I have a WCF service which the security mode has been set to "Transport". Below is my service configuration:
<bindings>
<netTcpBinding>
<binding name="tcpConSecure" >
<security mode="Transport">
<transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" />
</security>
</binding>
</netTcpBinding>
</bindings>
When I use VisualStudio "Edit WCF configuration" tool to open my configuration, in security tab, it will display like this:
Question:
- Does the setting in MessageSecurity properties area still work when I set mode to Transport? I ask this question because I didn't set message security related properties in config file.
- When I set Security Mode to "Transport" and client credential type to "Windows", will the transfer message between server/client be encrypted? By which algorithm?
From this link, the messages are secured at the transport level by windows security. What does Windows Security mean?
For the first question, if the mode is set to "Transfer", the settings in the MessageSecurity properties area will be invalid. Securing a service with both transport and message credentials uses the best of both Transport and Message security modes in Windows Communication Foundation (WCF). In sum, transport-layer security provides integrity and confidentiality, while message-layer security provides a variety of credentials that are not possible with strict transport security mechanisms. For more information about TransportWithMessageCredential, you can refer to this link.
If the Transport mode is used, the main mechanism used to protect the transmission is the Secure Sockets Layer (SSL) based on HTTP, usually called HTTPS. So if we use Transport mode, we need to bind a certificate to the service. For more information about Transport Security, you can refer to this link.