views:

394

answers:

1

I'm developing a new set of web services at my company.

My manager asked me to provide a greater level of security for this, as the web services will handle sensitive informations.

I've searched the net for resources about how to secure an web service and the two runner ups are WSE3.0 and WCF.

But I have no idea which one is the best option to choose from.

My requirement stipulate that some of the web service must be called by non-.NET environment, so how to proceed?

Which one is the best in such scenario?

+4  A: 

If you have the luxury of doing new development, DEFINITELY go with WCF!

It offers much more functionality, much more options for security, bindings, and way more extension points should you need to tweak your system.

WCF also support way more industry-standard interoperability scenarios than anything else before, so you should be more than covered in this area, too.

Here are a few articles specifically on WCF security:

No question here - it's a slam dunk - go with WCF !!

Marc

marc_s
WCF is much richer, so it will require some investment in learning, but I second marc_s, don't go into WSE 3.0 only to find out that you need to migrate to WCF because of interoperability issues.
bbmud
Not to mention the fact that ASMX and WSE are the the evolutionary predecessors for WCF
James Alexander
If nothing else, Microsoft is ensuring WSE is obsolete by apparently not supporting WSE 3.0 on Windows Server 2008. There are several forums with threads about having problems getting WSE 3.0 running correctly on 2008.
Sixto Saez