Web services & SSL

[cn2006a]

Hi, I am new to web services and have to write one end of a B2B
application, ie my app will talk to a remote app and vice versa. The
developer of the other end is suggesting we use SSL for security.

I'm still trying to understand the security options, and I'm slightly
confused about using SSL. My understanding is that when using HTTPS,
decryption happens in the browser rather than within IIS. Since I will
not be using a browser to talk to the other end, where does the
decryption take place? Do I call a library routine to do this? Or
should I look at securing this app some other way, eg something within
WSE?

Thanks,

ChrisN

 

[Josh Twist]

SSL is still an excellent way of securing your transmissions even
though you're not using a 'browser'. You're still using HTTPS so the
client (your proxy) will act in the same way as your browser and
encrypt the message as required.

There are other tools you could use to secure transmissions such as
WSE3, but SSL is great because it's tried and tested and takes place at
a higher level of abstraction- therefore you don't have to change
anything in your code to use it.

(Without wanting to cloud the issue, you might want to look at WCF
(windows communication foundation) for hosting your web service, which
takes this whole idea of protocol abstaction to whole new level with
its ABCs (Address, Binding, Contract) of web services.

Josh
http://www.thejoyofcode.com/

 

[Simon Hart]

WCF (WinFX) is not in RTA release yet though right.

Simon.

 

[Josh Twist]

Right - I'd definitely have a look at the stuff there so you can bear
in mind how it works. WCF is the future of web services on the windows
platform so you'll want a nice easy migration when it is released.

Josh
http://www.thejoyofcode.com/