WCF Workshop Part 6 (Securing your Service Part 2 – Message Encryption)

In Part 6 of the series, I’ve added to the security choices by showing how to do Message-Level (aka., Encryption) between the Service and Client. Unlike Transport-Level Security (or SSL over HTTP) which is point-to-point, Message-Level Security provides you with an option for end-to-end secure communications. As I talk about in the workshop, point-to-point security (Transport-Level) is great when you are trying to protect yourself from outside of the network (e.g., Internet) but does nothing to protect you from internal threats. In todays network environment when sensitive data is being stolen from inside of the network, you need to protect sensitive from those you DON'T know and those who you DO know. For example: Imagine what would happen if an internal employee or contractor put software to log HTTP traffic on a web server that clients passed sensitive data through (e.g., bank account information) and then copied the logs onto a USB key. The message was protected from the Client to the Server with Transport-Level Security (SSL), but it would sit in the server logs as “Clear Text” information. Being able to encrypt the message from the client to the database and back adds an additional level of security and this workshop will show you how to do it easily with WCF.

This version of the workshop was built with the July CTP of the .NET 3.0 Framework. The series to-date has included:

Part 1: Introduction to WCF (Building a simple WCF Service and Client)

Part 2: Handling Session (State) within WCF

Part 3: Implementing Enterprise-Level Transactions with WCF

Part 4: Handling Complex Data between Services and Clients with WCF

Part 5: Securing the Service/Client Communications with Transport-Level Security (SSL over HTTP) with WCF

Part 6: Securing the Service/Client Communications with Message-Level Security (Message Encryption) with WCF


Happy coding,


~ Robert Shelton


Download location: http://www.federaldeveloper.com/workshops

Blog series location: http://blogs.msdn.com/federaldev/archive/category/13824.aspx

Technorati Tags: Microsoft, .NET, Windows Vista, WinFX, SOA, ESB, Enterprise Service Bus