Implementing WCF Security using Configuration Files

Topics: General Discussion Forum, July and December Releases Forum, Service Factory Modeling Edition Forum
Oct 1, 2009 at 6:36 PM
Edited Oct 1, 2009 at 6:46 PM

Hi All,

I would like to know the best way to implement security for WCF services.

Please suggest the ways to meet the below requirements.

(i) How to secure the services with out writing the security code in built in to each of the services. How the WCF engine addresses this aspect? The solution should be non-intrusive. i.e. security should be enforced using configuration file only.

(ii) How to introduce different ports/end points in to a  WCF service.  For a service having different ports/end points meant for different consumers, how do we apply security? For example, other applications being integrated with my application will have different access permissions. 

(iii) How do we debug and monitor the messages the coming in and going out of services? - This should help us in testing the security aspects of the solution - to check whether appropriate security tokens are being inserted in to each message ot not.

Thanks,

Srinivas Akella

Developer
Oct 1, 2009 at 9:13 PM

For all your security scenarios with services I suggest this reading from p&p:

Improving Web Services Security: Scenarios and Implementation Guidance for WCF

Regards,

Hernan