| Transfer Security Mode in WCF
There are three aspects to transfer security when we talk about client server secured communication. Below are the name of these 3:-
(1)Message Integrity:- It will check message used in communication is not tampered by any malicious user.
(2)Message Privacy:-It will chck the confidentiality of the message that it should not be read by malicious user.
(3)Transfer Security:-It will check that only authenticate user can read the message in communication.
Now comes to modes of different modes of transfer security for above three aspects are given below. There are five different modes define below:-
(1)No transfer security mode
(2)Transport security mode
(3)Message security mode
(4)Mixed transfer security mode
(5)Both security modes
(1)No transfer security mode:- Here we cannot apply any security while doing communcation between server and client
< wsHttpBinding >
< binding name="WCFSecurityEx">
< security mode="None"/>
< /binding>
< /wsHttpBinding>
(2)Transfer security mode:-Here WCF uses secured communication protocol and these secure transports are HTTPS, TCP, IPC and MSMQ. It will encrypts all communcation on the channel and provides integrity, mutual authentication and privacy. It will provides point-to-point security.
One of the drawback is that will will secure only at channel level. Message inside the channel will not get secured.
And it is used in intranet application.
< wsHttpBinding >
< binding name="WCFSecurityEx">
< security mode="Transport"/>
< /binding>
< /wsHttpBinding>
(3)Message security mode:-Here message will get encrypted. Encrypting the message rather than transport enables the service to communicate securely over non secure transport such as HTTP. It provides end-to-end security.
And one of its disadvantage is thet it may introduce call latency due to its inherent overhead.
It is also used in internet application.
< wsHttpBinding >
< binding name="WCFSecurityEx">
< security mode="Message"/>
< /binding>
< /wsHttpBinding>
(4)Mixed transfer security mode:-Here we use transport security for message privacy, integrity and service authentication and use Message security for securing client credential.
One of disadvantage of this is thet it will secure only point-to-point as nautre of Transport security.
< wsHttpBinding >
< binding name="WCFSecurityEx">
< security mode="TransportWithMessageCredential"/>
< /binding>
< /wsHttpBinding>
(4)Both security mode:- Here we will use both Transport and Message security. SO message is secured using message security and then it is transferred to the service using secure transport. It will maximize the security but overload the perormance
< wsHttpBinding >
< binding name="WCFSecurityEx">
< security mode="Both"/>
< /binding>
< /wsHttpBinding> | | |