Robert Hurlbut Blog

Thoughts on Software Security, Software Architecture, Software Development, and Agility

WCF and Federation security options

Wednesday, March 15, 2006 Comments

 .NET  Security  Service Orientation (SO)  WCFIndigo 
Share:   Share on LinkedIn    Share on Twitter    Share on Facebook   

Over the past couple of weeks, I have been working on understanding some of the latest options available for Windows Communication Foundation (WCF) and Federation security. In particular, I have looked at Kerberos authentication (where your Active Domain serves as your Secure Token Server (STS)) to give you seamless Single-Sign On (SSO). But, how do you leverage SSO if your users are outside of your domain? There are a couple of options:

1. WSFederationHttpBinding (renamed from WSFederationBinding in the Feb CTP to make it clear this only works over HTTP)

2. Active Directory Federation Services (ADFS)

ADFS looks pretty straight forward, but may be too heavy for what I was interested in doing. Today, I found this great simple example "Implementing a Secure token service with WCF" by Pablo M. Cibraro[found by way of Sam Gentile]. Pablo uses the username token for client authentication and an X509 certificate to encrypt and sign the server token.

Share:   Share on LinkedIn    Share on Twitter    Share on Facebook