All geek questions in one place

WCF netTCPBinding

WCF netTCPBinding is "protected by default." As I understand it, that means ..

  • Subscribers authenticate using their Windows credentials.
  • Messages are subscribed
  • Messages are encrypted.

However, I can configure a very simple WCF client service configured on my localhost. Authentication will work like on the same computer, but how does signature and encryption work?

WCF requires a certificate to sign and encrypt messages. If I do not have a certificate, how will my service work? As a message - even just switching to the same computer is signed and encrypted.

Thanks.

+4
source share
1 answer

By default, NetTcpBinding uses transport security, with a list of default features.

Signing and encrypting messages in this context does not mean the same as in message security. Rather, it means that all data packets sent over the network transport are signed and encrypted. It is independent of certificates. This is done by the security providers installed in the operating system on the sending and receiving machines, called through SSPI ( Security Support Provider Interface ) - the same mechanism that is used, for example, when domain credentials are used to access some resources, such as a file on another car on the network.

Before any application data is sent over the connection, the binding organizes an SSPI handshake between the sender and receiver, specifying the Negotiate security package (this selects either NTLM or Kerberos as the actual security protocol, depending on the capabilities of the respective host machines). Security labels are exchanged over the connection as part of this handshake, at the end of which the security supporters of the parties will have agreed session keys for use in signing and encrypting subsequent application messages.

+5
source

Source: https://habr.com/ru/post/1342155/

More articles:


All Articles