Ask a Question related to ASP.NET Web Services, Design and Development.
-
Benjamin #1
WSE2.0 - best practise guidance
Hi!
I would like to implement WS-Security features using WSE2.0.
Initially the services are consumed by .NET Windows Form Clients.
What do you think is reasonable level of security and safety?
Do you think following configuration of the web services proxies are "good
enough"?
Public Sub ConfigureProxy(ByVal proxy As WebServicesClientProtocol)
'WS-Security: "Authentication" & "Authorization" with UsernameToken
(no need to send password because of signing below)
Dim token As UsernameToken = New UsernameToken(Me.txtUserName.Text,
Me.txtPassword.Text, PasswordOption.SendNone)
proxy.RequestSoapContext.Security.Tokens.Add(token )
'WS-Security: "Signing" with UsernameToken (keep message integrity)
Dim derivedToken As New DerivedKeyToken(token)
proxy.RequestSoapContext.Security.Tokens.Add(deriv edToken)
proxy.RequestSoapContext.Security.Elements.Add(New
MessageSignature(derivedToken))
'WS-Security: "Encryption" with UsernameToken (ensure
confidentiality, not "very" secure)
proxy.RequestSoapContext.Security.Elements.Add(New
EncryptedData(derivedToken))
End Sub
We are not communicating "bank transactions", but anyway we would like to
implement "good enough" security.
Best regards,
Benjamin, Sweden
Benjamin Guest
-
application variables, cflock, and best-practise
i have a number of application variables that i store once but access frequently (a few times per page). the simple question is "should i be... -
best practise to get queries?
hi, i have this big select statement, that take about 50 seconds to complete the selection. what is the best practise to call this select... -
WSE2 and SoapContext
Hi all, I want to write a program (not Web Service) that will get the signed Soap message (using X509 certificate) from a WebService client as a... -
SoapExtensions,WSE1,WSE2 What should I use?
hi I have been using a system using a WS with no security at all Now I want to add some authentication logic in order to access the methods on... -
Upgrade WSE1.0 to WSE2.0
Hi, I have upgraded an implementation I had for WSE1.0 using UsernameToken. My question is, will this meet the requirements if the OASIS... -
[MSFT] #2 RE: WSE2.0 - best practise guidance
I think your way is safe enough for common web application. UsernameToken
reply on windows authentication and we can trust it in a windows domain or
OU. For better understand WS-Security in SWE 2.0, I suggest you may refer
to following articles:
WS-Security Drilldown in Web Services Enhancements 2.0
[url]http://msdn.microsoft.com/webservices/building/wse/default.aspx?pull=/librar[/url]
y/en-us/dnwse/html/wssecdrill.asp
Web Services Security (WS-Security)
[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnglobspec/[/url]
html/ws-security.asp
Hope this help,
Luke
[MSFT] Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
