Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

WCF binding security mode in app config is confusing

Posted on 2010-08-21
1
Medium Priority
?
1,790 Views
Last Modified: 2012-05-10
I am confused by some of the security settings in WCF, when you are making configuration settings in the host app config.  The issue centers on the following nodes:
<binding>
  <security mode = "" >
     <transport ...  />
     <message .... />

Learning WCF, by Bustamante, says that the defaults for wsHttpBinding and netTcpBinding are:

<binding>    <!-- for wsHttpBinding  -->
  <security mode = "Message" >
     <transport ...  />
     <message .... />

<binding>    <!-- netTcpBinding  -->
  <security mode = "Transport" >
     <transport ...  />
     <message .... />

What confuses me is why are both <transport> and <message> used?  For all the other standard bindings defaults the @mode value and the child element to <security> match up one-to-one.  (If mode=Message then they use security/message; if mode=transport, then they use security/trnasport)

I guess I dont understand the meaning of <security mode="" >   The text (and msdn) explains "mode" with statements like, "this configures the binding for transport security" or "this configures the binding for message security"

What are the meanings of security/@mode and security/transport and security/message; and how do the interact and/or depend on each other?
0
Comment
Question by:pdschuller
1 Comment
 
LVL 3

Accepted Solution

by:
with earned 2000 total points
ID: 33494378
The "mode" is the controlling factor; it establishes how security is going to work.  Beyond that, additional configuration information will be read from child elements <transport> and <message>, if present, and as they pertain to the selected mode.

Depending on your selected mode, <transport> or <message> may not be applicable.  For instance, mode "None" disables security and anything else you put in there gets ignored.  Because some modes like TransportWithMessageCredential use both elements <transport> and <message>, these elements must both remain simultaneously permissible by the XML schema itself.  Whether they'll actually be used depends on the mode.

0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This tutorial will show you how to add an attribute to an XML (http://en.wikipedia.org/wiki/XML) stream returned from a Windows Communication Foundation (http://en.wikipedia.org/wiki/Windows_Communication_Foundation) (WCF) Web Service.  Some knowled…
While working on Silverlight and WCF application, I faced one issue where fault exception occurred at WCF operation contract is not getting propagated to Silverlight client. So after searching net I came to know that it was behavior by default for s…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
How can you see what you are working on when you want to see it while you to save a copy? Add a "Save As" icon to the Quick Access Toolbar, or QAT. That way, when you save a copy of a query, form, report, or other object you are modifying, you…
Suggested Courses
Course of the Month10 days, 9 hours left to enroll

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question