Saturday, October 16, 2010

Security Features of WCF: (WCF Part 10)


This Time I’ll be focusing more on the Security Part in WCF.

WCF provides comprehensive security features in three main areas: transfer security, authentication and authorization of clients, and auditing.


Security Modes of WCF:

WCF can provide authentication, privacy, and integrity for messages by using two mechanisms:

  1. Transport mode: which uses the security features of a transport layer such as HTTPS. This mode has performance benefits due to the optimized nature of the underlying protocols, but it has a restricted set of credential or claim types. This mode also only works between two transport endpoints.
  2. Message mode: which protects the message itself by using a protocol such as WS-Security.

You can specify the security for a binding by setting its SecurityMode property. By default, the BasicHttpBinding has no security configured. Other HTTP bindings use WS-Security, and TCP and Named Pipe bindings use Windows security.

You can use the .NET PrincipalPermission attribute to restrict access to an operation based on name, role, or authentication status.


  For More Info Please Visit: WCF Resources Page  

No comments:

Post a Comment

Search This Blog