Chapter 7. Security
Windows Communication Foundation (WCF) is a secure, reliable, and scalable messaging platform. With WCF, SOAP messages can be transmitted over a variety of supported protocols, including named pipes, TCP, HTTP, and MSMQ. Like any distributed messaging platform, you must establish security policies for protecting messages and for authenticating and authorizing calls.
A consistent set of fundamental security concepts apply in any distributed messaging system. Consider a message from sender (the calling application) to receiver (the target service receiving the message for processing):
- Authentication
We typically think about authentication as identifying the message sender. Mutual authentication involves authenticating both the sender and the message receiver to prevent possible man-in-the-middle attacks.
- Authorization
After authenticating the message sender, authorization determines the system features and functionality they are entitled to execute.
- Integrity
Messages should be digitally signed to ensure they have not been altered between sender and receiver.
- Confidentiality
Sensitive messages or specific message parts should be encrypted to ensure they cannot be openly viewed on the wire.
WCF provides a rich and configurable environment for creating security policies and setting runtime behaviors to control security features. A variety of mutual authentication mechanisms are supported using token formats such as Windows tokens, username and password, certificates, and ...
Get Learning WCF now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
