O'Reilly logo

Professional WCF 4: Windows Communication Foundation with .NET 4 by Johann Grabner, Fabio Cozzolino, Kurt Claeys, Pablo Cibraro

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 8. WCF Security in Action

WHAT'S IN THIS CHAPTER?

  • Understanding authentication in WCF

  • Getting started with claim-based security

  • Authorizing service consumers in WCF

In the previous chapter we discussed fundamental aspects needed to choose the right security schema for your WCF services.

In this chapter, the focus is on applying those concepts in real scenarios, using examples that will guide you step by step. We also discuss alternatives that WCF provides for authenticating and authorizing clients when the client credentials reach the service, giving emphasis to the claims-based security model.

FIRST STEPS IN AUTHENTICATION

The right choice for your services authentication schema is typically based on several factors, such as the location of clients on the intranet or Internet, facility to deploy credentials in the clients, or the number of potential clients that will consume the services.

As previously discussed, authentication in the context of WCF typically refers to mutual authentication.

Mutual authentication is a bidirectional process where the clients and services authenticate each other. This kind of authentication is extremely important for services exposed on the Internet. An attacker might be able to spoof one of the services and intercept the client calls to get access to sensitive data.

The service credentials depend on the client authentication schema and the security mode you choose. Usually, if you use client authentication schemas such as username or certificate authentication ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required