I will end this chapter by presenting a useful feature WCF supports called security audits. As its name implies, a security audit is a logbook of the security-related events in your services. WCF can log authentication and authorization attempts, their times and locations, and the calling clients’ identities. The class ServiceSecurityAuditBehavior governs auditing; it is listed in Example 10-30 along with its supporting enumerations.

public enum AuditLogLocation
{
   Default, //Decided by the operating system
   Application,
   Security
}
public enum AuditLevel
{
   None,
   Success,
   Failure,
   SuccessOrFailure
}
public sealed class ServiceSecurityAuditBehavior : IServiceBehavior
{
   public AuditLogLocation AuditLogLocation
   {get;set;}
   public AuditLevel MessageAuthenticationAuditLevel
   {get;set;}
   public AuditLevel ServiceAuthorizationAuditLevel
   {get;set;}
   //More members
}

ServiceSecurityAuditBehavior is a service behavior. The AuditLogLocation property specifies where to store the log entries: in the application log or in the security log, both of which are in the event log on the host computer. The MessageAuthenticationAuditLevel property governs the authentication audit verbosity. Its default value is AuditLevel.None. For performance’s sake, you may want to audit only failures. For diagnostic purposes, you can also audit successful authentications. Similarly, you use the ServiceAuthorizationAuditLevel property to control authorization ...