 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / April 2005message encryption
I want to be able to encrypt part of a soap message. I understand I need the public key of the identity running the web service I am sending the message to. My Questions are a) Where do I get the name of the identity I am sending the message to? b) How do I distribute the web service identity's public keys (in a intranet environment)? Do I use the LocalMachineEnterprise store? How? Thanks Peter, > I want to be able to encrypt part of a soap message. I understand I need the > public key of the identity running the web service I am sending the message > to. My Questions are > a) Where do I get the name of the identity I am sending the message to? This is implicit in nature, just like you know the endpoint of the service you are hitting, you will know the identity of the service aswell. By, refering to public key you are using PKI (X509 cerficates). So the service should give the public cert that the clients need to be using > b) How do I distribute the web service identity's public keys (in a intranet > environment)? Do I use the LocalMachineEnterprise store? How? Certificate distribution is always a problem. You can export certificates on the server using the MMC plug-in for certificates. And then give the .cer (containing the public key) files to all the clients. > Thanks  SignatureHTH Regards, Dilip Krishnan MCAD, MCSD.net dkrishnan at geniant dot com http://www.geniant.com 1. I don't see how it is implicit. The endpoint is either coded in the WSDL or stored in a config file. Similarly our web services run under specific user identities (for security, costing etc). Is there a best practice for mapping the service name to an identity? 2. Is there a way to automate this? The clients are on the intranet. > Peter, > [quoted text clipped - 15 lines] > .cer (containing the public key) files to all the clients. >> Thanks Hello Peter, To answer your question, On why its implicit in nature, take the example of transport dependent message integrity (SSL) here the certificate is assumed (implicitly) to be issued to the server of the same name as the hostname of the endpoint you're hitting. Moving to a transport agnostic message level encryption, If the client is talking to a web service then it is implicitly aware of the service contract, which includes, address, policies, and schema of the messages that establish the conversation between client and server. Policies are the best way to communicate identity and message level security that the server expects. So if you are looking for the best practice for mapping the service name to an identity, that would be it. HTH Regards, Dilip Krishnan MCAD, MCSD.net dkrishnan at geniant dot com http://www.geniant.com > 1. I don't see how it is implicit. The endpoint is either coded in the > WSDL or stored in a config file. Similarly our web services run under [quoted text clipped - 36 lines] >> dkrishnan at geniant dot com >> http://www.geniant.com Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.