Specifies the level of protection to be applied to a message.
public enum ProtectionLevelNone: No protection is applied to the message.
Sign: The message is signed to ensure its integrity and authenticity.
EncryptAndSign: The message is encrypted to ensure confidentiality and signed to ensure integrity and authenticity.
The ProtectionLevel enumeration is used to specify the desired level of security protection for messages exchanged between client and server applications. It is commonly used with Windows Communication Foundation (WCF) services and other .NET networking components.
When a communication channel is configured with a specific ProtectionLevel, the underlying security protocols (such as TLS/SSL) will enforce the specified protection mechanisms.
None is the least secure option and should only be used in trusted environments or for non-sensitive data.Sign provides assurance that the message has not been tampered with during transit and that it originated from the claimed sender.EncryptAndSign offers the highest level of security, ensuring both confidentiality (preventing eavesdropping) and integrity/authenticity.The choice of ProtectionLevel depends on the sensitivity of the data being transmitted and the security requirements of the application.
| Assembly | Class | Member |
|---|---|---|
| System.Net.Primitives | ChannelProtectionRequirementsAttribute |
ProtectionLevel property |
| System.ServiceModel.Primitives | ServiceCredentials |
MessageProtectionLevel property |
| System.ServiceModel.Primitives | BasicHttpBinding |
Security.Message.ClientCredentialType and Security.Message.ProtectionLevel properties |
<!-- Example for a binding configuration requiring encryption and signing -->
<customBinding>
<binding name="secureBinding">
<textMessageEncoding />
<httpsTransport /> <!-- Or other transport like tcp -->
<!-- Example with explicit security settings -->
<security authenticationMode="MutualCertificate">
<message protectionLevel="EncryptAndSign" />
</security>
</binding>
</customBinding>
In WCF, this is often configured through binding elements, where ProtectionLevel can be set on the message security or transport security.