Is it possible to use both Transport security (HTTPS, authentication with a Client cert) in addition to message-level encryption via configuration in WCF? Is this done with wsHttpBinding out-of-the-box?
I am attempting to accomplish this with a custom binding, but am unable to tell if the requests are being encrypted at the message level because they appear as plain text in the trace logs.
I've done quite a bit of research but can't seem to find any solid answers. Any help is appreciated!
Yes, it's possible to have both as described in this MSDN article. The article is pretty thorough & detailed but the crux of enabling this functionality is this setting:
<!-- snipped -->
<wsHttpBinding>
<binding name="wsHttp">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Certificate"/>
<message clientCredentialType="Certificate"
negotiateServiceCredential="true" />
</security>
</binding>
</wsHttpBinding>
<!-- snipped -->