473,327 Members | 1,936 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,327 software developers and data experts.

How should I secure my WS?

I’m new to WS. I have two MS Press books in front of me : XML Web Services
Step by Step and Understanding Web Services Specifications and then WSE.

The prior suggests to secure WS by using IIS and ASP.NET techniques
(<authorization> in web.config). The later, of course, describes WS-Security
and the WSE implementation.

I didn’t found any good article comparing one technique versus the other. I
can guess this is all a question of interoperability…

The only thing I need for now is to control access to a simple WS. This WS
will be available from the Internet via SSL, running on a server that is not
part of a domain (controlling access by local users only). I don’t need
signing or encrypting.

Can anybody give me some advices?

Thanks
Nov 23 '05 #1
6 1400
"=?Utf-8?B?Q3JhbWV6dWw=?=" <Cr******@discussions.microsoft.com> wrote in
news:D7**********************************@microsof t.com:
This WS will be available from the Internet via SSL, running on a
server that is not part of a domain (controlling access by local users
only). I don ™t need signing or encrypting.


If its already running over SSL, its already secure.
--
Chad Z. Hower (a.k.a. Kudzu) - http://www.hower.org/Kudzu/
"Programming is an art form that fights back"

Blog: http://blogs.atozed.com/kudzu
Nov 23 '05 #2
"=?Utf-8?B?Q3JhbWV6dWw=?=" <Cr******@discussions.microsoft.com> wrote in
news:D7**********************************@microsof t.com:
This WS will be available from the Internet via SSL, running on a
server that is not part of a domain (controlling access by local users
only). I don ™t need signing or encrypting.


If its already running over SSL, its already secure.
--
Chad Z. Hower (a.k.a. Kudzu) - http://www.hower.org/Kudzu/
"Programming is an art form that fights back"

Blog: http://blogs.atozed.com/kudzu
Nov 23 '05 #3
I still have to control access: authentication & authorization...

Using IIS + ASP.NET permissions or WSE UsernameTokens?
Nov 23 '05 #4
I still have to control access: authentication & authorization...

Using IIS + ASP.NET permissions or WSE UsernameTokens?
Nov 23 '05 #5
"=?Utf-8?B?Q3JhbWV6dWw=?=" <Cr******@discussions.microsoft.com> wrote in
news:4D**********************************@microsof t.com:
I still have to control access: authentication & authorization...

Using IIS + ASP.NET permissions or WSE UsernameTokens?


WSE is a good way to go. When using SSL, I often use just a custom header.
--
Chad Z. Hower (a.k.a. Kudzu) - http://www.hower.org/Kudzu/
"Programming is an art form that fights back"

Blog: http://blogs.atozed.com/kudzu
Nov 23 '05 #6
"=?Utf-8?B?Q3JhbWV6dWw=?=" <Cr******@discussions.microsoft.com> wrote in
news:4D**********************************@microsof t.com:
I still have to control access: authentication & authorization...

Using IIS + ASP.NET permissions or WSE UsernameTokens?


WSE is a good way to go. When using SSL, I often use just a custom header.
--
Chad Z. Hower (a.k.a. Kudzu) - http://www.hower.org/Kudzu/
"Programming is an art form that fights back"

Blog: http://blogs.atozed.com/kudzu
Nov 23 '05 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
by: Billy Jacobs | last post by:
I have a website which has both secure and non-secure pages. I want to uses forms authentication. How do I accomplish this? Originally I had my web.config file in the root with Forms...
4
by: debedb | last post by:
Hi all, I have a link, <A onClick="javascript:foo()">. The foo() function does w = window.open('', fieldid+'mywindow', prop); w.document.open(); d = w.document; And proceeds to write...
0
by: Mike | last post by:
I have noticed that the id of my session object changes when I switch from a non-secure to a secure connection. What I'm trying to do: I have a cookie that is built on the non-secure side of...
7
by: Seth | last post by:
I have noticed that the id of my session object changes when I switch from a non-secure to a secure connection. What I'm trying to do: I have a cookie that is built on the non-secure side of...
1
by: Iulian Ionescu | last post by:
I have a page (http://www.something.com/) and a secure page (https://secure.something.com) and the secure.something.com points to http://www.something.com/secure/ All works ok, but, when I...
5
by: Joe | last post by:
I have an application which runs in a non-secure environment. I also have an application that runs in a secure environment (both on the same machine). Is there any way to share the session data for...
40
by: Robert Seacord | last post by:
The CERT/CC has released a beta version of a secure integer library for the C Programming Language. The library is available for download from the CERT/CC Secure Coding Initiative web page at:...
7
by: Robert Seacord | last post by:
The CERT/CC has just deployed a new web site dedicated to developing secure coding standards for the C programming language, C++, and eventually other programming language. We have already...
0
by: amitvps | last post by:
Secure Socket Layer is very important and useful for any web application but it brings some problems too with itself. Handling navigation between secure and non-secure pages is one of the cumbersome...
3
by: zr | last post by:
Hi, Does usage of checked iterators and checked containers make code more secure? If so, can that code considered to be reasonably secure?
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.