Security

  1. Always protect the message and provide for message confidentiality and integrity.

  2. In an intranet, you can use Transport security as long as the protection level is set to EncryptAndSign.

  3. In an intranet, avoid impersonation. Set the impersonation level to TokenImpersonationLevel.Identification.

  4. When using impersonation, have the client use TokenImpersonationLevel.Impersonation.

  5. Use the declarative security framework and avoid manual configuration.

  6. Never apply the PrincipalPermission attribute directly on the service class:

    //Will always fail:
[PrincipalPermission(SecurityAction.Demand,Role = "...")]
public class MyService : IMyContract
{...}

  7. Avoid sensitive work that requires authorization at the service constructor.

  8. Avoid demanding a particular user, with or without demanding a role:

    //Avoid:
[PrincipalPermission(SecurityAction.Demand,Name = "John")]
public void MyMethod(  )
{...}

  9. Do not rely on role-based security in the client's callback operations.

  10. With Internet clients, always use Message security.

  11. Allow clients to negotiate the service certificate (the default).

  12. Use the ASP.NET providers for custom credentials.

  13. When developing a custom credentials store, develop it as a custom ASP.NET provider.

  14. Validate certificates using peer trust.

  15. Strive to run the client under partial trust. Grant the client permission only to:

    1. Execute

    2. Display the user interface (if required)

    3. Connect to the service

    4. Obtain local credentials

  16. When you own the service host environment, run the service and the host under ...

Get Programming WCF Services, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial