Ask a Question related to ASP.NET Security, Design and Development.
-
localhost #1
Client Side Certificates for Web Services?
Part 1:
I have a simple web service. I would like to protect the web
application by only allowing callers that have a client-side
certificate installed. How can I do that programmatically? I have no
access to the IIS metabase, so I need to do it in web.config or in my
application .cs code.
Part 2:
Assuming I can make Part 1 a success, I want to make a console app
that uses client-side certificates "on the fly" to access the web
service. I don't want a user to have to install a certificate with
any UI, I want to do it for them behind the scenes.
Thanks.
localhost Guest
-
Using SSL Client Certificates
I am using HTTPS with Apache and ColdFusion MX7. The Apache server is set up to require client certificates from a specific CA. I need to find out... -
How to work with certificates and web services
Hi, Im evaluating Coldfusion MX 7 to start a new "big" project. I've been reading about using web services and Coldfusion but I have not seen any... -
Client Certificates
Hi all. I'm implementing a Web Service and a Client that comunicate with SSL. The Client has a certificate that load with:... -
SSL / Web Service requring client certificates. No certificate server side...?
Hi all, I have the following scenario (XP / IIS 5, FX v1.1.4322) Both the client app and web service are running on my local development... -
Using client certificates in ASP
Hi there, I have an ASP page, which have to connect to an SSL server that requires a client certificate, but I get the following error: ... -
Joe Kaplan \(MVP - ADSI\) #2 Re: Client Side Certificates for Web Services?
My instinct is that you would want to use WSE 2.0 for this so you can do it
at the message level. Enforcing client certificates at the transport level
unfortunately means changing the IIS metabase configuration which you said
you can't do.
I'd also suggest reading some of the recent MSDN magazine articles on WSE
2.0 and try posting your question in one of the webservices or WSE
newsgroups.
Joe K.
"localhost" <primpilus@cohort.ces> wrote in message
news:ibdqn0tjbpjfe95025k18bmbm8ueuaaeva@4ax.com...>
> Part 1:
> I have a simple web service. I would like to protect the web
> application by only allowing callers that have a client-side
> certificate installed. How can I do that programmatically? I have no
> access to the IIS metabase, so I need to do it in web.config or in my
> application .cs code.
>
> Part 2:
> Assuming I can make Part 1 a success, I want to make a console app
> that uses client-side certificates "on the fly" to access the web
> service. I don't want a user to have to install a certificate with
> any UI, I want to do it for them behind the scenes.
>
> Thanks.
>
>
Joe Kaplan \(MVP - ADSI\) Guest
-
richlm #3 Re: Client Side Certificates for Web Services?
Take a look at WS-Security - implemented as web services enhancements (WSE)
in .NET.
This should provide the features you need - certainly for part 1. It should
provide the flexibility you need.
[url]http://msdn.microsoft.com/webservices/building/wse/default.aspx[/url]
As for part 2, if you need transparency your most secure bet is probably to
look at something like a smart card based approach (where the certificate is
on the card
richlm Guest
-
[MSFT] #4 RE: Client Side Certificates for Web Services?
Did you still have any further questions on the issue? If so, please feel
free to post here.
Luke
[MSFT] Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
