Security in windows mobile app and wcf service

Question

I'm kinda new in the mobile world and wcf world.

I have develop a mobile app that communicates with a WCF service.

What security topics should I look into?

I do not know much about security either ... usually you try to secure the channel? the messages being sent?

Answer 1

When you decide security you usually deals with following terms:

• Confidentiality - ensures that only supposed recipient can read and understand the message
• Integrity - ensures that message cannot be changed during transmission
• Authentication - ensures that only callers with allowed identity can use the service
• Autorization - ensures that only callers with exact claim are allowed to call given method

Authorization is always handled in code. Confidentiality, integrity and authentication can be handled on message level, transport level or mixed mode. Based on some very small knowledge about CF I suggest you should be able to use transport security = HTTPS to provide integrity, confidentiality and also Basic HTTP authentication. CF should also allow using message security secured by certificates (also provides integrity, confidentiality and authentication).

MSDN contains example for creating service and CF client secured by HTTPS with client certificate (used for authentication).