The <user-data-constraint> element defines the protection level of data sent between the client and server.
It can be used to force SSL for a particular area of the application, for the <security-constraint> where it is defined. This can be as wide as the entire application for all users, or just for a specific role or user, for a specific folder.