<transport> of <netTcpBinding>
Defines the type of message-level security requirements for an endpoint configured with the <netTcpBinding>.
<configuration>
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding>
<security>
<transport>
Syntax
<netTcpBinding>
<binding>
<security mode="None|Transport|Message|TransportWithMessageCredential">
<transport clientCredentialType="None|Windows|Certificate"
protectionLevel="None|Sign|EncryptAndSign"
sslProtocols="Tls|Tls11|Tls12">
<extendedProtectionPolicy policyEnforcement="Never|WhenSupported|Always"
protectionScenario="TransportSelected|TrustedProxy">
<customServiceNames>
</customServiceNames>
</extendedProtectionPolicy>
</transport>
</security>
</binding>
</netTcpBinding>
Attributes and Elements
The following sections describe attributes, child elements, and parent elements
Attributes
| Attribute | Description |
|---|---|
| clientCredentialType | Optional. Specifies the type of credential to be used when performing client authentication using Transport security. - The default value is Windows.- This attribute is of type TcpClientCredentialType. |
| protectionLevel | Optional. Defines security at the level of the TCP transport. Signing messages mitigates the risk of a third party tampering with the message while it is being transferred. Encryption provides data-level privacy during transport. The default value is EncryptAndSign. |
| sslProtocols | A SslProtocols enum flag value that specifies which SslProtocols are supported. The default is Tls|Tls11|Tls12. |
| policyEnforcement | This enumeration specifies when the ExtendedProtectionPolicy should be enforced. 1. Never – The policy is never enforced (Extended Protection is disabled). 2. WhenSupported – The policy is enforced only if the client supports Extended Protection. 3. Always – The policy is always enforced. Clients which don’t support Extended Protection will fail to authenticate. |
clientCredentialType Attribute
| Value | Description |
|---|---|
| None | The client is anonymous. This requires a certificate for the service. |
| Windows | Specifies Windows authentication of the client using SP Negotiation (Kerberos negotiation). |
| Certificate | The client is authenticated using a certificate. This uses SSL Negotiation and requires a certificate for the service. |
protectionLevel Attribute
| Value | Description |
|---|---|
| None | No protection. |
| Sign | Messages are signed. |
| EncryptAndSign | - Messages are encrypted and signed. |
Child Elements
None
Parent Elements
| Element | Description |
|---|---|
| <security> | Specifies the security capabilities of the <netTcpBinding>. |
Remarks
Use Transport security for integrity and confidentiality of the SOAP message and for mutual authentication. If this security mode is selected on a binding, the channel stack is configured using a secure transport and the SOAP messages are secured using transport security such as Windows (Negotiate) or SSL over TCP.
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for