Chapter 8. User-Level Security

The previous chapter discussed the security embedded in Windows Communication Foundation (WCF). This included transport-level security, as offered by the protocol used to transmit the messages, and message-level security, provided through a number of standards. The second part of the security story in WCF deals with authentication and authorization.

This chapter starts by covering the different mechanisms that exist to enable the client and the service to support mutual authentication. Also covered in this chapter are the details of how to integrate your own custom authentication into WCF. The second lesson discusses WCF authorization. The topic of authorization also includes impersonation because what is impersonation if not changing the access typically allowed through the authorization process?