Web Service Security
- From: "Bob" <bob@xxxxxxxxxxx>
- Date: Fri, 19 Jan 2007 16:15:12 +1300
Hi,
I have read the other posts here on this subject but I am still unsure of
the best way to approach my situation.
I am new to web security and web programming in general.
I have a web service and a thick client and a Standalone Root certificate
server.
The thick client will be installed on our client's machine and access the
web service (https) over the internet.
The scenario I want is to turn up at the clients site, install the thick
client. and install a certificate generated by the Certificate server.
I want to end up where the web service will not accept access unless the
client certificate is supplied.
i.e. Won't supply WSDL, nothing, immediate 403 access forbidden
I think I am fairly well along the path but I have a problem.
At site level I can set directory security to 'require client certificate'
but if I set the asmx file level security to 'require client certificate' I
get 403 access forbidden. Maybe I don't know how to push the certificate
with the original request?
If I relax the asmx to 'accept client certificate' I get access but so does
any test pc with out a certificate.
Is my scenario realistic?
Why doesn't just setting the site directory security to 'client
certificate required' do the job?
Thanks
Bob
.
- Follow-Ups:
- Re: Web Service Security
- From: Joe Kaplan
- Re: Web Service Security
- Prev by Date: RE: security in windows app
- Next by Date: RE: Encrypt string using SHA1withDSA and X509 certificate
- Previous by thread: Re: To get all logged in user information on admin side in asp.net 2.0
- Next by thread: Re: Web Service Security
- Index(es):
Relevant Pages
|
|
