Home/ Questions/Q 8350955
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-09T08:28:51+00:00

Here is WCF binding and security question I’m quite confused: You are hosting a

  • 0

Here is WCF binding and security question I’m quite confused:

You are hosting a Windows Communication Foundation (WCF) service at
http://www.contoso.com for a law enforcement agency. The agency adds
operations to support sending biometric fingerprint data via
non-buffered streaming. The service data is routed between
intermediaries. The WCF binding you are using by default does not
support encryption. You need to ensure that the fingerprint data is
not disclosed when passed over the network. What should you do?

Answer is B. But I think here it says “The service data is routed between intermediaries”, so message security should be favour over transport security. Well, it did say “The WCF binding you are using by default does not support encryption”, but the options here do offer using wsHttpBinding, so I think both A and C will do. Can anyone tell what I’m wrong there?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    This sentence in the question is the key:

    The WCF binding you are using by default does not support encryption

    So that means the question is implying you are using basicHttpBinding, since wsHttpBinding has WS*-Security enabled by default. You can actually inspect the calls via Fiddler. The messages are signed and encrypted using a security token by default – for the gory details – this explains the SPNEGO token that is cached on the service.

    So that eliminates C, D because of the sentence I highlighted earlier.

    That leaves A and B. I don’t agree with B as MSDN itself states that Transport security only secures messages with the communication is point to point. If the message is routed to one or more SOAP intermediaries before reaching the ultimate receiver, the message itself is not protected once an intermediary reads it from the wire.

    The question also clearly says:

    The service data is routed between intermediaries

    Therefore, I beleive the correct answer is A, some WCF experts on SO may correct me.

    • 0