Hi Mou_inn,
>> certificate is used when we give WCF transport level security
For transport security, there are two kinds of certificate. One is SSL certificate for https which is used to encrypt the transport layer, another is Certificate Security for Transport Security Mode. When using this option, the caller
presents an X.509 client certificate that the WCF service either validates with peer trust or trusts based on the issuer of the certificate. The service is authenticated with the service certificate or by using an SSL certificate if you are using the HTTP
protocol.
For Message security with Certificate, the caller presents an X.509 client certificate; the WCF service then looks up the certificate information on the host side and either validates it (peer trust) or trusts the issuer (chain trust)
of the client certificate. Service is authenticated with a service certificate.
For WCF security, I suggest you refer the link below:
# Chapter 4: WCF Security Fundamentals
https://msdn.microsoft.com/en-us/library/ff650862.aspx
>>without certificate can we give security to WCF message level ?
Without certificate, you could try Message security with Windows.
Best Regards,
Edward
MSDN Community Support
Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to
MSDN Support, feel free to contact MSDNFSF@microsoft.com.
