Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Defines the type of message-level security requirements for an endpoint configured with the <netTcpBinding>.
<configuration>
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding>
<security>
<transport>
Syntax
<netTcpBinding>
<binding>
<security mode="None|Transport|Message|TransportWithMessageCredential">
<transport clientCredentialType="None|Windows|Certificate"
protectionLevel="None|Sign|EncryptAndSign"
sslProtocols="Tls|Tls11|Tls12">
<extendedProtectionPolicy policyEnforcement="Never|WhenSupported|Always"
protectionScenario="TransportSelected|TrustedProxy">
<customServiceNames>
</customServiceNames>
</extendedProtectionPolicy>
</transport>
</security>
</binding>
</netTcpBinding>
Attributes and Elements
The following sections describe attributes, child elements, and parent elements
Attributes
| Attribute | Description |
|---|---|
| clientCredentialType | Optional. Specifies the type of credential to be used when performing client authentication using Transport security. - The default value is Windows.- This attribute is of type TcpClientCredentialType. |
| protectionLevel | Optional. Defines security at the level of the TCP transport. Signing messages mitigates the risk of a third party tampering with the message while it is being transferred. Encryption provides data-level privacy during transport. The default value is EncryptAndSign. |
| sslProtocols | A SslProtocols enum flag value that specifies which SslProtocols are supported. The default is Tls|Tls11|Tls12. |
| policyEnforcement | This enumeration specifies when the ExtendedProtectionPolicy should be enforced. 1. Never – The policy is never enforced (Extended Protection is disabled). 2. WhenSupported – The policy is enforced only if the client supports Extended Protection. 3. Always – The policy is always enforced. Clients which don’t support Extended Protection will fail to authenticate. |
clientCredentialType Attribute
| Value | Description |
|---|---|
| None | The client is anonymous. This requires a certificate for the service. |
| Windows | Specifies Windows authentication of the client using SP Negotiation (Kerberos negotiation). |
| Certificate | The client is authenticated using a certificate. This uses SSL Negotiation and requires a certificate for the service. |
protectionLevel Attribute
| Value | Description |
|---|---|
| None | No protection. |
| Sign | Messages are signed. |
| EncryptAndSign | - Messages are encrypted and signed. |
Child Elements
None
Parent Elements
| Element | Description |
|---|---|
| <security> | Specifies the security capabilities of the <netTcpBinding>. |
Remarks
Use Transport security for integrity and confidentiality of the SOAP message and for mutual authentication. If this security mode is selected on a binding, the channel stack is configured using a secure transport and the SOAP messages are secured using transport security such as Windows (Negotiate) or SSL over TCP.
See also
Collaborate with us on GitHub
The source for this content can be found on GitHub, where you can also create and review issues and pull requests. For more information, see our contributor guide.
