While reading about differences between WCF transport security vs Message security, i came across this statement (on microsoft's website) :
Use transport security for the following scenarios:
You have both the service and the client in an intranet.
If i am not wrong, we use ssl/tls to implement transport security. Why would I use https in case my service and client are in intranet (same network).
I believe you would like ask about security concern, right?
Well for sure, it is just recommendation. But I believe that in the vast majority of applications you cannot afford not to be secured. Times when developers didn't have to care about security and rely only on environment itself are gone. May you're worried about cost of performance. But paying the security penalty is unavoidable part of modern applications. From my experience is the best way to use security with the maximum security level unless you have some serious reasons to don't do that.
Anyway, this is just my opinion and you don't have to agree with me.
