Security Considerations for Workflows

The .NET Framework has a security model that treats applications differently depending on their origin. Executables and assemblies that are from a user's computer generally run with full trust; when the same executables and assemblies are run over the Internet, they generally run with partial trust. For more information about security in the .NET Framework, see the MSDN Library.

The Windows Workflow Foundation runtime and workflows require full trust. Therefore, workflows are always executed in full trust.

When you create workflows and custom activities, you should consider the following regarding security:

  • Always extensively test custom activities before you incorporate them in workflows.

  • Any exception that is not handled by the workflow should result in workflow termination.

  • Any overriding of the authorization check by a custom activity should be validated thoroughly to avoid vulnerabilities.

  • Do not allow a custom activity's constructor or InitializeComponent method to be editable when you deploy to a non-trusted user.

  • Use ACLs to secure access to files with a .xoml extension and enable file auditing to thwart repudiation. This will prevent malicious users from reading/modifying property values and parameter bindings in a workflow definition that is stored in a .xoml file.

See Also

Concepts

Using Roles in Workflows
Security Considerations for Workflow-Enabled Applications