Paritosh
Paritosh

Reputation: 4503

using WSHttpBinding, by default is that secure?

I have a WCF service, which was initially setup using BasicHttpBinding, but someone suggested I switch over to WsHttpBinding, as that's more secure. I see there is a way to setup the security feature of WsHttpBinding, but I was wondering is it already secured by default? Are the messages that go from my service already encrypted in some format, if so does anyone what security/algorithm is used, as we need to provide a document for the project and is security is used need to let them know which one.

thank you.

Upvotes: 0

Views: 626

Answers (1)

Brian Driscoll
Brian Driscoll

Reputation: 19635

The WsHttpBinding will use Message security by default, which means that your message (payload) is encrypted and signed per the WS-Security specification. However, you can add more security on top of this by using Transport security with an SSL certificate. Microsoft has a pretty detailed article on Message Security, which you should definitely read.

Upvotes: 3

Related Questions