473,407 Members | 2,546 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > .net framework > questions > webservices [wse2.0] and security

Join Bytes to post your question to a community of 473,407 software developers and data experts.

Webservices [WSE2.0] and security

I am trying to select the best approach for security (authentication,
role-based) for my web services app. It seems there are many options, so I
wanted to ask what would be recommneded according to this criteria:

1. secure authentication (no plain text)
2. role-based functionality
3. easy deployment (i'm guessing certificates have some setup overhead)
Thanks.

Nov 12 '05 #1
1 1305
Hi RBisch,

In spite of the OS or protocal related security means, such as integrated
windows
or using SSL, the WSE make use of the WS-SECURITY which is a standared soap
message based
security framework. In fact , it is a certain SoapExtension based on the
asp.net webservice fundamental.
we can speicfy credential tokens or encrypt the soap message's certain part
(some elements) by the provided interfaces.

And as for the role-based, this is the .net framework's code access
feature, we can also integrated it in our serverside code(define our own
roles and do checking in code level(via declared attributes) or manually
checking in code at runtime. provide a article disussing on
the WSE andWS-SECURITY

#WS-Security and WSE
http://www.sys-con.com/dotnet/articleprint.cfm?id=300

Also, I think the deployment won't be the problem since all the WSE is also
published as some managed assemblies which can be deployed together with
your webservice assemblies and resources.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)


Nov 12 '05 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
WSE2 and customised Soap Header
by: Hai Ta | last post by:
Please help We have been stuck for the past 2 weeks in trying to implement a webservice using WSE2 such that consumer can access with the following soap header. <?xml version="1.0"...
.NET Framework
9
WebServices without IIS
by: Lloyd Dupont | last post by:
how to create a web services living on its own? (no web server!) any links, pointers?
C# / C Sharp
1
Webservices and "pass through" security
by: Tom | last post by:
Hi, I am currently on a project where one site needs to send the user credentials to another site, through web services. Scenario: * "User 1" will authenticate to "Site A" using NTLM ("Site...
ASP.NET
8
Record lock timeout with webservices
by: Komandur Kannan | last post by:
We have a smart device application running on handhelds(Symbol MC9000G). The backend is Oracle and a middle tier web services development done in Vb.net. We use pessimistic Locking due to...
.NET Framework
0
WSE2 \ WS-Security
by: JJJ | last post by:
Just a quick question I think... I have a web service, implemented with WSE2 and secured with WS-Security Username tokens - When I autogenerate WSDL (using ?WSDL query strings) the WS-Security...
.NET Framework
1
Webservices and security
by: UJ | last post by:
I've got a network engineer who is absolutely anal about network security. He is questioning how secure web services are and I can't answer him with definitive answers. Do web services run over...
.NET Framework
0
WSE -3.0 WebServices Deployement in IIS Server
by: suresh.csharp | last post by:
Hi, I have developed Web services based on WSE3.0 X.509 Certificate authentication for client and server. I have tested in VS 2005 both services and client application working fine with out any...
.NET Framework
0
WSE2 UserName token not encrypted
by: Sid DeLuca | last post by:
I'm modifying the WSE2 HOL sample to develop my web service. I'm able to get the client application's username token encrypted on the way out (outputTrace.webinfo), but not on receipt from the...
.NET Framework
0
Conversion from WSE2 to WSE3 makes response class disappear
by: David G | last post by:
I have a web service originally written to use soap.tcp transport in WSE2 that now uses http transport under WSE3. The WSE2 method looked like public IndividualLookupResponse...
.NET Framework
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!