I read the documentation provided on MSDN and some other posts on this site. However, its still a little unclear whether WCF (specifically NetTcpBinding) will actually encrypt message content when using message security with certificates. Does anyone know for sure?
For example, you can specify both transport and message credentials in your configuration:
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Certificate"/>
<message clientCredentialType="Certificate"
negotiateServiceCredential="true" />
</security>
As far as I can tell, the MSDN documentation implies that message security simply depends on the username / password or certificate-based authentication (negotiation), but does not specifically indicate that the message itself is indeed encrypted at the message level.
For example, if I use ONLY certificate security with certificate-based negotiation, I don’t think the message content is actually encrypted (i.e., a packet sniffer can intercept the contents of raw messages, even if the service forces authentication)?
If true message-level encryption is possible (using NetTcpBinding), how is this done in code? I believe this is due to AlgorithmSuite, although I'm not sure
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType = MessageCredentialType.Windows;
binding.Security.Message.AlgorithmSuite = new System.ServiceModel.Security.TripleDesSecurityAlgorithmSuite();
source
share