Publish your metadata over HTTPS to protect your clients from proxy spoofing

J.D. Meier, Jason Taylor, Prashant Bansode, Carlos Farre, Madhu Sundararajan, Steve Gregersen.

Publish your service metadata over HTTPS to protect clients from being spoofed when adding a service reference. If you expose your service metadata over HTTP clients cannot be certain they have added a reference to the right service, the service may have been spoofed through DNS poisoning or a man in the middle attack.
To publish your service metadata over HTTPS use the mexHttpsBinding and configure a server certificate for the service.

Last edited Apr 16, 2008 at 11:53 PM by prashantbansode, version 1

Comments

No comments yet.