Asymmetric tokens and Mixed-Mode Security

When you are using a X.509 Certificate as the client authentication token in Mixed-Mode Security – apart from signing the Timestamp WCF will sign the ‘To’ header as well. This is to prevent a client spoofing attack by a rougue service. Consider the situation where the client does not sign the ‘To’ header and sends the…

0

WCF Security Modes

WCF supports three types of Security. They are, Transport Security Mixed-Mode Security Message Security Let’s discuss the various Security Modes below.  Transport Security is applied at the transport byte stream below the message layer. The message does not have a Security header and the message does not carry any user authentication data. It is the…

5