If You Need to Publish Your WCF Service Metadata, Publish it Using Secure Binding
- J.D. Meier, Carlos Farre, Jason Taylor,
Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher
To protect service metadata from unauthorized access, you can use a secure binding for your metadata endpoint. The service metadata that a WCF service publishes contains a detailed description about the service and may intentionally or unintentionally contain
sensitive information. For example, service metadata may contain information about infrastructure operations that was not intended to be broadcast publicly.
You can use any standard binding (which has security features) you want for the MEX service endpoint, the only requirement is to use the IMetadataExchange contract.