Menu
What are the differences between security mode="Transport" and security mode="TransportCredentialOnly" when I use it with BasicHttpBinding and setup ssl in ISS 7.0?
869
When setting the security mode to TransportWithMessageCredential , the transport determines the actual mechanism that provides the transport-level security. For example, the HTTP protocol uses Secure Sockets Layer (SSL) over HTTP (HTTPS).
Transport security mechanisms in Windows Communication Foundation (WCF) depend on the binding and transport being used. For example, when using the WSHttpBinding class, the transport is HTTP, and the primary mechanism for securing the transport is Secure Sockets Layer (SSL) over HTTP, commonly called HTTPS.
If the transport is TCP (using the NetTcpBinding), by default the transport-level security provided is Windows security, or SSL over TCP. When using SSL over TCP, you must specify the certificate using the SetCertificate method, as shown later in this topic.
Check here: http://developers.de/blogs/damir_dobric/archive/2006/07/31/890.aspx and http://msdn.microsoft.com/en-us/library/ff648505.aspx
Transport seems to require HTTPS to encrypt credentials and throws an exception if there is no SSL. TransportCredentialOnly will send the credentials in plain text and unencrypted and is recommended for testing ONLY!
Good Luck!!
92
With TransportCredentialOnly security mode, the underlying secure transport layer (usually TLS/SSL) provides the integrity and confidentiality protection for the communication, while SOAP messaging layer handles transporting the client credentials in the SOAP message.
In other words, TransportCredentialOnly security mode passes the user credentials in the SOAP message without encrypting or signing the SOAP message, and the underlying transport connection (typically TLS/SSL) needs to ensure that the message contents cannot be seen or altered by a third-party.
23
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
