WCF has a huge security component to it (as rightly it should). The technology is massively configurable to support almost any security scenario one can dream up. Unfortunately this also makes it massively hard to learn and implement successfully and many developers tend to work around the security rather than learn how to implement it correctly. With a bit of knowledge WCF security is not nearly as intimidating as one may think.
There are several security concerns to deal with in any communication technology. The top two most common concerns are: making sure that no one can read, modify, or replay a sensitive message and ensuring that a caller is authenticated to use the system and authorized to access the resources they are allowed to access (and denied access to the ones they are not allowed to access of course). The other concerns are usually around Availability (i.e. making sure the service is resistant to Denial Of Service attacks) and Auditing (being able to log and monitor security events).
Message Protection
Protection of the traffic in transit is easy to use and is typically turned on by default (basicHTTPBinding has no security by default). There are two choices to make with securing traffic: Transport or Message security. Transport security relies on security builtin to the protocol you are using (e.g. HTTPS for HTTPBindings and TLS for TCP bindings). Message security lets WCF sign and encrypt messages and then sends it across the transport.
Transport Security:
+Interoperability: Neither party in a communication need to support WS-Security specifications
+Potentially better performance
-Security is point to point. If a message is routed through an intermediary it will not be guaranteed to be secure (i.e. many load balancers accept SSL traffic, decrypt it, and send it unencrypted to a node in its array)
-Supports a smaller set of credentials and claims used for authentication
-All or nothing: A message is either encrypted or it is not
Message Security:
+End to end security: message security survives being routed through intermediaries
+Allows partial message signing/encryption so that only messages that need protection can be protected
+Transport independent: Message security can be used with any transport protocol
+supports a large set of credentials and claims
-May reduce performance as each message is secured and can not take advantage of hardware acceleration
-Not as interoperable as both sides must implement the WS-Security specification
|
Binding |
Transport mode support |
Message mode support |
|
basicHTTPBinding |
HTTPS |
HTTP basic authentication |
|
wsHTTPBinding |
HTTPS |
WS-Security |
|
wsDualHTTPBinding |
None |
WS-Security |
|
netTCPBinding |
TLS over TCP |
WS-Security |
|
netNamedPipeBinding |
Negotiated (best compatible support is used) |
None |
|
netMSMQBinding |
RC4 or AES (default is RC4). Messages signed with receiving queues public certificate. |
WS-Security |
|
wsFederationHttpBinding |
HTTPS |
WS-Security |
There are also a few other approaches as well. There is the hybrid TransportWithMessageCredential which the client credentials are provided at the message level and the remainder (the message itself and service authentication) is secured by the transport. The other type is TransportCredentialOnly which is ONLY for basicHTTPBinding that does mutual authentication at the transport level.
|
Binding |
Transport mode support |
Message mode support |
TransportWithMessageCredential support |
|
BasicHttpBinding |
Yes |
Yes |
Yes |
|
WSHttpBinding |
Yes |
Yes |
Yes |
|
WSDualHttpBinding |
No |
Yes |
No |
|
NetTcpBinding |
Yes |
Yes |
Yes |
|
NetNamedPipeBinding |
Yes |
No |
No |
|
NetMsmqBinding |
Yes |
Yes |
No |
|
MsmqIntegrationBinding |
Yes |
No |
No |
|
wsFederationHttpBinding |
No |
Yes |
Yes |
From http://msdn.microsoft.com/en-us/library/ms731172.aspx
Up Next: Authentication