Microsoft added the Windows Communication Foundation (WCF) in .NET 3.0. WCF was not only a new way of writing Web services, but also a framework that applied a service-oriented approach to other methods of connectivity, and brought extensions previously available in the Web Services Enhancement (WSE) packages (such as security, transactions, and reliable messaging) into the framework as first-class citizens. In doing so, Microsoft introduced a standards-based, interoperable service-orientated architecture into .NET.
In this chapter, you will learn about the following:
The differences between transport-based and message-based security
How to add authentication to a WCF service
How to add authorization to a WCF service
How to write a custom authenticator
How to return errors correctly without leaking information
This chapter only addresses the security aspects of WCF. If you have not encountered or used WCF before, you should read Learning WCF, First Edition by Michelle Leroux Bustamante (Sebastopol, CA: O'Reilly, 2007). If you want to learn more advanced WCF techniques, then Professional WCF Programming: .NET Development with the Windows Communication Foundation by Scott Klein (Indianapolis: Wrox, 2007) is a good, detailed book.
To illustrate the use of WCF security in this chapter, you will write a simple WCF service and the code to consume it. Visual Studio 2008 comes with specific project ...