Your SlideShare is downloading. ×
0
ITCamp 2012 - Leonard Abu-Saa - WCF Security
ITCamp 2012 - Leonard Abu-Saa - WCF Security
ITCamp 2012 - Leonard Abu-Saa - WCF Security
ITCamp 2012 - Leonard Abu-Saa - WCF Security
ITCamp 2012 - Leonard Abu-Saa - WCF Security
ITCamp 2012 - Leonard Abu-Saa - WCF Security
ITCamp 2012 - Leonard Abu-Saa - WCF Security
ITCamp 2012 - Leonard Abu-Saa - WCF Security
ITCamp 2012 - Leonard Abu-Saa - WCF Security
ITCamp 2012 - Leonard Abu-Saa - WCF Security
ITCamp 2012 - Leonard Abu-Saa - WCF Security
ITCamp 2012 - Leonard Abu-Saa - WCF Security
ITCamp 2012 - Leonard Abu-Saa - WCF Security
ITCamp 2012 - Leonard Abu-Saa - WCF Security
ITCamp 2012 - Leonard Abu-Saa - WCF Security
ITCamp 2012 - Leonard Abu-Saa - WCF Security
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

ITCamp 2012 - Leonard Abu-Saa - WCF Security

328

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
328
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. WCF Security Abu-Saa Leonard, Software Architect Arobs Transilvania Software Blog: http://net-daylight.blogspot.com/@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • 2. ITCamp 2012 sponsors Architecture & Best Practices@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • 3. Agenda Architecture & Best Practices• Overview• Authentication & Authorization• Security Modes• Credential Types• WCF Authentication Service• Custom UserName & Password Authentication• Q&A@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • 4. Overview Architecture & Best Practices• Online transactions• Do we ignore security ?@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • 5. Overview – Security fundamentals Architecture & Best Practices• Auditing and Logging• Authentication• Authorization• Configuration Management• Message Protection• Message Validation• Senzitive data• Session Management@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • 6. Threats, Vulnerabilities and Attacks Architecture & Best Practices• Asset• Threat• Vulnerability• Attack@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • 7. Authentication != Authorization Architecture & Best Practices• Authentication identifies a user, process• One of the most important aspect of security• We use id daily: ids, user names & passwords, etc.@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • 8. Authorization Architecture & Best Practices• Verifies what resources can access theitentified party• It happens after authentication• Very close related with Authentication@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • 9. Authentication in WCF Architecture & Best Practices• None• Basic• NTLM• Windows• Certificate• Username – Custom Provider – SqlMembership Provider• Issued Token@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • 10. Security Modes Architecture & Best Practices• None – Not recommended• Transport Security – Encrypts the communication channel• Message Security – The message is encrypted@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • 11. Security Modes - Variations Architecture & Best Practices• Transport Credential Only – Credentials are sent as part of the message but are not encrypted• Transport With Message Credential – Credentials are sent as part of the message and the message protection is done at the transport level@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • 12. Transport Security Architecture & Best Practices• SSL over HTTP(S)/TCP• Our purpose is to ensure integrity, condidentiality and authentication• Integrity = encryption key• Confidentiality = data encryption• Authentication = credentials• Use a digital certificate to encrypt the channel@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • 13. Transport Security Architecture & Best Practices• When we use Transport Security ?• Advantages – Better performance – Interoperability• Disadvantages – ‘Point-2-Point’@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • 14. Message Security Architecture & Best Practices• When we use Message Security?• Encrypts only the message• Advantages – ‘End-2-End’ security – Independent of the communication protocol • Disadvantages – Lower perfomance compared to transport – Does not support interoperability with older ASMX clients@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • 15. WCF Authentication Service Architecture & Best Practices• Uses ASP.NET membership to authenticate users• It requires cookies• Can customize user login• Can customize authentication cookie@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • 16. Q&A@ itcampro # itcamp12 Premium conference on Microsoft technologies

×