Export (0) Print
Expand All

<security> of <webHttpBinding>

Specifies the security requirements for an endpoint configured with a <wsHttpBinding>.


<system.ServiceModel>
    <bindings>
        <webHttpBinding>
            <binding name = "string">
              <security mode="None/Transport/TransportCredentialOnly">
                                    <transport clientCredentialType = 
                                     "Basic/Certificate/Digest/None/Ntlm/Windows"
                                     proxyCredentialType="Basic/Digest/None/Ntlm/Windows"
                                     realm="string" />
              </security>
        </webHttpBinding>
    </bindings>
</system.ServiceModel>

The following sections describe attributes, child elements, and parent elements.

Attributes

 

Attribute Description

mode

Specifies whether transport-level security or no security is used by an endpoint. The default is None. This attribute is of type WebHttpSecurityMode.

Mode Attribute

 

Value Description

None

Security is disabled.

Transport

Security is provided using HTTPS. The service needs to be configured with SSL certificates. The message is entirely secured using HTTPS and the service is authenticated by the client using the service’s SSL certificate. The client authentication is controlled through the ClientCredentialType attribute of the <transport> of <webHttpBinding>.

TransportCredentialOnly

This mode does not provide message integrity and confidentiality. It provides HTTP-based client authentication. This mode should be used with caution. It should be used in environments where the transport security is being provided by other means (such as IPSec) and only client authentication is provided by the WCF infrastructure.

Child Elements

 

Element Description

<transport> of <webHttpBinding>

Defines the transport security settings. This element corresponds to the HttpTransportSecurityElement type.

Parent Elements

 

Element Description

<webHttpBinding>

A binding element that is used to configure endpoints for Windows Communication Foundation (WCF) Web services that respond to HTTP requests instead of SOAP messages.




Build Date:

2012-08-02
Show:
© 2014 Microsoft