Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Auditing and logging Authentication Authorization Cryptography Deployment Considerations Exception Management Impersonation and Delegation Input Validation Message Security Proxy Sensitive Data Session Management Transport Security
Personas
Administrator Developer Administrator Developer Administrator Developer Administrator Developer Administrator Developer Administrator Developer Administrator Developer Administrator Developer Administrator
Priority
Authentication
Scenario
Configure service with NTLM authentication Configure service with basic authentication Configure service with digest authentication
Personas
Administrator Developer Administrator Developer Administrator
Priority
Configure service with windows authentication Configure service with issue token authentication Configure service with username/password authentication Configure service with no credentials Configure service with certificate authentication Pass service certificate via secure session negotiation Pass NTLM credentials via secure session negotiation Implement custom credential validation
Developer Administrator Developer Administrator Developer Administrator Developer Administrator Developer Administrator Developer Administrator Developer Administrator Developer Developer
Authorization
Scenario
Configure service to use a Windows provider to authorize users Configure service to use an ASP.NET role provider Configure service to use a custom authorization provider Configure service to use custom security policies Mark an operation contract with security demands attribute Perform authorization based on a programmatically verified claim
Personas
Administrator Developer Administrator Developer Administrator Developer Administrator Developer Developer Developer
Priority
Cryptography
Scenario
Implement custom binding with cryptographic algorithms for encrypting/signing messages Implement custom binding to sign message without encryption Implement custom binding to encrypt message without signing
Personas
Developer Developer Developer
Priority
Deployment Considerations
Scenario
Host service in IIS for HTTP(s) communication
Personas
Administrator Developer
Priority
Developer Administrator Developer Host service in medium trust Administrator Developer Configure certificate in IIS to enable SSL in a virtual directory Administrator hosting service Developer Configure certificate to enable SSL in a self hosted service Administrator Developer Configure certificate on a client local store for message Administrator encryption and authentication Developer Configure partner public key certificates in local store for Administrator authorization Developer Configure IIS for authentication Administrator Store encryption keys in a secure location Administrator Developer Encrypt all or part of a web configuration file Administrator Developer Map certificates with accounts in active directory Administrator Developer Configure Active Directory groups and accounts for roleAdministrator based authorization checks Developer Configure Cardspace accounts Administrator Developer Configure Security Token Service (STS) Administrator Developer Configure MSMQ accounts and security Administrator Developer
Host service in Windows Activation server (WAS) for TCP communication Host service in Windows Activation server (WAS) for HTTP(s) communication Self-host service in windows service for HTTP(s) communication Self-host service in windows service for TCP communication Host service with least privilege account
Exception Management
Scenario
Design fault contracts to allow services to declare known faults for each operation Design service with exceptions handling that will not divulge information to the client Enable debugging behavior to allow debug information to be propagated to the client Clients handle exceptions in stateful services Design operations to catch exceptions and communicate failures to client
Personas
Developer Developer Administrator Developer Developer Developer
Priority
Developer
Personas
Administrator Developer Administrator Developer Administrator Developer Developer Developer Developer
Priority
Input Validation
Scenario
Validate messages with custom schema inspectors Validate messages with custom message inspectors
Personas
Developer Developer
Priority
Message Security
Scenario
Credentials are sent in message over https Credentials are sent in message over http Credentials are sent in message over TCP Sensitive data is sent in message over https Sensitive data is sent in message over http Sensitive data is sent in message over TCP Configure message security to support communication via intermediaries Configure message security to support partial signing of a message Configure message security to support partial encryption of a message
Personas
Administrator Developer Administrator Developer Administrator Developer Administrator Developer Administrator Developer Administrator Developer Administrator Developer Administrator Developer Administrator Developer
Priority
Proxy
Scenario Personas Priority
Proxy is generated from service metadata over HTTP(S) Client is configured to use certificate for authentication and message security. Proxy is generated from service metadata over TCP Proxy is generated from service metadata over MSMQ Service operations invocation administratively - Client authenticates with service providing credentials Service operations invocation administratively - Client calls service anonymously Service operations invocation programmatically - Client authenticates with service providing credentials Service operations invocation programmatically - Client calls service anonymously Client is invoked via client factory to improve performance
Sensitive Data
Scenario
Configure service for message encryption to protect message confidentiality and integrity with certificates
Personas
Administrator Developer
Priority
Configure service for message encryption to protect message confidentiality and integrity with Kerberos tickets Design service to protect parts of the message with partial encryption Configure service to secure metadata in an endpoint to be consumed by service clients Configure service to use transport security Configure service to change the default message encryption algorithm
Session Management
Scenario
Configure message throttling to avoid denial of service attacks Design services per session mode Configure memory limits to avoid denial of service attacks Configure service for reliable messaging with reliable session and ordering of messages Implement structured exception handling and state management to avoid state corruption
Personas
Administrator Developer Administrator Developer Administrator Developer Administrator Developer Developer
Priority
Transport Security
Scenario
Credentials are sent in transport over https Sensitive data is sent in transport over https Configure transport security for end point communication with no intermediaries Configure transport security for improved performance over message security
Personas
Administrator Developer Administrator Developer Administrator Developer Administrator Developer
Priority