Security Considerations

The topics in this section list various security-related items to consider when designing a Windows Communication Foundation (WCF) application.

In This Section

• Information Disclosure
  Discusses the various ways that information can be disclosed or attacked, and how to mitigate this.

• Elevation of Privilege
  Discusses the effects of giving an attacker authorization permissions beyond those initially granted and how to mitigate this.

• Denial of Service
  Discusses what happens when a system is unable to process messages appropriately and how to mitigate it.

• Tampering
  Discusses the altering of messages or the delivery of messages and how to mitigate it.

• Replay Attacks
  Discusses what happens when an attacker copies a stream of messages between two parties and replays the stream to one or more of the parties, and how to mitigate this.

• Security Considerations for Secure Sessions
  Discusses the following items that affect security when implementing secure sessions.

• Unsupported Scenarios
  Lists various scenarios that do not support a particular aspect of security and should be avoided or considered.

Reference

System.IdentityModel.Tokens

System.IdentityModel.Claims

System.ServiceModel.Security

System.ServiceModel

Related Sections

Security Guidance and Best Practices

See Also

Other Resources

Windows Communication Foundation Security

© 2007 Microsoft Corporation. All rights reserved.
Last Published: 2010-03-21