What should you do?

You are creating a Windows Communication Foundation (WCF) service to process orders.
The data contract for the order is defined as follows:

[DataContract]
public class Order
{
[DataMember]
public string CardHolderName { get; set; }
[DataMember]
public string CreditCardNumber { get; set; }
}

You have the following requirements:
* Enable the transmission of the contents of Order from the clients to the service.
* Ensure that the contents of CreditCardNumber are not sent across the network in clear text.
* Ensure that the contents of CreditCardNumber are accessible by the service to process the order.

You need to implement the service to meet these requirements. What should you do?

You are creating a Windows Communication Foundation (WCF) service to process orders.
The data contract for the order is defined as follows:

[DataContract]
public class Order
{
[DataMember]
public string CardHolderName { get; set; }
[DataMember]
public string CreditCardNumber { get; set; }
}

You have the following requirements:
* Enable the transmission of the contents of Order from the clients to the service.
* Ensure that the contents of CreditCardNumber are not sent across the network in clear text.
* Ensure that the contents of CreditCardNumber are accessible by the service to process the order.

You need to implement the service to meet these requirements. What should you do?

A.
Add a DataProtectionPermission attribute to the CreditCardNumber property and set the ProtectData property to true.

B.
Convert the DataContract to a MessageContract and set the ProtectionLevel property to SignAndEncrypt.

C.
Change the data type of CreditCardNumber from string to SecureString.

D.
Implement the CreditCardNumber property getter and setter In the setter, run the value of the CreditCardNumber
through the MD5CryptoServiceProvider class TransformBlock method.

Explanation:
A message contract can indicate whether the headers and/or body of the message should be digitally signed and encrypted.

This is done by setting the System.ServiceModel.MessageContractMemberAttribute.ProtectionLevel property
on the MessageHeaderAttribute and MessageBodyMemberAttribute attributes.

The property is an enumeration of the System.Net.Security.ProtectionLevel type and can be set to None (no encryption or signature),
Sign (digital signature only), or EncryptAndSign (both encryption and a digital signature). The default is EncryptAndSign.

Using Message Contracts
(http://msdn.microsoft.com/en-us/library/ms730255.aspx)



Leave a Reply 1

Your email address will not be published. Required fields are marked *