tags:

views:

220

answers:

1

We have a project that contains a WCF Service and a few clients that connect to it. Some of them are PCs using NetTcp to connect to the service. Few others run on Windows Mobile Devices(Compact Framework), using BasicHttp to connect. We can't use Windows Authentication, because different PCs use different Windows accounts. How can we secure the service to only allow valid PCs and Mobile devices to use it and deny other devices?

+2  A: 

I believe the best security you could enable would be SSL over HTTP and a standard authentication scheme via a username and password. For a really great inclusive review of the various security aspects of WCF check out the Codeplex site: http://www.codeplex.com/WCFSecurity

Specifically this page: http://www.codeplex.com/WCFSecurityGuide

Adron