When we talk about the client server secured
communication, we have consider the three aspects to transfer security
Mixed transfer security mode:
- Message integrity – it ensures that message used in communication is not tampered by any malicious party.
- Message privacy – It ensures confidentiality of the msessage so that no third part can even read the message.
- Transfer security – it ensures that only authenticated user can able to read the content of the message.
WCF supports five different modes of transfer
security to accomplish above three aspects.
No transfer security mode:
This ensure that no security is applied while
communication between server and client
<wsHttpBinding >
<binding
name="WCFSecurityExample">
<security mode="None"/>
</binding>
</wsHttpBinding>
Transport security mode:
When system is configured with ‘Transport’ mode,
WCF uses secured communication protocol. The available secure transports are
HTTPS, TCP, IPC and MSMQ. Transport security encrypts all communication on the
channel and provides integrity, privacy and mutual authentication. It provides
point-to-point security.
One of main disadvantage is that it can only
guarantee transfer security point-to-point, meaning it secure only at channel
level. Message inside the channel will not get secured. In case of distributed
communication, multiple intermediaries between service and client will not be
secure.
It is mainly used in intranet application
<wsHttpBinding >
<binding
name="WCFSecurityExample">
<security
mode="Transport"/>
</binding>
</wsHttpBinding>
Message security mode:
In this mode of configuration, message will get
encrypted. Encrypting the message rather than transport enables the service to
communicate securely over non secure transport such as HTTP. It provides
end-to-end security.
One of the disadvantages of message security is
that it may introduce call latency due to its inherent overhead.
It is mainly used in internet application.
<wsHttpBinding >
<binding
name="WCFSecurityExample">
<security mode="Message"/>
</binding>
</wsHttpBinding>
Mixed transfer security mode:
It uses Transport security for message integrity,
privacy and service authentication and it uses Message security for securing
client credential.
One of disadvantage of the mixed mode is that it
will secure only point-to-point as nature of Transport security.
<wsHttpBinding >
<binding
name="WCFSecurityExample">
<security
mode="TransportWithMessageCredential"/>
</binding>
</wsHttpBinding>
Both security modes:
This mode Both transfer security mode uses both
Transport security and Message security. So message is secured using Message
security and then it is transferred to the service using secure transport. This
mode will maximize the security but overload the performance.
<netMsmqBinding >
<binding
name="WCFSecurityExample">
<security mode="Both"/>
</binding>
</netMsmqBinding>
Name
|
None
|
Transport
|
Message
|
Mixed
|
Both
|
|||
BasicHttpBinding
|
Yes(default)
|
Yes
|
Yes
|
Yes
|
No
|
|||
NetTcpBinding
|
Yes
|
Yes(default)
|
Yes
|
Yes
|
No
|
|||
NetNamedPipeBinding
|
Yes
|
Yes(default)
|
No
|
No
|
No
|
|||
WsHttpBinding
|
Yes
|
Yes
|
Yes(default)
|
Yes
|
No
|
|||
WsDualHttpBinding
|
Yes
|
No
|
Yes(default)
|
No
|
No
|
|||
NetMsmqHttpBinding
|
Yes
|
Yes
|
Yes(default)
|
No
|
Yes
|
|||
No comments:
Post a Comment