जगदीश खोलिया: What are the ways to do security in WCF?

Thursday, May 31, 2012

What are the ways to do security in WCF?

In WCF there are two types of Security, transport level security and message level security.
Transport Security: Transport level security happens at the channel level. Transport level security is the easiest to implement as it happens at the communication level. WCF uses transport protocols like TCP, HTTP, MSMQ etc and every of these protocols have their own security mechanisms. One of the common implementation of transport level security is HTTPS. HTTPS is implemented over HTTP protocols with SSL providing the security mechanism. No coding change is required it’s more of using the existing security mechanism provided by the
protocol.Web config setting like the below example for transport security.See the bold lines:
<services>
            <service behaviorConfiguration="BimaExpress.Services.Service1Behavior"  name="BimaExpress.Services.Service1">
                <endpoint address="https://localhost:58946/myservice.svc" binding="wsHttpBinding"  bindingConfiguration="WSHttpBinding_IChildInsuranceService" contract="BimaExpress.Services.IService1">
               </endpoint>
                <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
           </service>
</services>
<behaviors>
     <serviceBehaviors>
        <behavior name="BimaExpress.Services.Service1Behavior">
         <serviceMetadata httpsGetEnabled="true" />
         <serviceDebug includeExceptionDetailInFaults="false" />
       </serviceBehaviors>
        </behavior>
</behaviors>
<bindings>
   <wsHttpBinding>
        <binding name="WSHttpBinding_IChildInsuranceService">
          <security mode="Transport">
               <transport clientCredentialType="none"  />
           </security>
        </binding>
    </wsHttpBinding>
</bindings>

Message Security: Message level security is implemented with message data itself. Due to this it is independent of the protocol. Some of the common ways of implementing message level security is by encrypting data using some standard encryption algorithm.Check the below link for implementation:
http://pratapreddypilaka.blogspot.in/2011/10/wcf-implementing-message-level-security.html

No comments: