TECHNOLOGIES
FORUMS
JOBS
BOOKS
EVENTS
INTERVIEWS
Live
MORE
LEARN
Training
CAREER
MEMBERS
VIDEOS
NEWS
BLOGS
Sign Up
Login
No unread comment.
View All Comments
No unread message.
View All Messages
No unread notification.
View All Notifications
C# Corner
Post
An Article
A Blog
A News
A Video
An EBook
An Interview Question
Ask Question
WCF Security Basic: Part 1
SonuKSingh
Oct 12, 2013
5
k
0
2
facebook
twitter
linkedIn
Reddit
WhatsApp
Email
Bookmark
Security in WCF can be provided in two ways. A theoretical brief of both is explained.
WCF Security Basic: Part 1
WCF Security is a very wide topic. So it is better to break into multiple parts to understand it better. In this part, I will be covering very basic of it.
In WCF, We can apply security measures (authentication and Encryption) at two points when sending and receiving messages:
At Transport Level.
At Message Level.
Transport Level Security:
Transport Level Authentication is typically implemented at Operating System level.
Transport Level Encryption and Decryption are facilitated by underlying Communication Protocol.
For Example: HTTPS uses SSL (Secure Socket Layer), TCP uses TSL (Transport Layer Security).
Message Level Security:
Message Level Authentication, user's credentials are passed to service and its responsibility of Service to Authenticate it.
Message Level Encryption and Decryption are done by Service and Client using agreed set of Encryption Key and Encryption Algorithm.
WS-Security recommendations should be followed to ensure interoperability between services developed using other technologies than WCF.
Comparison:
Transport Level Security is very efficient because it often relies on underlying hardware and operating system support for encryption and decryption, which can be very resource intensive process.
Transport Level Authentication is enforced before client actually starts sending messages. This results in early detection of Authentication Failure with less Network Overhead.
Message Level Security operates End-To-End basis, While Transport Level Security Operates Point-to-Point basis.
Meaning if there is any intermediate service that passes message from and to, then using Message Level Security is more secure than Transport Level.
In Transport Level, by the time Service receives message it is already authenticated and decrypted and Intermediate Service has full access to the message.
While Since Message Level Security is implemented at Client and Service End, Intermediate Services cannot easily decrypt the message.
!! Happy Programming !!