Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Web Services > Web Service Security

Reply
Thread Tools

Web Service Security

 
 
Ron Vecchi
Guest
Posts: n/a
 
      06-23-2004
Can someone point me in the right direction to securing soap messages to a
webservice. I have found and read a lot about WS-Security but am having
trouble finding ways to implement it in code.

Thanks!


 
Reply With Quote
 
 
 
 
Joe H
Guest
Posts: n/a
 
      06-23-2004
https + basic authentication not good enough?


"Ron Vecchi" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Can someone point me in the right direction to securing soap messages to a
> webservice. I have found and read a lot about WS-Security but am having
> trouble finding ways to implement it in code.
>
> Thanks!
>
>



 
Reply With Quote
 
 
 
 
DalePres
Guest
Posts: n/a
 
      06-24-2004
If you have Kalani's 70-320 study guide available, read chapter 11. It has
a great section that really simplifies the discussion of using
Windows.Principal and demand security. Demand security works great for web
services.

Dale

"Ron Vecchi" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Can someone point me in the right direction to securing soap messages to a
> webservice. I have found and read a lot about WS-Security but am having
> trouble finding ways to implement it in code.
>
> Thanks!
>
>



 
Reply With Quote
 
[MSFT]
Guest
Posts: n/a
 
      06-24-2004
Hi Ron,

You may consider WSE 2.0 with your web service. It supports WS-Security:

http://msdn.microsoft.com/library/de...us/dnwse/html/
programwse2.asp

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 
Reply With Quote
 
Ron Vecchi
Guest
Posts: n/a
 
      06-24-2004
Thanks all,
"Ron Vecchi" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Can someone point me in the right direction to securing soap messages to a
> webservice. I have found and read a lot about WS-Security but am having
> trouble finding ways to implement it in code.
>
> Thanks!
>
>



 
Reply With Quote
 
Gerald Brose
Guest
Posts: n/a
 
      06-25-2004
Ron Vecchi wrote:
> Can someone point me in the right direction to securing soap messages to a
> webservice. I have found and read a lot about WS-Security but am having
> trouble finding ways to implement it in code.


If you don't want to code to a security API such as WSE 2.0 and
thus hard-code the security loic and policy into your application,
then a better way is to use a security gateway aka XML firewall,
such as Xtradyne's Web Services DBC (WS-DBC).

The WS-DBC sits in the path of the messages and performs authen-
tication, authorization, transport security, auditing, and
content inspection (XPath filters, XML schema validation, virus
scanning of SOAP attachments). It supports security standards such
as WS-Security, SAML, XACML, XML encryption and digital signature,
etc. Policies are centrally managed using a powerful GUI, rather
than hard-wired in the code. Due to its excellent performance,
scalability and high-availability feature it is especially
suitable for enterprise settings.

Regards, Gerald.
--
Dr. Gerald Brose (E-Mail Removed)
Xtradyne Technologies http://www.xtradyne.com
Schoenhauser Allee 6-7, Phone: +49-30-440 306-27
D-10119 Berlin, Germany Fax : +49-30-440 306-78
 
Reply With Quote
 
Ron Vecchi
Guest
Posts: n/a
 
      06-25-2004
Interesting, Thanks

"Gerald Brose" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Ron Vecchi wrote:
> > Can someone point me in the right direction to securing soap messages to

a
> > webservice. I have found and read a lot about WS-Security but am having
> > trouble finding ways to implement it in code.

>
> If you don't want to code to a security API such as WSE 2.0 and
> thus hard-code the security loic and policy into your application,
> then a better way is to use a security gateway aka XML firewall,
> such as Xtradyne's Web Services DBC (WS-DBC).
>
> The WS-DBC sits in the path of the messages and performs authen-
> tication, authorization, transport security, auditing, and
> content inspection (XPath filters, XML schema validation, virus
> scanning of SOAP attachments). It supports security standards such
> as WS-Security, SAML, XACML, XML encryption and digital signature,
> etc. Policies are centrally managed using a powerful GUI, rather
> than hard-wired in the code. Due to its excellent performance,
> scalability and high-availability feature it is especially
> suitable for enterprise settings.
>
> Regards, Gerald.
> --
> Dr. Gerald Brose (E-Mail Removed)
> Xtradyne Technologies http://www.xtradyne.com
> Schoenhauser Allee 6-7, Phone: +49-30-440 306-27
> D-10119 Berlin, Germany Fax : +49-30-440 306-78



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Does timer in Web Service Global.asax block my Web Service from processing web-site requests? Leo Violette ASP .Net Web Services 0 04-17-2009 12:39 AM
web page calls web service - security Mark ASP .Net 1 01-04-2007 08:10 PM
InvocationTargetException when calling "new Service()" in Axis web service to call another web service Michael Averstegge Java 0 01-10-2006 11:05 PM
Calling a Web Service using Axis, from within an Axis Web Service running under Tomcat hocho888 Java 1 04-29-2005 08:26 PM
IT-Security, Security, e-security COMSOLIT Messmer Computer Support 0 09-05-2003 08:34 AM



Advertisments