Skip to Main Content
Programming WCF Services
book

Programming WCF Services

by Juval Lowy
February 2007
Intermediate to advanced content levelIntermediate to advanced
634 pages
16h 1m
English
O'Reilly Media, Inc.
Content preview from Programming WCF Services

Security

  1. Always protect the message and provide for message confidentiality and integrity.

  2. In an intranet, you can use transport security without message security as long as the protection level is set to EncryptAndSign.

  3. In an intranet, avoid impersonation. Set the impersonation level to TokenImpersonationLevel.Identification.

  4. When using impersonation, have the client use TokenImpersonationLevel.Impersonation.

  5. Use the declarative security framework and avoid manual configuration.

  6. Never apply the PrincipalPermissionAttribute directly on the service class:

    //Will always fail:
    [PrincipalPermission(SecurityAction.Demand,Role = "...")]
    public class MyService : IMyContract
    {...}
  7. Avoid sensitive work that requires authorization at the service constructor.

  8. Avoid demanding a particular user, with or without demanding a role:

    //Avoid:
    [PrincipalPermission(SecurityAction.Demand,Name = "John")]
    public void MyMethod( )
    {...}
  9. Do not rely on role-based security in the client’s callback operations.

  10. With Internet clients, always use message security.

  11. Allow clients to negotiate the service certification (the default).

  12. Use the ASP.NET providers for custom credentials.

  13. When developing a custom credentials store, develop it as an ASP.NET provider.

  14. Validate certificates using peer trust.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Programming WCF Services, 3rd Edition

Programming WCF Services, 3rd Edition

Juval Lowy
Mastering ASP.NET Web API

Mastering ASP.NET Web API

Mithun Pattankar, Malendra Hurbuns

Publisher Resources

ISBN: 0596526997Supplemental ContentErrata Page