 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / February 2006wse vs "windows integrated"
hello, i would like to implement a secure web service based on the active directory, without using HTTPS / SSL, using the Kerberos mechanism. As documentation mentions - Checking "Windows Integrated" & attaching CredentialCache.DefaultCredentails to the web service will suffice (will use the kerberos mechanism). On the other hand, lots of articles mentions that i must use WSE2.0 and MANUALLY add the token. examples: - http://www.codeproject.com/cs/webservices/SecurityTokens.asp - http://www.15seconds.com/issue/040602.htm is "Windows Integrated" enough? thanks. Hi, They are two different things. WSE provides security at message level, that is message integrity (The message is signed to avoid that someone changes the message), confidentiality (The message is encrypted) and authentication. Windows Integrity is a mechanism to authenticate the user at transport level. It doesn't provide any message protection unless you use SSL. I recommend you to take a look at the web services security guidance for more information http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/wssp.asp Regards, Pablo Cibraro http://weblogs.asp.net/cibrax > hello, > [quoted text clipped - 14 lines] > > thanks. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.