Summary
You learned the essentials of WCF security in this chapter. We discussed the following concepts in detail:
WCF security is based on four important concepts: authentication, authorization, integrity, and confidentiality.
You can utilize WCF security at the transport layer, message layer, or at both the transport and message layer (mixed). These are commonly referred to as modes.
Transport-layer security depends on the transport (specifically, SSL) to protect the communication between the client and the service. This method is faster. However, the credential types supported in WCF are limited (in other words, no rich SAML tokens). The messages can also be vulnerable in the recipient's domain after the messages leave the SSL gateway.
Message-level ...
Get Pro WCF: Practical Microsoft SOA Implementation now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
