0

I need to find out what's the best way of securing a WCF web service I'm writing. The service will be hosted internally and will perform checks against Active Directory and a third party database.

The service will be called by a public-facing webpage on a different server (a sign up page) and nothing else will be able to access it (due to firewall rules). The web page will NOT require credentials to access it.

The service will take a username and another field and check to see if they're an existing AD user. If they are, it will check to see if they have a personal (non-work) email address in the third-party database. If not, it will ask them to specify one.

Website <-> Service <-> AD/Database.

If these firewall rules are in place, do I need to go about securing the service?

Brett
  • 1,923
  • 3
  • 18
  • 24

2 Answers2

0

These codeplex application scenarios might help you configure what you're trying to achieve:

Internet – Web to Remote WCF Using Transport Security (Trusted Subsystem)

Intranet – Web to Remote WCF Using Transport Security (Trusted Subsystem, HTTP)

Tanner
  • 22,205
  • 9
  • 65
  • 83
0

This guide is well put together defiantly something to look into it covers all situations including yours.

http://wcfsecurityguide.codeplex.com/releases/view/15892

vikingben
  • 1,632
  • 2
  • 24
  • 37