473,804 Members | 3,745 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Security of Web Services

I met the security problem.
I have developed the form based security for ASP.NET appliation. However, it
seems that my window based client for my Web services application can not
access to the server side. How to overcome this situation?

Thanks

David
Nov 19 '05
13 1316
Hi,

In that case, you have to go with what Brock said earlier. That is, web
services can be secured by using either IIS or SOAP level security.
SOAP is the way to go, if you ask me. Here are a few links to get you
going with both of the above approaches:

1) IIS Authentication/Authorization-
http://msdn.microsoft.com/library/de...l/secmod85.asp

2) SOAP Authentication/Authroization-
http://msdn.microsoft.com/msdnmag/is...rvicesecurity/

Thanks,

Sayed Y. Hashimi

http://www.sayedhashimi.com
Shameless Book Plug: Service-Oriented Smart Clients with .NET 2.0
http://www.amazon.com/exec/obidos/tg...glance&s=books

Nov 19 '05 #11
Just to add to this, I'd suggest making your ASMX SSL only.

-Brock
DevelopMentor
http://staff.develop.com/ballen
Hi,

In that case, you have to go with what Brock said earlier. That is,
web services can be secured by using either IIS or SOAP level
security. SOAP is the way to go, if you ask me. Here are a few links
to get you going with both of the above approaches:

1) IIS Authentication/Authorization-
http://msdn.microsoft.com/library/de...ry/en-us/secmo
d/html/secmod85.asp
2) SOAP Authentication/Authroization-
http://msdn.microsoft.com/msdnmag/is...rvicesecurity/
Thanks,

Sayed Y. Hashimi

http://www.sayedhashimi.com

Shameless Book Plug: Service-Oriented Smart Clients with .NET 2.0

http://www.amazon.com/exec/obidos/tg.../qid=112636142
1/sr=1-1/ref=sr_1_1/102-5068238-6758524?v=glanc e&s=books

Nov 19 '05 #12
Hi,

Your original post give me the indication that you had a web
application that had some web pages that needed to be secured and that
you had a web service which did not require
authentication/authroization. The solution I proposed allows you to
have a bunch of secured pages with an unsecured web service in the same
application using forms authentication. Now, if you really need
authentication/authorization for your web services, then you have to
use either IIS or apply credentials to the SOAP messages (possibly
using WSE).
Thanks,

Sayed Y. Hashimi

http://www.sayedhashimi.com
Shameless Book Plug: Service-Oriented Smart Clients with .NET 2.0
http://www.amazon.com/exec/obidos/tg...glance&s=books

Nov 19 '05 #13
Hi Sayed,

I am also very new to ASP.NET. My problem is how to configure web.config
file in forms authentication. I have user and Manager as a role in my
tbl_Login in my SQL Server.

If roles = Manager then I want them to redirect them into
...../secure/manager/mmain.aspx

and if the role = user then I want them to redirect to
...../secure/user/umain.aspx

I am using VB.NET and I have created many application with login form in
windows base application. I store user name and password as encryptred
(varbinary in SQL Server).

But I don't know how to achive samething in ASP.NET.

Is it possible to help me how to configure my web.config file as well as how
to code in code-behind pages? If yopu don't have time to provide any
information could you be willing to provide me some link so I can study
myself?

Thank you very much.

Rgds,
GC

"ha**********@g mail.com" wrote:
Hi,

Your original post give me the indication that you had a web
application that had some web pages that needed to be secured and that
you had a web service which did not require
authentication/authroization. The solution I proposed allows you to
have a bunch of secured pages with an unsecured web service in the same
application using forms authentication. Now, if you really need
authentication/authorization for your web services, then you have to
use either IIS or apply credentials to the SOAP messages (possibly
using WSE).
Thanks,

Sayed Y. Hashimi

http://www.sayedhashimi.com
Shameless Book Plug: Service-Oriented Smart Clients with .NET 2.0
http://www.amazon.com/exec/obidos/tg...glance&s=books

