Chapter 11. Sharing Data with Windows Communication Foundation

Microsoft added the Windows Communication Foundation (WCF) in .NET 3.0. WCF was not only a new way of writing Web services, but also a framework that applied a service-oriented approach to other methods of connectivity, and brought extensions previously available in the Web Services Enhancement (WSE) packages (such as security, transactions, and reliable messaging) into the framework as first-class citizens. In doing so, Microsoft introduced a standards-based, interoperable service-orientated architecture into .NET.

In this chapter, you will learn about the following:

  • The differences between transport-based and message-based security

  • How to add authentication to a WCF service

  • How to add authorization to a WCF service

  • How to write a custom authenticator

  • How to return errors correctly without leaking information

This chapter only addresses the security aspects of WCF. If you have not encountered or used WCF before, you should read Learning WCF, First Edition by Michelle Leroux Bustamante (Sebastopol, CA: O'Reilly, 2007). If you want to learn more advanced WCF techniques, then Professional WCF Programming: .NET Development with the Windows Communication Foundation by Scott Klein (Indianapolis: Wrox, 2007) is a good, detailed book.


To illustrate the use of WCF security in this chapter, you will write a simple WCF service and the code to consume it. Visual Studio 2008 comes with specific project ...

Get Beginning ASP.NET Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.