Here you can find the last version of a sample application showing many of the security features and configuration of WCF in the fields of security.
I've just updated it in order to release it during my last WebCast about WCF Security for MSDN Italy.
In this sample you can see (adding/removing endpoints and configuration elements from the config file):
- Windows Authentication and Windows Authorization via transport level security on basicHttpBinding
- Windows Authentication and Windows Authorization via message level security on wsHttpBinding
- UsernamePasswordToken Authentication with ASP.NET Membership and ASP.NET Role Authorization via message level security on wsHttpBinding
- UsernamePasswordToken Authentication with custom validator via message level security on wsHttpBinding
- Authorization using a custom Authorization Policy
- Impersonation using Windows credentials
- Custom impersonation of custom Principal and Identity
- Handling of multiple identities (one Primary plus others)
- A quick and basic sample of interoperability with ASMX consumers using a custom UsernamePasswordToken over SSL, in the respect of WS-Security and WSS UsernameToken Profile 1.0 by Oasis, without using WSE
Enjoy and feel free to give me your feedbacks or further suggestions.