Home/ Questions/Q 7719891
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-01T03:31:41+00:00

Background: I have an application that, when installed, generates a random identifier (AppId). When

  • 0

Background: I have an application that, when installed, generates a random identifier (AppId). When calling a WCF service I want the identifier passed along so the service knows which instance of the application is calling it.

So far the plan is to use a custom WCF UserNameValidator which will simply check that the “AppId” passed up is a known “AppId”. What I would like to do is encrypt the requests so that the “AppId” cannot be seen, but I would like to do this without SLL. (It’s a small project and trying to keep costs down :))

From what I’ve read I could use Message level security and set the “clientCredentialType” to “UserName” which should encrypt the “username” within. Is this correct? If so, would you consider there to be any extra benefits to using SSL (I believe this is at the “Transport” level) bearing in mind that the “AppId” is the only thing I’m interested in keeping secret?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    According to http://msdn.microsoft.com/en-us/library/ff648863.aspx, you can use Message Encryption without SSL (Transport). Securing the message is a bit more expensive to do, and I would propose to do both Transport and Message level security (from a security perpective), but the aswer to your explicit question is that the one can do without the other, both ways.

    I would consider TransportWithMessageCredential for a best of both worlds approach to your challenge.

    • 0