Microsoft patterns & practices Team has released the first version of WCF 3.5 Security Guidelines. As J.D. Meier writes in his blog the WCF Security guidelines are organized using the following categories:
- Auditing and Logging
- Authentication
- Authorization
- Binding
- Configuration Management
- Exception Management
- Hosting
- Impersonation and Delegation
- Input/Data Validation
- Proxy Considerations
- Deployment considerations
Be the first to rate this post
- Currently 0/5 Stars.
- 1
- 2
- 3
- 4
- 5
Tags:
wcf,
security
Categories:
.NET 3.5 |
WCF
Posted by ilia on April 21, 2008 16:08
Actions:
E-mail |
Kick it! |
del.icio.us |
Permalink |
Comment RSS
The AJAX-enabled WCF Service template in Visual Studio 2008 creates a service class with an AspNetCompatibilityRequirements attribute. Unfortunately the MSDN description of this attribute is not as informative as it could be. The statement "ASP.NET compatibility mode allows WCF services to use ASP features such as identity impersonation" underestimates the possible impact of the attribute. Much better information sources are the MSDN description of the <serviceHostingEnvironment> element, the article "WCF Services and ASP.NET", which explain what the ASP.NET compatibility mode really does, and Wenlong Dong's blog.
In short, in this mode WCF requests are fully processed by the ASP.NET infrastructure like "native" ASP.NET requests, and WCF behaves identically to ASP.NET Web Services with regard to many ASP.NET features.
According to Microsoft, state management is commonly used as the primary reason for enabling the ASP.NET compatibility mode, though services should be designed stateless.
Be the first to rate this post
- Currently 0/5 Stars.
- 1
- 2
- 3
- 4
- 5
Tags:
wcf
Categories:
.NET 3.5 |
WCF
Posted by ilia on March 25, 2008 16:40
Actions:
E-mail |
Kick it! |
del.icio.us |
Permalink |
Comment RSS