WCF - Binding and Security
How do we know which binding to use and when?
How do we know which security schema goes with our selected binding configuration?
There's allot of considerations with the binding configuration:
- Is there IIS involved.
- Are we going to use IIS Integrated Security.
- Are we going to use net.tcp binding?
There's also security issues we need to address:
- How we going to secure our services communication.
- Do we use the transport or the message layer.
| Setting | Features |
| Transport | Server Authentication Client Authentication Point-to-point security Interoperability Hardware acceleration High throughput Secure Firewall High-latency applications Re-encryption across multiple hops |
| Message | Server Authentication Client Authentication End-to-end security Interoperability Rich claims Federation Multi-factor authentication Custom tokens Notary/Timestamp service High-latency applications Persistence of Message signatures |
| TransportWithMessageCredential | Server Authentication Client Authentication Point-to-point security Interoperability Hardware acceleration High throughput Rich client claims Federation Multi-factor authentication Custom tokens Secure firewall High-latency applications Re-encryption across multiple hops |
The following page help us to decide witch binding configuration is the best for us due to our security demands.