WCF webhttp binding and security

Question

Hello,

I currently host a WCF service with webhttp binding so i can use it to construct an application that needs the services. Sometimes I am transfering sensative information that I would want to protect from a middleman (packet sniffer or whatnot) from being able to retreive and actually read the message content that was sent back or to the service. What is the best way/security options that I can use to achieve this?

Thanks

Answer 1

you can use transport or transportcredentialonly
http://msdn.microsoft.com/en-us/library/bb412176.aspx

---

wish for others what you wish for yourself

Answer 2

Transport security depends on number of hops. If this is a issue you should use message security along with transport security (and use wsHttpBinding in that case cause the webHttpBinding doesn't support message security).

Regards,

John

Answer 3

Can one use wsHttpBinding just like webHttp? (Restful, a no need for a serviceclient (wsdl))

Answer 4

you cannot use wsHttpBinding like webHttpBinding.  Message level security involves SOAP headers which are not available on WebHttpBinding (MessageVersion.None).

I believe that webHttpBinding with Transport level security should be enough for you, with what you are trying to achieve.

---

Amit Sharma