Re: WS Security issues

From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 06/01/05

  • Next message: Henrik Skak Pedersen: "Re: WS Security issues" 
    Date: Wed, 01 Jun 2005 08:21:15 -0700

    Hello Henrik,

    UsernameTokens over SSL???

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Hello,
    >
    > I am working on a product when we are shipping a web service and a
    > windows client to several end-customers. The web service should be
    > able to run either on the inside or on the outside of their firewall.
    > The same CD are being sent to all customers, so it is not possible to
    > modify anything from customer to customer. The software should run
    > directly after installation, without obtaining certificates or
    > anothing else.The clients are running on Windows 2000 server and
    > client, Windows XP and Windows Server 2003.
    >
    > I have two demands:
    >
    > 1) All WS requests from the client needs to be authorized by AD. It
    > should be possible to log in using the current credentials or by
    > specifying an user name/password pair.
    >
    > 2) All WS requests from the client needs to be encrypted and signed
    >
    > I have looked into X509SecurityToken, KerberosToken and UsernameToken.
    > But I just can't see how I solve this the the best way.
    >
    > If I use X.509 for signing and encryption, then I guess that I have to
    > distribute the same certificate to all customers, which I guess not i
    > a
    > smart idea.
    > I have read that the KerberosToken does not work for Windows 2000.
    > Any recommendations?
    >
    > Regards
    >
    > Henrik Skak Pedersen
    >

  • Next message: Henrik Skak Pedersen: "Re: WS Security issues"

    Relevant Pages

    • Web Service and SSL
      ... I have written a Web Service that is called by a Windows Forms Client that I ... Some of our customers want to run with SSL and some don't. ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Re: Impersonated login to web service from outside domain
      ... the client is part of the domain group. ... : integrated windows auth fails. ... You can try creating an identical local user on the server (as the one you ... next call to the web service (ie. the process requiring the credentials to ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Re: Impersonated login to web service from outside domain
      ... the client is part of the domain group. ... You can try creating an identical local user on the server (as the one you ... next call to the web service (ie. the process requiring the credentials to ... Any other windows server gurus care to clarify? ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • RE: Printing from Win9x clients stops
      ... Open Server Management. ... then right-click the name of the computer running Windows Small Business ... >From the client computer: ... The Select Network Component Type ...
      (microsoft.public.windows.server.sbs)
    • RE: Fax service on W2003Sbs - client dont send fax
      ... follow the steps to Update the Windows Small Business Server ClientApps ... Please paste the full content of the file to the Newsgroup. ... Microsoft CSS Online Newsgroup Support ... >the same day I do a system restore to monday;-) and client can send fax. ...
      (microsoft.public.windows.server.sbs)
    Loading