Security questions

Discussion in 'ASP .Net Mobile' started by Nikolay Anestev, Jul 23, 2004.

  1. Hi all. I have the following concerns which I'm trying to solve:
    Running mobile ASP.NET( C# ) application on IIS 6.0 / Windows 2003 Server,
    which must be provided with certain security. I'm reading issues about WTLS
    protocol which is designed to implement this security, but few questions
    aroused.
    First, the authentification which WTLS automatically provides is optional. I
    want all the users of this application and the server always to be
    authentificated. Is this a matter of some server-side settings?
    Is there a way to make my users always use security oriented connection (
    commonly reffered by the 9203 port ) despite of the initial settings of the
    mobile browser they have.

    These are some of the questions. If someone could answer them I'd be very
    thankful.
    Thank you in advance.
    Best regards.

    Nikolay Anestev
     
    Nikolay Anestev, Jul 23, 2004
    #1
    1. Advertising

  2. Hi Nicolay,

    The long and the short answer is that you need a WAP gateway between
    your web server and the mobile device. The gateway will convert WTLS
    traffic into SSL. The layout looks like this:

    [WAP Device]<-- WTLS --> [WAP Gateway]<-- SSL -->[IIS]

    Here is a more detailed explanation on thewirelessfaq.com:
    http://www.thewirelessfaq.com/9.4.asp

    WTLS is only supported on compliant browsers such as the jBrowser and
    WinWAP Pro. Please refer to the following list of WAP Gateways (some
    of them are WTLS compliant): http://www.thewirelessfaq.com/13.4.asp

    Thanks,
    Jean-Luc David
    Microsoft .NET MVP

    http://www.stormpixel.com
    http://weblogs.asp.net/jld/

    --- Original Message ---
    > Hi all. I have the following concerns which I'm trying to solve:
    > Running mobile ASP.NET( C# ) application on IIS 6.0 / Windows 2003 Server,
    > which must be provided with certain security. I'm reading issues about

    WTLS
    > protocol which is designed to implement this security, but few questions
    > aroused.
    >
    > First, the authentification which WTLS automatically provides is optional.

    I
    > want all the users of this application and the server always to be
    > authentificated. Is this a matter of some server-side settings?
    >
    > Is there a way to make my users always use security oriented connection (
    > commonly reffered by the 9203 port ) despite of the initial settings of

    the
    > mobile browser they have.
    >
    > These are some of the questions. If someone could answer them I'd be very
    > thankful.
    > Thank you in advance.
    > Best regards.
    >
    > Nikolay Anestev
     
    Jean-Luc David [MS-MVP], Jul 26, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Aaron
    Replies:
    1
    Views:
    389
    John C. Bollinger
    Aug 4, 2003
  2. Marco
    Replies:
    1
    Views:
    2,459
    Roedy Green
    Jan 28, 2006
  3. Akram Baig
    Replies:
    0
    Views:
    356
    Akram Baig
    Apr 7, 2011
  4. Dinis Cruz

    Asp.Net Security Analyser (new security tool by DDPlus)

    Dinis Cruz, Oct 8, 2003, in forum: ASP .Net Security
    Replies:
    2
    Views:
    176
    Dinis Cruz
    Oct 11, 2003
  5. Michael Randrup
    Replies:
    3
    Views:
    348
    Henning Krause [MVP]
    Mar 27, 2006
Loading...

Share This Page