patterns & practices WCF Security Guidance: Updated Application Scenarios

For this week's release in our patterns & practices WCF Security Guidance project, we added new sections to our WCF Security Application Scenarios.  We added sections for analysis, code and configuration examples.  The analysis section explains the rationale behind some of the decisions. 

The idea behind the application scenarios is to show you a before and after look of end-to-end solutions.  Rather than a single solution, we give you a set of solutions to pick from.  The main parameters that vary in each solution include: Intranet vs. Internet, ASP.NET client vs. Windows Forms clients, TCP vs. HTTP, impersonation/delegation vs. trusted subsystem, and AD (domain credentials) vs. a custom user store.

WCF Security Application Scenarios
Intranet

• Intranet – Web to Remote WCF Using Transport Security (Trusted Subsystem TCP)
• Intranet – Web to Remote WCF Using Transport Security (Trusted Subsystem, HTTP)
• Intranet – Web to Remote WCF Using Transport Security (Original Caller, TCP)
• Intranet – Windows Forms to Remote WCF Using Transport Security (TCP)

Internet

• Internet – Web to Remote WCF Using Transport Security (Trusted Subsystem)
• Internet – Windows Forms Client Calling WCF Using Message Security

Note that if there's enough interest and time, we'll add a scenario that shows accessing an existing custom user store (i.e. you aren't using Membership.) 

My Related Posts

• patterns & practices WCF Security Application Scenarios
• patterns & practices WCF Security Guidance Now Available

Comments

• Anonymous
  April 10, 2008
  This is really awesome content. I had struggled to find how to do make my WCF services secure by taking an approach similar to using  <authorization/> element in web.config in asmx. Please keep more sample scenarios coming. Thanks.

• Anonymous
  April 10, 2008
  So. How much interest do you really need for providing an internet - winforms client calling wcf using message security (custom user store) scenario? Please count my vote as a "yes please make the time." Maybe something that uses an STS to obtain an SCT for use with multiple services would be nice too. PS - thanks for all the stuff you've already provided, it really is a big help.

• Anonymous
  April 10, 2008
  &quot; For this week's release in our patterns &amp; practices WCF Security Guidance project , we added

• Anonymous
  April 11, 2008
  @Kris - great to hear -- we'll have more prescriptive guidance on the way. @Mike - your vote helped us reach the tipping point.  We're taking on the custom user store scenario.

• Anonymous
  April 17, 2008
  For this week's release in our patterns &amp; practices WCF Security Guidance project , we released our

• Anonymous
  April 18, 2008
  &quot; For this week's release in our patterns &amp; practices WCF Security Guidance project , we released

• Anonymous
  April 24, 2008
  What are your key security-related questions with WCF? More importantly, what are the answers? For this

• Anonymous
  May 01, 2008
  We have 5 new How Tos for this week's release of our patterns &amp; practices WCF Security Guidance Project

• Anonymous
  May 09, 2008
  For this week's release in our patterns &amp; practices WCF Security Guidance project, we released our