Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / March 2007

Tip: Looking for answers? Try searching our database.

X509 and UserName/Pass in SOAP header?

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
cootmonster - 15 Mar 2007 19:45 GMT
planning on using a X509 cert to validate that a business client is who they
say they are.  After we authenticate client, then we need a username and
password to authorize users permissions.  Should we store this in the SOAP
header or just as part of the XML message structure?
Reply to this Message
Cowboy (Gregory A. Beamer) - 26 Mar 2007 04:16 GMT
I am missing something here.

You are using X.509 certs and then having login information? Are you not
issuing individual certs to each client/user? The only potential I can think
of that makes sense is distributed security (each app has same user base?).
If so, move the user base to its own service and link it to the X.509 there.
You can then call the service to identify the user. Yes, this slows things
down a bit, but SOA is about reuse more than performance (although the
latency is not generally that bad if these are all internal apps and the
maintainability shoots through the roof).

Signature

Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

*********************************************
Think outside the box!
*********************************************

> planning on using a X509 cert to validate that a business client is who
> they
> say they are.  After we authenticate client, then we need a username and
> password to authorize users permissions.  Should we store this in the SOAP
> header or just as part of the XML message structure?
Reply to this Message
cootmonster - 28 Mar 2007 02:46 GMT
The reason for the cert and user/pass I believe is this...

We are giving the capability of a 3rd party company to interface to our web
service.  They will be distributing their software to their clients.  So what
I thought we would have to do is use a cert to verify that it is from the 3rd
party software vendor, then use a username/password to authorize the actual
user on our system.

Does this make sense or is it overkill?

> I am missing something here.
>
[quoted text clipped - 12 lines]
> > password to authorize users permissions.  Should we store this in the SOAP
> > header or just as part of the XML message structure?
Reply to this Message

 Rate this thread:







Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.