WCF and Identity in .NET 4.5: Scenarios

Over the next posts I will look at some typical authentication scenarios for WCF in detail.

You all know that WCF has a plethora of different options and knobs to tweak and that is the reason why many people don’t like it. Too much complexity.

But you can keep WCF simple if you use some sensible configuration settings. For me that typically means: use transport security, use the most basic binding that does the job, avoid stateful communication (aka sessions).

This is also the subset of WCF communication option that IMO will go forward in the long run (e.g. here).

Windows Authentication
This is the typical intranet SSO scenario. Transport security works best here and I typically chose BasicHttpBinding in the past. But with .NET 4.5 there is now the new NetHttpBinding which is basically the basic HTTP binding using binary encoding for better performance (we at Thinktecture used that combination via a custom binding for a long time in lots of customer projects). In addition NetHttpBinding supports bi-directional communication over Web Sockets if available.

Another option is the NetTcpBinding. I rarely use it because I don’t like sessions. Up to you.

UserName/Password Authentication
I recommend Basic/Net HTTP binding using TransportWithMessageCredential security mode (aka mixed mode) and the UserName credential type.

Client Certificate Authentication
Again Basic/Net HTTP binding using TransportWithMessageCredential security mode (aka mixed mode) and the Certificate credential type.

Token-based Authentication
The obvious choice is the WS2007FederationHttpBinding. I typically use it in mixed mode and specifically turn off WS-SecureConversation to avoid the session state. I also tend to use bearer tokens these days (if you don’t need the additional security and anti-repudiation features of symmetric keys e.g. – which is rare). This further simplifies the whole system because you don’t need token decryption keys.

This entry was posted in IdentityModel, WCF. Bookmark the permalink.

8 Responses to WCF and Identity in .NET 4.5: Scenarios

  1. Pingback: WCF and Identity in .NET 4.5: Accessing Claims | www.leastprivilege.com

  2. Pingback: WCF and Identity in .NET 4.5: Windows Authentication | www.leastprivilege.com

  3. Pingback: WCF and Identity in .NET 4.5: UserName/Password Authentication | www.leastprivilege.com

  4. Pingback: WCF and Identity in .NET 4.5: Client Certificate Authentication | www.leastprivilege.com

  5. Matt says:

    Do you have an example of the configuration required for token-based Authentication using bearer tokens? I can see futher posts on the other three authentication types but not this one.

    In particular, I get missing key errors with my current configuration when using bearer tokens so am interested to know how this works.

    Thanks!

  6. Pingback: WCF and Identity in .NET 4.5: External Authentication with WS-Trust | www.leastprivilege.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s