If you Need to Support Selective Message Protection, Use Message Security

- J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher

If you need signatures but not encryption on your messages, use message security to allow selective reduction of the protection level. This will give you more flexibility than transport security, especially if you do not need to protect specific bigger message payloads over the wire.

Be aware that turning off encryption will allow an attacker to view the content of your messages including credentials or other sensitive information.

You can set protection level to signatures only on the entire service:
[ServiceContract(ProtectionLevel=ProtectionLevel.Sign]
public interface IService
{	
	string GetData(int value);	
}

You can set the protection level to signatures only on a single method at a time:
[OperationContract(ProtectionLevel=ProtectionLevel.Sign]
string GetData(int value);

Additional Resources

Last edited Jun 12, 2008 at 10:32 PM by prashantbansode, version 1

Comments

No comments yet.