Design Considerations
- How do I decide on an authentication strategy?
- How do I decide on an authorization strategy?
- When should I use message security versus transport security?
- How do I use my existing Active Directory infrastructure?
- What bindings should I use over the Internet?
- What bindings should I use over an intranet?
- When should I use resource-based authorization versus roles-based authorization?
- When should I impersonate the original caller?
- When should I flow the original caller's identity to back-end resources?
- How do I migrate to WCF from an ASMX Web service?
- How do I migrate to WCF from a COM application?
- How do I migrate to WCF from a DCOM application?
- How do I migrate to WCF from a WSE application?
- What WCF service security events should be logged?
- How do I enable logging and auditing in WCF?
- How do I stop my service if there has been an auditing failure?
- How do I log important business events in WCF?
- How do I implement log throttling in WCF?
- How do I use the health monitoring feature with WCF?
- How do I protect my log files?
- How do I pass user identity information in a message for auditing purpose?
- How do I decide on an authentication strategy in WCF?
- When should I use the SQL Server membership provider?
- How do I authenticate against Active Directory?
- How do I authenticate against a SQL store?
- How do I authenticate against a custom store?
- How do I protect passwords in my user store?
- How do I use certificate authentication with X.509 certificates?
- What is the most common authentication scenario for intranet applications?
- What is the most common authentication scenario for Internet applications?
- How do I support authentication for multiple client types?
- What is federated security?
- How do I send credentials in the message when I am using transport security?
- How do I avoid cleartext passwords?
- How do I decide on an authorization strategy in WCF?
- What is the difference between resource-based, roles-based, and claims-based authorization?
- How do I use Windows groups for role authorization in WCF?
- How do I use the SQL Server role provider for ASP.NET role authorization in WCF?
- How do I use the Windows Token role provider for ASP.NET role authorization in WCF?
- How do I use the Authorization Store role provider for ASP.NET role authorization in WCF?
- What is the difference between declarative and imperative roles authorization?
- How do I restrict access to WCF operations to specific Windows users?
- How do I associate roles with a certificate?
- What is a service principal name (SPN)?
- How do I create a service principal name (SPN)?
- What is a binding?
- What bindings are available?
- Which bindings are best suited for the Internet?
- Which bindings are best suited for an intranet?
- How do I choose an appropriate binding?
- How do I encrypt sensitive data in the WCF configuration file?
- How do I run a WCF service with a particular identity?
- How do I create a service account for running my WCF service?
- When should I use a configuration file versus the WCF object model?
- What is a metadata exchange (mex) binding?
- How do I keep clients from referencing my service?
- What are the additional considerations for using WCF in a Web farm?
- How do I configure Active Directory groups and accounts for roles-based authorization checks?
- How do I create an X.509 certificate?
- When should I use a service principal name (SPN)?
- How do I configure a least-privileged account for my service?
- How do I implement a global exception handler?
- What is a fault contract?
- How do I define a fault contract?
- How do I avoid sending exception details to the client?
- How do I configure a least-privileged account to host my service?
- When should I host my service in Internet Information Services (IIS)?
- When should I host my service in a Windows service?
- When should I self-host my service?
- What are my impersonation options?
- What is the difference between impersonation and delegation?
- How do I impersonate the original caller for an operation call?
- How do I temporarily impersonate the original caller in an operation call?
- How do I impersonate a specific (fixed) identity?
- What is constrained delegation?
- What is protocol transition?
- How do I flow the original caller from the ASP.NET client to a WCF service?
- What is the difference between declarative and programmatic impersonation?
- What is the trusted subsystem model?
- When should I flow the original caller to back-end code?
- How do I control access to a remote resource based on the original caller's identity?
- How do I implement input and data validation in WCF?
- What is schema validation?
- What is parameter validation?
- Should I validate before or after message serialization?
- How do I protect my service from denial of service (DoS) attacks?
- How do I protect my service from malicious input attacks?
- How do I protect my service from malformed messages?
- When should I use message security?
- When should I use transport security?
- How do I protect my message when there are intermediaries routing the message?
- How do I protect my message when there are multiple protocols used during message transit?
- When should I use a channel factory?
- When do I need to expose a metadata exchange (mex) endpoint for my service?
- How do I avoid proxy spoofing?
- How do I protect sensitive data in configuration files?
- How do I protect sensitive data in memory?
- How do I protect my metadata?
- How do I protect sensitive data from being read on the wire?
- How do I protect sensitive data from being tampered with on the wire?
- How do I create X.509 certificates?
- Do I need to create a certificate signed by the root CA certificate?
- How do I use X.509 certificate revocation?
0 comments:
Post a Comment