Reputation: 4503
I have a WCF service, which was initially setup using BasicHttpBinding, but someone suggested I switch over to WsHttpBinding, as that's more secure. I see there is a way to setup the security feature of WsHttpBinding, but I was wondering is it already secured by default? Are the messages that go from my service already encrypted in some format, if so does anyone what security/algorithm is used, as we need to provide a document for the project and is security is used need to let them know which one.
thank you.
Upvotes: 0
Views: 626
Reputation: 19635
The WsHttpBinding will use Message security by default, which means that your message (payload) is encrypted and signed per the WS-Security specification. However, you can add more security on top of this by using Transport security with an SSL certificate. Microsoft has a pretty detailed article on Message Security, which you should definitely read.
Upvotes: 3