Monday, November 27, 2006

* WCF : Securing Services (Basics)

Securing Services involves four aspects mainly :

1. Authentication : Who the client is and whether it is allowed to communicate with service.

2. Confidentiality : Encrypting communication between client and service.

3. Integrity : To make sure that the communication is tamper proof.

4. Authorization : The access or execution rights of the client with respect to the service.

The various modes of security supported in WCF to implement above requirements are :

1. Transport Mode : The underlying transport protocol like http take care of all the above requirements by default.

2. Message Mode : In this mode all the data required to satisfy above requirements flow as part of message headers.

3. Hybrid Mode : In the mode Confidentiality & Integrity requirements are taken care by Transport mode while Authentication & Authorization are implemented using Message Mode. This mode is also called 'Transport with Message Credentials'.

 There are two additional modes that are specific to two bindings : the 'transport-credentials only' mode found on the BasicHttpBinding and the 'both' mode found on the NetMsmqBinding. tags: , , ,

No comments:

Post a Comment