<security> of <webHttpBinding>
Specifies the security requirements for an endpoint configured with a <webHttpBinding>.
<configuration>
<system.serviceModel>
<bindings>
<webHttpBinding>
<binding>
<security>
Syntax
<system.ServiceModel>
<bindings>
<webHttpBinding>
<binding name = "String">
<security mode="None/Transport/TransportCredentialOnly">
<transport clientCredentialType="Basic/Certificate/Digest/None/Ntlm/Windows"
proxyCredentialType="Basic/Digest/None/Ntlm/Windows"
realm="String" />
</security>
</binding>
</webHttpBinding>
</bindings>
</system.ServiceModel>
Attributes and Elements
The following sections describe attributes, child elements, and parent elements.
Attributes
| Attribute | Description |
|---|---|
| mode | Specifies whether transport-level security or no security is used by an endpoint. The default is None. This attribute is of type WebHttpSecurityMode. |
Mode Attribute
| Value | Description |
|---|---|
| None | Security is disabled. |
| Transport | Security is provided using HTTPS. The service needs to be configured with SSL certificates. The message is entirely secured using HTTPS and the service is authenticated by the client using the service’s SSL certificate. The client authentication is controlled through the ClientCredentialType attribute of the <transport>. |
| TransportCredentialOnly | This mode does not provide message integrity and confidentiality. It provides HTTP-based client authentication. This mode should be used with caution. It should be used in environments where the transport security is being provided by other means (such as IPSec) and only client authentication is provided by the WCF infrastructure. |
Child Elements
| Element | Description |
|---|---|
| <transport> | Defines the transport security settings. This element corresponds to the HttpTransportSecurityElement type. |
Parent Elements
| Element | Description |
|---|---|
| <webHttpBinding> | A binding element that is used to configure endpoints for Windows Communication Foundation (WCF) Web services that respond to HTTP requests instead of SOAP messages. |
See also
Collaborate with us on GitHub
The source for this content can be found on GitHub, where you can also create and review issues and pull requests. For more information, see our contributor guide.
