, that is no transport level security is applied.
One more point we are using NetTcpBinding at Internet.
Oct 31, 2012 04:58 AM|Haixia Xie - MSFT|LINK
WCF security programming based on three steps, selecting Safe Mode, the
type of client credentialsand
the credentials value. WCF communication
securityare divided into two parts, message level and transport level.
There are four
secutiry mode you can choose, None, Transport, Message and TransportWithMessageCredential. Here list the
client credentials can be used by a binding in transport security mode.
More information on Common Security Scenarios, you can find here.
If this cannot help you, please elaborate your question more clearly. Thanks.