<transport> of <netTcpBinding>

Defines the type of message-level security requirements for an endpoint configured with the <netTcpBinding>.



    <security mode="None|Transport|Message|TransportWithMessageCredential">
      <transport clientCredentialType="None|Windows|Certificate"
        <extendedProtectionPolicy policyEnforcement="Never|WhenSupported|Always"

Attributes and Elements

The following sections describe attributes, child elements, and parent elements


Attribute Description
clientCredentialType Optional. Specifies the type of credential to be used when performing client authentication using Transport security.

- The default value is Windows.
- This attribute is of type TcpClientCredentialType.
protectionLevel Optional. Defines security at the level of the TCP transport. Signing messages mitigates the risk of a third party tampering with the message while it is being transferred. Encryption provides data-level privacy during transport.

The default value is EncryptAndSign.
sslProtocols A SslProtocols enum flag value that specifies which SslProtocols are supported. The default is Tls|Tls11|Tls12.
policyEnforcement This enumeration specifies when the ExtendedProtectionPolicy should be enforced.

1. Never – The policy is never enforced (Extended Protection is disabled).
2. WhenSupported – The policy is enforced only if the client supports Extended Protection.
3. Always – The policy is always enforced. Clients which don’t support Extended Protection will fail to authenticate.

clientCredentialType Attribute

Value Description
None The client is anonymous. This requires a certificate for the service.
Windows Specifies Windows authentication of the client using SP Negotiation (Kerberos negotiation).
Certificate The client is authenticated using a certificate. This uses SSL Negotiation and requires a certificate for the service.

protectionLevel Attribute

Value Description
None No protection.
Sign Messages are signed.
EncryptAndSign - Messages are encrypted and signed.

Child Elements


Parent Elements

Element Description
<security> Specifies the security capabilities of the <netTcpBinding>.


Use Transport security for integrity and confidentiality of the SOAP message and for mutual authentication. If this security mode is selected on a binding, the channel stack is configured using a secure transport and the SOAP messages are secured using transport security such as Windows (Negotiate) or SSL over TCP.

See also