Web Services and SSL

A

AndyBrew

Hi

We are currently embarking upon a project to develop a suite of web services
to allow the integration of a PDA application with our data server. Our
current thoughts are to setup an SSL certificate on the server and use a
custom username/password authentication mechanism for authentication.

I have reviewed the MSDN documentation with regards security etc. but
haven't found many practical examples, so my questions are: -

1. Do we need to do anything different with regards the development of the
web service to support SSL or does it just work.

2. Are there any good links to documents I have missed?

Thanks in advance

Andy
 
W

WishMaster

You don't need to do anything diferent in development to publish a Web
Service in SSL.

You can use WSE 3 with UserNameToken assertion to validate the username and
passwordhttp://msdn2.microsoft.com/en-us/library/aa480575.aspx
Click to expand...

Hi Andy:

For SSL you don't need to do anything.
For Username and Pwd, you can use SOAP Headers Authentication in your
web service.
Have a look at http://aspalliance.com/805

Cheers,
Amer
MCSD.Net
ITIL Certified
 
A

AndyBrew

Hi Guys

Many thanks for that, a further question what is the benefit of using the
SOAP header method against passing through your own username/password/pin
number combination in the method signature???

Can SOAP header authentication handle a pin number as well as username and
password?

Many thanks

Andy
 
W

WishMaster

Hi Guys

Many thanks for that, a further question what is the benefit of using the
SOAP header method against passing through your own username/password/pin
number combination in the method signature???

Can SOAP header authentication handle a pin number as well as username and
password?

Many thanks

Andy
Click to expand...

Andy,

I haven't try but use username and pwd only but technically it is
possible because as you can see at (http://aspalliance.com/805) your
class AuthSoapHd is inherited from SoapHeader and you can specify the
fields whatever you want.

....
....
public class AuthSoapHd: SoapHeader
{
public string strUserName;
public string strPassword;
}
.....

you can have like...
public class AuthSoapHd: SoapHeader
{
public string strPIN;
}
....

I thnik should work.

Cheers,
Amer
 
W

WishMaster

Hi Guys

Many thanks for that, a further question what is the benefit of using the
SOAP header method against passing through your own username/password/pin
number combination in the method signature???

Can SOAP header authentication handle a pin number as well as username and
password?

Many thanks

Andy
Click to expand...

Hi Andy, Sorry forgot ur fist question, I would say it is a standard
to implement security and right use of protocal.
on the top of that it a one of SOA security pattern.

If you want to go advance or try some more options please see WSE 3.0
and X.509 at
http://msdn2.microsoft.com/en-us/library/aa480581.aspx

Cheers,
Amer
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

SSL and Web Services 0
Web services & SSL 3
SSL and web services 2
Web Services Problem 0
SSL and Web Services in dev. environment 3
Web Services over SSL with Eclipse WTP 0
Trace.WriteLine and Web Services 1
consuming Web Services over SSL 1

Members online

Total: 46 (members: 3, guests: 43)
Robots: 447

Forum statistics

Threads
473,768
Messages
2,569,575
Members
45,054
Latest member
LucyCarper

Latest Threads

Top