In the Anonymous scenario, the clients access the service without presenting any credentials—they are anonymous. On the other hand, the clients and the service do require secure message transfer, impervious to tampering and sniffing. Both an Internet-facing and intranet-based application may need to provide for anonymous yet end-to-end secure access. The anonymous scenario can have any number of clients, small or large. The clients may connect over HTTP or over TCP.
The need to secure the message, and the fact that the clients may be calling over the Internet with multiple intermediaries means that in the Anonymous scenario, you should use Message security, since it can easily accomplish both requirements, by setting the Message credentials to no credentials. The service needs to be configured with a certificate to secure the message itself. For the Anonymous scenario, you can use only the
NetMsmqBinding—a mixture of both Internet and intranet bindings, as is required in this scenario. Note that you cannot use the
WSFederationHttpBinding, as those bindings either do not support Message security or do not support having no credentials in the message (see Tables 10-1 and 10-3). Configuring the allowed bindings is similar to the previous scenarios. The noticeable difference is in configuring for no client credentials, ...