Service Factory: Helping you design Secure Web Services using WCF

Our May community release of the Web Service Software Factory includes some of our coolest work so far (my opinion anyway). We have taken our learning from the Web service security patterns work and worked with the guys in the WCF security team (Mark Fussell; Jan Alexander; Tomasz Janczuk; Martin Gudgin; Steve Millet) to deliver a Guidance Package that helps you secure your WCF services and clients!

One of the *coolest* features is the client proxy / policy generation logic. If for example you create and secure a service using X509 certificates and then use our Guidance Pacakge to generate your proxy - in addition to simply creating the proxy it also uses MEX to work out what requirements the client has - and will then prompt you for the client cert! It gets even better though - if you change the security policy (AuthenticationMode) for the service to MutualCertificate. Then regenerate the client code - it now prompts you for both the client cert and the server cert!!!

Another cool feature is for the architect (or lead dev) to be able to predefine settings like which tokens to use and which message protection levels to use. Then when the develoeprs start securing the service only the tokens you want to use will be available etc. We have also designed a UI that simplies trying to work out how to secure your services - essentially providing an abstraction on top of both the ProtectionOrder and ProtectionLEvel setting - so that simplfies things as well...

Anyway - if you want some fun over the long weekend take a look...