WCF security spans multiple components in the WCF architecture. The main aim of security in WCF is to provide integrity, confidentiality, authentication, authorization, and audit for the applications that are built on top of the WCF framework. A good WCF architecture splits these functions into the following pieces:
Transfer security: This is responsible for providing message confidentiality, data integrity, and the authentication of communicating parties
Authorization: This is responsible for providing a framework to make authorization decisions
Auditing: This is responsible for logging the security-related events to the audit log
In this section, we will cover WCF authorization and auditing briefly; in the next section, we will discuss WCF transfer security in detail.