Securing Workflow Services

This topic applies to Windows Workflow Foundation 4 (WF4).

The Secured Workflow Service sample shows the following procedures:

  • Creating a basic workflow service using the Receive and SendReply activities.

  • Using Windows Communication Foundation (WCF) configuration to define secure endpoints for use by the workflow service.

  • Creating claims inside a custom policy and using the ServiceAuthorizationManager to validate claims.


Using WCF security to secure communication between client and Workflow service, Claims based authorization


This sample demonstrates the use of WCF security infrastructure to secure a workflow service just like you would with a normal WCF service. Specifically, it uses a custom claim for authorization. In this case, it uses WSHttpBinding and message mode security with Windows credentials.

The custom IAuthorizationPolicy (CustomNameCheckerPolicy) checks the client's Windows username and for a specific character. If that character is present, it creates and adds the claim to the EvaluationContext. By doing this, the custom policy is making the statement that the client has this character in the username. This claim can be queried throughout the lifetime of the call. You can find that character in Constants.cs.

The authorization policy looks for the claim inside the SecureWorkFlowAuthZManager. If it finds it, it returns true and allow the workflow to proceed. Otherwise, it returns false, which causes an 'Access Denied' message to be returned to the client. Other claims are present in the context and can be examined as well inside the SecureWorkFlowAuthZManager.

To run this sample

  1. Run Visual Studio 2010 with administrator privileges.

  2. Load SecuringWorkflowServices.sln in Visual Studio 2010.

  3. Press CTRL+SHIFT+B to compile the solution.

  4. Set the Service project as the start-up project for the solution.

  5. Press CTRL+F5 to start the service without debugging.

  6. Set the Client project as the start-up project for the solution.

  7. Press CTRL+F5 to start the client without debugging.

Ee943756.Important(en-us,VS.100).gif Note:
The samples may already be installed on your machine. Check for the following (default) directory before continuing.


If this directory does not exist, go to Windows Communication Foundation (WCF) and Windows Workflow Foundation (WF) Samples for .NET Framework 4 to download all Windows Communication Foundation (WCF) and WF samples. This sample is located in the following directory.