Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / December 2004

Tip: Looking for answers? Try searching our database.

WSE Security - Secure Conversation - (HOLDEVL34)

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Harry Pfleger - 07 Dec 2004 07:45 GMT
I have played with the Hands-On-Lab HOLDEVL34. It is very good and I learned
a lot!

One question I have is the following:

In example 3 (secure conversation), policies are used to get the sample
working. by doing this the server needs a x.509 certificate to get the
secure conversation.

is it possible to have a secure conversation without a x.509 certificate,
eg. with a username-password token. e.g. somehow use the username-password
token form a client?

cheers harry
Reply to this Message
Martin Kulov - 07 Dec 2004 22:29 GMT
Hi Harry,

In this situation the X.509 certificate is used to sign and encrypt the UsernameToken sent from the client. If you do not use X.509 certificate your username and password will be sent in plain text compromising the security of your system.
After all you can always generate a certificate using the makecert tool and use it for test purposes.

Best regards,
Martin Kulov
www.codeattest.com

MCAD Charter Member
MCSD.NET Early Achiever
Reply to this Message
Harry Pfleger - 08 Dec 2004 18:46 GMT
Thankx, Martin!

I am tring to figure out the following: if I do not use a x.509, but rather
a username token with a signature (no password is send), could the server
then initiate a secure converstion with this token. the goal is to do secure
conversation without using x.509 on both side (client and server). the next
step than would be to figure out how unsecure this would be...

Cheers Harry
Reply to this Message
Martin Kulov - 09 Dec 2004 13:33 GMT
Hi Harry,

Please see thread "How Secure Are Username Token Encrypted Messages". I will try to find a way how can this be achieved.

Martin Kulov
http://www.codeattest.com

MCAD Charter Member
MCSD.NET Early Achiever
MCSD

> Thankx, Martin!
>
[quoted text clipped - 6 lines]
>
> Cheers Harry
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.