O'Reilly logo

Real World .NET 4, C#, and Silverlight®: Indispensible Experiences from 15 MVPs by Daron Yöndem, Christian Weyer, Christian Nagel, Scott Millett, Jeremy Likness, Vishwas Lele, Jeffrey Juday, Caleb Jenkins, Kevin Grossnicklaus, Alex Golesh, David Giard, Gill Cleeren, György Balássy, Dominick Baier, Bill Evjen

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

10

Securing WCF Services Using the Windows Identity Foundation (WIF)

by Dominick Baier

If you are a software security geek like me, the world of distributed applications is one of the most exciting places to be. You can encounter a multitude of client types, network and authentication protocols, credential types, and requirements. In other words, you have just the complexity you need to feel like a real expert — or a little lost.

Although, in theory, the Windows Communication Foundation (WCF) has all the features you need to build even the most complex distributed systems, as always, complexity is the biggest enemy of security. That's the reason why Microsoft gave WCF security (and .NET security, in general — but more on that later) a refresh that enables you to build these systems with better abstraction layers and less error-prone code. This refresh is called the Windows Identity Foundation (WIF), and this chapter examines how to use this technology with WCF Simple Object Access Protocol (SOAP) and Representational State Transfer (REST) services.

images The sample code used in this chapter, as well as the Thinktecture.IdentityModel library, is part of the code available for download on this book's companion website ( www.wrox.com ). Parts of the code are based on the movie database service described in Chapter 9.

IDENTITY IN .NET APPLICATIONS

Since the first release of the .NET Framework, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required