The German Federal Office for Information Security (BSI) has released their security analysis for Windows Communication Foundation along with a reference implementation.
The Federal Office for Information Security (BSI) performed an in-depth security analysis of WCF, the results shall enable enduringly secure operations of distributed systems on the .NET platform and in interoperable interactions with other service oriented solutions. Target-oriented and compact guidance is provided for all phases of software development, illustrating best practices, exploiting WCF security features, and required additional measures substantiated by a reference application.
Beside the complete source code of the WCF reference application the BSI distributes manuals covering WCF specific architecture aspects, authentication, data access, development autonomy, distributed error handling, the hosting environment, transport security, securing resources, and secure service set-up and installation.
The documentation and source code is under the GPL and is only available in English. It can be obtained by sending an email request to os-security@bsi.bund.de.