I had a great time last night speaking to OWASP Los Angeles November Monthly Meeting on the topic of WCF Security – Securing your Service Oriented Architecture. The abstract of the talk, presentation slides and code follows.
Abstract: Any Service-Oriented Architecture (SOA) needs to support security features that provide auditing, authentication, authorization, confidentiality, and integrity for the messages exchanged between the client and the service. Microsoft Windows Communication Foundation (WCF) provides these security features by default for any application that is built on top of the WCF framework. In this session, Adnan Masood will discuss the WCF security features related to auditing and logging, authentication, authorization, confidentiality, and integrity.
This talk is focused on WCF security features with code demonstration to use behaviors and bindings to configure security for your WCF service. Bindings and behaviors allow you to configure transfer security, authentication, authorization, impersonation, and delegation as well as auditing and logging. This presentation will help you understand basic security-related concepts in WCF, what bindings and behaviors are and how they are used in WCF, authorization and roles in the context of WCF, impersonation and delegation in the context of WCF and what options are available for auditing in WCF.
Targeted towards solution architects and developers, this talk will provide you architectural guidance regarding authentication, authorization, and communication design for your WCF services, solution patterns for common distributed application scenarios using WCF and principles, patterns, and practices for improving key security aspects in services.
- Slide deck PDF: WCF Security Talk - OWASP Los Angeles - Adnan Masood
- Slide deck Powerpoint: WCF Security Talk - OWASP Los Angeles - Adnan Masood
- Code Samples (rar): WCFSecurityTalk.Src