确定我可能变得太遥远我WCF配置杂草，不能看透树木森林，所以我想检查站的安全性。

OK I am probably getting too far in the weeds with my WCF configuration and can't see the forest through the trees, so I want to checkpoint on security.

我有（2）在WCF服务的客户端上的消费选择暴露绑定：NetTcpBinding的和的wsHttpBinding（包括罚款和工作）。我已经从配置了默认：clientCredentialType =窗口。我必须配置为使用SSL证书和揭露通过HTTPS端点（我想这一点），而且也有配置的NetTcpBinding的一个SSL证书使用SSL通过TCP（我想这一点）。

I have (2) bindings exposed in a WCF service for options on the client side consuming: netTcpBinding and wsHttpBinding (both fine and working). I have both configured with the default: clientCredentialType="Windows". I have the wsHttpBinding configured to use a SSL certificate and expose the endpoint via https (I want this), and also have an SSL cert configured for the netTcpBinding to use SSL over TCP (I want this too).

下面是我一直得到混合信息。显然，交通运输安全是inheriently安全。这是否意味着我做的没有的需要SSL证书，然后，如果我要保护的传输层？

Here is where I keep getting mixed information. Apparently "Transport" security is inheriently secure. Does this mean I do not need a SSL cert then if I want to secure the Transport layer?

推荐答案

我不得不做的多篇文章的阅读，让我一直在寻找，从我原来的职位的细节很多。这有助于东西收拾了一下我的信息是如下：

I had to do a lot of reading between multiple articles to get the details I was looking for from my original post. The information that helped things to clear up a bit for me was the following:

每个协议（TCP，HTTP，MSMQ了NamedPipes）都有自己的机制来传递凭据和处理信息的保护。的

以上是从 WCFSecurityGuide

来自一个主要的Web后台我有HTTP的pretty的很好的理解，并与一个SSL证书保护它。然而，这种精确的过程是不需要在Windows环境中的net.tcp为使用它自己的方法在视窗以固定传输层。

Coming from a primarily web background I have a pretty good understanding of HTTP and securing it with a SSL cert. However this exact procedure is not required in a Windows environment for net.tcp which uses its own method in Windows to secure the transport layer.

因此​​，当它下来到它，这里的（2）关于explinations以确保一个HTTP绑定，并在的net.tcp在Windows环境下，我想明白了：

So when it gets down to it, here are the (2) explinations in regards to securing a HTTP binding and net.tcp in a Windows environment that I wanted to understand:

有关的net.tcp： 服务和客户端使用Windows身份验证，且消息由Windows安全固定在传输层的

对于HTTP绑定（即的wsHttpBinding）： 使用HTTP绑定，运输安全SSL提供。 SSL证书是用来提供信息保障。的

所以我的没有的需要SSL证书用于通过net.tcp作为由Windows安全处理，并使用传输时的安全inheriently安全绑定。当使用的wsHttpBinding我仍然需要争取与我pviously做如上文$ P $ SSL证书的运输，并暴露通过HTTPS绑定。

So I will not need a SSL cert for the net.tcp binding as that is handled by Windows Security and is inheriently secure when using Transport security. When using a wsHttpBinding I will still need to secure the Transport with a SSL certificate which I had done as mentioned previously, and exposed the binding via HTTPS.

如果任何未来的读者也有类似的问题，WCF的引导链接我张贴和链接下面是一个很好的起点：

If any future readers have similar questions the WCF guide link I posted and the link below are a good place to start:

常见WCF安全方案： http://msdn.microsoft.com/en-us/library/ms730301.aspx