Thursday, August 15, 2013

WCF: Enable the WIF security integration

WCF has it’s own security model build in. This security model has some overlap what WIF(Windows Identity Foundation) has to offer. Starting from .NET 4.5 you can replace the WCF security pipeline with a WIF equivalent.  This means that we can start using class like ClaimsAuthenticationManager and ClaimsAuthorizationManager to manage claims security in our WCF service.

To enable this new model, you have to set the UseIdentityConfiguration property on the ServiceCredentials behavior to true. This tells WCF to get its token handling configuration from the <system.identityModel> configuration section. Internally this replaces the standard ServiceCredentials with FederatedServiceCredentials.

1 comment:

Elizabeth J. Neal said...

There is also an update on ColdFusion 10 which fixes critical vulnerability that could permit an attacker to invoke public methods on ColdFusion CFCs using WebSockets. digital door locks