<security> of <webHttpBinding>

Specifies the security requirements for an endpoint configured with a <webHttpBinding>.

<configuration>
  <system.serviceModel>
    <bindings>
      <webHttpBinding>
        <binding>
          <security>

Syntax

<system.ServiceModel>
  <bindings>
    <webHttpBinding>
      <binding name = "String">
        <security mode="None/Transport/TransportCredentialOnly">
          <transport clientCredentialType="Basic/Certificate/Digest/None/Ntlm/Windows"
                     proxyCredentialType="Basic/Digest/None/Ntlm/Windows"
                     realm="String" />
        </security>
      </binding>
    </webHttpBinding>
  </bindings>
</system.ServiceModel>

Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute Description
mode Specifies whether transport-level security or no security is used by an endpoint. The default is None. This attribute is of type WebHttpSecurityMode.

Mode Attribute

Value Description
None Security is disabled.
Transport Security is provided using HTTPS. The service needs to be configured with SSL certificates. The message is entirely secured using HTTPS and the service is authenticated by the client using the service’s SSL certificate. The client authentication is controlled through the ClientCredentialType attribute of the <transport>.
TransportCredentialOnly This mode does not provide message integrity and confidentiality. It provides HTTP-based client authentication. This mode should be used with caution. It should be used in environments where the transport security is being provided by other means (such as IPSec) and only client authentication is provided by the WCF infrastructure.

Child Elements

Element Description
<transport> Defines the transport security settings. This element corresponds to the HttpTransportSecurityElement type.

Parent Elements

Element Description
<webHttpBinding> A binding element that is used to configure endpoints for Windows Communication Foundation (WCF) Web services that respond to HTTP requests instead of SOAP messages.

See also