Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > WS-Security vs. IIS authentication and trust boundaries

Reply
Thread Tools

WS-Security vs. IIS authentication and trust boundaries

 
 
Morten Overgaard
Guest
Posts: n/a
 
      03-05-2005
Hi Sirs.

When using WS-Security instead of IIS authentication I see a potential
problem letting ALL people access my webService. ie. if I have a little bug
in the code that checks for validity of the user I'm really exposing
my-self.

If using IIS authentication I'm sure that only IIS authenticated users are
allowed access to my webService. So doesen't WS-Security and IIS security
come hand in hand or am I missing something here.?


Regards Morten


 
Reply With Quote
 
 
 
 
WJ
Guest
Posts: n/a
 
      03-05-2005

"Morten Overgaard" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> If using IIS authentication I'm sure that only IIS authenticated users are
> allowed access to my webService. So doesen't WS-Security and IIS security
> come hand in hand or am I missing something here.?
>


Assume that you are using Microsoft technology then yes, A Webservice is
controlled by MS/UDDI server, which is IIS-6. You can then treat or
configure your webservice security requirements just like an ordinary web
application under IIS-6 server.

John


 
Reply With Quote
 
 
 
 
Paul Glavich [MVP ASP.NET]
Guest
Posts: n/a
 
      03-10-2005
WS-Security (and all the Ws-* standards) are bigger than just Microsoft.
Integrated security is fine when talking windows to windows in your
intranet. Making a standard security mechanism for your web service on the
wider internet is another kettle of fish. WS-Security also has a lot more
flexibility in terms of customisation than IIS does.

--

- Paul Glavich
ASP.NET MVP
ASPInsider (www.aspinsiders.com)


"Morten Overgaard" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi Sirs.
>
> When using WS-Security instead of IIS authentication I see a potential
> problem letting ALL people access my webService. ie. if I have a little

bug
> in the code that checks for validity of the user I'm really exposing
> my-self.
>
> If using IIS authentication I'm sure that only IIS authenticated users are
> allowed access to my webService. So doesen't WS-Security and IIS security
> come hand in hand or am I missing something here.?
>
>
> Regards Morten
>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Mutable Objects and Thread Boundaries Alan Gutierrez Java 43 07-24-2010 04:39 AM
using AD security for authentication. The trust relationship betweenthe primary domain and the trusted domain failed. wildman@noclient.net ASP .Net 1 02-29-2008 04:01 PM
Hosting ASP.NET outside of IIS with medium trust ? ilkka@webfellows.fi ASP .Net 0 07-15-2007 11:14 PM
Full trust and medium trust in .net and websites Linda ASP .Net Security 1 08-31-2006 05:16 AM
Build Error while debugging ASP.NET 2.0 Web services on IIS due to Trust Level L. Liu ASP .Net Web Services 0 03-03-2006 11:47 AM



Advertisments