New Release: patterns & practices WCF Security Guide (BETA)

Today we released our WCF Security guide, patterns & practices Improving Web Services Security: Scenarios and Implementation Guidance for WCF.  This is our Microsoft playbook for Windows Communication Foundation (WCF - "Indigo".)  It shows you how to build secure Web services using WCF.  It's a compendium of proven practices, product team recommendations and insights from the field.

Download the guide

Contents at a Glance

  • Part I, "Security Fundamentals for Web Services"
  • Part II, "Fundamentals of WCF Security"
  • Part III, "Intranet Application Scenarios"
  • Part IV, "Internet Application Scenarios"


  • Ch 01 - Security Fundamentals for Web Services
  • Ch 02 - Threats and Countermeasures for Web Services
  • Ch 03 - Security Design Guidelines for Web Services
  • Ch 04 - WCF Security Fundamentals
  • Ch 05 - Authentication, Authorization and Identities in WCF
  • Ch 06 - Impersonation and Delegation in WCF
  • Ch 07 - Message and Transport Security in WCF
  • Ch 08 - WCF Bindings Fundamentals
  • Ch 09 - Intranet – Web to Remote WCF Using Transport Security (Original Caller, TCP)
  • Ch 10 - Intranet – Web to Remote WCF Using Transport Security (Trusted Subsystem,HTTP)
  • Ch 11 - Intranet – Web to Remote WCF Using Transport Security (Trusted Subsystem TCP)
  • Ch 12 - Intranet – Windows Forms to Remote WCF Using Transport Security (Original Caller, TCP)
  • Ch 13 - Internet – WCF and ASMX Client to Remote WCF Using Transport Security (Trusted Subsystem, HTTP)
  • Ch 14 - Internet – Web to Remote WCF Using Transport Security (Trusted Subsystem, TCP)
  • Ch 15 - Internet – Windows Forms Client to Remote WCF Using Message Security (Original Caller, HTTP)


  • WCF Security Checklist
  • WCF Security Guidelines
  • WCF Security Practices at a Glance
  • WCF Questions and Answers (Q&A)
  • How Tos
  • WCF Security Resources

Contributors and Reviewers

  • External: Andy Eunson; Anil John; Anu Rajendra; Brandon Bohling; Chaitanya Bijwe; Daniel Root; David P. Romig, Sr.; Dennis Rea; Kevin Lam; Michele Bustamante; Parameswaran Vaideeswaran; Rockford Lotka; Rudolph Araujo; Santosh Bejugam
  • Microsoft: Alik Levin; Brandon Blazer; Brent Schmaltz; Curt Smith; David Bradley; Dmitri Ossipov; Don Smith; Jan Alexander; Jason Hogg; Jason Pang; John Steer; Marc Goodner; Mark Fussell; Martin Gudgin; Martin Petersen-Frey; Mike de Libero; Mohammad Al-Sabt; Nobuyuki Akama; Ralph Squillace; Richard Lewis; Rick Saling; Rohit Sharma; Scott Mason; Sidd Shenoy; Sidney Higa; Stuart Kwan; Suwat Chitphakdibodin; T.R. Vishwanath; Todd Kutzke; Todd West; Vijay Gajjala; Vittorio Bertocci; Wenlong Dong; Yann Christensen; Yavor Georgiev
Comments (3)

  1. Alik Levin's says:

    patterns & practices team has just released a beta version of WCF Security Guide on Codeplex. Download

  2. The Microsoft P&P team released the beta of the WCF Security guide This is the Microsoft playbook

  3. luci says:

    okay – it appears that this group of computer people are the smartest.  this is a request from a pitiful computer underling – where do i find stationary and wallpaper for my emails in outlook express.  i lost a capability in my stationary in compose options under tools.  i can still access stationary – but it took away all of my ‘create more’ section and i want it back or give me a download – whatever.  no it’s not a smart thing you people care about with stationary – but it is a fun thing and interesting thing FOR ME.  any suggestions or hints would really be appreciated.  thanks – luci

Skip to main content