Home/ Questions/Q 8933135
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-15T09:28:02+00:00

If I have the following binding: <bindings> <wsHttpBinding> <binding name=Binding> <security mode=Transport> <message clientCredentialType=Windows/>

  • 0

If I have the following binding:

<bindings>
  <wsHttpBinding>
    <binding name="Binding">
      <security mode="Transport">
        <message clientCredentialType="Windows"/>
      </security>
    </binding>
  </wsHttpBinding>
</bindings>

Will the username and password be send on plain text over the wire?

Edit

I know that by default wcf encrypts the connection. The reason why I asked the question is because of:

enter image description here

I got that from http://msdn.microsoft.com/en-us/library/aa354513.aspx

So my question is I know that the connection is encrypted by default. But do I need a ssl certificate in order to prevent users from seeing the username and password. I know that once I am authenticated messages will be encrypted. But is the password and username encrypted too?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Other answers here are misleading and incorrect, although they may reassure you by mentioning transport security. The correct answer is that Windows Authentication does not send passwords in plain text.

    Windows authentication works when the client guarantees to the server that the user is who they say they are. No password is transmitted over the wire.

    If you were to use Basic Authentication then the password would be transmitted over the wire; if using any https transport then the connection is encrypted but within that connection the content of the message is not encrypted.

    See How secure is WCF wsHttpBinding's Windows authentication? a similar question.

    See MSDN Message and Transport Security for more about WCF transport security.

    • 0