.netWCF

WCF Security (Part – 28)

Authentication:
Authentication is the process of identifying the sender and recipient of the message.

Authorization:
Authorization is the process of determining roles for authenticated users.

Confidentiality:
Confidentiality is the process to ensure that only intended recipient of the message can view the message .This is done by encrypting the message.

Integrity:
Integrity  is the process to ensure that the message is not tampered by a malicious user as it is being transmitted from sender to receiver.This is done by digital signature.Digital signature is nothing but signing the message.

Binding in WCF determine the security scheme.Below is the link from msdn provides all bindings and their respective security defaults.
http://msdn.microsoft.com/en-us/library/ms731092(v=vs110).aspx

The default security scheme for NETTcpBinding is Transport whereas for WSHttpBinding it is message.

WHen sending a message between a client and WCF service, there are 2 things to consider.

  • WCF message
  • The communication medium or communication protocol

Transport Security:

Securing transport channel is called transport security.Each protocol has their own way of providing transport security.

TCP provides transport security by implementing Transport Layer Security and HTTP provides transport security by using Secure socket layer.

Message Security:

Securing the message by encapsulating the security credentials with every SOAP message is called message security.

Below MSDN link provide all the difference between message and transport security.

http://msdn.microsoft.com/en-us/library/ms733137.aspx

 

© 2015, www.techkatak.com. All rights reserved.