Interview Question "Why to secure a wcf service"
Hi,I have been asked in an interview "How to secure a wcf service?"
I don't know what to answer. Please explain me.
Thanks in advance.
Regards,
RAJAN CRP
You must Sign In to post a response.
Category: WCF
I have been asked in an interview "How to secure a wcf service?"
I don't know what to answer. Please explain me.
Thanks in advance.
Regards,
RAJAN CRP
#765216
WCF has mainly two types of security.
Message level security and Transport level security, even we can have mixed level security in wcf.
We can enable transport level security in config file as below.
Message level security can be enabled as below.
Sridhar Thota.
Editor: DNS Forum.
Message level security and Transport level security, even we can have mixed level security in wcf.
We can enable transport level security in config file as below.
<wsHttpBinding>
<bindingname="WCFSample">
<securitymode="Transport"/>
</binding>
</wsHttpBinding>
Message level security can be enabled as below.
<wsHttpBinding>
<bindingname="WCFSample">
<securitymode="Message"/>
</binding>
</wsHttpBinding>
Sridhar Thota.
Editor: DNS Forum.
#765235
There are many things of security that we need to take care in case of WCF
see some of the scenario as below
- Design your service as a wrapper
- If you are coming from ASMX then use basicHttpBinding to support your existing clients
- If you are coming from DCOM then, use netTcpBinding
- If your clients are deployed within intranet then choose transport security
- if your clients are deployed over the internet then choose message security
- Know your Authentication options
- Know your binding options
- If you need to Interop with non MS clients, use basicHttpBinding or wsHttpBinding
- If your non-MS clients understand WS stack, use wsHttpBinding
Thanks
Koolprasd2003
Editor, DotNetSpider MVM
Microsoft MVP 2014 [ASP.NET/IIS]
see some of the scenario as below
- Design your service as a wrapper
- If you are coming from ASMX then use basicHttpBinding to support your existing clients
- If you are coming from DCOM then, use netTcpBinding
- If your clients are deployed within intranet then choose transport security
- if your clients are deployed over the internet then choose message security
- Know your Authentication options
- Know your binding options
- If you need to Interop with non MS clients, use basicHttpBinding or wsHttpBinding
- If your non-MS clients understand WS stack, use wsHttpBinding
Thanks
Koolprasd2003
Editor, DotNetSpider MVM
Microsoft MVP 2014 [ASP.NET/IIS]
#765249
WCF provides three modes for security.
[1] Transport security: Transfer security modes to ensure a secured communication between a client and a server
[2] Message security : Message security mode allows mutual authentication and offers privacy to a great extent
[3]TransportWithMessageCredential: This is a combination of other two securities
I recommended to useful links
http://www.codemag.com/article/0611051
http://www.tutorialspoint.com/wcf/wcf_security.htm
http://dotnetmentors.com/wcf/wcf-message-level-security-by-example.aspx
[1] Transport security: Transfer security modes to ensure a secured communication between a client and a server
<wsHttpBinding>
<binding name="WCFSecurityExample">
<security mode="None"/>
</binding>
</wsHttpBinding>
[2] Message security : Message security mode allows mutual authentication and offers privacy to a great extent
<wsHttpBinding>
<binding name="WCFSecurityExample">
<security mode="Message"/>
</binding>
</wsHttpBinding>
[3]TransportWithMessageCredential: This is a combination of other two securities
I recommended to useful links
http://www.codemag.com/article/0611051
http://www.tutorialspoint.com/wcf/wcf_security.htm
http://dotnetmentors.com/wcf/wcf-message-level-security-by-example.aspx
#766714
HI,
A WCF service boasts of a robust security system with two security modes or levels so that only an intended client can access the services. The security threats that are common in a distributed transaction are moderated to a large extent by WCF
Kindly go through the below mentioned Link, It will help you,
1.http://www.tutorialspoint.com/wcf/wcf_security.htm
A WCF service boasts of a robust security system with two security modes or levels so that only an intended client can access the services. The security threats that are common in a distributed transaction are moderated to a large extent by WCF
Kindly go through the below mentioned Link, It will help you,
1.http://www.tutorialspoint.com/wcf/wcf_security.htm
Return to Return to Discussion Forum