I have a wsHttpBinding like this
<wsHttpBinding>
<binding name="binding1">
<security mode="Message" >
<message clientCredentialType="Windows" negotiateServiceCredential="true" />
</security>
</binding>
</wsHttpBinding>
If only NTLM is available,
Is this mean WCF will send client's credential through SOAP message?
Is this configuration compatible with ws-security?
Thanks
Both your questions are answered with a YES. Please read http://www.codeproject.com/KB/WCF/HttpBinding.aspx for details:
As WsHttBinding supports WS-*, it has WS-Security enabled by default. So the data is not sent in plain text.