By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,491 Members | 1,186 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,491 IT Pros & Developers. It's quick & easy.

How should I secure my WS?

P: n/a
I’m new to WS. I have two MS Press books in front of me : XML Web Services
Step by Step and Understanding Web Services Specifications and then WSE.

The prior suggests to secure WS by using IIS and ASP.NET techniques
(<authorization> in web.config). The later, of course, describes WS-Security
and the WSE implementation.

I didn’t found any good article comparing one technique versus the other. I
can guess this is all a question of interoperability…

The only thing I need for now is to control access to a simple WS. This WS
will be available from the Internet via SSL, running on a server that is not
part of a domain (controlling access by local users only). I don’t need
signing or encrypting.

Can anybody give me some advices?

Thanks
Nov 23 '05 #1
Share this Question
Share on Google+
6 Replies


P: n/a
"=?Utf-8?B?Q3JhbWV6dWw=?=" <Cr******@discussions.microsoft.com> wrote in
news:D7**********************************@microsof t.com:
This WS will be available from the Internet via SSL, running on a
server that is not part of a domain (controlling access by local users
only). I don t need signing or encrypting.


If its already running over SSL, its already secure.
--
Chad Z. Hower (a.k.a. Kudzu) - http://www.hower.org/Kudzu/
"Programming is an art form that fights back"

Blog: http://blogs.atozed.com/kudzu
Nov 23 '05 #2

P: n/a
"=?Utf-8?B?Q3JhbWV6dWw=?=" <Cr******@discussions.microsoft.com> wrote in
news:D7**********************************@microsof t.com:
This WS will be available from the Internet via SSL, running on a
server that is not part of a domain (controlling access by local users
only). I don t need signing or encrypting.


If its already running over SSL, its already secure.
--
Chad Z. Hower (a.k.a. Kudzu) - http://www.hower.org/Kudzu/
"Programming is an art form that fights back"

Blog: http://blogs.atozed.com/kudzu
Nov 23 '05 #3

P: n/a
I still have to control access: authentication & authorization...

Using IIS + ASP.NET permissions or WSE UsernameTokens?
Nov 23 '05 #4

P: n/a
I still have to control access: authentication & authorization...

Using IIS + ASP.NET permissions or WSE UsernameTokens?
Nov 23 '05 #5

P: n/a
"=?Utf-8?B?Q3JhbWV6dWw=?=" <Cr******@discussions.microsoft.com> wrote in
news:4D**********************************@microsof t.com:
I still have to control access: authentication & authorization...

Using IIS + ASP.NET permissions or WSE UsernameTokens?


WSE is a good way to go. When using SSL, I often use just a custom header.
--
Chad Z. Hower (a.k.a. Kudzu) - http://www.hower.org/Kudzu/
"Programming is an art form that fights back"

Blog: http://blogs.atozed.com/kudzu
Nov 23 '05 #6

P: n/a
"=?Utf-8?B?Q3JhbWV6dWw=?=" <Cr******@discussions.microsoft.com> wrote in
news:4D**********************************@microsof t.com:
I still have to control access: authentication & authorization...

Using IIS + ASP.NET permissions or WSE UsernameTokens?


WSE is a good way to go. When using SSL, I often use just a custom header.
--
Chad Z. Hower (a.k.a. Kudzu) - http://www.hower.org/Kudzu/
"Programming is an art form that fights back"

Blog: http://blogs.atozed.com/kudzu
Nov 23 '05 #7

This discussion thread is closed

Replies have been disabled for this discussion.