开发者

WCF, DataPower integration - secure binding necessary?

I have been developing a WCF service using basic HTTP binding. This has been integrated with DataPower. I want to follow best practice by enabling secure binding. Is this necessary?

Referring to slide 8 in DataPower WCF integration :

DataPower is designed to off-load the security for the WCF servi开发者_如何学Cces.

Thank you.


Only your security architects can really tell you if it is needed for your case. Remember, whatever you are sending over the wire is unsecured when using basic HTTP. Within the enterprise, maybe, that isn't a problem. But anyone that was sniffing the trafic could intercept your messages and easily get to the data within.

At Tellago, we have done WCF-Data Power integration using a custom federated security (almost identical to Geneva aka WIF) for our clients. But, odds are, if you are asking if you need security, you probably are not using federated security.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