Ask a Question related to ASP.NET Security, Design and Development.
-
Morten Overgaard #1
WS-Security vs. IIS authentication and trust boundaries
Hi Sirs.
When using WS-Security instead of IIS authentication I see a potential
problem letting ALL people access my webService. ie. if I have a little bug
in the code that checks for validity of the user I'm really exposing
my-self.
If using IIS authentication I'm sure that only IIS authenticated users are
allowed access to my webService. So doesen't WS-Security and IIS security
come hand in hand or am I missing something here.?
Regards Morten
Morten Overgaard Guest
-
Security and authentication
The bottom line is I don't know anything about either of these two areas. I've always been a client side interactive developer and designer, handing... -
ASP.NET Security/Authentication question
I am a newbie on ASP.NET. I am creating an asp.net application (with C#) which will have a number of screens. The backend database for this app is... -
WS-Security vs. IIS authentication
Hi Sirs. When using WS-Security instead of IIS authentication I see a potential problem letting ALL people access my webService. ie. if I have a... -
Asp.Net.Vulnerability: Full Trust (current security problems and possible solutions)
At the moment the only method available to disable direct Win32 calls from Asp.Net pages (using for example: " Declare Function WinExec Lib... -
Should I trust on Forms authentication?
Thank you Mary on this page I found one address that can clear my mind and that I never saw before. Maybe this can help other people:... -
WJ #2 Re: WS-Security vs. IIS authentication and trust boundaries
"Morten Overgaard" <mno@ramboll-informatik.dk> wrote in message
news:uDYZ5SXIFHA.3076@tk2msftngp13.phx.gbl...Assume that you are using Microsoft technology then yes, A Webservice is> If using IIS authentication I'm sure that only IIS authenticated users are
> allowed access to my webService. So doesen't WS-Security and IIS security
> come hand in hand or am I missing something here.?
>
controlled by MS/UDDI server, which is IIS-6. You can then treat or
configure your webservice security requirements just like an ordinary web
application under IIS-6 server.
John
WJ Guest
-
Paul Glavich [MVP ASP.NET] #3 Re: WS-Security vs. IIS authentication and trust boundaries
WS-Security (and all the Ws-* standards) are bigger than just Microsoft.
Integrated security is fine when talking windows to windows in your
intranet. Making a standard security mechanism for your web service on the
wider internet is another kettle of fish. WS-Security also has a lot more
flexibility in terms of customisation than IIS does.
--
- Paul Glavich
ASP.NET MVP
ASPInsider ([url]www.aspinsiders.com[/url])
"Morten Overgaard" <mno@ramboll-informatik.dk> wrote in message
news:uDYZ5SXIFHA.3076@tk2msftngp13.phx.gbl...bug> Hi Sirs.
>
> When using WS-Security instead of IIS authentication I see a potential
> problem letting ALL people access my webService. ie. if I have a little> in the code that checks for validity of the user I'm really exposing
> my-self.
>
> If using IIS authentication I'm sure that only IIS authenticated users are
> allowed access to my webService. So doesen't WS-Security and IIS security
> come hand in hand or am I missing something here.?
>
>
> Regards Morten
>
>
Paul Glavich [MVP ASP.NET] Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
