Last week the p&p group released v1 of the guidance documentation “Improving Web Services Security: Scenarios and Implementation Guidance for WCF”.
WCF is quite a complex subject and more guidance on how to securely implement serices is very important for developers. This guidance now tackles this subject; the documentation contains 15 chapters divided into four sections:
Part I, "Security Fundamentals for Web Services"
Part II, "Fundamentals of WCF Security"
Part III, "Intranet Application Scenarios"
Part IV, "Internet Application Scenarios"
In addition to the information packed guide there are also 24 How-To’s ranging from “How To - Create and Install Temporary Certificates in WCF for Transport Security During Development” to “How To - Use Username Authentication with Transport Security in WCF from Windows Forms”.
It’s a 600+ page document but don’t let that hold you from reviewing the parts relating to your next WCF service implementations.