Last post May 14, 2014 06:55 AM by Fuxiang Zhang - MSFT
May 12, 2014 01:30 PM|mou_inn|LINK
i am new in wcf. i read msdn link for wcf securty for message level or transport level but unfortunately there was very small info regarding those security.
basically i am not being able to visualize how service will be secured when anyone select transport level security or message level security. i want to visualize how security works for the both.
so please discuss in detail what happen when user select transport level security and as well as message level security?
i got a small snippet for how to setup message level security as follows
<binding name="ServicesBindings" receiveTimeout="00:00:30">
1) how many type of mode is possible want to know ?
2) how many option is available for clientCredentialType ?
looking for guidance. thanks
May 14, 2014 06:55 AM|Fuxiang Zhang - MSFT|LINK
Thanks for the post.
As known that, transfer level is based on potocol and message level is based on data message. like below statement.
Transport level security happens at the channel level. Transport level security is the easiest to implement as it happens at the communication level.
WCF uses transport protocols like TCP, HTTP, MSMQ etc and every of these protocols have their own security mechanisms.
Message level security is implemented with message data itself. Due to this it is independent of the protocol. Some of the common ways of implementing
message level security is by encrypting data using some standard encryption algorithm.
As for the wsHttpBinding you mentioned above, it supports "None", "Transport", "Message", "Mixed" and not supports "Both", "TransportCredential".
wsHttpBinding with Transport model supports client validate "None", "Basic", "Digest", "Windows", "Ntlm", "Certificate".
wsHttpBinding with Message model supports client validate "None", "User Name", "Issue-Token", "Windows", "Certificate".
Hope that helps, thanks.