Multiple choice technology programming languages

The client applications are unable to use SSL. You need to ensure that clients authenticate by using a token provided by a Security Token Service (STS). What should you do?

  1. Use a BasicHttpBinding binding with the security mode set to Message

  2. Use a BasicHttpBinding binding with the security mode set to TransportWithMessageCredential

  3. Use a WSFederationHttpBinding binding with the security mode set to Message

  4. Use a WSFederationHttpBinding binding with the security mode set to TransportWithMessageCredential

Reveal answer Fill a bubble to check yourself
C Correct answer
Explanation

WSFederationHttpBinding with Message security is the correct choice for STS-based token authentication when SSL/TLS is not available. This binding is specifically designed for federated security scenarios where a Security Token Service issues tokens. TransportWithMessageCredential requires SSL transport security, which the scenario explicitly states clients cannot use.