I’ve pulled together a collection of security-related content that should be helpful for those of you writing WCF services. This guide will introduce you to essential security features, and hopefully, you’ll glean a tip or two from the variety of tutorials and articles.
> WCF Security Information
> WCF Security Features
> WCF Security Articles
> WCF Security Webcasts
> WCF Demos and Downloads
WCF Security Terminology
Security Briefs: Security in Windows Communication Foundation
Programming WCF Security
Security Overview
Security Concepts
Common Security Scenarios
Bindings and Security
Securing Services and Clients
Authentication
Authorization
Federation and Issued Tokens
Auditing Security Events
Security Guidance and Best Practices
The Claims-Based Security Model Part 1 (Michele Leroux Bustamante)
Securing your WCF service (Willian Tay)
Warning: XSS attack in PDF URLs (Ted Neward)
Getting the Client Identity (Nicholas Allen)
Transport Encryption and Signing (Nicholas Allen)
Amplified Flooding Attacks (Nicholas Allen)
Disabling Security Timestamps (Nicholas Allen)
Securing Custom Headers, Version 1 (Nicholas Allen)
Securing Custom Headers, Version 2 (Nicholas Allen)
Asymmetric tokens and Mixed-Mode Security (Govind Ramanathan)
HTTP/POX Programming Basics (Steve Maine)
Partial Trust support for WCF in Orcas (Steve Maine)
Code for custom Encoder Binding Elements (Kenny Wolf)
WCF: Security Sessions and Service Throttling (Matevz Gacnik)
Choosing the right Authentication and Authorization in Windows Communication Foundation: Part One
Choosing the right Authentication and Authorization in Windows Communication Foundation: Part Two
Indigo Security in a Nutshell
Test Windows Communication Foundation using Microsoft Virtual Labs
WCF Overviews, Demos and Downloads
WCF Security Extensions