tags:

views:

948

answers:

2
Q: 

Authorization and Authentication using WCF

What are the best practices for handling security i.e. Authorization and Authentication in Web Application?

I am working on a web application, using WCF as SOA, there are more chances that in future individual component in my application can be integrated with some third party application. I am looking for a solution by which I can handle Authorization and Authentication for my application using internal approach of my application as well as i can use interface provided by some third party application for authorization and authentication.

A: 

We are currently looking at the Microsoft Geneva framework for exactly this (plus our other SSO requirements). Looks very nice.

http://msdn.microsoft.com/en-us/security/aa570351.aspx

Chris Simpson  2009-01-14 17:37:53
A: 

See What is some good WCF/web services security reading?

eed3si9n  2009-04-28 23:38:20

related questions

How do I write Firefox add-on that automatically enters proxy passwords?
Login Integration in PHP
Strange Rails Authentication Issue
Concurrent logins in a web farm
Is there a browser equivalent to IE's ClearAuthenticationCache?
How can I authenticate using client credentials in WCF just once?
Why can't I connect to my CAS server with Perl's AuthCAS?
Best Solution For Authentication in Ruby on Rails
Authenticate on an ASP.Net Forms Authorization website from a console app
How do I use NTLM authentication with Active Directory
What have you used Windows CardSpace for, if anything
Forms Authentication across Applications
Retreiving the PC Name of a Client? (Windows Auth)
How would you implement FORM based authentication without a backing database?
What's the best way to authenticate over WCF?
Only accepting certain ajax requests from authenticated users
OpenID authentication in Ruby on Rails
OpenID Attribute Exchange - should I use it?
OpenID: which provider should I recommend to my users?
What to use for login ID?
ASP.NET authentication: user name Vs User ID
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Checklist for IIS 6/ASP.NET Windows Authentication?
The Definitive Guide To Website Authentication