Hi folks, came across a great article that talks about WebServices(WCF Services) and
Security.
The most common starting point in improving security, is to use TLS (Transport
Layer Security of which SSL is a subset). I once spent 9 months working out digital
signatures and passing several documents through out of band of envelopeslong story.
There’s a whole bunch of How-To’s also – very good!
With over 26000 downloads since August 1, I think this is a much needed area.
Well done guys – big congrats for your efforts.
Enjoy –
http://wcfsecurityguide.codeplex.com/
—- snip —-
patterns
& practices Improving Web Services Security – Now Released
Welcome to the patterns & practices Improving Web Services Security: Scenarios
and Implementation Guidance for WCF project site! This guide shows you how to
make the most of WCF (Windows Communication Foundation). With end-to-end application
scenarios, it shows you how to design and implement authentication and authorization
in WCF. Learn how to improve the security of your WCF services through prescriptive
guidance including guidelines, Q&A, practices at a glance, and step-by-step how
tos. It’s a collaborative effort between patterns & practices, WCF team members,
and industry experts. This guide is related to our WCF
Security Guidance Project.
Parts
Part I, “Security Fundamentals for Web Services”
Part II, “Fundamentals of WCF Security”
Part III, “Intranet Application Scenarios”
Part IV, “Internet Application Scenarios”
Forewords
-
Foreword
By Nicholas Allen -
Foreword
By Rockford Lhotka
Chapters
- Introduction
-
Solutions
at a Glance -
Fast
Track – A Guide for Getting Started
Part I, Security Fundamentals for Web Services
-
Ch
01 – Security Fundamentals for Web Services -
Ch
02 – Threats and Countermeasures for Web Services -
Ch
03 – Security Design Guidelines for Web Services
Part II, Fundamentals of WCF Security
-
Ch
04 – WCF Security Fundamentals -
Ch
05 – Authentication, Authorization and Identities in WCF -
Ch
06 – Impersonation and Delegation in WCF -
Ch
07 – Message and Transport Security in WCF -
Ch
08 – WCF Bindings Fundamentals
Part III – Intranet Application Scenarios
-
Ch
09 – Intranet – Web to Remote WCF Using Transport Security (Original Caller, TCP) -
Ch
10 – Intranet – Web to Remote WCF Using Transport Security (Trusted Subsystem,HTTP) -
Ch
11 – Intranet – Web to Remote WCF Using Transport Security (Trusted Subsystem TCP) -
Ch
12 – Intranet – Windows Forms to Remote WCF Using Transport Security (Original Caller,
TCP)
Part IV – Internet Application Scenarios
-
Ch
13 – Internet – WCF and ASMX Client to Remote WCF Using Transport Security (Trusted
Subsystem, HTTP) -
Ch
14 – Internet – Web to Remote WCF Using Transport Security (Trusted Subsystem, TCP) -
Ch
15 – Internet – Windows Forms Client to Remote WCF Using Message Security (Original
Caller, HTTP)
Checklist
-
WCF
Security Checklist