none
Security over HTTP protocol vs HTTPS? RRS feed

  • Question

  • Hello,

    I am exposing my WCF Service using WsHttpBinding which by default uses Message security with message being encrypted with the configured algorithmSuite (Basic256 by default).  My service is exposed using HTTP protocol.

    Queries:

    1. As I understand, this service is secured, right? So, in general, if we encounter a service hosted on HTTP, can we confirm that it is NOT always UNSECURED (need to check what binding it is using) ? What other parameters we need to check before confirming that a particular service is secured/unsecured?

    2. If I host this service on HTTPS, will it be more secured than current? Can you elaborate how HTTP + SSL will be more secured than my current configuration with HTTP.

    Thanks!


    Tuesday, July 15, 2014 3:56 PM

Answers

  • Hi,

    >>1. As I understand, this service is secured, right? So, in general, if we encounter a service hosted on HTTP, can we confirm that it is NOT always UNSECURED (need to check what binding it is using) ? What other parameters we need to check before confirming that a particular service is secured/unsecured?

    Yes, it is secured, because by default the wsHttpBinding will use the messge security mode, if the client does not provide the credential, then the client can not access the service. and by default the basicHttpBinding will use no security mode, the netTcpBinding will use the transport security mode.
    For checking whether the WCF Service is secured or not, we can check the binding configuration as following:

    >>2. If I host this service on HTTPS, will it be more secured than current? Can you elaborate how HTTP + SSL will be more secured than my current configuration with HTTP.

    When we want to use the HTTPS, we will need an SSL certificate to be registered with IIS. Then the SSL certificate will provides confidentiality and integrity protection for the messages that are transmitted over the wire. So it will be more secured than HTTP.

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.


    Wednesday, July 16, 2014 8:20 AM
    Moderator