<transport> of <netTcpBinding>
Defines the type of message-level security requirements for an endpoint configured with the <netTcpBinding>.
<netTcpBinding> <binding> <security mode="None|Transport|Message|TransportWithMessageCredential"> <transport clientCredentialType="None|Windows|Certificate" protectionLevel="None|Sign|EncryptAndSign" sslProtocols="Tls|Tls11|Tls12"> <extendedProtectionPolicy policyEnforcement="Never|WhenSupported|Always" protectionScenario="TransportSelected|TrustedProxy"> <customServiceNames> </customServiceNames> </extendedProtectionPolicy> </transport> </security> </binding> </netTcpBinding>
Attributes and Elements
The following sections describe attributes, child elements, and parent elements
|clientCredentialType||Optional. Specifies the type of credential to be used when performing client authentication using Transport security.
- The default value is
- This attribute is of type TcpClientCredentialType.
|protectionLevel||Optional. Defines security at the level of the TCP transport. Signing messages mitigates the risk of a third party tampering with the message while it is being transferred. Encryption provides data-level privacy during transport.
The default value is
|sslProtocols||A SslProtocols enum flag value that specifies which SslProtocols are supported. The default is Tls|Tls11|Tls12.|
|policyEnforcement||This enumeration specifies when the ExtendedProtectionPolicy should be enforced.
1. Never – The policy is never enforced (Extended Protection is disabled).
2. WhenSupported – The policy is enforced only if the client supports Extended Protection.
3. Always – The policy is always enforced. Clients which don’t support Extended Protection will fail to authenticate.
|None||The client is anonymous. This requires a certificate for the service.|
|Windows||Specifies Windows authentication of the client using SP Negotiation (Kerberos negotiation).|
|Certificate||The client is authenticated using a certificate. This uses SSL Negotiation and requires a certificate for the service.|
|Sign||Messages are signed.|
|EncryptAndSign||- Messages are encrypted and signed.|
|<security>||Specifies the security capabilities of the <netTcpBinding>.|
Use Transport security for integrity and confidentiality of the SOAP message and for mutual authentication. If this security mode is selected on a binding, the channel stack is configured using a secure transport and the SOAP messages are secured using transport security such as Windows (Negotiate) or SSL over TCP.