What is the simplest way to implement encryption in WCF when using the netTcpBinding?

Question

I am implementing a WCF service which will be used (in part) within a private LAN.

I will be using netTcpBinding and would like to implement some form of security on the communications, more specifically, it is important that the data be encrypted so that (for example) nobody could view the data being transferred across the network.

I don't believe Windows authentication will be appropriate as the end user may not maintain their windows logins and roles rigorously enough to use them as authentication. Am I right in thinking this would make it inappropriate? Please correct me if I'm wrong.

My question is, what is the simplest way to implement encryption in a WCF service using the netTcpBinding? particularly when Windows credential type is not available.

I have tried experimenting with certificates (generating my own using makecert) but there is a distinct lack of tutorials and documentation describing how to do this from start to finish using TCP and hosting the service in something other than IIS. A lot of them talk you through how to generate the certificates in detail (and no two of these tutorials are exactly the same in this regard) and finish by saying something like

use these to sign the service and client

... well unfortunately that is the process I need a little more clarification on!

Generally the certificates solution seems to be over the top and a little too much just to acheive encrypted data!

Any help or corrections in any assumptions I might have made would be really appreciated.

Answer 1

Following the discussion in the comments...

In my experience (and I've done lots of serialization/WCF work) the performance "benefit" of NetTcpBinding (and NetDataContractSerializer) is largely mythical. I have never seen a significant difference - and often vanilla http bindings are faster.

I would switch to BasicHttpBinding over SSL which is trivial to setup and is secure.

If you want improved performance etc, I would switch serializer to something like protobuf-net (disclosure: I'm the author). This does have easily demonstrated performance advantages, and works nicely inside WCF (just a change to a config file), especially over BasicHttpBinding (with an extra boost if you enable MTOM message-encoding, since it is a binary format).

Personally, I never use NetTcpBinding; as mentioned, the performance is questionable, and it gets you dependent on things that won't work in basic-http if you find you need WAN access.