Specifies the types of security that can be used with the system-provided BasicHttpBinding.
Assemblies: System.ServiceModel (in System.ServiceModel.dll)
System.ServiceModel.Http (in System.ServiceModel.Http.dll)
|Security is provided using SOAP message security. For the BasicHttpBinding, the system requires that the server certificate be provided to the client separately. The valid client credential types for this binding are UserName and Certificate.|
|The SOAP message is not secured during transfer. This is the default behavior.|
|Security is provided using HTTPS. The service must be configured with SSL certificates. The SOAP message is protected as a whole using HTTPS. The service is authenticated by the client using the service’s SSL certificate. The client authentication is controlled through the ClientCredentialType.|
|This mode does not provide message integrity and confidentiality. It provides only HTTP-based client authentication. Use this mode with caution. It should be used in environments where the transfer security is being provided by other means (such as IPSec) and only client authentication is provided by the Windows Communication Foundation (WCF) infrastructure.|
|Integrity, confidentiality and server authentication are provided by HTTPS. The service must be configured with a certificate. Client authentication is provided by means of SOAP message security. This mode is applicable when the user is authenticating with a UserName or Certificate credential and there is an existing HTTPS deployment for securing message transfer.|
Security in this context means message protection (integrity and confidentiality) as well as client and service authentication.
Actual protection requirements (the specific parts of SOAP messages that must be signed or signed and encrypted) are controlled through attributes on the service contract or through properties in the contract description. Properties on the binding do not control what is being signed or encrypted: a binding only delivers the general capability of signing and encrypting.
The default behavior for the BasicHttpBinding is .