How should I configure WCF security for an internal service between two Domains?

Question

Here's my scenario:

I'm planning on running a Windows Service hosted WCF service on a server that is outside of our domain (in it's own workgroup). I need to access it securely from a client that is inside our domain. There is a firewall between the two machines that we are in control of.

The service does not need to be accessible by any other machine and in fact shouldn't accept connections from any machines apart from the designated one.

The communication needs to be encrypted.

My question is, what is the best binding, security mode, and authentication method for this purpose? I would like to use the netTCPBinding because it's the most efficient, but if there's another one that's more suited for the job, I'm open to suggestions.

Answer 1

It's hard to give you a difinitive answer, i'd reccomend reviewing parts 3 & 4 of the CodePlex Security Guide. Most of the bindings, apart from basicHttpBinding will encrypt your messages. netTCPBinding sounds suitable from what you need: CodePlex Bindings. Hope that's of some help!

Also Learning WCF by Michelle LeRoux Bustamante - good resource & her website