Monday, November 30, 2009

WCF Security

The Thanksgiving break was nice ... pretty much spent all my time (other than family time) studying from my WCF book and reading WCF articles online.

Starting to focus on Security in WCF.

Security in WCF is classified as either Transport-level Security or Message-level Security.

Transport-level Security is known as point-to-point security (also termed "hop-to-hop security" on Microsoft sites), and secures data as it is transferred across the network. It is vulnerable to messages traveling through intermediary, unsecured points between the sender and receiver of the Message.

Message-level Security is known as end-to-end security, and involves securing the message itself, ensuring message privacy and integrity, regardless of the path taken from sender to receiver.

There are 3 Security modes:
  1. Transport
  2. Message
  3. TransportWithMessageCredential
These are described on this MSDN article about Programming WCF Security.

Once the security mode has been selected, the developer needs to select a Client Credential Type. The clientCredentialType is an attribute on the transport or message tag under security in the binding. There are different clientCredentialTypes available for transport or message.

Here is an MSDN article on Selecting a Credential Type.

The final step is to set the Client Credential Values.

No comments:

Post a Comment