This project is read-only.

If There are Intermediaries between Client and Service, Consider Using Message Security

- J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher

Use message security in scenarios where there may be intermediaries inspecting the message before the final delivery. You can protect your messages by using message security which encrypt and sign your messages. By encrypting your messages you protect your sensitive data from being compromised, and by signing your messages you protect the client and service from tampering and man-in-the-middle attacks by protecting message integrity.

The following configuration snippet shows how to use Message security to protect the credentials when using wsHttpBinding:
<wsHttpBinding>
  <binding name="MessageAndUserName">
    <security mode="Message">
      <message clientCredentialType="UserName" algorithmSuite="Default" />
    </security>
  </binding>
</wsHttpBinding>

Additional Resources

Last edited Jun 12, 2008 at 11:29 PM by prashantbansode, version 1

Comments

No comments yet.