By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
434,572 Members | 946 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 434,572 IT Pros & Developers. It's quick & easy.

secure webservice

P: n/a
Hi everyone!

I have built a vb6 app that communicates with a web server to get data from
an webservice through the internet (not lan).

My question/problem is,
1) how could I make this webservice secure, so that only my vb6 app has
access to it and noone else?
Should I use WSE or WCF?
Well ok, but I have completely no idea on how to!

2) Should I enable ssl for this webservice, so that data is encrypted? How?

Please can somebody provide me with info/hints/tips/walkthrough on how to do
this?

Thanks in advance!
Aug 7 '07 #1
Share this Question
Share on Google+
2 Replies


P: n/a
first of all, thank you very much for the interest!

I have already done the following steps:
(using http://www.codeproject.com/soap/wsse...nametokens.asp as a
guide reference)

Secured my web service using WSE 3.0 and tried to access the web service
using vb6 and soap,
with the following code:

Set g_objSoap = New MSSOAPLib.SoapClient
With g_objSoap
.mssoapinit http://ticketinsrv/dbws/service.asmx?WSDL
.ConnectorProperty("AuthUser") = "wsuser"
.ConnectorProperty("AuthPassword") = "pass"
End With
However I get either "access denied" (line:

.mssoapinit http://ticketinsrv/dbws/service.asmx?WSDL)

or access denied when trying to execute any method,

e.g. the following (test) one:

<WebMethod()_
Public Function Hello() As String

' Get the current soap context
Dim ctxt As SoapContext = RequestSoapContext.Current
If ctxt Is Nothing Then
' This request is using a different protocol other than SOAP.
Return "Please format the request as a SOAP request and try again."
End If

' Iterate through all Security tokens
For Each tok As SecurityToken In ctxt.Security.Tokens
If TypeOf (tok) Is UsernameToken Then
Dim user As UsernameToken = CType(tok, UsernameToken)
Return "Hello Authenticated user " + user.Username
End If
Next tok
Return "Hello Liar"

End Function

Also, my customauthenticator class (referenced from the web service) is as
follows:

Imports System
Imports System.Security.Permissions
Imports Microsoft.Web.Services3.Security.Tokens

Namespace WSESecurity
<SecurityPermissionAttribute(SecurityAction.Demand )_
Public Class CustomAuthenticator
Inherits UsernameTokenManager

' Returns the password or password equivalent for a user name
Protected Overrides Function AuthenticateToken(ByVal token As
UsernameToken) As String

If token Is Nothing Then
Throw New ArgumentNullException()
End If

' perform a lookup in your database
' for the user name in 'token.Username'
' and return the password as a string.
' If there is no match, return null.
If token.Username = "wstest" Then
Return "pass"
Else
Return Nothing
End If

End Function
End Class
End Namespace

I can't figure out WTH goes wrong, so please, if anyone has any
idea/tips/suggestions please please HELP me!

(It's my first time writing a secure web service - newbie on the subject)
Aug 8 '07 #2

P: n/a
I have already done the following steps:
(using http://www.codeproject.com/soap/wsse...nametokens.asp as a
guide reference)

Secured my web service using WSE 3.0 and tried to access the web service
using vb6 and soap,
with the following code:

Set g_objSoap = New MSSOAPLib.SoapClient
With g_objSoap
.mssoapinit http://ticketinsrv/dbws/service.asmx?WSDL
.ConnectorProperty("AuthUser") = "wsuser"
.ConnectorProperty("AuthPassword") = "pass"
End With
However I get either "access denied" (line:

.mssoapinit http://ticketinsrv/dbws/service.asmx?WSDL)

or access denied when trying to execute any method,

e.g. the following (test) one:

<WebMethod()_
Public Function Hello() As String

' Get the current soap context
Dim ctxt As SoapContext = RequestSoapContext.Current
If ctxt Is Nothing Then
' This request is using a different protocol other than SOAP.
Return "Please format the request as a SOAP request and try again."
End If

' Iterate through all Security tokens
For Each tok As SecurityToken In ctxt.Security.Tokens
If TypeOf (tok) Is UsernameToken Then
Dim user As UsernameToken = CType(tok, UsernameToken)
Return "Hello Authenticated user " + user.Username
End If
Next tok
Return "Hello Liar"

End Function

Also, my customauthenticator class (referenced from the web service) is as
follows:

Imports System
Imports System.Security.Permissions
Imports Microsoft.Web.Services3.Security.Tokens

Namespace WSESecurity
<SecurityPermissionAttribute(SecurityAction.Demand )_
Public Class CustomAuthenticator
Inherits UsernameTokenManager

' Returns the password or password equivalent for a user name
Protected Overrides Function AuthenticateToken(ByVal token As
UsernameToken) As String

If token Is Nothing Then
Throw New ArgumentNullException()
End If

' perform a lookup in your database
' for the user name in 'token.Username'
' and return the password as a string.
' If there is no match, return null.
If token.Username = "wstest" Then
Return "pass"
Else
Return Nothing
End If

End Function
End Class
End Namespace

I can't figure out WTH goes wrong, so please, if anyone has any
idea/tips/suggestions please please HELP me!

(It's my first time writing a secure web service - newbie on the subject)
Aug 8 '07 #3

This discussion thread is closed

Replies have been disabled for this discussion.