Authentication is the process of identifying the sender and recipient of the message.
Authorization is the process of determining roles for authenticated users.
Confidentiality is the process to ensure that only intended recipient of the message can view the message .This is done by encrypting the message.
Integrity is the process to ensure that the message is not tampered by a malicious user as it is being transmitted from sender to receiver.This is done by digital signature.Digital signature is nothing but signing the message.
Binding in WCF determine the security scheme.Below is the link from msdn provides all bindings and their respective security defaults.
The default security scheme for NETTcpBinding is Transport whereas for WSHttpBinding it is message.
WHen sending a message between a client and WCF service, there are 2 things to consider.
The communication medium or communication protocol
Securing transport channel is called transport security.Each protocol has their own way of providing transport security.
TCP provides transport security by implementing Transport Layer Security and HTTP provides transport security by using Secure socket layer.
Securing the message by encapsulating the security credentials with every SOAP message is called message security.
Reference books, you may like:Programming WCF Services: Design and Build Maintainable Service-Oriented Systems
WCF Multi-Layer Services Development with Entity Framework, 4th Edition
Learning WCF: A Hands-on Guide
© 2015, admin. All rights reserved.