Wcf security session 2
-
Upload
anil-kumar-m -
Category
Technology
-
view
596 -
download
1
Transcript of Wcf security session 2
Transfer Security Modes
Objectives
• Five modes offered for accomplishing three aspects of Transfer Security– None– Transport Security– Message Security– Mixed – Both
• Turned off• No Client Credentials provided to Service• Highly inadvisable
None Transfer Security Mode
entry point
Transport Transfer Security Mode
• Secure Communication Protocol• Encrypts the channel• Integrity ,No Encryption key – corrupt message• Privacy, No other party other than recipient• Mutual Authentication
• Assumption– Client and Service negotiate details of encryption– Hardware acceleration
• Downside– Point-to-point– Only by intranet applications
Boolean
character
integer
Message Transfer Security Mode
• Encrypts the message• Securely communicate over non-secure transports
variables
• Uses Transport for Message integrity and Privacy as well as Service authetication
• Message security for Client Credentials
• Downside– Point to point– Rarely use this
Mixed Transfer Security
literals
expression
error, x not set
Both Transfer Security mode
• Message is encrypted• Transport channel is encrypted• Maximizes Security
• Overkill performance
Summary
• None is highly inadvisable• Transport works good in Intranet apps• Message suits for Internet apps• Mixed rarely used by developers• Both kills performance