Introducing the Business Drivers
WCF is based on the communication mechanism between clients and services using messages. These messages are vulnerable on numerous fronts. An authorized party must create the client message to conform to a standard that the service can comprehend. In most cases, the messages need to be encrypted and signed to verify the authenticity of the sending party. The communication line between the client and the service needs to be secure. The receiver should also be able to decrypt the messages and verify the integrity of the sender. Therefore, security plays a major part in any enterprise architecture solution.
Here are some other examples of business drivers:
You need to audit and track the communication between clients and services to prevent malicious acts. In the QuickReturns Ltd. example, an intruder can intercept the messages between the clients and the service. If they can use the valid client details to initiate trades on the market and withdraw funds from the client's account, this can have disastrous implications for QuickReturns Ltd. Therefore, how do you stop these malicious attacks? What is available in WCF to prevent these attacks?
How can you guarantee the messages arrived from the client (that is, how do you implement nonrepudiation)? How do you know whether messages were intended for the correct service? Can the client sign the messages with the private key, and can the service verify the authenticity by utilizing a public key?
Do you know whether a purchase order was submitted only once? What happens if a rogue intruder replays the same order to generate bogus orders for the service? What measures are in place to stop these attacks? If these attacks continue, how do you eradicate the threat before it escalates to a denial of service attack?
How can you address these security concerns? What does WCF offer to counter these issues? You'll take a closer look at what WCF has to offer in the next section.