Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Web Services > authentication between two server processes over the internet

Reply
Thread Tools

authentication between two server processes over the internet

 
 
Syed Naveed Ausaf
Guest
Posts: n/a
 
      11-12-2003
Hi all,

My scenario is this:

Central Server: on which a number of remote machines invoke services
(implemented as web services, but doesn't matter what the choice of
implementation is).

Remote Servers: These are machine running at various sites worldwide.
Each remote server would be on a separate network and separated from
the internet by firewalls.

I have control over the central server and the firewall configuration
for it but little or no control over the firewall configuration of the
remote servers.

Standalone server processes will be running on all the servers. The
server process on the remote server needs to communicate with the
server process running on the Central server. This communication is
occuring automatically and will continue to occur indefinitely, with
no human involvement.

The communication is encrypted using SSL.

QUESTION: What authentication method should I use at the Central
Server to authenticate the Remote Servers?

I thought of using usernames and passwords. the problem is that in the
given scenario, they would need to be stored onto the Remote Server in
a file or registry.

What about Client Certificates? I will have install-time control of
the remote server. So I can then install a certificate issued by the
Central Server(acting as Certificate Authority) onto the Remote
Server. Bur are there any management/logistical/operational issues
with using client certificates?

Are there any other options to let the Central Server authenticate the
individual Remote Servers?

I am a bit confused in choosing between usernames/passwords and client
certificates. While its true that usernames/passwords can be read by
anyone from wherever they are stored, but then, I think, that the
client certificates could somehow also be taken/copied off the Remote
Server and transported/installed elsewhere. Is copying/hacking client
certificates much more difficult than reading passwords/usernames? One
thing is given, that the Remote Server's security, and the people
managing the Remote Server are quite trusted (but then you can't trust
someone too much!).

What are my client authentication options? what are the things I
should bear in mind when deciding on an option?

Thanks a lot...
 
Reply With Quote
 
 
 
 
Steve C. Orr [MVP, MCSD]
Guest
Posts: n/a
 
      11-12-2003
You might choose to restrict access only to certain IP addresses. This can
be configured in IIS, or you can do it in code.

You might choose to use SOAP headers to authenticate a custom security
token.
Here's more info on that:
http://www.pinpub.com/html/main.isx?sub=65&story=1893

Here's further security details you may find useful:
http://msdn.microsoft.com/webservices/building/wse/

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://Steve.Orr.net
Hire top-notch developers at http://www.able-consulting.com




"Syed Naveed Ausaf" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> Hi all,
>
> My scenario is this:
>
> Central Server: on which a number of remote machines invoke services
> (implemented as web services, but doesn't matter what the choice of
> implementation is).
>
> Remote Servers: These are machine running at various sites worldwide.
> Each remote server would be on a separate network and separated from
> the internet by firewalls.
>
> I have control over the central server and the firewall configuration
> for it but little or no control over the firewall configuration of the
> remote servers.
>
> Standalone server processes will be running on all the servers. The
> server process on the remote server needs to communicate with the
> server process running on the Central server. This communication is
> occuring automatically and will continue to occur indefinitely, with
> no human involvement.
>
> The communication is encrypted using SSL.
>
> QUESTION: What authentication method should I use at the Central
> Server to authenticate the Remote Servers?
>
> I thought of using usernames and passwords. the problem is that in the
> given scenario, they would need to be stored onto the Remote Server in
> a file or registry.
>
> What about Client Certificates? I will have install-time control of
> the remote server. So I can then install a certificate issued by the
> Central Server(acting as Certificate Authority) onto the Remote
> Server. Bur are there any management/logistical/operational issues
> with using client certificates?
>
> Are there any other options to let the Central Server authenticate the
> individual Remote Servers?
>
> I am a bit confused in choosing between usernames/passwords and client
> certificates. While its true that usernames/passwords can be read by
> anyone from wherever they are stored, but then, I think, that the
> client certificates could somehow also be taken/copied off the Remote
> Server and transported/installed elsewhere. Is copying/hacking client
> certificates much more difficult than reading passwords/usernames? One
> thing is given, that the Remote Server's security, and the people
> managing the Remote Server are quite trusted (but then you can't trust
> someone too much!).
>
> What are my client authentication options? what are the things I
> should bear in mind when deciding on an option?
>
> Thanks a lot...



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Shared memory python between two separate shell-launched processes Charles Fox (Sheffield) Python 9 02-12-2011 02:19 PM
VOIP over VPN over TCP over WAP over 3G Theo Markettos UK VOIP 2 02-14-2008 03:27 PM
authentication between two server processes over the internet Syed Naveed Ausaf ASP .Net 1 11-12-2003 05:32 PM
Q: How to enforce singleton/get object handle between two separate processes? Jeff Java 3 07-31-2003 04:07 AM



Advertisments