patterns & practices Improving Web Services Security Guide

RSS

All Project Updates

Discussions

Issue Tracker

Releases

Source Code

Wiki

RSS

Comments \| Print View \| Page Info \| Change History (all pages)	Search Wiki:
Home
patterns & practices Improving Web Services Security - Now Released Welcome to the patterns & practices Improving Web Services Security: Scenarios and Implementation Guidance for WCF project site! This guide shows you how to make the most of WCF (Windows Communication Foundation). With end-to-end application scenarios, it shows you how to design and implement authentication and authorization in WCF. Learn how to improve the security of your WCF services through prescriptive guidance including guidelines, Q&A, practices at a glance, and step-by-step how tos. It's a collaborative effort between patterns & practices, WCF team members, and industry experts. This guide is related to our WCF Security Guidance Project. - J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher Download the Guide Released version posted on August 1st. Start using the guide today! Download the Improving Web Services Security Guide - Release v1 Parts Part I, "Security Fundamentals for Web Services" Part II, "Fundamentals of WCF Security" Part III, "Intranet Application Scenarios" Part IV, "Internet Application Scenarios" Forewords Foreword By Nicholas Allen Foreword By Rockford Lhotka Chapters Introduction Solutions at a Glance Fast Track - A Guide for Getting Started Part I, Security Fundamentals for Web Services Ch 01 - Security Fundamentals for Web Services Ch 02 - Threats and Countermeasures for Web Services Ch 03 - Security Design Guidelines for Web Services Part II, Fundamentals of WCF Security Ch 04 - WCF Security Fundamentals Ch 05 - Authentication, Authorization and Identities in WCF Ch 06 - Impersonation and Delegation in WCF Ch 07 - Message and Transport Security in WCF Ch 08 - WCF Bindings Fundamentals Part III - Intranet Application Scenarios Ch 09 - Intranet – Web to Remote WCF Using Transport Security (Original Caller, TCP) Ch 10 - Intranet – Web to Remote WCF Using Transport Security (Trusted Subsystem,HTTP) Ch 11 - Intranet – Web to Remote WCF Using Transport Security (Trusted Subsystem TCP) Ch 12 - Intranet – Windows Forms to Remote WCF Using Transport Security (Original Caller, TCP) Part IV - Internet Application Scenarios Ch 13 - Internet – WCF and ASMX Client to Remote WCF Using Transport Security (Trusted Subsystem, HTTP) Ch 14 - Internet – Web to Remote WCF Using Transport Security (Trusted Subsystem, TCP) Ch 15 - Internet – Windows Forms Client to Remote WCF Using Message Security (Original Caller, HTTP) Checklist WCF Security Checklist Guidelines WCF Security Guidelines Practices WCF Security Practices at a Glance Questions and Answers WCF Questions and Answers (Q&A) How Tos How To - Audit and Log Security Events in WCF calling from Windows Forms How To - Create and Install Temporary Certificates in WCF for Message Security During Development How To - Create and Install Temporary Certificates in WCF for Transport Security During Development How To - Create and Install Temporary Client Certificates in WCF During Development How To - Host WCF in a Windows Service Using TCP How To - Impersonate the Original Caller in WCF calling from Web Application How To - Impersonate the Original Caller in WCF calling from Windows Forms How To - Perform Input Validation in WCF How To - Perform Message Validation with Schemas in WCF How To - Use basicHttpBinding with Windows Authentication and TransportCredentialOnly in WCF from Windows Forms How To - Use Certificate Authentication and Message Security in WCF calling from Windows Forms How To - Use Certificate Authentication and Transport Security in WCF Calling from Windows Forms How To - Use Delegation for Flowing the Original Caller Credentials to Back-end in WCF Calling from Windows Forms How To - Use Health Monitoring to Instrument WCF Service for Security How To - Use netTcpBinding with Windows Authentication and Message Security in WCF from Windows Forms How To - Use netTcpBinding with Windows Authentication and Transport Security in WCF from Windows Forms How To - Use Protocol Transition for Impersonating and Delegating Original Caller in WCF How To - Use SQL Role Provider with Username Authentication in WCF calling from Windows Forms How To - Use SQL Role Provider with Windows Authentication in WCF calling from Windows Forms How To - Use Username Authentication with the SQL Membership Provider and Message Security in WCF from Windows Forms How To - Use Username Authentication with Transport Security in WCF from Windows Forms How To - Use wsHttpBinding with Username Authentication and TransportWithMessageCredential in WCF calling from Windows Forms How To - Use wsHttpBinding with Windows Authentication and Message Security in WCF from Windows Forms How To - Use wsHttpBinding with Windows Authentication and Transport Security in WCF calling from Windows Forms Resources WCF Security Resources Team Core Team: J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher Contributors and Reviewers Feedback Send mail to WCFSec@microsoft.com Post comments on the Discussions page. Fill out our questionaire and send the answers to WCFSec@microsoft.com Community Guidance Share
Last edited Aug 28 at 12:12 AM by mycodeplexuser, version 44
Comments Also available: 4 reviews for current release. No comments yet. Sign in to add a comment

