By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
428,997 Members | 1,657 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 428,997 IT Pros & Developers. It's quick & easy.

Webservices [WSE2.0] and security

P: n/a
I am trying to select the best approach for security (authentication,
role-based) for my web services app. It seems there are many options, so I
wanted to ask what would be recommneded according to this criteria:

1. secure authentication (no plain text)
2. role-based functionality
3. easy deployment (i'm guessing certificates have some setup overhead)
Thanks.

Nov 12 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
Hi RBisch,

In spite of the OS or protocal related security means, such as integrated
windows
or using SSL, the WSE make use of the WS-SECURITY which is a standared soap
message based
security framework. In fact , it is a certain SoapExtension based on the
asp.net webservice fundamental.
we can speicfy credential tokens or encrypt the soap message's certain part
(some elements) by the provided interfaces.

And as for the role-based, this is the .net framework's code access
feature, we can also integrated it in our serverside code(define our own
roles and do checking in code level(via declared attributes) or manually
checking in code at runtime. provide a article disussing on
the WSE andWS-SECURITY

#WS-Security and WSE
http://www.sys-con.com/dotnet/articleprint.cfm?id=300

Also, I think the deployment won't be the problem since all the WSE is also
published as some managed assemblies which can be deployed together with
your webservice assemblies and resources.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)


Nov 12 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.