BasicHttpSecurityMode BasicHttpSecurityMode BasicHttpSecurityMode BasicHttpSecurityMode Enum

Definition

Specifies the types of security that can be used with the system-provided BasicHttpBinding.

public enum class BasicHttpSecurityMode
public enum BasicHttpSecurityMode
type BasicHttpSecurityMode = 
Public Enum BasicHttpSecurityMode
Inheritance
BasicHttpSecurityModeBasicHttpSecurityModeBasicHttpSecurityModeBasicHttpSecurityMode

Fields

Message Message Message Message 2

Security is provided using SOAP message security. For the BasicHttpBinding, the system requires that the server certificate be provided to the client separately. The valid client credential types for this binding are UserName and Certificate.

None None None None 0

The SOAP message is not secured during transfer. This is the default behavior.

Transport Transport Transport Transport 1

Security is provided using HTTPS. The service must be configured with SSL certificates. The SOAP message is protected as a whole using HTTPS. The service is authenticated by the client using the service’s SSL certificate. The client authentication is controlled through the ClientCredentialType.

TransportCredentialOnly TransportCredentialOnly TransportCredentialOnly TransportCredentialOnly 4

This mode does not provide message integrity and confidentiality. It provides only HTTP-based client authentication. Use this mode with caution. It should be used in environments where the transfer security is being provided by other means (such as IPSec) and only client authentication is provided by the Windows Communication Foundation (WCF) infrastructure.

TransportWithMessageCredential TransportWithMessageCredential TransportWithMessageCredential TransportWithMessageCredential 3

Integrity, confidentiality and server authentication are provided by HTTPS. The service must be configured with a certificate. Client authentication is provided by means of SOAP message security. This mode is applicable when the user is authenticating with a UserName or Certificate credential and there is an existing HTTPS deployment for securing message transfer.

Remarks

Security in this context means message protection (integrity and confidentiality) as well as client and service authentication.

Actual protection requirements (the specific parts of SOAP messages that must be signed or signed and encrypted) are controlled through attributes on the service contract or through properties in the contract description. Properties on the binding do not control what is being signed or encrypted: a binding only delivers the general capability of signing and encrypting.

The default behavior for the BasicHttpBinding is None.

Applies to