You must Sign In to post a response.
  • Category: WCF

    Interview Question "Why to secure a wcf service"


    I have been asked in an interview "How to secure a wcf service?"

    I don't know what to answer. Please explain me.

    Thanks in advance.


  • #765216
    WCF has mainly two types of security.
    Message level security and Transport level security, even we can have mixed level security in wcf.
    We can enable transport level security in config file as below.


    Message level security can be enabled as below.


    Sridhar Thota.
    Editor: DNS Forum.

  • #765235
    There are many things of security that we need to take care in case of WCF
    see some of the scenario as below
    - Design your service as a wrapper
    - If you are coming from ASMX then use basicHttpBinding to support your existing clients
    - If you are coming from DCOM then, use netTcpBinding
    - If your clients are deployed within intranet then choose transport security
    - if your clients are deployed over the internet then choose message security
    - Know your Authentication options
    - Know your binding options
    - If you need to Interop with non MS clients, use basicHttpBinding or wsHttpBinding
    - If your non-MS clients understand WS stack, use wsHttpBinding

    Editor, DotNetSpider MVM
    Microsoft MVP 2014 [ASP.NET/IIS]

  • #765249
    WCF provides three modes for security.
    [1] Transport security: Transfer security modes to ensure a secured communication between a client and a server
    <binding name="WCFSecurityExample">
    <security mode="None"/>

    [2] Message security : Message security mode allows mutual authentication and offers privacy to a great extent
    <binding name="WCFSecurityExample">
    <security mode="Message"/>

    [3]TransportWithMessageCredential: This is a combination of other two securities

    I recommended to useful links

  • #766714

    A WCF service boasts of a robust security system with two security modes or levels so that only an intended client can access the services. The security threats that are common in a distributed transaction are moderated to a large extent by WCF

    Kindly go through the below mentioned Link, It will help you,


  • Sign In to post your comments