How should I secure my WS?

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

Cramezul - 16 Jun 2005 20:12 GMT

I’m new to WS. I have two MS Press books in front of me : XML Web Services
Step by Step and Understanding Web Services Specifications and then WSE.

The prior suggests to secure WS by using IIS and ASP.NET techniques
(<authorization> in web.config). The later, of course, describes WS-Security
and the WSE implementation.

I didn’t found any good article comparing one technique versus the other. I
can guess this is all a question of interoperability…

The only thing I need for now is to control access to a simple WS. This WS
will be available from the Internet via SSL, running on a server that is not
part of a domain (controlling access by local users only). I don’t need
signing or encrypting.

Can anybody give me some advices?

Thanks

Reply to this Message

Chad Z. Hower aka Kudzu - 17 Jun 2005 15:40 GMT

> This WS will be available from the Internet via SSL, running on a
> server that is not part of a domain (controlling access by local users
> only). I don ™t need signing or encrypting.

If its already running over SSL, its already secure.

--
Chad Z. Hower (a.k.a. Kudzu) - http://www.hower.org/Kudzu/
"Programming is an art form that fights back"

Blog: http://blogs.atozed.com/kudzu

Reply to this Message

Cramezul - 17 Jun 2005 18:36 GMT

I still have to control access: authentication & authorization...

Using IIS + ASP.NET permissions or WSE UsernameTokens?

Reply to this Message

Chad Z. Hower aka Kudzu - 17 Jun 2005 18:53 GMT

> I still have to control access: authentication & authorization...
>
> Using IIS + ASP.NET permissions or WSE UsernameTokens?

WSE is a good way to go. When using SSL, I often use just a custom header.

--
Chad Z. Hower (a.k.a. Kudzu) - http://www.hower.org/Kudzu/
"Programming is an art form that fights back"

Blog: http://blogs.atozed.com/kudzu

Reply to this Message

How should I secure my WS?

Free Magazines