The next crucial aspect of security is how to transfer the message through the service bus to the service securely. The service bus refers to transfer security as end-to-end security. On top of message transfer, an important design consideration is which client credentials (if any at all) the message should contain. Transfer security is independent of how the client and the service authenticate themselves against the service bus.

The service bus offers four options for transfer security, represented by the enum EndToEndSecurityMode, defined as:

public enum EndToEndSecurityMode
{
   None,
   Transport,
   Message,
   TransportWithMessageCredential //Mixed
}

The four options are None, Transport, Message, and Mixed. None means just that—the message is not secured at all. Transport uses either SSL or HTTPS to secure the message transfer. Message security encrypts the body of the message so it can be sent over non-secured transports. Mixed uses Message security to contain the client’s credentials, but transfers the message over a secured transport.

You configure transfer security in the binding. While the relay bindings all default to Transport security, all the relay bindings offer at least one constructor that takes EndToEndSecurityMode as a construction parameter. You can also configure transfer security post construction by accessing the Security property and its Mode property, such as in the following example of a TCP relay binding:

public class NetTcpRelayBinding : NetTcpRelayBindingBase ...