C# Corner Q3, 2014 MVPs Announced
Webinar - Introduction to WPF
Delhi Developer’s Day: Learn ASP.Net vNext , HTML5, MVC, Hybrid Apps in Windows and Deferred Object Materialization
New Feature: Mention your friends and followers
Go to all article comments >>
Go to all messages >>
A Code Snippet
An Interview Question
Ask a Question
C, C++, MFC
Printing in C#
Visual Studio 2010
Visual Studio 2012
Visual Studio 2013
Databases & DBA
WCF with C#
Reports using C#
Design & Architecture
Mobile & Embedded
Web Services in C#
Multithreading in C#
Games Programming C#
Windows Forms C#
How do I
Windows Store Apps
Internet & Web
Visual Basic .NET
Visual Studio .NET
Request a new Category
Categories of Sql Commands
Deserialize a nested json in c#
Open PopUp on Button Click Using J ...
How to check if the user exists in ...
Access Model State Property within ...
Difference between Claims-based Au ...
Bulk Copy in SQL server using c#.net
Generating/Updating a Code Behind ...
What is Index Component in SharePo ...
Query Rules In SharePoint 2013
WCF Security Basic: Part 1
WCF with C#
Oct 12, 2013
Security in WCF can be provided in two ways. A theoretical brief of both is explained.
WCF Security Basic: Part 1
WCF Security is a very wide topic. So it is better to break into multiple parts to understand it better. In this part, I will be covering very basic of it.
In WCF, We can apply security measures (authentication and Encryption) at two points when sending and receiving messages:
At Transport Level.
At Message Level.
Transport Level Security:
Transport Level Authentication is typically implemented at Operating System level.
Transport Level Encryption and Decryption are facilitated by underlying Communication Protocol.
For Example: HTTPS uses SSL (Secure Socket Layer), TCP uses TSL (Transport Layer Security).
Message Level Security:
Message Level Authentication, user's credentials are passed to service and its responsibility of Service to Authenticate it.
Message Level Encryption and Decryption are done by Service and Client using agreed set of Encryption Key and Encryption Algorithm.
WS-Security recommendations should be followed to ensure interoperability between services developed using other technologies than WCF.
Transport Level Security is very efficient because it often relies on underlying hardware and operating system support for encryption and decryption, which can be very resource intensive process.
Transport Level Authentication is enforced before client actually starts sending messages. This results in early detection of Authentication Failure with less Network Overhead.
Message Level Security operates End-To-End basis, While Transport Level Security Operates Point-to-Point basis.
Meaning if there is any intermediate service that passes message from and to, then using Message Level Security is more secure than Transport Level.
In Transport Level, by the time Service receives message it is already authenticated and decrypted and Intermediate Service has full access to the message.
While Since Message Level Security is implemented at Client and Service End, Intermediate Services cannot easily decrypt the message.
!! Happy Programming !!
Call WCF using transport layer security and SSL configured
WCF Coding Standards: Part 2
WCF Basic Must know
Implement Security in WCF
Test your basics on WCF with True and False Statements
How to stop anonymous access to hosted WCF service
View Previous Comments >>
Hire Mobile & Web Developer
Hire Mobile & Web Developer on demand. 100% satisfaction. Try for 1 week or Money Back. Local and remote developers available all over USA.
Just Became Windows Insider
SharePoint 2010 Web Part Pages don’t Show the Left Navigation by Default
Changing of SharePoint 2010 Custom Site Icon on Web Part Page
Create File GeoDatabase Without Using Arcgis License
Introduction to Query Processing Component in SharePoint 2013 Search
Diffrent Ways to Implement Dispose Patterns/Methods in Your SharePoint Code
How to extend a content DB for single web application using SHarePoint 2010 UI
Open PopUp on Button Click Using JQUERY
Introduction to Search Administration Component in SharePoint 2013
What is Index Component in SharePoint 2013 Search
CBeyond Cloud Services
TERMS & CONDITIONS
©2014 C# Corner. All contents are copyright of their authors.