Chapter 4: Protecting an Enterprise WCF Service

 Download CD Content

Overview

After completing this chapter, you will be able to:

• Describe the different aspects of security that you should consider when implementing a WCF service.

• Explain how to provide privacy and integrity of messages at the message level and at the transport level when communicating between a client application and a WCF service.

• Explain how to configure a WCF service to authenticate users when running in a Windows environment and how a client application can provide a user’s credentials to a WCF service for authentication.

• Describe how to define and use roles to authorize access to operations in a WCF service.

• Summarize how a WCF service can use impersonation to provide fine-grained access control over resources to authorized users.

Security is a fundamentally important aspect of any system, especially when a system comprises distributed applications and services. Security is also a very broad topic. For this reason, you are going to consider how to implement security in several different scenarios, spread across three chapters. This chapter concentrates on managing security within a single organization. In this environment, there is usually an inherent degree of trust between the computers running client applications and those hosting services. Users running applications are frequently members of the same, well-defined security domain. Services have access to the information in this security domain and can use it to authenticate users directly. In Chapter 5, “Protecting a WCF Service over the Internet,” you will look at how to enforce security when client applications and services run in different security domains separated by an insecure network, where it is not possible, or even desirable, to directly authenticate users. In Chapter 15, “Managing Identity with Windows CardSpace,” you will see how to implement an identity meta-system to help authenticate users in a federated environment.