Difference Between Transport and Message Security in WCF

WCF
WCF @Image courtesy of ddpavumba/ FreeDigitalPhotos.net

Difference Between Transport and Message Security in WCF

Welcome to CodeSpread!

Transport Security in WCF

As the name suggests, it is concerned with security of communication between client and the service over a network protocol. It guarantees the confidentiality and integrity of messages at transport level.

Transport security is required for point-to-point security between the two endpoints and is dependent on the transport [protocol] being used.

The simplest approach is to encrypt and send it over HTTPS protocol. To encrypt/sigining the contents, Secure Sockets Layer(SSL) is used.

Note: Transport security is available on all of the bindings except for wsDualHttpBinding.

Example


<bindings>

<wsHttpBinding>

<binding name="SecureWsHttpBinding">

<security mode="Transport">

</security>

</binding>

</wsHttpBinding>

</bindings>

Message Security in WCF

As the name suggests, it is concerned with security of message between client and the service. It is not dependent of the network protocols. It guarantees the confidentiality and integrity of the messages at the message level.

Message security ensures encryption and signing of the messages.

Note: Message security is available on all of the bindings except for netNamedPipeBinding and MSmqIntegrationBinding.


<bindings>

<wsHttpBinding>

<binding name="SecureMessageBinding">

<security mode="message">

</security>

</binding>

</wsHttpBinding>

</bindings>

Media, on any given day,is a better way of conveying 1000s words of explanation so below are two images taken from msdn which perfectly shows the differences.
message-security transport-security-wcf
Ref:MSDN
Just concentrate on the locks of XML file being transmitted and the transport channel being used.

Author: hershey

A passion for knowledge drives me to do programming, A passion for programming drives me to create something different, A passion for creation drives me to spread the knowledge.

Share This Post On

0 Comments

  1. nice superb explaination

    Post a Reply
  2. thanks for the tutorial
    I am having a problem.
    The feature “Create SQL server database” isn’t available , I can’t select it.
    Can you help, please ?

    Post a Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

More from CodeSpread:

  • Few lines about WCF metadataFew lines about WCF metadataWhat is WCF metadata? WCF generates metadata for service endpoints and this metadata is used to describe how to interact with the service's endpoints. This information is used by Svcutil.exe to ge...
  • WCF Part 1: Why WCF?WCF Part 1: Why WCF?When i create a WCF service, i feel like it is a very easy task but when somebody asks me, why you have created it? then the simplest answer is, i got the requirement like this. But to be honest, N...
  • WCF Part 2: Fundamentals.WCF Part 2: Fundamentals.We have seen the evolution of WCF in our previous article: WCF Part 1: Why WCF?. Next, we will go through the fundamentals of WCF. I will try to make it more worthy than an interview question puff....
  • REST- REpresentational State TransferREST- REpresentational State TransferREST – REpresentational State Transfer, is an enhanced version of client server style architecture for distributed communication. When we talk about distributed communication, we think of reques...
  • WCF Part 3: Direct from WCF kitchen.WCF Part 3: Direct from WCF kitchen.In the last two articles WCF:Part 1 and WCF Part 2, we have covered basic knowledge and terminologies of WCF.Now we will apply that knowledge to create a WCF service.There are lot of articles avail...
  • Caching in WCF ServicesCaching in WCF ServicesYes, It is possible and clearly a  significant performance enhancement. How caching works for WCF services? Lets assume, a user sends a request to a service so at server, service method is called...
  • Short Note on HTTP-GET, HTTP-POST and SOAPShort Note on HTTP-GET, HTTP-POST and SOAPWeb service/WCF services/Rest Services may support HTTP-GET, HTTP-POST or SOAP protocols, which is the underlying way, where request-response communication happens between a client and server. HTT...
  • know your URLknow your URLGuys trust me, I am not kidding!! I have had my experience, telling people about URL, parts of URL, query string, SEO friendly URL, canonical URL. Once again, a simple and innocent question "Wha...