Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Basically, if I have a plain WCF Service over HTTPS is it automatically secure?
[ServiceContract]
public interface ICalc
{
[OperationContract] int add(int a, int b);
}
public class Calculator : ICalc
{
public int add(int a, int b) { return a + b; }
}
I figure the actual SOAP message isn’t encrypted here, but is it still secure if I use https? Basically, if I use a basichttpbinding with no security settings in my config over https://www.myserver.com/services/Calc.svc is that secure?
The messages on the wire are encrypted. I believe it is also possible to implement message security by configuring the various bindings.
There are three main security settings in WCF:
Each has their own pros/cons depending on your situation.
Take a look at this MSDN article on WCF security: http://msdn.microsoft.com/en-us/library/ms731925.aspx
Hope that helps,
Jeffrey Kevin Pry