- If possible, remove the need for a password at all by specifying ClientCredentialType=”Windows”, ClientCredentialType=”Certificate”, or a custom token that does not require a password.
- If the user must enter a password, protect the password by specifying either
to secure the channel or to secure the messages. Do not specify in the configuration as this will provide no communication security.
No comments:
Post a Comment