Are all WCF security options equally secure?

Question

For example "Ntlm" isn't secure by itself. When I use the nettcp binding with ntlm, am I forced by WCF to configure a server certificate as well so the credentials can be encrypted or how does ntlm is protected?

How is nettcp "Basic" encrypted?

How does WCF protect the "message" security "UserName"? Does WCF also need/use a server certificate in this case? How does the message is encrypted?

So are all WCF security options equally secure?

That is a very broad question. If you can tell us more about the context of your problem then you are more likely to get an answer, and more likely for your question not to be closed down. — mjwills, Mar 27 '18 at 10:47

score 0 · Accepted Answer · answered Mar 27 '18 at 13:04

No they aren't

Basic authentication is not really considered secured and yes the packets will have to go through SSL channel. Because the auth header value is only the username:password value encoded in Base64.

To know more about WCF and security that fits for you visit this answer: WCF Security: Difference between TransportWithMessageCredential and Message Security Mode

also this article to know more about autherization and authentication in WCF: https://msdn.microsoft.com/en-us/library/ff405740.aspx

Are all WCF security options equally secure?

1 Answers1