R – Choosing best security option for WCF

Securitywcf

We have a project that contains a WCF Service and a few clients that connect to it. Some of them are PCs using NetTcp to connect to the service. Few others run on Windows Mobile Devices(Compact Framework), using BasicHttp to connect.
We can't use Windows Authentication, because different PCs use different Windows accounts.
How can we secure the service to only allow valid PCs and Mobile devices to use it and deny other devices?

Best Answer

I believe the best security you could enable would be SSL over HTTP and a standard authentication scheme via a username and password. For a really great inclusive review of the various security aspects of WCF check out the Codeplex site: http://www.codeplex.com/WCFSecurity

Specifically this page: http://www.codeplex.com/WCFSecurityGuide

Related Solutions

C# – the best workaround for the WCF client `using` block issue

Actually, although I blogged (see Luke's answer), I think this is better than my IDisposable wrapper. Typical code:

Service<IOrderService>.Use(orderService=>
{
  orderService.PlaceOrder(request);
});

(edit per comments)

Since Use returns void, the easiest way to handle return values is via a captured variable:

int newOrderId = 0; // need a value for definite assignment
Service<IOrderService>.Use(orderService=>
  {
    newOrderId = orderService.PlaceOrder(request);
  });
Console.WriteLine(newOrderId); // should be updated

C# – WCF Mex End Points for Multiple Bindings

Yes, you can use just the HTTP mex endpoint. I think the assumption is that your client can communicate over HTTP.

Best Answer

Related Solutions

C# – the best workaround for the WCF client `using` block issue

C# – WCF Mex End Points for Multiple Bindings

Related Topic