0
votes

I am new to WCF. I am investigating the right way to have message body encryption over HTTPS (mixing both transport and message level security at the moment)

I have HttpsGetEnabled.

Using WsHttpBinding, I still see the message body unencrypted

  <wsHttpBinding>
    <binding name="myCustomWsHttpBinding">
      <security mode="TransportWithMessageCredential">
        <transport clientCredentialType="None"/>
        <message clientCredentialType="Certificate" />
      </security>
    </binding>
  </wsHttpBinding>

I have also tried using custom binding but same result

<binding name="myCustomBinding">
  <security authenticationMode="CertificateOverTransport"
            messageProtectionOrder="EncryptBeforeSign"
            includeTimestamp="true"
            protectTokens="true"
            >
  </security>
  <textMessageEncoding messageVersion="Soap11WSAddressing10" />
  <httpsTransport/>
</binding>

How can we have message body encrypted when using Https? If I understand correctly message level security is independent of transport so using https is possible in this case?

1

1 Answers

1
votes

In the custom binding, set authenticationMode to "mutualCertificate"