What type of encryption is used in Message Security? How is the message encrypted?
I am using certificate credential type.
MSDN doc says message security encrypts and signs the message.
Is the certificate only used for authentication or is it used for encrypting and signing of message as well?
How secure is the encryption?
Message security uses the WS-Security specification to secure messages. The specification describes enhancements to Simple Object Access Protocol (SOAP) messaging to ensure confidentiality, integrity, and authentication at the SOAP message level (instead of the transport level). You can configure the message security to avoid service credential negotiation if you want to restrict clients from accessing your service. This is especially important when you are in partner scenario where your service is exposed to a number of clients. When you configure message security to not negotiate credentials, you have to make sure that the service credentials are available out-of-band to the client application. Message security is available on all of the bindings except for netNamedPipeBinding and MSmqIntegrationBinding http://msdn.microsoft.com/en-us/library/ff648863.aspx this link to know more about encryption of message.
