Menu
When using WSDUALHTTPBINDING with message security, is it recommended to use Transport security also [i.e SSL]? Maybe it depends on the scenario. In my case, both client and service are located on an intranet. If the service was on a webserver over the internet would the answer be different ?
Update now that i know wsduallhttpbinding does not support transport security, is message security as secure or should i use another binding that supports ssl under my scenario
516
The wsDualHttpBinding does not support transport-level security, meaning that SSL/TLS encryption is not possible. The following references confirm transport security is not an option with the wsDualHttpBinding binding:
MSDN: The WSDualHttpSecurityMode Enumeration is limited to two options: Message & None
http://msdn.microsoft.com/en-us/library/ms731363(v=vs.110).aspx
http://msdn.microsoft.com/en-us/library/system.servicemodel.wsdualhttpsecuritymode(v=vs.110).aspx
Note: I also checked the Microsoft® Service Configuration Editor (image below) to validation the options.
The following online resource provides good background information:
http://wcfsecurityguide.codeplex.com/
Note: The scenario intranet vs internet web service does not factor into the answer because the proposed configuration would be invalid either way. Therefore, no SSL unless you change the binding.
Regards,
106
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
