<security> of <webHttpBinding>
Specifies the security requirements for an endpoint configured with a <wsHttpBinding>.
<system.ServiceModel> <bindings> <webHttpBinding> <binding name = "string"> <security mode="None/Transport/TransportCredentialOnly"> <transport clientCredentialType = "Basic/Certificate/Digest/None/Ntlm/Windows" proxyCredentialType="Basic/Digest/None/Ntlm/Windows" realm="string" /> </security> </webHttpBinding> </bindings> </system.ServiceModel>
The following sections describe attributes, child elements, and parent elements.
Specifies whether transport-level security or no security is used by an endpoint. The default is None. This attribute is of type WebHttpSecurityMode.
Security is disabled.
Security is provided using HTTPS. The service needs to be configured with SSL certificates. The message is entirely secured using HTTPS and the service is authenticated by the client using the service’s SSL certificate. The client authentication is controlled through the ClientCredentialType attribute of the <transport> of <webHttpBinding>.
This mode does not provide message integrity and confidentiality. It provides HTTP-based client authentication. This mode should be used with caution. It should be used in environments where the transport security is being provided by other means (such as IPSec) and only client authentication is provided by the WCF infrastructure.
Defines the transport security settings. This element corresponds to the HttpTransportSecurityElement type.
A binding element that is used to configure endpoints for Windows Communication Foundation (WCF) Web services that respond to HTTP requests instead of SOAP messages.
Other ResourcesSecuring Services and Clients
Selecting a Credential Type
Windows Communication Foundation Bindings
Configuring System-Provided Bindings
Using Bindings to Configure Services and Clients
Web Programming Model