If you need to support intermediaries and a variety of transports between client and service, use message security to protect credentials
Jason Taylor, Prashant Bansode, Carlos Farre, Madhu Sundararajan, Steve Gregersen
Use message security in scenarios where there may be intermediaries inspecting the message before the final delivery. You can protect your messages by using message security which encrypt and sign your messages. By encrypting your messages you protect your
sensitive data from being stolen, and by signing your messages you protect the client and service from spoofing and man-in-the-middle attacks by protecting message integrity.
The following configuration snippet shows how to use Message security to protect the credentials when using netTcpBinding:
<message clientCredentialType="UserName" algorithmSuite="Default" />