Chapter 4. Security

In This Chapter

• Background

• XSI

• Using XSI

Chapter 2, "The Fundamentals," which covered the fundamentals of the Windows Communication Foundation, showed that the technology makes security simple. Just opting to use the WSHttpBinding in configuring a service ensures not only that communications with the service are kept confidential, but also that the identities of the users of the clients are conveyed to the service so that the service can evaluate whether to grant the clients access to its resources.

More generally, by configuring the binding of a service, one can select how clients of the service are to be authenticated and how communications with the service are to be kept confidential. The built-in options for how a client may be authenticated are by a username and password combination, by its user's Windows identity, and by an X.509 certificate. However, one can also define custom tokens for authenticating clients. Communications with a service can be kept confidential either by using a secure transport protocol or by having messages encrypted before being transported.

All of these security facilities of the Windows Communication Foundation are well documented by the samples in the Microsoft Windows Software Development Kit (SDK) referred to in the Introduction. So those facilities are not covered in detail here. The auditing of security events is covered in Chapter 12, "Manageability." What this chapter focuses on is the Extensible Security Infrastructure (XSI) that the Windows Communication Foundation incorporates, which promises to greatly simplify the automation of business processes that extend across organizations.