I was going through the patterns and practices section of MSDN website when I came across this pattern and practice guide on how to Improve Web Service Security.Basically this guide is for people who are developing web services using WCF.

This guide provides guidelines on how to secure your WCF services in both intranet and internet scenario.Following are the various sections in which the guide is divided :

• Part I – Security Fundamentals for Web Services
• Part II – WCF Security Fundamentals
• Part III – Intranet Application Scenarios
• Part IV – Internet Application Scenarios

Part –1

• Chapter 01 – Security Fundamentals for Web Services
• Chapter 02 – Threats and Countermeasures for Web Services
• Chapter 03 – Security Design Guidelines for Web Services

Part –2

• Chapter 04 – WCF Security Fundamentals
• Chapter 05 – Authentication, Authorization, and Identities in WCF
• Chapter 06 – Impersonation and Delegation in WCF
• Chapter 07 – Message and Transport Security
• Chapter 08 – Bindings

Part –3

• Chapter 09 – Intranet – Web to Remote WCF Using Transport Security (Original Caller, TCP)
• Chapter 10 – Intranet – Web to Remote WCF Using Transport Security (Trusted Subsystem,HTTP)
• Chapter 11 – Intranet – Web to Remote WCF Using Transport Security (Trusted Subsystem TCP)
• Chapter 12 – Intranet – Windows Forms to Remote WCF Using Transport Security (Original Caller, TCP)

Part –4

• Chapter 13 – Internet – WCF and ASMX Client to Remote WCF Using Transport Security(Trusted Subsystem, HTTP)
• Chapter 14 – Internet – Web to Remote WCF Using Transport Security (Trusted Subsystem,TCP)
• Chapter 15 – Internet – Windows Forms Client to Remote WCF Using Message Security(Original Caller, HTTP)

Well the guide is pretty big(more than 600 pages) but it provides invaluable information regarding the development of secure WCF application.

You can download the guide from CodePlex.Following is the URL :- Improving Web Services Security