Re: Need for encryption in WSE 3.0 if using SS-avoid man-in-middle
- From: stcheng@xxxxxxxxxxxxxxxxxxxx (Steven Cheng[MSFT])
- Date: Thu, 19 Oct 2006 07:25:05 GMT
Hello John,
If you use WSE message layer security, the "mutualCertificate10" and
"mutualCertificate11" will both support mutual authentication againt both
server and client.
As for transport layer secruity through SSL/HTTPS, as I mentioned in the
last reply, you can add code logic in your webservice client and hook the
Server Certificate validation process to determine whether the https/SSL
server is a valid and expected server.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.
.
- References:
- Re: Need for encryption in WSE 3.0 if using SS-avoid man-in-middle att
- From: Dominick Baier
- Re: Need for encryption in WSE 3.0 if using SS-avoid man-in-middle
- From: Dominick Baier
- Re: Need for encryption in WSE 3.0 if using SS-avoid man-in-middle
- From: John K
- Re: Need for encryption in WSE 3.0 if using SS-avoid man-in-middle att
- Prev by Date: RE: Membership - Database Security
- Next by Date: RE: Membership - Database Security
- Previous by thread: Re: Need for encryption in WSE 3.0 if using SS-avoid man-in-middle
- Next by thread: Re: Need for encryption in WSE 3.0 if using SS-avoid man-in-middle
- Index(es):
Relevant Pages
|
