Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / October 2006

Tip: Looking for answers? Try searching our database.

WSE 3 and web farms

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Gary Leighton - 06 Oct 2006 10:38 GMT
I'm new to WSE 3 and need some advice on how to support web farms.

My requirement is that my web service calls must be authenticated, signed
and encrypted. Authentication should by by user-id and password.

The authentication needs to be brokered by a seperate web-service from the
target service and the target service can be farmed.

So far I've been looking at the usernameForCertificateSecurity turnkey
policy with the secure conversation feature enabled but I suspect this isn't
going to meet my web farm requirements.

So where do I look?
Reply to this Message
Pablo Cibraro [MVP] - 06 Oct 2006 15:35 GMT
Hi Gary,

The usernameForCertificate assertion works without problems in a web farm
scenario. In addition, if you also decide to use SecureConversation feature,
you have to enable a flag in the configuration file to support that
scenario. (Take a look to this blog entry for more information about WSE and
SecureConversation,
http://weblogs.asp.net/cibrax/archive/2006/02/21/438670.aspx)

I also recommend this web services security guide from the Microsoft Pattern
& Practices team,
http://msdn.microsoft.com/library/en-us/dnpag2/html/WSSP.asp

Regards,
Pablo Cibraro
http://weblogs.asp.net/cibrax

> I'm new to WSE 3 and need some advice on how to support web farms.
>
[quoted text clipped - 10 lines]
>
> So where do I look?
Reply to this Message
Gary Leighton - 25 Oct 2006 22:45 GMT
Thanks Pablo.

I now understand how usernameForCertificate supports web farms now that
I've read your weblog, but I'm afraid I don't see how to support my
requirement for a seperate webservice to act as the STS.

Suppose I add two web references to my client project, one for the STS
web service and one for the main web service. I could assign the same
policy to both, with the usernameForCertificate turnkey assertion
enabled and secure conversation enabled. The STS web service could use
a custom UserNameTokenManager to authenticate and produce the secure
context token. This can then be cached on the client. What I don't see
is how to tell the client to use the same SCT when calling the main web
service.

> Hi Gary,
>
[quoted text clipped - 27 lines]
> >
> > So where do I look?
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.