Foreword by Rockford Lhotka
Looking into the future, it is clear that Windows Communication Foundation (WCF) is one of the core pillars of the Microsoft .NET Framework. As the logical successor to ASMX Web services, Web service extensions, Remoting, Microsoft Message Queuing (MSMQ), and Enterprise Services, WCF is the single API for any cross-process or cross-network communication needs in .NET. This is true for both service-oriented and n-tier client/server scenarios, as WCF effectively supports both models.
While Microsoft® Visual Studio® continues to improve its tool support for WCF, the reality is that WCF is a very large and complex technology. Tooling alone can't simplify all the options enough to make the use of WCF truly easy. It is critical that developers using WCF understand the various security configuration options, how they interact with the available bindings, and the ramifications of their choices.
Although understanding the options and their consequences is critical, one must ultimately implement the decisions. Typically, this is done through configuration of WCF, which is perhaps the hardest and most complex part of any WCF project. Even with the configuration tools available, configuring WCF for even relatively simple security models can be a very painstaking and time-consuming task.
This is why the guidance you are about to read is so exciting! It opens with a section covering the security concerns you'll need to address when building service-oriented systems. The discussion then moves on to coverage of the concepts and reasoning behind the available security options in WCF, and how choices made here can impact your options elsewhere in WCF. Armed with that background, you can then read the sections covering specific scenarios for both Internet and intranet application models. Finally come what I view as the jewels of this guidance: the detailed how-to walkthroughs for configuring WCF as needed to meet your security requirements.
Nowhere else will you find such unified content describing the concepts, reasoning, and practical application of security in Windows Communication Foundation.
Rockford Lhotka
Principal Technology Evangelist, Magenic
May 2008