So what are the scenarios, advantages and disadvantages of transport VS message security?

 Posted by articlesMaint on 9/14/2009 | Category: WCF Interview questions | Views: 6451




Scenarios when we should be using one of them

When there are no intermediate systems in between this is the best methodology.  

If it’s an intranet type of solution this is most recommended methodology.

When there are intermediate systems like one more WCF service through which message is routed then message security is the way to go.


  • Does not need any extra coding as protocol inherent security is used.

  • Performance is better as we can use hardware accelerators to enhance performance.

  • There is lot of interoperability support and communicating clients do not need to understand WS security as it’s built in the protocol itself.


  • Provides end to end security as it’s not dependent on protocol. Any intermediate hop in network does not affect the application.

  • Supports wide set of security options as it is not dependent on protocol. We can also implement custom security.


  • As it’s a protocol implemented security so it works only point to point.

  • As security is dependent on protocol it has limited security support and is bounded to the protocol security limitations.

  • Needs application refactoring to implement security.

  • As every message is encrypted and signed there are performance issues.

  • Does not support interoperability with old ASMX webservices/

Figure: - Route paths

Asked In: Many Interviews | Alert Moderator 

Comments or Responses

Login to post response