 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / September 2005Should I be using WSE?
I am starting to wonder if I need to use WSE and I'd like to hear what the WSE gurus have to say. I simply need to protect a web service that will hosted on the internet by a username/password. All methods, etc. on the webservice need to be secured so they can not be anonymously accessed. I will be using SSL for encryption. Is WSE the way to procede with this? tia I'm no guru but some of the enhancements that WSE offer in your sitution are. Only the body is encrypted (rather than the whole message as with https) allowing routing services to look at the header but not the message, and makes diagnosis easier etc. You can (relatively) easily create security policies that are stored in policy files for your usernames/roles and apply them to your services simply. Jon >I am starting to wonder if I need to use WSE and I'd like to hear what > the WSE gurus have to say. I simply need to protect a web service that [quoted text clipped - 4 lines] > > tia Jon: This sounds exactly like what I need. Can anyone point me to some examples? Thanks. WSE 3.0 have absolutely excellent documentation. WS-I Basic Security Profile 1.0 Reference Implementation: Preview release for the .NET Framework version 1.1 http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/msw sibsp.asp Hands on Labs! At the end of the following article there are links to "Hands On Tutorials" What's New in Web Services Enhancements (WSE) 3.0 http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwse/html/neww se3.asp > Jon: > [quoted text clipped - 3 lines] > > Thanks. Thanks Mark! I briefly checked this out but did not see much regarding implementing a custom username/password security method. I'll have a table of username/passwords that I'd like to use as the authentication source. May be I just didn't see it yet. I'm going to print this out and work on the labs anyway. Good way to learn this stuff. If anyone else has info on using a table for the authentication I'd appreciate it. You are looking for a custom UsernameTokenManager. Check the QuickStart sample that was installed with the SDK in: Samples\CS\QuickStart\Security\WSSecuirytUsername\Policy\WSSecuirytUsernamePolicy.... The sample only demonstrates twisting a username and passing it back as the password, but you can use your own method here to access the data in your datastore, search for the matching username and then return the password attached to the user name. This method overrides the default and the internal goo wil then take the password you spit out of the custom code and compare it to the password that came in with the UsernameToken. Good luck Julie Lerman > Thanks Mark! I briefly checked this out but did not see much regarding > implementing a custom username/password security method. I'll have a [quoted text clipped - 4 lines] > If anyone else has info on using a table for the authentication I'd > appreciate it. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.