Difference Between Transport and Message Security in WCF
Transport Security in WCF
As the name suggests, it is concerned with security of communication between client and the service over a network protocol. It guarantees the confidentiality and integrity of messages at transport level.
Transport security is required for point-to-point security between the two endpoints and is dependent on the transport [protocol] being used.
The simplest approach is to encrypt and send it over HTTPS protocol. To encrypt/sigining the contents, Secure Sockets Layer(SSL) is used.
Note: Transport security is available on all of the bindings except for wsDualHttpBinding.
<bindings> <wsHttpBinding> <binding name="SecureWsHttpBinding"> <security mode="Transport"> </security> </binding> </wsHttpBinding> </bindings>
Message Security in WCF
As the name suggests, it is concerned with security of message between client and the service. It is not dependent of the network protocols. It guarantees the confidentiality and integrity of the messages at the message level.
Message security ensures encryption and signing of the messages.
Note: Message security is available on all of the bindings except for netNamedPipeBinding and MSmqIntegrationBinding.
<bindings> <wsHttpBinding> <binding name="SecureMessageBinding"> <security mode="message"> </security> </binding> </wsHttpBinding> </bindings>
Media, on any given day,is a better way of conveying 1000s words of explanation so below are two images taken from msdn which perfectly shows the differences.
Just concentrate on the locks of XML file being transmitted and the transport channel being used.