We have been researching using message level security for our WCF Services, but have run into a lot of issues dealing with client certificates and getting them to work correctly. My concern is that we want to make the service available on the internet and have them accessed from multiple client front ends (Windows, Android, iOS, etc). Will it be difficult to install the client certificates in non-Windows environments? If so, what will be the best way to encrypt the data going to and from our WCF Services (I know that there are holes with transport level security, which is why we were focusing on message level security)?
If the main thing gained from message level security is encrypting of the data, even though it's more work, couldn't we just encrypt the data ourselves and decrypt it on the server rather than relying on message level security provided by WCF?
Aucun commentaire:
Enregistrer un commentaire