Home > Archive > Microsoft Webservices > October 2005 > How to implement security in webservices
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
How to implement security in webservices
|
|
| pradeep_TP 2005-10-07, 3:58 am |
| Hello All,
On question i keep hearing in interviews is, how to implement a secured
webserivce. I am pretty new to web services. Can somebody give me any idea
how to secure a webservice. For eg. how to secure it if i am creating a
banking application
Rgsd
Pradeep_TP
| |
| CESAR DE LA TORRE [MVP] 2005-10-07, 8:05 am |
| Using .NET, the best way to secure your Web Service (things like encrypt,
digital sign, authentication, etc. all defined within WS-* standards) is
using the following:
- If you have .NET 1.1 and Visual Studio 2003 -->
Use WSE 2.0 (Web Services Enhancements 2.0)
- If you have .NET 2.0 and Visual Studio 2005 (currently in BETA, but
released real soon, about NOV.2005) -->
Use WSE 3.0 (Web Services Enhancements 3.0)
- For the future (Windows Vista time-frame), the best way to do it will be
using WCF ("Windows Communication Foundation"), called INDIGO as BETA name.
Of course, INDIGO is currently in BETA state.
--
CESAR DE LA TORRE
Software Architect
[Microsoft MVP - XML Web Services]
[MCSE] [MCT]
Renacimiento
[Microsoft GOLD Certified Partner]
"pradeep_TP" wrote:
> Hello All,
>
> On question i keep hearing in interviews is, how to implement a secured
> webserivce. I am pretty new to web services. Can somebody give me any idea
> how to secure a webservice. For eg. how to secure it if i am creating a
> banking application
>
> Rgsd
> Pradeep_TP
| |
| pradeep_TP 2005-10-07, 8:05 am |
| Hi cesar,
The information given by you is good. I will look into it. I also would like
to know whether it is possible to do anything programming on SOAP level. I
remember one of the interviewer asking whether I have done any SOAP level
coding. Any idea about this.
Thanks for your help.
Padeep_tp
"CESAR DE LA TORRE [MVP]" wrote:
[color=darkred]
> Using .NET, the best way to secure your Web Service (things like encrypt,
> digital sign, authentication, etc. all defined within WS-* standards) is
> using the following:
>
> - If you have .NET 1.1 and Visual Studio 2003 -->
> Use WSE 2.0 (Web Services Enhancements 2.0)
>
> - If you have .NET 2.0 and Visual Studio 2005 (currently in BETA, but
> released real soon, about NOV.2005) -->
> Use WSE 3.0 (Web Services Enhancements 3.0)
>
> - For the future (Windows Vista time-frame), the best way to do it will be
> using WCF ("Windows Communication Foundation"), called INDIGO as BETA name.
> Of course, INDIGO is currently in BETA state.
>
> --
> CESAR DE LA TORRE
> Software Architect
> [Microsoft MVP - XML Web Services]
> [MCSE] [MCT]
>
> Renacimiento
> [Microsoft GOLD Certified Partner]
>
>
> "pradeep_TP" wrote:
>
| |
| CESAR DE LA TORRE [MVP] 2005-10-07, 8:05 am |
| Using .NET, you could do it using low level API like System.Net.WebRequest
and implementing SOAP Messages and SOAP Headers by your own. This is quite
easy for simple Web Services, but if you want to implement Security (Encrypt,
digital sign, certs, auth, secure conversation, WS-Trust, etc.), like WSE
does (following all the WS-*, WS-Security internet standard specifications)
it would be like "re-inventing the wheel" and a completly waste of time...
Months of work jut to get to a single part of what WSE already does...
I still recommend using WSE and INDIGO in the future.
--
CESAR DE LA TORRE
Software Architect
[Microsoft MVP - XML Web Services]
[MCSE] [MCT]
Renacimiento
[Microsoft GOLD Certified Partner]
"pradeep_TP" wrote:
[color=darkred]
> Hi cesar,
>
> The information given by you is good. I will look into it. I also would like
> to know whether it is possible to do anything programming on SOAP level. I
> remember one of the interviewer asking whether I have done any SOAP level
> coding. Any idea about this.
>
> Thanks for your help.
>
> Padeep_tp
>
> "CESAR DE LA TORRE [MVP]" wrote:
>
|
|
|
|
|