secure webservice

G

Guest

Hi everyone!

I have built a vb6 app that communicates with a web server to get data from
an webservice through the internet (not lan).

My question/problem is,
1) how could I make this webservice secure, so that only my vb6 app has
access to it and noone else?
Should I use WSE or WCF?
Well ok, but I have completely no idea on how to!

2) Should I enable ssl for this webservice, so that data is encrypted? How?

Please can somebody provide me with info/hints/tips/walkthrough on how to do
this?

Thanks in advance!
 
G

Guest

first of all, thank you very much for the interest!

I have already done the following steps:
(using http://www.codeproject.com/soap/wssecurity_usernametokens.asp as a
guide reference)

Secured my web service using WSE 3.0 and tried to access the web service
using vb6 and soap,
with the following code:



Set g_objSoap = New MSSOAPLib.SoapClient
With g_objSoap
.mssoapinit http://ticketinsrv/dbws/service.asmx?WSDL
.ConnectorProperty("AuthUser") = "wsuser"
.ConnectorProperty("AuthPassword") = "pass"
End With


However I get either "access denied" (line:

.mssoapinit http://ticketinsrv/dbws/service.asmx?WSDL)

or access denied when trying to execute any method,

e.g. the following (test) one:



<WebMethod()> _
Public Function Hello() As String

' Get the current soap context
Dim ctxt As SoapContext = RequestSoapContext.Current
If ctxt Is Nothing Then
' This request is using a different protocol other than SOAP.
Return "Please format the request as a SOAP request and try again."
End If

' Iterate through all Security tokens
For Each tok As SecurityToken In ctxt.Security.Tokens
If TypeOf (tok) Is UsernameToken Then
Dim user As UsernameToken = CType(tok, UsernameToken)
Return "Hello Authenticated user " + user.Username
End If
Next tok
Return "Hello Liar"

End Function

Also, my customauthenticator class (referenced from the web service) is as
follows:



Imports System
Imports System.Security.Permissions
Imports Microsoft.Web.Services3.Security.Tokens

Namespace WSESecurity
<SecurityPermissionAttribute(SecurityAction.Demand)> _
Public Class CustomAuthenticator
Inherits UsernameTokenManager

' Returns the password or password equivalent for a user name
Protected Overrides Function AuthenticateToken(ByVal token As
UsernameToken) As String

If token Is Nothing Then
Throw New ArgumentNullException()
End If

' perform a lookup in your database
' for the user name in 'token.Username'
' and return the password as a string.
' If there is no match, return null.
If token.Username = "wstest" Then
Return "pass"
Else
Return Nothing
End If

End Function
End Class
End Namespace



I can't figure out WTH goes wrong, so please, if anyone has any
idea/tips/suggestions please please HELP me!

(It's my first time writing a secure web service - newbie on the subject)
 
G

Guest

I have already done the following steps:
(using http://www.codeproject.com/soap/wssecurity_usernametokens.asp as a
guide reference)

Secured my web service using WSE 3.0 and tried to access the web service
using vb6 and soap,
with the following code:



Set g_objSoap = New MSSOAPLib.SoapClient
With g_objSoap
.mssoapinit http://ticketinsrv/dbws/service.asmx?WSDL
.ConnectorProperty("AuthUser") = "wsuser"
.ConnectorProperty("AuthPassword") = "pass"
End With


However I get either "access denied" (line:

.mssoapinit http://ticketinsrv/dbws/service.asmx?WSDL)

or access denied when trying to execute any method,

e.g. the following (test) one:



<WebMethod()> _
Public Function Hello() As String

' Get the current soap context
Dim ctxt As SoapContext = RequestSoapContext.Current
If ctxt Is Nothing Then
' This request is using a different protocol other than SOAP.
Return "Please format the request as a SOAP request and try again."
End If

' Iterate through all Security tokens
For Each tok As SecurityToken In ctxt.Security.Tokens
If TypeOf (tok) Is UsernameToken Then
Dim user As UsernameToken = CType(tok, UsernameToken)
Return "Hello Authenticated user " + user.Username
End If
Next tok
Return "Hello Liar"

End Function

Also, my customauthenticator class (referenced from the web service) is as
follows:



Imports System
Imports System.Security.Permissions
Imports Microsoft.Web.Services3.Security.Tokens

Namespace WSESecurity
<SecurityPermissionAttribute(SecurityAction.Demand)> _
Public Class CustomAuthenticator
Inherits UsernameTokenManager

' Returns the password or password equivalent for a user name
Protected Overrides Function AuthenticateToken(ByVal token As
UsernameToken) As String

If token Is Nothing Then
Throw New ArgumentNullException()
End If

' perform a lookup in your database
' for the user name in 'token.Username'
' and return the password as a string.
' If there is no match, return null.
If token.Username = "wstest" Then
Return "pass"
Else
Return Nothing
End If

End Function
End Class
End Namespace



I can't figure out WTH goes wrong, so please, if anyone has any
idea/tips/suggestions please please HELP me!

(It's my first time writing a secure web service - newbie on the subject)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,743
Messages
2,569,478
Members
44,898
Latest member
BlairH7607

Latest Threads

Top