Reputation: 4503
using WSHttpBinding, by default is that secure?
I have a WCF service, which was initially setup using BasicHttpBinding, but someone suggested I switch over to WsHttpBinding, as that's more secure. I see there is a way to setup the security feature of WsHttpBinding, but I was wondering is it already secured by default? Are the messages that go from my service already encrypted in some format, if so does anyone what security/algorithm is used, as we need to provide a document for the project and is security is used need to let them know which one.
thank you.
Upvotes: 0
Views: 626
Answers (1)
Reputation: 19635
The WsHttpBinding will use Message security by default, which means that your message (payload) is encrypted and signed per the WS-Security specification. However, you can add more security on top of this by using Transport security with an SSL certificate. Microsoft has a pretty detailed article on Message Security, which you should definitely read.
Upvotes: 3
Related Questions
- How secure is WCF wsHttpBinding's Windows authentication?
- Configuration of WCF Service using wsHttpBinding
- WCF binding security for encryption
- Configuring WCF for wsHttpBinding
- WSHttpBinding and HTTP and Windows Authentication
- Configuring WCF Security (wsHttpBinding)
- WCF sessions with a wsHttpBinding and without windows security
- wsHttpBinding configuration
- wsHttpBinding message-level security without using certificates?
- WCF wsHttpBinding securiy without SSL and certificate