In a distributed environment a message can travel across several nodes to reach to the destination. It is necessary to secure the message to avoid the security breaches and to have the integrity of the message. WCF provides robust and powerful security infrastructure to provide the security in distributed communication. The following security concepts must be implemented in any service oriented applications:
Integrity
Confidentiality
Authentication
Authorization
Integrity means the message sent to the receiver is not altered. It is received in the same as sent by the sender. For instance, if a sender sends message as “Hello” and if the receiver receives as “Hello” then it is because of integrity. Digital signature option can be useful to provide integrity in the distributed environment.
Confidentiality means the message is secret and only the intended recipients can receive it. Other entities cannot access the message while it is travelling over the wire. Any unintended receive should not be aware about the message being transmitted.
Authentication is a technique to request the identity of sender or receiver. In real life, requesting someone to show his/her identity proof is an example of authentication. The distributed environment authentication should happen at both sides to avoid penetrations to enter in the system. In operating system entering login credentials is the popular example of authentication we observe in our daily life. There are various ways to provide authentication in WCF which will be discussed later in this chapter.
By using authentication the identity of the user is fetched but what about restricting the users to access resources at certain level? The answer to this question is authorization which allows only authorized users to access particular operations of service in distributed environment. There are numerous options to provide authorization in WCF. Each of these options is discussed later in this chapter.