Objective

 This article will give a very brief introduction of transport level security in WCF

  1. When we say security at the transport layer, then the main concern is with the integrity, privacy and to certain extent authentication of the message as it travels along the wire. 
  2. In WCF, the secure transports available for use are HTTP, TCP, IP and MSMQ. 
  3. For a transport to be secured all the communication that takes place across the channel must be encrypted.

     

Advantage of using Transport security:

  • Less chances of sniffing network.
  • Less chances of Phishing network.
  • Less chances of message alteration.
  • Less chances of replay of message attack.

Regardless of the Binding used, Transport level security provides

  • Authentication of the sender.
  • Authentication of the service.
  • Message integrity
  • Message confidentiality.
  • Replay of message detection.

Different Binding and Transport Layer Security

Transport layer security is directly related to binding. The type of transport security that is available depends on binding used.

basicHttpBinding

  1. The basicHttpBinding is the only built in binding that is not secure when configured using the default value.
  2. Security could be enabled on basicHttpBinding.
  3. When security is enabled in basicHttpBinding, it is interoperate with IIS security mechanism.
  4. Security for basicHttpBinding could be configured either in declaratively in code or in configuration. 

Attributes of Transport channel

Values of attribute type

Conclusion

I discussed in very brief Transport level security in WCF

Advertisements

2 thoughts on “Transport level Security in WCF

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s