WebHttpSecurityMode Enum


Defines the modes of security that can be used to configure a service endpoint to receive HTTP requests.

public enum class WebHttpSecurityMode
public enum WebHttpSecurityMode
type WebHttpSecurityMode = 
Public Enum WebHttpSecurityMode


None 0

Indicates no security is used with HTTP requests.

Transport 1

Indicates that transport-level security is used with HTTP requests.

TransportCredentialOnly 2

Indicates that only HTTP-based client authentication is provided.


Use this enumeration to specify whether transport-level security is used by an endpoint configured with a WebHttpBinding to receive HTTP requests. The default value is None, which indicates that no security is used.

If the Transport value is specified by the WebHttpBinding(WebHttpSecurityMode), then the settings provided by the Transport property become effective for the service endpoint. The value of WebHttpSecurityMode can only be set in the WebHttpBinding constructor that takes it as an explicit parameter and its value cannot be set again after the binding instance is created.

TransportCredentialOnly does not provide message integrity and confidentiality. It provides HTTP-based client authentication only. This mode should be used with caution. It should be used in environments, such at IPSec, where the transport security is being provided by other means and only client authentication is provided by the Windows Communication Foundation (WCF) infrastructure.

Applies to