Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / October 2005

Tip: Looking for answers? Try searching our database.

Webservices and Internet security

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
UJ - 24 Oct 2005 15:57 GMT
I've got a network engineer who is absolutely anal about network security.
He is questioning how secure web services are and I can't answer him with
definitive answers. Do web services run over port 80? How about port 443?
Are they secure? He's also paranoid about loginning in - is there a primer
somewhere where I can look at how to make my process connect with
authentication and make sure to keep it secure?

TIA - Jeff.
Reply to this Message
Michael - 24 Oct 2005 19:49 GMT
Humm....to answer your questions

Yes asp.net web services use port 80, if wish to add security to your web
services you should consider using WS-Security (aka WSE 3.0). WS-Security
will secure your data on a message level.

> I've got a network engineer who is absolutely anal about network security.
> He is questioning how secure web services are and I can't answer him with
[quoted text clipped - 4 lines]
>
> TIA - Jeff.
Reply to this Message
CESAR DE LA TORRE [MVP] - 24 Oct 2005 21:28 GMT
With ASP.NET you CAN, for sure, use SSL (HTTPS - TCP Port 443) which is a
quite secure method, specially using a 128 bit Server Certificate.
You can use SSL just for encrypting all the XML-WebService communications.
Using SSL under WebServices is OK for simple scenarios, but take into account
that it is based on a end-to-end trust (because it is a transport-protocol
security method)

BUT, I agree with Michael in the fact that using WSE 3.0 you have a much
better control of WebServices Security because it is made at Message-Level.
And you can use WSE 3.0 not only for Encrypting but also for Signing and
Authentication (most of the WS-Security specifications, which is part of the
whole WS-* standard specifications).
Signature

CESAR DE LA TORRE
Software Architect
[Microsoft MVP - XML Web Services]
[MCSE] [MCT]

Renacimiento
[Microsoft GOLD Certified Partner]  

> Humm....to answer your questions
>
[quoted text clipped - 10 lines]
> >
> > TIA - Jeff.
Reply to this Message
CESAR DE LA TORRE [MVP] - 24 Oct 2005 22:28 GMT
BTW, here you have how to call a Web Service Using SSL
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/S
ecNetHT14.asp
Signature

CESAR DE LA TORRE
Software Architect
[Microsoft MVP - XML Web Services]
[MCSE] [MCT]

Renacimiento
[Microsoft GOLD Certified Partner]  

> With ASP.NET you CAN, for sure, use SSL (HTTPS - TCP Port 443) which is a
> quite secure method, specially using a 128 bit Server Certificate.
[quoted text clipped - 23 lines]
> > >
> > > TIA - Jeff.
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.