Hi there,
Is the asp.net membership system used over wcf (transport security turned on) enough for high security internet scenarios with thousands of clients spread all over the internet?
I'm just evaluating possible solutions and wanted to know if this might fit in this category.
If not, what would be the best method to provide high security access over wcf for internet scenarios?
Yes it will work; and with SSL/transport security the authentication will be protected by the transport. Will it scale? That's harder to say; it depends on too many factors.
OK so by high security you're looking for non-repudiation? That's trickier; because of course people can share usernames and passwords. But even if you also used client certificates, well people share certificates. I'd certainly look at WCF auditing in combination with the authentication and set SupressAuditFailure to be false.
high security means some of the information is "very confident". there may be several thousand clients that may contact the service maybe one or two times a day, so i guess scaling won't be the problem as the sessions are quite short lived.