Core security concepts supported by WCF – Windows Communication Foundation are Confidentiality, Integrity, Auditing, Authentication and Authorization. In Windows Communication Foundation, security can be configured at two different levels:
- Transport Level Security
It secures the actual transport (i.e. the pipe) over which the message passes through from client to a service. For example it uses SSL (Secure Socket Layer) to ensure point-to-point protection. - Message Level Security
It secures the message itself that is being transported from client to a service and vice versa.
In this WCF Tutorial, we will dive deeper to understand the difference between Transport Level Security and Message Level Security in WCF (Windows Communication Foundation).
Recommended Scenarios for Transport and Message Level Security:
Transport Level Security doesn’t support scenarios when Intermediaries involved. It only support sending a message directly from client to WCF Service without an intermediate system. It’s suited when both client and service resides on same intranet.
On the other hand, actual message is secured in Message Level Security, it support intermediaries. No problem at all in scenarios even if message routed through multiple intermediate systems.
Below you can find advantages/disadvantages for both these security levels that will help to understand the difference between Transport Level Security and Message Level Security.
Transport Level Security |
Message Level Security |
Advantages: | |
|
|
Disadvantages: | |
|
|
Other Related Articles:
- WCF Hosting (Console | Windows Service | IIS | WAS )
- WCF Tutorial Step by Step
- WCF RESTful Service Step by Step
- WCF Vs ASMX Service
- MVC3 Vs MVC4 Vs MVC5
- Difference betweeen ASP.NET WebForms and ASP.NET MVC
- 3 ways to generate proxy for WCF Service
- Post JSON data to WCF RESTful Service using jQuery
- Consuming a WCF RESTful Service using jQuery
Top 10 Interview Questions and Answers Series:
- Top 10 WCF Interview Questions
- Comprehensive Series of WCF Interview Questions
- Top 10 HTML5 Interview Questions
- Top 10 ASP.NET Interview Questions
- Comprehensive Series of ASP.NET Interview Questions
- Top 10 ASP.NET MVC Interview Questions
- Top 10 ASP.NET Web API Interview Questions
- Top 10 ASP.NET AJAX Interview Questions