Difference Between Transport and Message Level Security

Introduction

In Windows Communication Foundation, we can configure to use security at different levels

1. Transport Level security means providing security at the transport layer itself. When dealing with security at Transport level, we are concerned about integrity, privacy and authentication of message as it travels along the physical wire. It depends on the binding being used that how WCF makes it secure because most of the bindings have built-in security.

Code

<netTcpBinding>

  <binding name="netTcpTransportBinding">

    <security mode="Transport">

      <Transport clientCredentialType="Windows" />

    </security>

  </binding>

</netTcpBinding>

 
2. Message Level Security For Tranport level security, we actually ensure the transport that is being used should be secured but in message level security, we actually secure the message. We encrypt the message before transporting it.

Code

<wsHttpBinding>

  <binding name="wsHttpMessageBinding">

    <security mode="Message">

      <Message clientCredentialType="UserName" />

    </security>

  </binding>

</wsHttpBinding>

 
It totally depends upon the requirements but we can use a mixed security mode also as follows:

Code
 

<basicHttpBinding>

  <binding name="basicHttp">

    <security mode="TransportWithMessageCredential">

      <Transport />

      <Message clientCredentialType="UserName" />

    </security>

  </binding>

</basicHttpBinding> 

 

Next Recommended Reading WCF Message Security With Certificates