WSE2.0 - best practise guidance

Discussion in 'ASP .Net Web Services' started by Benjamin, Feb 22, 2005.

  1. Benjamin

    Benjamin Guest

    Hi!

    I would like to implement WS-Security features using WSE2.0.
    Initially the services are consumed by .NET Windows Form Clients.

    What do you think is reasonable level of security and safety?
    Do you think following configuration of the web services proxies are "good
    enough"?

    Public Sub ConfigureProxy(ByVal proxy As WebServicesClientProtocol)
    'WS-Security: "Authentication" & "Authorization" with UsernameToken
    (no need to send password because of signing below)
    Dim token As UsernameToken = New UsernameToken(Me.txtUserName.Text,
    Me.txtPassword.Text, PasswordOption.SendNone)
    proxy.RequestSoapContext.Security.Tokens.Add(token)

    'WS-Security: "Signing" with UsernameToken (keep message integrity)
    Dim derivedToken As New DerivedKeyToken(token)
    proxy.RequestSoapContext.Security.Tokens.Add(derivedToken)
    proxy.RequestSoapContext.Security.Elements.Add(New
    MessageSignature(derivedToken))

    'WS-Security: "Encryption" with UsernameToken (ensure
    confidentiality, not "very" secure)
    proxy.RequestSoapContext.Security.Elements.Add(New
    EncryptedData(derivedToken))
    End Sub

    We are not communicating "bank transactions", but anyway we would like to
    implement "good enough" security.

    Best regards,
    Benjamin, Sweden
    Benjamin, Feb 22, 2005
    #1
    1. Advertising

  2. Benjamin

    [MSFT] Guest

    I think your way is safe enough for common web application. UsernameToken
    reply on windows authentication and we can trust it in a windows domain or
    OU. For better understand WS-Security in SWE 2.0, I suggest you may refer
    to following articles:

    WS-Security Drilldown in Web Services Enhancements 2.0

    http://msdn.microsoft.com/webservices/building/wse/default.aspx?pull=/librar
    y/en-us/dnwse/html/wssecdrill.asp

    Web Services Security (WS-Security)
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnglobspec/
    html/ws-security.asp

    Hope this help,

    Luke
    [MSFT], Feb 23, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. exquisitus
    Replies:
    0
    Views:
    460
    exquisitus
    Feb 20, 2005
  2. Kenny M.

    SoapExtensions,WSE1,WSE2 What should I use?

    Kenny M., Nov 23, 2004, in forum: ASP .Net Web Services
    Replies:
    1
    Views:
    141
    Dan Rogers
    Nov 23, 2004
  3. Patrick

    Message Trace with WSE2 NOT working

    Patrick, Dec 7, 2004, in forum: ASP .Net Web Services
    Replies:
    4
    Views:
    181
    Geoman
    Mar 10, 2005
  4. Bo Yan
    Replies:
    0
    Views:
    95
    Bo Yan
    Dec 14, 2004
  5. Guest

    while using wse2.0 error message come is http: 401

    Guest, Mar 7, 2005, in forum: ASP .Net Web Services
    Replies:
    0
    Views:
    103
    Guest
    Mar 7, 2005
Loading...

Share This Page