Web Services and SSL

Discussion in 'ASP .Net Web Services' started by AndyBrew, Jan 30, 2007.

  1. AndyBrew

    AndyBrew Guest

    Hi

    We are currently embarking upon a project to develop a suite of web services
    to allow the integration of a PDA application with our data server. Our
    current thoughts are to setup an SSL certificate on the server and use a
    custom username/password authentication mechanism for authentication.

    I have reviewed the MSDN documentation with regards security etc. but
    haven't found many practical examples, so my questions are: -

    1. Do we need to do anything different with regards the development of the
    web service to support SSL or does it just work.

    2. Are there any good links to documents I have missed?

    Thanks in advance

    Andy
     
    AndyBrew, Jan 30, 2007
    #1
    1. Advertising

  2. You don't need to do anything diferent in development to publish a Web
    Service in SSL.

    You can use WSE 3 with UserNameToken assertion to validate the username and
    password http://msdn2.microsoft.com/en-us/library/aa480575.aspx

    "AndyBrew" <> wrote in message
    news:...
    > Hi
    >
    > We are currently embarking upon a project to develop a suite of web
    > services
    > to allow the integration of a PDA application with our data server. Our
    > current thoughts are to setup an SSL certificate on the server and use a
    > custom username/password authentication mechanism for authentication.
    >
    > I have reviewed the MSDN documentation with regards security etc. but
    > haven't found many practical examples, so my questions are: -
    >
    > 1. Do we need to do anything different with regards the development of the
    > web service to support SSL or does it just work.
    >
    > 2. Are there any good links to documents I have missed?
    >
    > Thanks in advance
    >
    > Andy
     
    Mariano Omar Rodriguez, Jan 30, 2007
    #2
    1. Advertising

  3. AndyBrew

    WishMaster Guest

    On Jan 31, 10:00 am, "Mariano Omar Rodriguez" <>
    wrote:
    > You don't need to do anything diferent in development to publish a Web
    > Service in SSL.
    >
    > You can use WSE 3 with UserNameToken assertion to validate the username and
    > passwordhttp://msdn2.microsoft.com/en-us/library/aa480575.aspx
    >
    > "AndyBrew" <> wrote in message
    >
    > news:...
    >
    > > Hi

    >
    > > We are currently embarking upon a project to develop a suite of web
    > > services
    > > to allow the integration of a PDA application with our data server. Our
    > > current thoughts are to setup an SSL certificate on the server and use a
    > > custom username/password authentication mechanism for authentication.

    >
    > > I have reviewed the MSDN documentation with regards security etc. but
    > > haven't found many practical examples, so my questions are: -

    >
    > > 1. Do we need to do anything different with regards the development of the
    > > web service to support SSL or does it just work.

    >
    > > 2. Are there any good links to documents I have missed?

    >
    > > Thanks in advance

    >
    > > Andy


    Hi Andy:

    For SSL you don't need to do anything.
    For Username and Pwd, you can use SOAP Headers Authentication in your
    web service.
    Have a look at http://aspalliance.com/805

    Cheers,
    Amer
    MCSD.Net
    ITIL Certified
     
    WishMaster, Jan 31, 2007
    #3
  4. AndyBrew

    AndyBrew Guest

    Hi Guys

    Many thanks for that, a further question what is the benefit of using the
    SOAP header method against passing through your own username/password/pin
    number combination in the method signature???

    Can SOAP header authentication handle a pin number as well as username and
    password?

    Many thanks

    Andy
     
    AndyBrew, Feb 1, 2007
    #4
  5. AndyBrew

    WishMaster Guest

    On Feb 2, 12:53 am, AndyBrew <>
    wrote:
    > Hi Guys
    >
    > Many thanks for that, a further question what is the benefit of using the
    > SOAP header method against passing through your own username/password/pin
    > number combination in the method signature???
    >
    > Can SOAP header authentication handle a pin number as well as username and
    > password?
    >
    > Many thanks
    >
    > Andy


    Andy,

    I haven't try but use username and pwd only but technically it is
    possible because as you can see at (http://aspalliance.com/805) your
    class AuthSoapHd is inherited from SoapHeader and you can specify the
    fields whatever you want.

    ....
    ....
    public class AuthSoapHd: SoapHeader
    {
    public string strUserName;
    public string strPassword;
    }
    .....

    you can have like...
    public class AuthSoapHd: SoapHeader
    {
    public string strPIN;
    }
    ....

    I thnik should work.

    Cheers,
    Amer
     
    WishMaster, Feb 1, 2007
    #5
  6. AndyBrew

    WishMaster Guest

    On Feb 2, 12:53 am, AndyBrew <>
    wrote:
    > Hi Guys
    >
    > Many thanks for that, a further question what is the benefit of using the
    > SOAP header method against passing through your own username/password/pin
    > number combination in the method signature???
    >
    > Can SOAP header authentication handle a pin number as well as username and
    > password?
    >
    > Many thanks
    >
    > Andy


    Hi Andy, Sorry forgot ur fist question, I would say it is a standard
    to implement security and right use of protocal.
    on the top of that it a one of SOA security pattern.

    If you want to go advance or try some more options please see WSE 3.0
    and X.509 at
    http://msdn2.microsoft.com/en-us/library/aa480581.aspx

    Cheers,
    Amer
     
    WishMaster, Feb 1, 2007
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Thomas Connolly

    SSL and web Services

    Thomas Connolly, Jul 28, 2003, in forum: ASP .Net
    Replies:
    5
    Views:
    483
    Joerg Jooss
    Aug 2, 2003
  2. Andy

    SSL and Web Services in dev. environment

    Andy, Jan 21, 2004, in forum: ASP .Net Web Services
    Replies:
    3
    Views:
    189
    Jan Tielens
    Jan 21, 2004
  3. SSL and web services

    , Apr 30, 2004, in forum: ASP .Net Web Services
    Replies:
    2
    Views:
    144
  4. John
    Replies:
    4
    Views:
    504
  5. AndyBrew

    SSL and Web Services

    AndyBrew, Jan 30, 2007, in forum: ASP .Net Web Services
    Replies:
    0
    Views:
    121
    AndyBrew
    Jan 30, 2007
Loading...

Share This Page