Hello,<br/><br/>I currently host a WCF service with webhttp binding so i can use it to construct an application that needs the services. Sometimes I am transfering sensative information that I would want to protect from a middleman (packet sniffer or whatnot) from being able to retreive and actually read the message content that was sent back or to the service. What is the best way/security options that I can use to achieve this? <br/><br/>Thanks© 2009 Microsoft Corporation. All rights reserved.Fri, 10 Jul 2009 10:17:44 Zb9126e89-67ee-4d81-9948-b1cfc942afaehttp://social.msdn.microsoft.com/Forums/en-US/wcf/thread/b9126e89-67ee-4d81-9948-b1cfc942afae#b9126e89-67ee-4d81-9948-b1cfc942afaehttp://social.msdn.microsoft.com/Forums/en-US/wcf/thread/b9126e89-67ee-4d81-9948-b1cfc942afae#b9126e89-67ee-4d81-9948-b1cfc942afaedsofferhttp://social.msdn.microsoft.com/Profile/en-US/?user=dsofferHello,<br/><br/>I currently host a WCF service with webhttp binding so i can use it to construct an application that needs the services. Sometimes I am transfering sensative information that I would want to protect from a middleman (packet sniffer or whatnot) from being able to retreive and actually read the message content that was sent back or to the service. What is the best way/security options that I can use to achieve this? <br/><br/>ThanksSat, 04 Jul 2009 01:32:07 Z2009-07-04T01:32:07Zhttp://social.msdn.microsoft.com/Forums/en-US/wcf/thread/b9126e89-67ee-4d81-9948-b1cfc942afae#974e4d7b-5ece-421c-9cbf-aa076f7e5399http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/b9126e89-67ee-4d81-9948-b1cfc942afae#974e4d7b-5ece-421c-9cbf-aa076f7e5399Nofian Adihttp://social.msdn.microsoft.com/Profile/en-US/?user=Nofian%20Adiyou can use transport or transportcredentialonly<br/><a href="http://msdn.microsoft.com/en-us/library/bb412176.aspx">http://msdn.microsoft.com/en-us/library/bb412176.aspx</a><hr class="sig">wish for others what you wish for yourselfSat, 04 Jul 2009 03:03:46 Z2009-07-04T03:03:46Zhttp://social.msdn.microsoft.com/Forums/en-US/wcf/thread/b9126e89-67ee-4d81-9948-b1cfc942afae#386c7e70-4320-491f-a447-8ed5153fef41http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/b9126e89-67ee-4d81-9948-b1cfc942afae#386c7e70-4320-491f-a447-8ed5153fef41Stipe-Ivan Latkovichttp://social.msdn.microsoft.com/Profile/en-US/?user=Stipe-Ivan%20LatkovicTransport security depends on number of hops. If this is a issue you should use message security along with transport security (and use wsHttpBinding in that case cause the webHttpBinding doesn't support message security). <div><br/></div> <div>Regards,</div> <div>John</div>Sat, 04 Jul 2009 20:55:47 Z2009-07-04T20:55:47Zhttp://social.msdn.microsoft.com/Forums/en-US/wcf/thread/b9126e89-67ee-4d81-9948-b1cfc942afae#afc8fec0-e65e-4dec-ab3b-2bb82121ec23http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/b9126e89-67ee-4d81-9948-b1cfc942afae#afc8fec0-e65e-4dec-ab3b-2bb82121ec23dsofferhttp://social.msdn.microsoft.com/Profile/en-US/?user=dsoffer<p>Can one use wsHttpBinding just like webHttp? (Restful, a no need for a serviceclient (wsdl))</p>Mon, 06 Jul 2009 17:07:42 Z2009-07-06T17:07:42Zhttp://social.msdn.microsoft.com/Forums/en-US/wcf/thread/b9126e89-67ee-4d81-9948-b1cfc942afae#8e0417b5-06eb-4503-a895-78fd9dab5548http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/b9126e89-67ee-4d81-9948-b1cfc942afae#8e0417b5-06eb-4503-a895-78fd9dab5548Amit Sharma Rhttp://social.msdn.microsoft.com/Profile/en-US/?user=Amit%20Sharma%20R<p>you cannot use wsHttpBinding like webHttpBinding.  Message level security involves SOAP headers which are not available on WebHttpBinding (MessageVersion.None).<br/><br/>I believe that webHttpBinding with Transport level security should be enough for you, with what you are trying to achieve.</p><hr class="sig">Amit SharmaMon, 06 Jul 2009 17:59:35 Z2009-07-06T17:59:35Z