Security is a big topic in distributed communication applications. When the client consumers call a service operation through an intranet or the Internet, it is necessary to consider how we will secure the communication between the two sides, or how we can make sure that we are talking to the correct service or the correct client consumers.

WCF provides a lot of built-in features for developers to address all these kinds of problems in service application development. The most commonly used WCF security features include authentication, authorization, and message protection (signing and encrypting).

In this chapter, we will use 10 recipes to demonstrate some useful security scenarios in WCF service development. The first five recipes will focus on various authentication use cases, including Windows authentication, username authentication, and so on. These are followed by two recipes that introduce some role-based authorization and identity impersonation cases. In addition, there...