Web Service Security: What are the pros and cons of WSE3.0 and WCF?

Question

I'm developing a new set of web services at my company.

My manager asked me to provide a greater level of security for this, as the web services will handle sensitive informations.

I've searched the net for resources about how to secure an web service and the two runner ups are WSE3.0 and WCF.

But I have no idea which one is the best option to choose from.

My requirement stipulate that some of the web service must be called by non-.NET environment, so how to proceed?

Which one is the best in such scenario?

Answer 1

If you have the luxury of doing new development, DEFINITELY go with WCF!

It offers much more functionality, much more options for security, bindings, and way more extension points should you need to tweak your system.

WCF also support way more industry-standard interoperability scenarios than anything else before, so you should be more than covered in this area, too.

Here are a few articles specifically on WCF security:

• Fundamentals of WCF Security
• Programming WCF Security
• WCF Security Guidance

No question here - it's a slam dunk - go with WCF !!

Marc