Dec 6 '05 #14

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
2
2502
Web Service Security
by: James | last post by:
I'm currently using a basic web service for my Windows and web clients to access a Microsoft Access database on the web server. All works fine, but I'm worried about security. Without any precautions, anyone could use the web service to access or even modify information in the database. This, obviously, is not too good, so currently I've set a database password on the MS Access file. The trouble is, since web services are stateless the password...
.NET Framework
4
7989
Error using WS-Security
by: Ashish | last post by:
Hi Guys I am getting the following error while implementing authentication using WS-security. "Microsoft.Web.Services2.Security.SecurityFault: The security token could not be authenticated or authorized ---> System.Exception: WSE565: The password provided the SecurityTokenManager does not match the one on the incoming token. at Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.VerifyPlainText
C# / C Sharp
1
1559
Webservices and "pass through" security
by: Tom | last post by:
Hi, I am currently on a project where one site needs to send the user credentials to another site, through web services. Scenario: * "User 1" will authenticate to "Site A" using NTLM ("Site A" provides front-end presentation of data) * "Site A" will request confidential information about "User 1" to "Site B"
ASP.NET
2
1770
problem setting up the security on my test web service
by: Greg | last post by:
Please note: I have cross posted this from Newsgroup: microsoft.public.dotnet.framework.aspnet.webservices with a few minor changes... I am having a simple problem setting up the security on my test web service... My Web service code is: Imports System.Web.Services
.NET Framework
7
1989
IIS / Web Services Security threats
by: Magdelin | last post by:
Hi, My security team thinks allowing communication between the two IIS instances leads to severe security risks. Basically, we want to put our presentation tier on the perimeter network and the business tier inside the fire wall or internal network. The biz tier will be developed and deployed as web services on IIS. I know microsoft recommends this architecture but I am not able to convince my security team. They say IIS is vulnerable...
.NET Framework
0
1040
Runtime Security Policy Question
by: SD | last post by:
Hi, I have an assembly (.exe) started at logon of each computer of my company and for each user. (Through PDC scripts) This assembly use web services in order to request any informations. When my exe is executed, i have this exception : _________________________________________________________________ Échec de la demande pour une autorisation de type System.Net.WebPermission,
.NET Framework
2
14788
SOAP security negotiation error when using WCF (please help!)
by: Ronald S. Cook | last post by:
Hi, Some users on our domain can run our WCF application no problem. Some get an unhandled exception error re: SOAP security negotiation. I'm wanting the service to not be secure.. I just want anyone logged into our company domain to be able to run the app. Can someone please tell me what tag I need added to which of these files to make this error go away? Thanks very much in advance, Ron
C# / C Sharp
2
6645
WCF MaxClockSkew for TransportWithMessageCredential security eleme
by: =?Utf-8?B?ZDcyZTRk?= | last post by:
I'm trying to increase the MaxClockSkew for our WCF bindings through code in my service host and client. From various forums etc, I have got this far: public static void InitializeEndpoint(ServiceEndpoint endpoint) { CustomBinding customBinding = new CustomBinding(endpoint.Binding); SecurityBindingElement securityBinding = customBinding.Elements.Find<SecurityBindingElement>();
.NET Framework
1
3202
security mode="TransportWithMessageCredential"
by: =?Utf-8?B?TWFuanJlZSBHYXJn?= | last post by:
Hi I am creating a web service PreprocessingService with IIS Hosting and transport layer security with user name and password. I created a self-signed certificate IISHost in IIS which is issued to and issued by the local host. When I run the service from IIS (https) it is running fine but when I call it from the client it is throwing the following exception: An unhandled exception of type
ASP.NET
8
13344
System.ServiceModel.Security.SecurityNegotiationException
by: =?Utf-8?B?TWFuanJlZSBHYXJn?= | last post by:
Hi, I created a web service and hosted it in Windows Services. It is working fine. Now I am trying to implement the X509 certificates for message layer security. But it is throwing the following exception: An unhandled exception of type 'System.ServiceModel.Security.SecurityNegotiationException' occurred in mscorlib.dll
.NET Framework
0
10337
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
10323
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
9160
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
1
7622
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
6854
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
5525
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
5654
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
2
3822
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
3
2995
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us