Export (0) Print
Expand All

Common Security Scenarios

The topics in this section catalog a number of possible client and service security configurations. Configurations vary according to a number of factors. For example, whether a service or client is on an intranet, or whether the security is provided by Windows or transport (such as HTTPS).

Internet Unsecured Client and Service

An example of a public, unsecured client and service.

Intranet Unsecured Client and Service

A basic Windows Communication Foundation (WCF) service developed to provide information on a secure private network to a WCF application.

Transport Security with Basic Authentication

The application allows clients to log on using custom authentication.

Transport Security with Windows Authentication

Shows a client and service secured by Windows security.

Transport Security with an Anonymous Client

This scenario uses transport security (such as HTTPS) to ensure confidentiality and integrity.

Transport Security with Certificate Authentication

Shows a client and service secured by a certificate.

Message Security with an Anonymous Client

Shows a client and service secured by WCF message security.

Message Security with a User Name Client

The client is a Windows Forms application that allows clients to log on using a domain user name and password.

Message Security with a Certificate Client

Servers have certificates, and each client has a certificate. A security context is established through Transport Layer Security (TLS) negotiation.

Message Security with a Windows Client

A variation of the certificate client. Servers have certificates, and each client has a certificate. A security context is established through TLS negotiation.

Message Security with a Windows Client without Credential Negotiation

Shows a client and service secured by a Kerberos domain.

Message Security with Mutual Certificates

Servers have certificates, and each client has a certificate. The server certificate is distributed with the application and is available out of band.

Message Security with Issued Tokens

Federated security that enables the establishment of trust between independent domains.

Trusted Subsystem

A client accesses one or more Web services that are distributed across a network. The Web services access additional resources (such as databases or other Web services) that must be secured.

Show:
© 2014 Microsoft