Re: code access security across the network
- From: "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com>
- Date: Tue, 11 Jul 2006 11:53:35 -0400
There is no reliable way to identify calling code over a network. The only
interaction with the calling code is data sent over the wire, and any data
used to identify the caller can be spoofed by a malicious caller. Since
attempting to verify calling code identity is essentially a waste of time,
your efforts would be better placed on ensuring that your web service
functions correctly even when invoked by an "unexpected" caller. For most
applications, this would involve not trusting self-declared client user
identity and re-validating all data on the server side.
<ajfish@xxxxxxxxxxxxxxxx> wrote in message
news:1152632395.879802.205480@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi,
I have a client/server application where the server uses asp.net web
services.
is there any way I can use code signing, strong names or whaterver to
verify the identity of the client code across the web service call?
TIA
Andy
.
- Follow-Ups:
- Re: code access security across the network
- From: Joe Kaplan \(MVP - ADSI\)
- Re: code access security across the network
- References:
- code access security across the network
- From: ajfish
- code access security across the network
- Prev by Date: code access security across the network
- Next by Date: Re: How to - PKCS#7 in c#
- Previous by thread: code access security across the network
- Next by thread: Re: code access security across the network
- Index(es):
Relevant Pages
|
|
