Transport level Security in WCF



Objective:

This article will give a very brief introduction of transport level security in WCF

  1. When we say security at the transport layer, then the main concern is with the integrity, privacy and to certain extent authentication of the message as it travels along the wire.
  2. In WCF, the secure transports available for use are HTTP, TCP, IP and MSMQ.
  3. For a transport to be secured all the communication that takes place across the channel must be encrypted.

1.gif

2.gif
In WCF Transport layer security is easiest to implement

Advantage of using Transport security:
  • Less chances of sniffing network.
  • Less chances of Phishing network.
  • Less chances of message alteration.
  • Less chances of replay of message attack.

Regardless of the Binding used, Transport level security provides
  • Authentication of the sender.
  • Authentication of the service.
  • Message integrity
  • Message confidentiality.
  • Replay of message detection.

Different Binding and Transport Layer Security

Transport layer security is directly related to binding. The type of transport security that is available depends on binding used.

basicHttpBinding
  1. The basicHttpBinding is the only built in binding that is not secure when configured using the default value.
  2. Security could be enabled on basicHttpBinding.
  3. When security is enabled in basicHttpBinding, it is interoperate with IIS security mechanism.
  4. Security for basicHttpBinding could be configured either in declaratively in code or in configuration.

Attributes of Transport channel

3.gif

Values of attribute type

4.gif

Conclusion:

I discussed in very brief Transport level security in WCF. 

Up Next
    Ebook Download
    View all
    Learn
    View all