473,405 Members | 2,421 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > authentication between two server processes over the internet

Join Bytes to post your question to a community of 473,405 software developers and data experts.

authentication between two server processes over the internet

Hi all,

My scenario is this:

Central Server: on which a number of remote machines invoke services
(implemented as web services, but doesn't matter what the choice of
implementation is).

Remote Servers: These are machine running at various sites worldwide.
Each remote server would be on a separate network and separated from
the internet by firewalls.

I have control over the central server and the firewall configuration
for it but little or no control over the firewall configuration of the
remote servers.

Standalone server processes will be running on all the servers. The
server process on the remote server needs to communicate with the
server process running on the Central server. This communication is
occuring automatically and will continue to occur indefinitely, with
no human involvement.

The communication is encrypted using SSL.

QUESTION: What authentication method should I use at the Central
Server to authenticate the Remote Servers?

I thought of using usernames and passwords. the problem is that in the
given scenario, they would need to be stored onto the Remote Server in
a file or registry.

What about Client Certificates? I will have install-time control of
the remote server. So I can then install a certificate issued by the
Central Server(acting as Certificate Authority) onto the Remote
Server. Bur are there any management/logistical/operational issues
with using client certificates?

Are there any other options to let the Central Server authenticate the
individual Remote Servers?

I am a bit confused in choosing between usernames/passwords and client
certificates. While its true that usernames/passwords can be read by
anyone from wherever they are stored, but then, I think, that the
client certificates could somehow also be taken/copied off the Remote
Server and transported/installed elsewhere. Is copying/hacking client
certificates much more difficult than reading passwords/usernames? One
thing is given, that the Remote Server's security, and the people
managing the Remote Server are quite trusted (but then you can't trust
someone too much!).

What are my client authentication options? what are the things I
should bear in mind when deciding on an option?

Thanks a lot...
Nov 17 '05 #1
1 1536
You might choose to restrict access only to certain IP addresses. This can
be configured in IIS, or you can do it in code.

You might choose to use SOAP headers to authenticate a custom security
token.
Here's more info on that:
http://www.pinpub.com/html/main.isx?sub=65&story=1893

Here's further security details you may find useful:
http://msdn.microsoft.com/webservices/building/wse/

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://Steve.Orr.net
Hire top-notch developers at http://www.able-consulting.com


"Syed Naveed Ausaf" <na**********@hotmail.com> wrote in message
news:31**************************@posting.google.c om...
Hi all,

My scenario is this:

Central Server: on which a number of remote machines invoke services
(implemented as web services, but doesn't matter what the choice of
implementation is).

Remote Servers: These are machine running at various sites worldwide.
Each remote server would be on a separate network and separated from
the internet by firewalls.

I have control over the central server and the firewall configuration
for it but little or no control over the firewall configuration of the
remote servers.

Standalone server processes will be running on all the servers. The
server process on the remote server needs to communicate with the
server process running on the Central server. This communication is
occuring automatically and will continue to occur indefinitely, with
no human involvement.

The communication is encrypted using SSL.

QUESTION: What authentication method should I use at the Central
Server to authenticate the Remote Servers?

I thought of using usernames and passwords. the problem is that in the
given scenario, they would need to be stored onto the Remote Server in
a file or registry.

What about Client Certificates? I will have install-time control of
the remote server. So I can then install a certificate issued by the
Central Server(acting as Certificate Authority) onto the Remote
Server. Bur are there any management/logistical/operational issues
with using client certificates?

Are there any other options to let the Central Server authenticate the
individual Remote Servers?

I am a bit confused in choosing between usernames/passwords and client
certificates. While its true that usernames/passwords can be read by
anyone from wherever they are stored, but then, I think, that the
client certificates could somehow also be taken/copied off the Remote
Server and transported/installed elsewhere. Is copying/hacking client
certificates much more difficult than reading passwords/usernames? One
thing is given, that the Remote Server's security, and the people
managing the Remote Server are quite trusted (but then you can't trust
someone too much!).

What are my client authentication options? what are the things I
should bear in mind when deciding on an option?

Thanks a lot...

Nov 17 '05 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

7
HTTP - basic authentication example.
by: Michael Foord | last post by:
#!/usr/bin/python -u # 15-09-04 # v1.0.0 # auth_example.py # A simple script manually demonstrating basic authentication. # Copyright Michael Foord # Free to use, modify and relicense. #...
Python
8
Windows authentication
by: Bob Everland | last post by:
I have an application that is ISAPI and the only way to secure it is through NT permissions. I need to have a way to login to windows authentication so that when I get to the ISAPI application no...
ASP / Active Server Pages
1
Digest MD5 authentication over using ZSI
by: trapeze.jsg | last post by:
Hi. I am trying to get through to Microsoft MapPoint Services using ZSI for soap handling. I can generate the service classes and also the soap-requests generated by the service classes seem to...
Python
11
Forms Authentication Problem
by: ElmoWatson | last post by:
I tried on the Security newgroup, as well as other places, and haven't gotten an answer yet - - I'm pulling my hair out over this one. I'm trying to get Forms Authentication working.....I can get...
ASP.NET
0
ASP.NET Forms Authentication Best Practices
by: Anonieko Ramos | last post by:
ASP.NET Forms Authentication Best Practices Dr. Dobb's Journal February 2004 Protecting user information is critical By Douglas Reilly Douglas is the author of Designing Microsoft ASP.NET...
ASP.NET
2
Passport authentication -- how can I debug it?
by: Stan | last post by:
Is it possible to debug a web site with password authentication in PreProduction mode Here is what I have done - Installed Passport SD - Set Password authentication in web.confi - Created...
ASP.NET
3
authentication - what is being used
by: Stephanie Stowe | last post by:
I am new to ASP.NET having come from ASP classic background. I need to understand authentication. I have a server running IIS which contains an ASP.NET app. On IIS the app has both anonymous and...
ASP.NET
5
User authentication through web service (follow up)
by: Buddy Ackerman | last post by:
My app is a .NET forms app that runs in the taskbar and periodically polls a web service. I have a client that wants the app to integrate with their Active Directory. They do not want the user to...
.NET Framework
3
About the web service using Integrated windows authentication
by: =?Utf-8?B?RGFuZGFuIFpoYW5n?= | last post by:
Now I have a web application, a web service and a SQL Server database. The Web application will invoke the web service, the web service invokes the SQL Server stored procedure. I let the web...
.NET Framework
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!