This article will give a very brief introduction of transport level security in WCF
- When we say security at the transport layer, then the main concern is with the integrity, privacy and to certain extent authentication of the message as it travels along the wire.
- In WCF, the secure transports available for use are HTTP, TCP, IP and MSMQ.
- For a transport to be secured all the communication that takes place across the channel must be encrypted.
Advantage of using Transport security:
|In WCF Transport layer security is easiest to implement |
Regardless of the Binding used, Transport level security provides
- Less chances of sniffing network.
- Less chances of Phishing network.
- Less chances of message alteration.
- Less chances of replay of message attack.
Different Binding and Transport Layer Security
- Authentication of the sender.
- Authentication of the service.
- Message integrity
- Message confidentiality.
- Replay of message detection.
Transport layer security is directly related to binding. The type of transport security that is available depends on binding used.basicHttpBinding
Attributes of Transport channel Values of attribute type Conclusion:
- The basicHttpBinding is the only built in binding that is not secure when configured using the default value.
- Security could be enabled on basicHttpBinding.
- When security is enabled in basicHttpBinding, it is interoperate with IIS security mechanism.
- Security for basicHttpBinding could be configured either in declaratively in code or in configuration.
I discussed in very brief Transport level security in WCF.