Common Security Scenarios

The topics in this section catalog a number of possible client and service security configurations. Configurations vary according to a number of factors. For example, whether a service or client is on an intranet, or whether the security is provided by Windows or transport (such as HTTPS).

In This Section

• Internet Unsecured Client and Service
  An example of a public, unsecured client and service.

• Intranet Unsecured Client and Service
  A basic Windows Communication Foundation (WCF) service developed to provide information on a secure private network to a WCF application.

• Transport Security with Basic Authentication
  The application allows clients to log on using custom authentication.

• Transport Security with Windows Authentication
  Shows a client and service secured by Windows security.

• Transport Security with an Anonymous Client
  This scenario uses transport security (such as HTTPS) to ensure confidentiality and integrity.

• Transport Security with Certificate Authentication
  Shows a client and service secured by a certificate.

• Message Security with an Anonymous Client
  Shows a client and service secured by WCF message security.

• Message Security with a User Name Client
  The client is a Windows Forms application that allows clients to log on using a domain user name and password.

• Message Security with a Certificate Client
  Servers have certificates, and each client has a certificate. A security context is established through Transport Layer Security (TLS) negotiation.

• Message Security with a Windows Client
  A variation of the certificate client. Servers have certificates, and each client has a certificate. A security context is established through TLS negotiation.

• Message Security with a Windows Client without Credential Negotiation
  Shows a client and service secured by a Kerberos domain.

• Message Security with Mutual Certificates
  Servers have certificates, and each client has a certificate. The server certificate is distributed with the application and is available out of band.

• Message Security with Issued Tokens
  Federated security that enables the establishment of trust between independent domains.

• Trusted Subsystem
  A client accesses one or more Web services that are distributed across a network. The Web services access additional resources (such as databases or other Web services) that must be secured.

Reference

System.ServiceModel

Related Sections

Authorization

Security Overview

Windows Communication Foundation Security

Bindings and Security

Securing Services and Clients

Authentication

Authorization

Federation and Issued Tokens

Auditing Security Events

See Also

Concepts

Security Guidance and Best Practices

© 2007 Microsoft Corporation. All rights reserved.
Last Published: 2010-03-21