Validating the security credentials daba dating a banker
Introduction This article is all about the basics of the WCF Security; in other words, this is the starting point of diving into the WCF Security concepts, and yes, security is the most important for any technology we are working.A decade before SOAP didn't provide a secure message from tampering rather there was a way to encrypt the messages; all the security details were delegated to the transport layer.As a result, making SOAP an independent platform was a big challenge.Then one fine day, a new generation of security, called WS-* specifications, was born to extend the existing SOAP specification with security capabilities for client authentication and message protection.The new model for securing the messages at the message levels were also included.This SOAP specification was created in combination with the big leaders in industries such as Microsoft, IBM and SUN, among others.The following are the principles that WCF uses to secure the communication over the network.Authentication An authentication process normally asks the two questions, who are you and what is the proof you need to get inside?
On the other hand, the service should have a mechanism for verifying/validating the evidence that was collected from the client.For example if the custom username and password is used, the service should have logic to validate the username and password supplied by the client.The client is successfully authenticated only if the verification drops good results.In the following three different scenarios the authentication would be fruitful: Client Authentication is authentication by the service to validate and verify that you are the right person to utilize my service methods. Server authentication is authenticated by the client to confirm that the client is talking to the right person, so the client needs to verify the service identity. Because we need to prevent phishing attacks that are nothing but an attacker who makes available a fake service with the same signature as the original one to capture sensitive information about the user, for example: credit card numbers, credit card pins and transaction passwords are normally not provided to anyone right?Until the person is your family member or a known good friend.