Yesterday saw the release of the beta version of the P&P team’s WCF Security guide. The guide, Improving Web Services Security: Scenarios and Implementation Guidance for WCF, is the Microsoft recipe book for Windows Communication Foundation. It aims to show you how to build secure services using WCF and promises to be "a compendium of proven practices, product team recommendations, and insights from the field", including application scenarios and step-by-step how-tos.
Best of all it’s free; published as a PDF for download.
The chapters are
- Security Fundamentals for Web Services
- Threats and Countermeasures for Web Services
- Security Design Guidelines for Web Services
- WCF Security Fundamentals
- Authentication, Authorization and Identities in WCF
- Impersonation and Delegation in WCF
- Message and Transport Security in WCF
- WCF Bindings Fundamentals
- Intranet – Web to Remote WCF Using Transport Security (Original Caller, TCP)
- Intranet – Web to Remote WCF Using Transport Security (Trusted Subsystem,HTTP)
- Intranet – Web to Remote WCF Using Transport Security (Trusted Subsystem TCP)
- Intranet – Windows Forms to Remote WCF Using Transport Security (Original Caller, TCP)
- Internet – WCF and ASMX Client to Remote WCF Using Transport Security (Trusted Subsystem, HTTP)
- Internet – Web to Remote WCF Using Transport Security (Trusted Subsystem, TCP)
- Internet – Windows Forms Client to Remote WCF Using Message Security (Original Caller, HTTP)
What, no Information Card? *grin*