Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / January 2006

Tip: Looking for answers? Try searching our database.

Web Service Security question

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
blue_nirvana - 02 Jan 2006 22:30 GMT
I have a wireless device that is not attached to the domain.  So I created a
Web Service that I pass the UserName and Password to see if it is a valid
user using the LogonUser API.  I have the WebService site set to use Anomyous
access.  This is all done on our Intranet.  I was thinking that I needed to
set it up to use SSL to encrypt the UserName and Password.  

I'm fairly new to security with Web Services and was wondering if this was
approiate way or if I should be doing this a different way?  What security
issues should I need to address seeing how this is on a local intranet and
also considering it is a wireless device?  I definitely do not want to be
sending UserName and Passwords as plain text over our wireless network.  Any
links or input is appreciated.

Thanks
Reply to this Message
Martin Kulov - 04 Jan 2006 00:13 GMT
> What security issues should I need to address seeing how this is on a
> local intranet and
> also considering it is a wireless device?  I definitely do not want to be
> sending UserName and Passwords as plain text over our wireless network.
> Any
> links or input is appreciated.

Hi,

you can use WSE [1] with "Username over Certificate" turnkey scenario to
protect your web service. Sending plaintext passwords over wireless network
is definitely not a good idea.

[1] http://msdn.microsoft.com/webservices/webservices/building/wse/

Best,

Signature

Martin Kulov
http://www.codeattest.com/blogs/martin

MCAD Charter Member
MCSD.NET Early Achiever
MCSD

Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.