Logic first, WCF security?

Question

Logic first, WCF security?

I am working on a WCF service that will exchange via net.tcp with n instances of a client application (which is being developed by another programmer in my office).

I am currently using net.tcp without any protection, since I felt that setting this up at this point is not necessary, at least until we get closer to the deployment.

During the development of the WCF application, is there any harm in using standard binding (net.tcp in my case) without security, and then, as soon as the business logic is complete, do you follow all security requirements? Are there any things I need to know about that may not work after security is implemented?

+5

security c # xml wcf wcf-binding

Simon hartcher Jan 28 '09 at 0:40

source share

3 answers

.

, .

: Microsoft.NET:

http://www.amazon.com/Microsoft ®-NET-Architecting-Applications-PRO-Developer/dp/073562609X

+3

Tom Anderson 28 . '09 0:43

, . , , , .

, , , - , , . , , .

, , , , . , , .

+2

Flory 28 . '09 14:39

Tad Donaghe · Accepted Answer · 2009-01-28T02:12:02+0000

While your overall design should take security into account from the very beginning, I don’t think it is a good idea to associate your components with any particular security strategy. You may very much want to use some of your components in an insecure manner or through another protocol that offers various security options.

So my answer is yes and no. Yes, you need to think about it from the very beginning, but you should not associate your components with your security requirements.

However, since you know that you will use net.tcp, you should be aware that default protection is enabled for this binding.

. Juval Lowy fantastic WCF-, 10. Lowy, ServiceModelEx ( ) , . , , .

Logic first, WCF security?

More articles: