Hi,
To do this, you've got a long road (well, not that long). You need to
implement the WS-Security specification yourself on the caller's side.
Once you've done this, and tested interoperability with your server side,
you should be OK. The specs are pretty clear, and an experienced
programmer should be able to do this in a day or so. (assuming experience
in XML, DOM, and cryptography - and have access to the right crypto library
implementations).
Win98 is problematic, since it is at end of life. Advise you to upgrade to
XP asap.
Regards
Dan Rogers
Microsoft Corporation
--------------------
From: "Filippo" <fi*********************************@powersoft.i t>
Newsgroups: microsoft.public.dotnet.framework.webservices
Subject: Re: Adding security to a web service without using WSE
Date: Mon, 13 Dec 2004 16:37:53 +0100
Lines: 42
Message-ID: <32*************@individual.net>
References: <19**********************************@microsoft.co m>
<#I**************@TK2MSFTNGP14.phx.gbl>
X-Trace: individual.net Y23zbn8fTCysa5q/y8tGBAlF9zlgbyrssexsxV8d7FCKeZ9FZo
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1409
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Path:
cpmsftngxa10.phx.gbl!TK2MSFTFEED02.phx.gbl!TK2MSFT NGP08.phx.gbl!newsfeed00.s
ul.t-online.de!t-online.de!newsfeed.freenet.de!fu-berlin.de!uni-berlin.de!in
dividual.net!not-for-mail
Xref: cpmsftngxa10.phx.gbl
microsoft.public.dotnet.framework.webservices:8041
X-Tomcat-NG: microsoft.public.dotnet.framework.webservices
How to pass Soap headers for the application level security?
How to do this with a classic Asp page?
Thanks
"Anders Norås [MCAD]" <an**********@objectware.no> ha scritto nel messaggio
news:%2****************@TK2MSFTNGP14.phx.gbl...
I need advice about adding security to a web service without using WSE,
as the clients will run Win98.
What sort of security? You have three levels of web service security:
Platform / Transport-level
The transportation channel (usually HTTP) provides this level. It can be
IIS authentication such as basic, digest, integrated and certificate
authententication. SSL and IPSec can be used to encrypt SOAP messages on
this level.
Application-level
You can use custom SOAP headers to pass user credentials from
authentication purposes with each request. You can also encrypt parts of the message
using the crypto classes in .NET.
Message-level
This is where WSE helps out the most. You can pass WS-Security tokens,
such as Kerberos tickets and X509 certificates in SOAP headers to authenticate
uses. You can sign the message or use XML encryption to ensure the
integrity of the message.
If you just need authentication IIS authentication should all that you
need.
Anders Norås
http://dotnetjunkies.com/weblog/anoras/