Securing Services and Clients

The information in this section focuses on programming security in Windows Communication Foundation (WCF). Generally, this includes selecting an appropriate system-provided binding, setting the properties of the security element, and then setting properties of the service behaviors that govern how credentials are retrieved for use by either the service or the client. These techniques cover the security requirements of most users for most scenarios, as shown in Common Security Scenarios. If your scenario requires more capabilities, first see Security Capabilities with Custom Bindings; if a solution is not apparent, see Extending Security. If you are creating (or interoperating with) a system that uses rich claims, see the topics in Authorization.

In This Section

Programming WCF Security
An overview of the programming model used to secure messages.

Transport Security Overview
An overview of how to secure messages through the transport layer.

Message Security
Summarizes reasons for using message-level security in Windows Communication Foundation (WCF).

Secure Sessions
A discussion of the considerations required when securing a WCF session.

Working with Certificates
An explanation of some of the common tasks required when using X.509 certificates.





Security Concepts

Extending Security

Common Security Scenarios

Bindings and Security

Security Capabilities with Custom Bindings

Extending Security


See also