WS-Security vs. IIS authentication and trust boundaries

  • Thread starter Morten Overgaard
  • Start date
M

Morten Overgaard

Hi Sirs.

When using WS-Security instead of IIS authentication I see a potential
problem letting ALL people access my webService. ie. if I have a little bug
in the code that checks for validity of the user I'm really exposing
my-self.

If using IIS authentication I'm sure that only IIS authenticated users are
allowed access to my webService. So doesen't WS-Security and IIS security
come hand in hand or am I missing something here.?


Regards Morten
 
W

WJ

Morten Overgaard said:
If using IIS authentication I'm sure that only IIS authenticated users are
allowed access to my webService. So doesen't WS-Security and IIS security
come hand in hand or am I missing something here.?

Assume that you are using Microsoft technology then yes, A Webservice is
controlled by MS/UDDI server, which is IIS-6. You can then treat or
configure your webservice security requirements just like an ordinary web
application under IIS-6 server.

John
 
P

Paul Glavich [MVP ASP.NET]

WS-Security (and all the Ws-* standards) are bigger than just Microsoft.
Integrated security is fine when talking windows to windows in your
intranet. Making a standard security mechanism for your web service on the
wider internet is another kettle of fish. WS-Security also has a lot more
flexibility in terms of customisation than IIS does.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top