If you need to support intermediaries and a variety of transports between client and service, use message security to protect credentials

J.D. Meier, Jason Taylor, Prashant Bansode, Carlos Farre, Madhu Sundararajan, Steve Gregersen.

Use message security in scenarios where there may be intermediaries inspecting the message before the final delivery. You can protect your messages by using message security which encrypt and sign your messages. By encrypting your messages you protect your sensitive data from being stolen, and by signing your messages you protect the client and service from spoofing and man-in-the-middle attacks by protecting message integrity.

The following configuration snippet shows how to use Message security to protect the credentials when using netTcpBinding:
<wsHttpBinding>
  <binding name="MessageAndUserName">
    <security mode="Message">
      <message clientCredentialType="UserName" algorithmSuite="Default" />
    </security>
  </binding>
</wsHttpBinding>

Last edited Apr 16, 2008 at 11:36 PM by prashantbansode, version 1

Comments

No comments yet.