Will this WCF setup work?

Question

I'm rather new to the WCF/IIS/MS web stack corner of the world so I'm hoping for some help evaluating my design.

What I need is a system that presents a number of resources as URIs. Each resource is a WCF web service providing a number of read and write operations. I need to provide username/password security for different resources.

How I'm hoping to make this work is to have IIS handle the security using the normal devices it uses for everything else. Then uses URL rewriting to remap everything to a single web service that will provide the correct resource based on the rewritten query string.

• Will this work?
• Am I missing something?
• Is there a better way to do this?
• If you happen to known of a really good tutorial for the bits and peaces (like what file does the security settings go in?) I would appreciate links?

For now there will be only a handful (2 to 20) users so static config files would be preferred for that as along as it won't cause problems later.

As I said, I hardly known jack in this domain so I don't really known what I don't known.

---

A few links I have found (don't even known yet if I'm looking in the right direction)

• Fundamentals of WCF Security (assumes a bit more familiarity than I have)
• Improving Web Security: Scenarios and Implementation Guidance for WCF (really long, book length)

Answer 1

Yes this sounds sane. For authentication you want to use ASP.NET membership module it provides a generic security API which can use intergrated (windows user), web form login, even LiveID or some custom authentication. In my experience MSDN has proven a good resource, here's a hands on article.

Answer 2

For web http binding WCF provides Uri rewriting out of the box using WebGet attribute. for SOAP, the end point URL is the same, so I assume you want RESTful endpoint. If so, you need Basic auth over https not WS-Security.