wcf-securitywcf-restwebhttpbindingrest-security

MessageSecurity with webHttpBinding


I am reading security concepts of WCF in 'Programming WCF Services' book. In that i got points like generally transport security is good for intranet scenarios because of point-point etc.

For internet scenarios, we can use message security as the better choice. I already worked at basic level in REST based wcf. So i use webHttpBinding. As i knew that the Message security is based on WS standards and the webHttpBinding is rest based it is not possible to apply Message security in the webHttpBinding.

But if take a scenario like i am creating a public API (for internet) in REST wcf as the methods are used in handheld devices also. Here how transport security is better than message security. Is my understanding right or in the REST transport security is different concept?

Please explain


Solution

  • Message Security is implemented via the WS-Security specification. And the WebHttpBinding enables REST-style APIs.

    REST delegates all security concerns to the Transport layer, typically via SSL, so Message Security does not apply.