 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / April 2006Can WSE 3.0 do this for me?
Hi, I am interested whether WSE 3.0 can do this for me. I would like my messages between the client and service to be encrypted without using certificates. And not only that I would like to only have to send up the username and password for authentication once and then each subsequent call to the service not have to send up this information anymore.... We are really looking for something that doesn't keep connections alive so that are application can scale, but doesn't have to keep reinitializing the encryption (wasting all that setup time). Can WSE 3.0 does this for us? Thanks So I am guessing maybe I need to look into using a custom STS to authenticate once and then use that token to keep doing secure transactions between the client and the server. Am I on the right path here? > Hi, > [quoted text clipped - 8 lines] > > Thanks Hi, WSE 3.0 does not provide a scenario to encrypt a message using only an UsernameToken. You will have to develop your own custom security assertion to encrypt the message with a Username token (I think there are some implementations of this on internet). Kerberos is another approach, and WSE already provides an security assertion for that scenario. In order to authenticate the user once, you will have to use the "SecureConversation" feature. This feature is provided by default for all security security assertion shipped within WSE 3.0 (Kerberos, UsernameForCertificate, UsernameOverTransport, MutualX509, etc). Regards, Pablo Cibraro http://weblogs.asp.net/cibrax > So I am guessing maybe I need to look into using a custom STS to > authenticate [quoted text clipped - 18 lines] >> >> Thanks So if use UsernameOverTransport to do the authentication once then can I also use message layer encryption rather than transport layer. Cause in the WSE 3.0 docs it says if you use UsernameOverTransport security assertion then you must encrypt at the transport layer. I hope I can use it and be able to encrypt at the message layer. Is this possible? Thanks > Hi, > [quoted text clipped - 36 lines] > >> > >> Thanks No, it is not possible. WSE provides two assertions for UsernameTokens: 1. UsernameOverTransport : As you said, it does not use message encryption and relies on the transport security. 2. UsernameForCertificate: it uses a X509 certificate to perform message encryption and the username token to perform authentication. You want to perform message encryption without using a certificate so the second aproach does not work for you. You will have to develop a custom security assertion to perform message encryption using the UsernameToken instead of the X509 Certificate. Does it answer your question ? Regards, Pablo. > So if use UsernameOverTransport to do the authentication once then can I > also [quoted text clipped - 52 lines] >> >> >> >> Thanks Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.