Introduction
In Windows Communication Foundation, we can configure to use security at
different levels
1. Transport Level security means providing security at the
transport layer itself. When dealing with security at Transport level, we are
concerned about integrity, privacy and authentication of message as it travels
along the physical wire. It depends on the binding being used that how WCF makes
it secure because most of the bindings have built-in security.
Code
<netTcpBinding>
<binding
name="netTcpTransportBinding">
<security
mode="Transport">
<Transport
clientCredentialType="Windows"
/>
</security>
</binding>
</netTcpBinding>
2. Message Level Security For Tranport level security, we actually ensure
the transport that is being used should be secured but in message level
security, we actually secure the message. We encrypt the message before
transporting it.
Code
<wsHttpBinding>
<binding
name="wsHttpMessageBinding">
<security
mode="Message">
<Message
clientCredentialType="UserName"
/>
</security>
</binding>
</wsHttpBinding>
It totally depends upon the requirements but we can use a mixed security mode
also as follows:
Code
<basicHttpBinding>
<binding
name="basicHttp">
<security
mode="TransportWithMessageCredential">
<Transport
/>
<Message
clientCredentialType="UserName"
/>
</security>
</binding>
</basicHttpBinding>