Securing Services involves four aspects mainly :
1. Authentication : Who the client is and whether it is allowed to communicate with service.
2. Confidentiality : Encrypting communication between client and service.
3. Integrity : To make sure that the communication is tamper proof.
4. Authorization : The access or execution rights of the client with respect to the service.
The various modes of security supported in WCF to implement above requirements are :
1. Transport Mode : The underlying transport protocol like http take care of all the above requirements by default.
2. Message Mode : In this mode all the data required to satisfy above requirements flow as part of message headers.
3. Hybrid Mode : In the mode Confidentiality & Integrity requirements are taken care by Transport mode while Authentication & Authorization are implemented using Message Mode. This mode is also called 'Transport with Message Credentials'.
There are two additional modes that are specific to two bindings : the 'transport-credentials only' mode found on the BasicHttpBinding and the 'both' mode found on the NetMsmqBinding.
No comments:
Post a Comment