WSE2.0 - best practise guidance

Discussion in 'ASP .Net Web Services' started by Benjamin, Feb 22, 2005.

  1. Benjamin

    Benjamin Guest

    Hi!

    I would like to implement WS-Security features using WSE2.0.
    Initially the services are consumed by .NET Windows Form Clients.

    What do you think is reasonable level of security and safety?
    Do you think following configuration of the web services proxies are "good
    enough"?

    Public Sub ConfigureProxy(ByVal proxy As WebServicesClientProtocol)
    'WS-Security: "Authentication" & "Authorization" with UsernameToken
    (no need to send password because of signing below)
    Dim token As UsernameToken = New UsernameToken(Me.txtUserName.Text,
    Me.txtPassword.Text, PasswordOption.SendNone)
    proxy.RequestSoapContext.Security.Tokens.Add(token)

    'WS-Security: "Signing" with UsernameToken (keep message integrity)
    Dim derivedToken As New DerivedKeyToken(token)
    proxy.RequestSoapContext.Security.Tokens.Add(derivedToken)
    proxy.RequestSoapContext.Security.Elements.Add(New
    MessageSignature(derivedToken))

    'WS-Security: "Encryption" with UsernameToken (ensure
    confidentiality, not "very" secure)
    proxy.RequestSoapContext.Security.Elements.Add(New
    EncryptedData(derivedToken))
    End Sub

    We are not communicating "bank transactions", but anyway we would like to
    implement "good enough" security.

    Best regards,
    Benjamin, Sweden
     
    Benjamin, Feb 22, 2005
    #1
    1. Advertisements

  2. Benjamin

    [MSFT] Guest

    I think your way is safe enough for common web application. UsernameToken
    reply on windows authentication and we can trust it in a windows domain or
    OU. For better understand WS-Security in SWE 2.0, I suggest you may refer
    to following articles:

    WS-Security Drilldown in Web Services Enhancements 2.0

    http://msdn.microsoft.com/webservices/building/wse/default.aspx?pull=/librar
    y/en-us/dnwse/html/wssecdrill.asp

    Web Services Security (WS-Security)
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnglobspec/
    html/ws-security.asp

    Hope this help,

    Luke
     
    [MSFT], Feb 23, 2005
    #2
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. exquisitus
    Replies:
    0
    Views:
    593
    exquisitus
    Feb 20, 2005
  2. VisionSet
    Replies:
    0
    Views:
    927
    VisionSet
    Aug 19, 2003
  3. Rich

    Architecture best practise

    Rich, Jun 30, 2006, in forum: ASP .Net
    Replies:
    5
    Views:
    716
    Nick Malik [Microsoft]
    Jul 11, 2006
  4. Mat

    Video file - best practise

    Mat, Aug 14, 2006, in forum: ASP .Net
    Replies:
    1
    Views:
    442
    =?Utf-8?B?Y2xpY2tvbg==?=
    Aug 14, 2006
  5. GW

    Best Practise

    GW, Nov 17, 2006, in forum: ASP .Net
    Replies:
    2
    Views:
    577
  6. Not Me
    Replies:
    1
    Views:
    744
    Not Me
    Dec 5, 2006
  7. lightning
    Replies:
    5
    Views:
    519
  8. lightning
    Replies:
    1
    Views:
    499
    EricF
    Jul 8, 2008
Loading...