Hi all,
My scenario is this:
Central Server: on which a number of remote machines invoke services
(implemented as web services, but doesn't matter what the choice of
implementation is).
Remote Servers: These are machine running at various sites worldwide.
Each remote server would be on a separate network and separated from
the internet by firewalls.
I have control over the central server and the firewall configuration
for it but little or no control over the firewall configuration of the
remote servers.
Standalone server processes will be running on all the servers. The
server process on the remote server needs to communicate with the
server process running on the Central server. This communication is
occuring automatically and will continue to occur indefinitely, with
no human involvement.
The communication is encrypted using SSL.
QUESTION: What authentication method should I use at the Central
Server to authenticate the Remote Servers?
I thought of using usernames and passwords. the problem is that in the
given scenario, they would need to be stored onto the Remote Server in
a file or registry.
What about Client Certificates? I will have install-time control of
the remote server. So I can then install a certificate issued by the
Central Server(acting as Certificate Authority) onto the Remote
Server. Bur are there any management/logistical/operational issues
with using client certificates?
Are there any other options to let the Central Server authenticate the
individual Remote Servers?
I am a bit confused in choosing between usernames/passwords and client
certificates. While its true that usernames/passwords can be read by
anyone from wherever they are stored, but then, I think, that the
client certificates could somehow also be taken/copied off the Remote
Server and transported/installed elsewhere. Is copying/hacking client
certificates much more difficult than reading passwords/usernames? One
thing is given, that the Remote Server's security, and the people
managing the Remote Server are quite trusted (but then you can't trust
someone too much!).
What are my client authentication options? what are the things I
should bear in mind when deciding on an option?
Thanks a lot... 1 1549
You might choose to restrict access only to certain IP addresses. This can
be configured in IIS, or you can do it in code.
You might choose to use SOAP headers to authenticate a custom security
token.
Here's more info on that: http://www.pinpub.com/html/main.isx?sub=65&story=1893
Here's further security details you may find useful: http://msdn.microsoft.com/webservices/building/wse/
--
I hope this helps,
Steve C. Orr, MCSD, MVP http://Steve.Orr.net
Hire top-notch developers at http://www.able-consulting.com
"Syed Naveed Ausaf" <na**********@h otmail.com> wrote in message
news:31******** *************** ***@posting.goo gle.com... Hi all,
My scenario is this:
Central Server: on which a number of remote machines invoke services (implemented as web services, but doesn't matter what the choice of implementation is).
Remote Servers: These are machine running at various sites worldwide. Each remote server would be on a separate network and separated from the internet by firewalls.
I have control over the central server and the firewall configuration for it but little or no control over the firewall configuration of the remote servers.
Standalone server processes will be running on all the servers. The server process on the remote server needs to communicate with the server process running on the Central server. This communication is occuring automatically and will continue to occur indefinitely, with no human involvement.
The communication is encrypted using SSL.
QUESTION: What authentication method should I use at the Central Server to authenticate the Remote Servers?
I thought of using usernames and passwords. the problem is that in the given scenario, they would need to be stored onto the Remote Server in a file or registry.
What about Client Certificates? I will have install-time control of the remote server. So I can then install a certificate issued by the Central Server(acting as Certificate Authority) onto the Remote Server. Bur are there any management/logistical/operational issues with using client certificates?
Are there any other options to let the Central Server authenticate the individual Remote Servers?
I am a bit confused in choosing between usernames/passwords and client certificates. While its true that usernames/passwords can be read by anyone from wherever they are stored, but then, I think, that the client certificates could somehow also be taken/copied off the Remote Server and transported/installed elsewhere. Is copying/hacking client certificates much more difficult than reading passwords/usernames? One thing is given, that the Remote Server's security, and the people managing the Remote Server are quite trusted (but then you can't trust someone too much!).
What are my client authentication options? what are the things I should bear in mind when deciding on an option?
Thanks a lot... This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Michael Foord |
last post by:
#!/usr/bin/python -u
# 15-09-04
# v1.0.0
# auth_example.py
# A simple script manually demonstrating basic authentication.
# Copyright Michael Foord
# Free to use, modify and relicense.
# No warranty express or implied for the accuracy, fitness to purpose
|
by: Bob Everland |
last post by:
I have an application that is ISAPI and the only way to
secure it is through NT permissions. I need to have a way
to login to windows authentication so that when I get to
the ISAPI application no boxes come up. I want an ASP page
to sit between the user and the ISAPI application. The
rest of my application is using authentication that is
database driven and wouldn't want the users to know the
userid and password. Is this possible? If so...
|
by: trapeze.jsg |
last post by:
Hi.
I am trying to get through to Microsoft MapPoint Services using ZSI for
soap handling. I can generate the service classes and also the
soap-requests generated by the service classes seem to be OK. The
problem I am facing is that I can't seem to authenticate myself. I have
made a small change to ZSI.client so that when I get a "401
Unauthorized" response from the remote server I build up a nice
authorization request:
|
by: ElmoWatson |
last post by:
I tried on the Security newgroup, as well as other places, and haven't
gotten an answer yet - - I'm pulling my hair out over this one.
I'm trying to get Forms Authentication working.....I can get any requested
page to automatically go to the Login.aspx page, AND, the ReturnURL
querystring is correct in the address bar, but no matter what, I can't get
it, once the user is authenticated, to redirect to the new page. It ALWAYS
refreshes the...
|
by: Anonieko Ramos |
last post by:
ASP.NET Forms Authentication Best Practices
Dr. Dobb's Journal February 2004
Protecting user information is critical
By Douglas Reilly
Douglas is the author of Designing Microsoft ASP.NET Applications and
owner of Access Microsystems. Doug can be reached at
doug@accessmicrosystems.com.
--------------------------------------------------------------------------------
| |
by: Stan |
last post by:
Is it possible to debug a web site with password authentication in PreProduction mode
Here is what I have done
- Installed Passport SD
- Set Password authentication in web.confi
- Created PassportIdentity object in the asp.net web pag
Here is what is happening
|
by: Stephanie Stowe |
last post by:
I am new to ASP.NET having come from ASP classic background. I need to
understand authentication. I have a server running IIS which contains an
ASP.NET app. On IIS the app has both anonymous and Windows Integrated
Authentication enabled. In the ASP.NET app, the web.config file contains
<authentication mode="Windows" />
The help on this element says of this setting
Specifies Windows authentication as the default authentication mode....
|
by: Buddy Ackerman |
last post by:
My app is a .NET forms app that runs in the taskbar and periodically polls a web service. I have a client that wants
the app to integrate with their Active Directory. They do not want the user to have to provide the username and
password to login to the application/web service. I need to be able to send the users authenticated security token to
the web service. I have looked at the UserNameToken class of the WSE 2.0 Security.Tokens...
|
by: =?Utf-8?B?RGFuZGFuIFpoYW5n?= |
last post by:
Now I have a web application, a web service and a SQL Server database.
The Web application will invoke the web service, the web service
invokes the SQL Server stored procedure.
I let the web service run in an application pool which runs under a
domain user, this domain user has permissions of accessing database and the
connection to database is trusted connection. All these work well.
The web application will be used in internet (not...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
| |
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |