Improving Web Services Security (Beta Release)

  • Article

The Patterns & Practices team has released the first version of the Improving Web Services Security: Scenarios and Implementation Guidance for WCF. It is contains comprehensive guidance on how to design and deploy Web Services using WCF, and should be an invaluable resource for those working in SOA architectures.

It is available for download from the CodePlex site at https://www.codeplex.com/Release/ProjectReleases.aspx?ProjectName=WCFSecurityGuide&ReleaseId=14070.

clip_image001

This guide shows you how to make the most of WCF (Windows Communication Foundation). With end-to-end application scenarios, it shows you how to design and implement authentication and authorization in WCF. Learn how to improve the security of your WCF services through prescriptive guidance including guidelines, Q&A, practices at a glance, and step-by-step how tos. It's a collaborative effort between patterns & practices, WCF team members, and industry experts.

Parts

Part I, "Security Fundamentals for Web Services"
Part II, "Fundamentals of WCF Security"
Part III, "Intranet Application Scenarios"
Part IV, "Internet Application Scenarios"

Forewards

  • Foreword By Foreword by Nicholas Allen
  • Foreword By Foreword by Rockford Lhotka

Chapters

  • Introduction
  • Solutions at a Glance
  • Fast Track - A Guide for Getting Started

Part I, Security Fundamentals for Web Services

  • Ch 01 - Security Fundamentals for Web Services
  • Ch 02 - Threats and Countermeasures for Web Services
  • Ch 03 - Security Design Guidelines for Web Services

Part II, Fundamentals of WCF Security

  • Ch 04 - WCF Security Fundamentals
  • Ch 05 - Authentication, Authorization and Identities in WCF
  • Ch 06 - Impersonation and Delegation in WCF
  • Ch 07 - Message and Transport Security in WCF
  • Ch 08 - WCF Bindings Fundamentals

Part III - Intranet Application Scenarios

  • Ch 09 - Intranet – Web to Remote WCF Using Transport Security (Original Caller, TCP)
  • Ch 10 - Intranet – Web to Remote WCF Using Transport Security (Trusted Subsystem,HTTP)
  • Ch 11 - Intranet – Web to Remote WCF Using Transport Security (Trusted Subsystem TCP)
  • Ch 12 - Intranet – Windows Forms to Remote WCF Using Transport Security (Original Caller, TCP)

Part IV - Internet Application Scenarios

  • Ch 13 - Internet – WCF and ASMX Client to Remote WCF Using Transport Security (Trusted Subsystem, HTTP)
  • Ch 14 - Internet – Web to Remote WCF Using Transport Security (Trusted Subsystem, TCP)
  • Ch 15 - Internet – Windows Forms Client to Remote WCF Using Message Security (Original Caller, HTTP)

Checklist

  • WCF Security Checklist

Guidelines

  • WCF Security Guidelines

Practices

  • WCF Security Practices at a Glance

Questions and Answers

  • WCF Questions and Answers (Q&A)

How Tos

  • How To - Audit and Log Security Events in WCF calling from Windows Forms
  • How To - Create and Install Temporary Certificates in WCF for Message Security During Development
  • How To - Create and Install Temporary Certificates in WCF for Transport Security During Development
  • How To - Create and Install Temporary Client Certificates in WCF During Development
  • How To - Host WCF in a Windows Service Using TCP
  • How To - Impersonate the Original Caller in WCF calling from Web Application
  • How To - Impersonate the Original Caller in WCF calling from Windows Forms
  • How To - Perform Input Validation in WCF
  • How To - Perform Message Validation with Schemas in WCF
  • How To - Use basicHttpBinding with Windows Authentication and TransportCredentialOnly in WCF from Windows Forms
  • How To - Use Certificate Authentication and Message Security in WCF calling from Windows Forms
  • How To - Use Certificate Authentication and Transport Security in WCF Calling from Windows Forms
  • How To - Use Delegation for Flowing the Original Caller Credentials to Back-end in WCF Calling from Windows Forms
  • How To - Use Health Monitoring to Instrument WCF Service for Security
  • How To - Use netTcpBinding with Windows Authentication and Message Security in WCF from Windows Forms
  • How To - Use netTcpBinding with Windows Authentication and Transport Security in WCF from Windows Forms
  • How To - Use Protocol Transition for Impersonating and Delegating Original Caller in WCF
  • How To - Use SQL Role Provider with Username Authentication in WCF calling from Windows Forms
  • How To - Use SQL Role Provider with Windows Authentication in WCF calling from Windows Forms
  • How To - Use Username Authentication with the Custom Authentication and Message Security in WCF from Windows Forms
  • How To - Use Username Authentication with the SQL Membership Provider and Message Security in WCF from Windows Forms
  • How To - Use Username Authentication with Transport Security in WCF from Windows Forms
  • How To - Use wsHttpBinding with Username Authentication and TransportWithMessageCredential in WCF calling from Windows Forms
  • How To - Use wsHttpBinding with Windows Authentication and Message Security in WCF from Windows Forms
  • How To - Use wsHttpBinding with Windows Authentication and Transport Security in WCF calling from Windows Forms

Nick.