Hi,
To do this, you've got a long road (well, not that long). You need to
implement the WS-Security specification yourself on the caller's side.
Once you've done this, and tested interoperability with your server side,
you should be OK. The specs are pretty clear, and an experienced
programmer should be able to do this in a day or so. (assuming experience
in XML, DOM, and cryptography - and have access to the right crypto library
implementations).
Win98 is problematic, since it is at end of life. Advise you to upgrade to
XP asap.
Regards
Dan Rogers
Microsoft Corporation
--------------------
From: "Filippo" <filippo.-toglimi-digiugno-splmlock-@powersoft.it>
Newsgroups: microsoft.public.dotnet.framework.webservices
Subject: Re: Adding security to a web service without using WSE
Date: Mon, 13 Dec 2004 16:37:53 +0100
Lines: 42
Message-ID: <325rdbF3i3jg3U1@individual.net>
References: <19DFDCE5-A78C-41AA-B32E-B24245F02F09@microsoft.com>
<#INomjS4EHA.3572@TK2MSFTNGP14.phx.gbl>
X-Trace: individual.net Y23zbn8fTCysa5q/y8tGBAlF9zlgbyrssexsxV8d7FCKeZ9FZo
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1409
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Path:
cpmsftngxa10.phx.gbl!TK2MSFTFEED02.phx.gbl!TK2MSFT NGP08.phx.gbl!newsfeed00.s
ul.t-online.de!t-online.de!newsfeed.freenet.de!fu-berlin.de!uni-berlin.de!in
dividual.net!not-for-mail
Xref: cpmsftngxa10.phx.gbl
microsoft.public.dotnet.framework.webservices:8041
X-Tomcat-NG: microsoft.public.dotnet.framework.webservices
How to pass Soap headers for the application level security?
How to do this with a classic Asp page?
Thanks
"Anders Norås [MCAD]" <anders.noras@objectware.no> ha scritto nel messaggio
news:%23INomjS4EHA.3572@TK2MSFTNGP14.phx.gbl...[color=blue][color=green]
> >I need advice about adding security to a web service without using WSE,[/color][/color]
as[color=blue][color=green]
> > the clients will run Win98.[/color]
>
> What sort of security? You have three levels of web service security:
> Platform / Transport-level
> The transportation channel (usually HTTP) provides this level. It can be[/color]
IIS[color=blue]
> authentication such as basic, digest, integrated and certificate
> authententication. SSL and IPSec can be used to encrypt SOAP messages on
> this level.
>
> Application-level
> You can use custom SOAP headers to pass user credentials from[/color]
authentication[color=blue]
> purposes with each request. You can also encrypt parts of the message[/color]
using[color=blue]
> the crypto classes in .NET.
>
> Message-level
> This is where WSE helps out the most. You can pass WS-Security tokens,[/color]
such[color=blue]
> as Kerberos tickets and X509 certificates in SOAP headers to authenticate
> uses. You can sign the message or use XML encryption to ensure the[/color]
integrity[color=blue]
> of the message.
>
> If you just need authentication IIS authentication should all that you[/color]
need.[color=blue]
>
> Anders Norås
>
http://dotnetjunkies.com/weblog/anoras/
>
>[/color]
