Transport level security VS message level security in WCF

Advantages of Transport level security

• Does not need any extra coding as protocol inherent security is used.
• Performance is better as we can use hardware accelerators to enhance performance.
• There is lot of interoperability support and communicating clients do not need to understand WS security as it’s built in the protocol itself.

Disadvantages of Transport level security

• As it’s a protocol implemented security so it works only point to point.
• As security is dependent on protocol it has limited security support and is bounded to the protocol security limitations.

Advantages of Message level security

• Provides end to end security as it’s not dependent on protocol. Any intermediate hop in network does not affect the application.
• Supports wide set of security options as it is not dependent on protocol. We can also implement custom security

Disadvantages of Message level security

• Needs application refactoring to implement security.
• As every message is encrypted and signed there are performance issues.
• Does not support interoperability with old ASMX webservices

Be Sociable, Share!

•