For several common binding types, what security modes are supported, and what authentication methods can be used for various security modes (determined by the client credential type ), these are described in detail in the previous series of articles. Next, we will summarize the Security modes of different types of systems through the form of tables.
I. system pre-defined binding support for different security Modes
The following table indicates that the system pre-defined binding supports different security modes (WSHttpBinding and WS2007HttpBinding have the same security mode support policies, and only WSHttpBinding is listed here ).
|
BasicHttpBinding |
WSHttpBinding |
WSDualHttpBinding |
NetNamedPipeBinding |
NetTcpBinding |
NetMsmqBinding |
None |
Default |
Yes |
Yes |
Yes |
Yes |
Yes |
Transport |
Yes |
Yes |
No |
Default |
Default |
Default |
Message |
Yes |
Default |
Default |
No |
Yes |
Yes |
Mixed |
Yes |
Yes |
Yes |
No |
Yes |
No |
Both |
No |
No |
No |
No |
No |
Yes |
TransportCredentialOnly |
Yes |
No |
No |
No |
No |
No |
For this table, we can see that:
- All bindings can adopt no secure transmission mechanism, that is, None safe mode is supported;
- The default BasicHttpBinding mode is None, the WS-related binding mode is Message, and the LAN-related binding mode is Transport;
- Except NetNamedPipeBinding, all bindings support Message security mode;
- All bindings that support Message mode support the Mixed mode except NetMsmqBinding;
- Except WSDualHttpBinding, all bindings support the Transport mode;
- Only BasicHttpBinding supports the TransportCredentialOnly mode;
- Only NetMsmqBinding supports the Both security mode.
Ii. Support for different Transport client creden by predefined system binding
Next, let's compare the common system definitions that we introduced earlier. What are the differences in client credential type set support when binding in Transport security mode.
|
BasicHttpBinding |
WSHttpBinding |
WSDualHttpBinding |
NetNamedPipeBinding |
NetTcpBinding |
NetMsmqBinding |
None |
Default |
Yes |
- |
No |
Yes |
No |
Basic |
Yes |
Yes |
- |
No |
No |
No |
Digest |
Yes |
Yes |
- |
No |
No |
No |
Windows |
Yes |
Default |
- |
Default |
Default |
Default |
Ntlm |
Yes |
Yes |
- |
No |
No |
No |
Certificate |
Yes |
Yes |
- |
No |
Yes |
No |
We can see from the data in the following table:
- Three HTTP-based bindings (excluding WSDualHttpBinding that does not support Transport security mode) Support all types of client creden( (in fact, the client credentialtype is represented by enumeration HttpClientCredentialType );
- Except for BasicHttpBinding, which uses None as the client credential type (anonymous client) by default, the default client credential types bound to other clients are Windows;
- NetTcpBinding supports three types of client credennone: None, Windows, and Certificate;
- NetNamedPipeBinding and NetMsmqBinding support the unique client credential type Windows.
3. Support for different Message client creden by predefined binding
The support for different types of client creden。 in Message mode (or Mixed mode) is very clear. Besides BasicHttpBinding, all other bindings (excluding NetNamedPipeBinding that does not support Message security mode) Use MessageCredentialType to indicate the type of client creden. In Message mode, the support for different types of bindings for different client credential sets is reflected in the following table.
|
BasicHttpBinding |
WSHttpBinding |
WSDualHttpBinding |
NetNamedPipeBinding |
NetTcpBinding |
NetMsmqBinding |
None |
No |
Yes |
Yes |
- |
Yes |
Yes |
User Name |
Default |
Yes |
Yes |
- |
Yes |
Yes |
Windows |
No |
Default |
Default |
- |
Default |
Default |
Certificate |
Yes |
Yes |
Yes |
- |
Yes |
Yes |
IssuedToken |
No |
Yes |
Yes |
- |
Yes |
Yes |