Transport level Security in WCF
- When we say security at the transport layer, then the main concern is with the integrity, privacy and to certain extent authentication of the message as it travels along the wire.
- In WCF, the secure transports available for use are HTTP, TCP, IP and MSMQ.
- For a transport to be secured all the communication that takes place across the channel must be encrypted.
| In WCF Transport layer security is easiest to implement |
Advantage of using Transport security:
- Less chances of sniffing network.
- Less chances of Phishing network.
- Less chances of message alteration.
- Less chances of replay of message attack.
Regardless of the Binding used, Transport level security provides
- Authentication of the sender.
- Authentication of the service.
- Message integrity
- Message confidentiality.
- Replay of message detection.
Different Binding and Transport Layer Security
Transport layer security is directly related to binding. The type of transport security that is available depends on binding used.
basicHttpBinding
- The basicHttpBinding is the only built in binding that is not secure when configured using the default value.
- Security could be enabled on basicHttpBinding.
- When security is enabled in basicHttpBinding, it is interoperate with IIS security mechanism.
- Security for basicHttpBinding could be configured either in declaratively in code or in configuration.
Attributes of Transport channel
Values of attribute type
