You are developing a Windows Communication Foundation (WCF) service. One of the parameters used with the
service operations is a security token. The security token is not sensitive.
The monitoring software tracks security tokens and can read tokens in clear text only.
The company security policy requires that you validate all clear text data passed over the corporate network.
You need to ensure that the service verifies that the security token is not changed during transit. What should you do?
A.
For all the security-sensitive members, set the ProtectionLevel parameter of the MessageBodyMember or MessageHeader attribute to EncryptAndSign.
B.
Implement IEndpointldentityProvider in the message contract class.
C.
Implement ISecureConversationSession in the message contract class.
D.
For all the security-sensitive members, set the ProtectionLevel parameter of the MessageBodyMember or MessageHeader attribute to Sign.
Explanation:
“can read tokens in clear text only” + ” verifies that …is not changed during transit” –> ProtectionLevel.SignTo understand the protection level feature, the following basic statements apply:
Three basic levels of protection exist for any part of a message. The property (wherever it occurs) is set to
one of the ProtectionLevel enumeration values. In ascending order of protection, they include:
None.
Sign. The protected part is digitally signed. This ensures detection of any tampering with the protected message part.
EncryptAndSign. The message part is encrypted to ensure confidentiality before it is signed.How to set ProtectionLevel Property
(http://msdn.microsoft.com/en-us/library/aa347791.aspx)
D