A conceptual review of the WCF security model?

I am working with WCF at the moment and am trying to implement a custom security model based on the API key and signature (similar to how Facebook / Flickr / OAuth, etc.) work.

There are a bunch of classes such as ServiceAuthorizationManager, SecurityToken, SecurityTokenValidator, IAuthorizationPolicy, etc., but I can not find documentation on how they work together or what is the conceptual security model for WCF.

I'm really looking for something that details how these classes fit and work together, so I can figure out where to get credentials, where to check if they are correct, where to decide what level of access to give them, etc. If there is a book that I can buy about this, it would be even better, since all the WCF books that I found completely missed all this.

Is there any documentation there?

+3
source share
1 answer

Take a look at Juval Lowy perfectly, “Programming WCF Services,” 2nd Edition:

Here is a link to the Amazon page on it.

Chapter 10 is all about security.

Microsoft WCF - (!) . .

, . !

+3

All Articles