Are WCF Services encrypted automatically if they go over SSL?
Basically, if I have a plain WCF Service over HTTPS is it automatically secure?
[ServiceContract]
public interface ICalc
{
[OperationContract] int add(int a, int b);
}
public class Calculator : ICalc
{
public int add(int a, int b) { return a + b; }
}
I figur开发者_Python百科e the actual SOAP message isn't encrypted here, but is it still secure if I use https? Basically, if I use a basichttpbinding with no security settings in my config over https://www.myserver.com/services/Calc.svc is that secure?
The messages on the wire are encrypted. I believe it is also possible to implement message security by configuring the various bindings.
There are three main security settings in WCF:
- Transport
- Message
- TransportWithMessageCredential
Each has their own pros/cons depending on your situation.
Take a look at this MSDN article on WCF security: http://msdn.microsoft.com/en-us/library/ms731925.aspx
Hope that helps,
Jeffrey Kevin Pry
In that case the transport is secure in the sense that only the server and client can decode the messages being sent, however there are other aspects of security. For example you may wish to restrict access to the service to authorized clients. Take a look here for more info.
The physical communication between the client and server will be secure (no-one can listen) but then you still have to authorise whoever is calling the service. You can pass a username and password in the credential header on the soap packet.
精彩评论