«

Hi Sirs.

When using WS-Security instead of IIS authentication I see a potential
problem letting ALL people access my webService. ie. if I have a little bug
in the code that checks for validity of the user I'm really exposing
my-self.

If using IIS authentication I'm sure that only IIS authenticated users are
allowed access to my webService. So doesen't WS-Security and IIS security
come hand in hand or am I missing something here.?


Regards Morten

"Morten Overgaard" <> wrote in message
news:...
> If using IIS authentication I'm sure that only IIS authenticated users are
> allowed access to my webService. So doesen't WS-Security and IIS security
> come hand in hand or am I missing something here.?
>

Assume that you are using Microsoft technology then yes, A Webservice is
controlled by MS/UDDI server, which is IIS-6. You can then treat or
configure your webservice security requirements just like an ordinary web
application under IIS-6 server.

John

WS-Security (and all the Ws-* standards) are bigger than just Microsoft.
Integrated security is fine when talking windows to windows in your
intranet. Making a standard security mechanism for your web service on the
wider internet is another kettle of fish. WS-Security also has a lot more
flexibility in terms of customisation than IIS does.

--

- Paul Glavich
ASP.NET MVP
ASPInsider (www.aspinsiders.com)


"Morten Overgaard" <> wrote in message
news:...
> Hi Sirs.
>
> When using WS-Security instead of IIS authentication I see a potential
> problem letting ALL people access my webService. ie. if I have a little
bug
> in the code that checks for validity of the user I'm really exposing
> my-self.
>
> If using IIS authentication I'm sure that only IIS authenticated users are
> allowed access to my webService. So doesen't WS-Security and IIS security
> come hand in hand or am I missing something here.?
>
>
> Regards Morten
>
>