Transport Level Security Vs Message Level Security in WCF

Windows Communication Foundation are Confidentiality, Integrity, Auditing, Authentication and Authorization. In Windows Communication Foundation, security can be configured at two different levels:

  • Transport Level Security
    It secures the actual transport (i.e. the pipe) over which the message passes through from client to a service. For example it uses SSL (Secure Socket Layer) to ensure point-to-point protection.
  • Message Level Security
    It secures the message itself that is being transported from client to a service and vice versa

Actual message is secured in Message Level Security, it support intermediaries.

Transport Level Security Message Level Security
As Transport Level Security secures the network protocol, so no extra coding required. As the message is secured (signed and encrypted) while transmitting through the network, any intermediate hop in the network has no impact on security.
As client and service doesn’t need to understand WS-Security specification results support for interoperability. Being transport-independent, it can support multiple transport options.
Improved performance can be achieved by using hardware accelerators. Supports wide range of security options, even we can implement custom security.
Lacks support for intermediate systems because it’s point to point and protects the “pipe” between a single client and a service. Every individual Message is secured means there is a cost to encrypt a message at one side and decrypt on the other resulting in reduced performance.
Security options are comparatively less due to protocol security limitations. Lacks Interoperability. It demands both client and service should support WS-Security specification, so no support for applications developed in older technologies like ASMX.

© 2015, www.techkatak.com. All rights reserved.