.NET Developments

Aug 13 2008   1:49PM GMT

Getting down with WCF security

Yuval Shavit Profile: YuvalShavit

By Andrew Horne

Authentication and authorization are key areas of focus in the “Improving Web Services Security” guide published by Microsoft’s Patterns and Practices Team. The guide leads you through SOA security, WCF security, and useful application scenarios for both internet and intranet.

The twin security approach of authentication and authorization assures that only trusted users use your applications. This guide runs through the decisions you have to make in setting up these security devices, such as which authorization approach to use: role-based, identity-based or resource-based. This leads to questions about user stores and transfer security, among many others. The answers you give to these questions also have an effect on authentication: for instance, do you go with username or certificate authentication? The chapter “Solutions at a Glance” gives you a neat five-step outline to keep your thoughts organized.

Patterns and Practices pooled knowledge resources with Microsoft’s WCF team and outside leaders in the field, while also comparing this knowledge with user responses. The guide reflects the increasingly important role security plays for designers in today’s technological environment. As Nicholas Allen, Program manager of WCF, writes in his forward to the book, “Security has to be treated as part and parcel of functionality.”

Download the guide here, and also check out SearchWinDevelopment’s WCF Learning Guide.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: