Friday, June 6, 2008

patterns & practices WCF Security Guide - BETA released

The wait is over!!, we have released BETA version of our WCF Security guide - patterns & practices Improving Web Services Security: Scenarios and Implementation Guidance for WCF.

The guide walks you through the security concepts of WCF with key guidance around those concepts. The chapters are ably supported by Guidelines, Checklists, Practices, Q&A and How Tos. It other words you can call it our Microsoft playbook for Windows Communication Foundation (WCF - "Indigo").

It shows you how to build secure WCF. It's a compilation of proven practices, product team recommendations and insights from the field.

Please Download the Guide and embark on the WCF journey securely!!

~Later

1 comment:

logicunit said...

Hi, I have a question:
We have bunch of of asmx services that are consumed by TIBCO. On the TIBCO side there is check box set to Use Basic Authentication and tibco is sending AD credentials.
On the iis server where asmx services are hosted, Enable anonymous access is unchecked and we have Integrated Windows authentication checked and Basic Authentication Checked.

So as I understand it, its using basic authentication with AD.

I'm trying to put a wcf service in the same directory, and added the configuration below in the web config but it does not work.

security mode="TransportCredentialOnly"

transport clientCredentialType="Windows"

security


any suggestions?