Another formulation of the message tittle could be :
is it really "safe" (in the business sense) to embed a SSL webservice
consumer into any given software, given that any time a proxy server
will be encountered, then the call will fail (based on my knowledge) ?
....Different Player, shoot again... I am asking a question which was
posted several times in the last months, but never answered;
any advice / insight would be appreciated.
The question is simple, though worrying : are secured (https / ssl) web
services functional if you have to query them through a proxy server ?
I fell into a giant opened trap which can be described as below :
- Step 1 : Setup a webservice (any type of web service)
- Step 2 : Secure it and make it accessible only via https (many
articles explain how to do this).
- Step 3 : Bundle it inside your .Net software and make sure that the
SSL certificate is correctly handled
(if you are running a test certificate, you can use the
trick described at
http://weblogs.asp.net/jan/archive/2.../04/41154.aspx
)
- Step 4 : Wait for the first person who will want to use your software
but is only allowed to access the web through a proxy
(Because her/his system administrator has decided that
internet access should not be provided any other way)
==Then you are trapped. I tried many alternatives, but none of them
worked. I even tried to install several proxy software and to
check whether something could be done inside their configuration, with
no luck...
Did I miss a point ? Any good advice or definite answer would be
appreciated.
My only alternatives at that time are to select where to open a
security hole (i.e either get rid of the https / SSL protection on my
webservice, or ask all my customers to bypass their proxy and/or
firewall in order to access the webservice); and I don't like that.
For interested people, here are some links to other unanswered posts /
articles related to the same question :
http://groups.google.fr/group/micros...e872c5bfc9ba14
http://discuss.fogcreek.com/dotnetqu...ow&ixPost=5463
Thanks !
Pascal T.