WCF Bindings and Behaviors

When you create an overall security policy – for example, transfer security with authentication and authorization for your services – you can use bindings and behaviors to configure the required settings.

Bindings and behaviors are described as follows:

• Bindings. Bindings control the security mode, client credential type, and other security settings.

• Behaviors. Service behaviors control impersonation levels, how client credentials are authenticated and authorized, and service credentials.

You can configure bindings and behaviors, or you can program against the object model. Your binding selection determines the available security options for WCF. The following table summarizes the most commonly used bindings in WCF.

Binding	Common scenarios	Default security settings
basicHttpBinding	Legacy Web service protocols	No security
netTcpBinding	Binary TCP communication between machines	Transport security with Windows authentication
wsFederationHttpBinding	Federated security scenarios	Message security with issue token authentication
wsHttpBinding	Leveraging security standards (WS-Security)	Message security with Windows authentication

By default, every WCF binding will provide transfer security and user authentication except for BasicHttpBinding. If necessary, you can change the security settings to suit your scenario requirements.