Downloads

Current release:

WCF Security Guide - v1

Fri Aug 1 2008 at 7:00 AM

5 ratings

6891 downloads, 4 reviews

More info

To download the file you must agree to the following license.

Microsoft patterns & practices License for WCF Security Guide

This license governs use of the accompanying software. If you use the software, you accept this license. If you do not accept the license, do not use the software.

1. Definitions

The terms “reproduce,” “reproduction,” “derivative works,” and “distribution” have the same meaning here as under U.S. copyright law.

A “contribution” is the original software, or any additions or changes to the software.

A “contributor” is any person that distributes its contribution under this license.

“Licensed patents” are a contributor’s patent claims that read directly on its contribution.

2. Grant of Rights

(A) Copyright Grant - Subject to the terms of this license, including the license conditions and limitations in section 3, each contributor grants you a non-exclusive, worldwide, royalty-free copyright license to reproduce its contribution, prepare derivative works of its contribution, and distribute its contribution or any derivative works that you create.

(B) Patent Grant - Subject to the terms of this license, including the license conditions and limitations in section 3, each contributor grants you a non-exclusive, worldwide, royalty-free license under its licensed patents to make, have made, use, sell, offer for sale, import, and/or otherwise dispose of its contribution in the software or derivative works of the contribution in the software.

3. Conditions and Limitations

(A) No Trademark License - This license does not grant you rights to use any contributors’ name, logo, or trademarks.

(B) If you bring a patent claim against any contributor over patents that you claim are infringed by the software, your patent license from such contributor to the software ends automatically.

(C) If you distribute any portion of the software, you must retain all copyright, patent, trademark, and attribution notices that are present in the software.

(D) If you distribute any portion of the software in source code form, you may do so only under this license by including a complete copy of this license with your distribution. If you distribute any portion of the software in compiled or object code form, you may only do so under a license that complies with this license.

(E) The software is licensed “as-is.” You bear the risk of using it. The contributors give no express warranties, guarantees or conditions. You may have additional consumer rights under your local laws which this license cannot change. To the extent permitted under your local laws, the contributors exclude the implied warranties of merchantability, fitness for a particular purpose and non-infringement.

(F) Platform Limitation - The licenses granted in sections 2(A) & 2(B) extend only to the software or derivative works that you create that run on a Microsoft Windows operating system product.

(G) Microsoft Corporation (“Microsoft”) is the contributor of the original software. If you give Microsoft any feedback about the software, you give to Microsoft, without charge, the right to use, share and commercialize your feedback in any way and for any purpose. You also give to third parties, without charge, any patent rights needed for their products or services to use or interface with any specific parts of Microsoft’s software or services that include the feedback. You will not give feedback that is subject to a license that requires Microsoft to license its software or documentation to third parties because Microsoft includes your feedback in them. If Microsoft provides you any support or other services related to the software, it may collect and use technical information gathered as part of those support or services to improve its products or services or provide customized services or technologies to you. Microsoft may disclose this information to others, but not in a form that personally identifies you. The rights in this section 3(G) survive this agreement.

Revised Dec. 2006

Recent reviews (more)

4 stars. Thanks for putting this document together. I am in the midst of trying to get a W... (more)

5 stars. Very good! The guide is very comprehensive & understandable, Thanks!

Activity

7 30 All days

Page Views	4203
Visits	1475
Pages Per Visit	2.85
Work Items Closed	0
Discussion Posts	0

patterns & practices Improving Web Services Security - Now Released

Download the Guide

Parts

Forewords

Chapters

Part I, Security Fundamentals for Web Services

Part II, Fundamentals of WCF Security

Part III - Intranet Application Scenarios

Part IV - Internet Application Scenarios

Team

Feedback

Community

Downloads

Activity