Security design question
- From: "Jeremy Chapman" <please@Idontlikespam>
- Date: Wed, 19 Apr 2006 14:37:09 -0700
I am in search of some suggestions regarding how I should emplement security
in a system being developed.
System architecture:
A web application is exposed to the internet. Behind a firewall is a series
of web services. The web services communicate with a SQL server 2000
database through stored procedures. Users access the web application over
an SSL connection, and the web application accesses the web services over an
SSL connection. We limit access to the web application through forms
authentication.
My design dilemna:
There should be some authentication mechanism between the web application
and the web services. In the future we may develop other applications or
allow other vendors to use our web services. So my question is, are there
recommended ways to authenticate an application to a web service?
I'm not inclined to use WSE because I'm not aware of toolkits for much
beyond .net development and we want a relatively easy method of using the
web services with technologies other than .net.
I am searching for some sort of standard mechanism that can be relatively
easily implemented. I could role my own solution but in the event that 3rd
party vendors will use my web services, they will need to understand my
implementation details where as sdks are probably already available for
standard approaches.
.
- Follow-Ups:
- Re: Security design question
- From: Joe Kaplan \(MVP - ADSI\)
- Re: Security design question
- Prev by Date: Re: Web Service and ASP.NET Forms Authentication
- Next by Date: Re: Security design question
- Previous by thread: Do not automatically activate user when registered
- Next by thread: Re: Security design question
- Index(es):
Relevant Pages
|
