Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
223 views
in Technique[技术] by (71.8m points)

wcf security - WCF, DataPower integration - secure binding necessary?

I have been developing a WCF service using basic HTTP binding. This has been integrated with DataPower. I want to follow best practice by enabling secure binding. Is this necessary?

Referring to slide 8 in DataPower WCF integration :

DataPower is designed to off-load the security for the WCF services.

Thank you.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Only your security architects can really tell you if it is needed for your case. Remember, whatever you are sending over the wire is unsecured when using basic HTTP. Within the enterprise, maybe, that isn't a problem. But anyone that was sniffing the trafic could intercept your messages and easily get to the data within.

At Tellago, we have done WCF-Data Power integration using a custom federated security (almost identical to Geneva aka WIF) for our clients. But, odds are, if you are asking if you need security, you probably are not using federated security.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...