 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / September 2005Security Hole on Client ?
Hi All, I now have a client that will expect a secure response to be returned from the server. To achieve the authentication I have extended UsernameTokenManager in the standard way (this will be ported to a certificate-based solution in the near future). What is troubling me, however, is the App.Config file that ships with the client app. 1. Could somebody change the reference to my securityTokenManager to point to another manager that would supply false positives? 2. If 1. is not possible, surely they could just delete this file and then WSE would use that machines Windows Logon routine to validate a response - which could also be comprosmised! Am I worrying about nothing? Chris The app.config on the client app shouldn't mention anything about the securitytokenmanager the server uses. The web.config on the server is what specifies which tokenmanager to use which of course should not be able to be altered by untrusted parties. Jon > Hi All, > [quoted text clipped - 15 lines] > > Chris Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.