This project is read-only.

WCF 3.5 Security Guidelines

J.D. Meier, Jason Taylor, Prashant Bansode, Carlos Farre, Madhu Sundararajan, Steve Gregersen.

The following are guidelines for Web services created with Windows Communication Foundation (WCF) 3.5. They are based on principles where possible. The recommendations are also as contextual as possible, but abstracted for reuse. Use them as a starting point, but you will likely need to tailor for your scenario:

Design Considerations

Auditing and Logging




Configuration Management

Exception Management


Impersonation and Delegation

Input/Data Validation

Proxy Considerations

Deployment considerations

Last edited Apr 23, 2008 at 11:58 PM by prashantbansode, version 6


No comments yet.