I have a web service that I created and host on IIS7. I have a certificate, and use OAuth for security. Everything works fine until I realized that I can use Fiddler to intercept traffic and see the messages. Since Fiddler is able to intercept the traffic and actuall see the message doesn't that mean that any other party could do a man in the middle and intercept and decrypt all of the traffic to my app hosted on IIS 7?
http://www.fiddlerbook.com/fiddler/help/httpsdecryption.asp
How can I configure IIS 7 so that the above link from Fiddler is not able to decrypt my traffic?
Thanks,
J