If There are Intermediaries between Client and Service, Consider Using Message Security
- J.D. Meier, Carlos Farre, Jason Taylor,
Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher
Use message security in scenarios where there may be intermediaries inspecting the message before the final delivery. You can protect your messages by using message security which encrypt and sign your messages. By encrypting your messages you protect your
sensitive data from being compromised, and by signing your messages you protect the client and service from tampering and man-in-the-middle attacks by protecting message integrity.
The following configuration snippet shows how to use Message security to protect the credentials when using wsHttpBinding:
<message clientCredentialType="UserName" algorithmSuite="Default" />