WCF Security Scenarios

In his book, “Programming WCF Services”, Juval Lowy does a superb job of explaining the principles of WCF Security and simplifies the subject by discussing 4 typical security scenarios.
I mplemented those scenarios as demos for my latest class in WCF and I would like share them with you in this and the next few posts

Why should you read on?

These demos are concise yet complete. My approach has been to use configuration files only – no code. For each scenario I present two complete configuration files, one for the client and one for the server. I have removed every character that is not absolutely necessary for the demonstration. I have also aligned the configuration files so you can easily compare them line by line to locate the differences.
Hopefully you should be able to get started with one of these demos very quickly.


There are four typical scenarios:

    1. Intranet
    2. Anonymous
    3. Business-to-Business
    4. Internet

I have dedicated a post to each one.
Each has a demo in the source code. The four demos are identical except for their configuration files (and the Internet demo which differs slightly in code too).
Each demo consists of a self-hosted console application which also contains the service implementation and a console client application that consumes it. The service consists of a calculator contract with one method.
The only exception to this is in the Internet scenario where I demonstrate role-based security. I will show you the small differences in code for that scenario in the last post of this series.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s